Security advisories

Release highlights video

Select to watch a video describing the highlights of this release

What’s New in CloudBees CI 2.289.3.2

Critical issues

Removal of Apache Commons Digester from Jenkins Core

CloudBees recommends that you start to prepare for the August release of Jenkins LTS as soon as possible. The August release will include a change that removes the Apache Commons Digester from Jenkins Core. If you use Jenkins LTS plugins that are not in the CloudBees Assurance Program (CAP), you should update them before upgrading your CloudBees products to ensure compatibility with the August release. If your company uses its own proprietary (non-CloudBees) plugins, CloudBees recommends that you test them against Jenkins version 2.302+ prior to the August release. As always, backing up your data before upgrading is strongly encouraged. For details about this change and a list of impacted plugins, please see our knowledge base article Commons Digester Library Removal.

New features

Configuration as Code (CasC) for configuring the operations center

The operations center can now be configured using CasC. This allows you to capture the configuration of the operations center in human-readable declarative files that can be used in a reproducible way and eliminates the need for additional tools or custom scripts that must be manually maintained. By capturing the operations center configuration in files, it can be treated as a first class revision-controlled artifact and used to:

  • Automate the configuration of the operations center.

  • Easily replicate the operations center configuration to test upgrades.

  • Manage multiple operations center instances with a single, shared configuration.

For modern platforms, the CloudBees CI Helm chart also now supports using a ConfigMap to configure the operations center using CasC.

CasC configuration of the operations center is a Preview feature. For more information, refer to Configuration as Code for the operations center.

Initial release of assigning a CasC bundle inheritance

Previously released as a Preview feature, CasC bundle inheritance is now fully supported, allowing you to simplify CasC bundle composition and maintenance by creating a "child" bundle that inherits common configuration elements from a "parent" bundle. This allows you to maintain common configuration elements, in a single parent bundle, that are automatically inherited by all bundles in the inheritance chain. This eliminates the need to manually maintain and update individual bundles. For more information, refer to Configuring bundle inheritance with CasC.

Feature enhancements

The Configuration as Code plugin and CloudBees CasC API plugin are now available to use in the operations center (BEE-3764)

The Configuration as Code plugin and the CloudBees CasC API plugin can now be installed to the operations center and are a prerequisite for using the CloudBees Configuration as Code bundles export and update screen to download the current configuration, download the original bundle, and update the bundle for the CasC configuration of the operations center. For more information, refer to Configuration as Code for the operations center.

Updated the Kubernetes Client API plugin to version 5.4.1 (BEE-4918)

The Kubernetes Client API plugin has been upgraded to version 5.4.1.

The CloudBees Configuration as Code management buttons and screens have been renamed to better align with the features the underlying plugins provide (BEE-5915)
  • The CloudBees Configuration as Code bundles button and screen have been renamed to CloudBees Configuration as Code export and update. This button and screen are available in the operations center and from the controller when the CasC API plugin is installed.

  • The Configure as Code bundles button and screen have been renamed to CloudBees Configuration as Code bundles. This button and screen are available in the operations center using the CasC Server plugin, which is installed by default.

For more information, refer to:

Added the upstream job build number to the build console information (BEE-3402)

Previously, when you copied artifacts, it could be difficult to know which build generated the files.

The build number has been added to the build console information, so that it is easier to know which build generated the artifacts.

Made the operations center credentials cache delay configurable (BEE-3554)

The eviction delay for credentials cached in the operations center is now configurable using the following system property:

-Dcom.cloudbees.opscenter.client.plugin.OperationsCenterCredentialsProvider.cacheEvictionOffset=48

You can configure the delay to last for any number of hours, instead of the default of 48 hours.

Added a compatibility fix to ensure old controller versions can connect to new versions of the operations center (BEE-6588)

The compatibility fix ensures that controllers prior to version 2.289.3 can connect to operations center versions 2.291 and later successfully.

Resolved issues

Corrected invalid redirect URL from GitHub (BEE-5617)

The redirect URL to wake up a hibernated controller was invalid due to a missing slash.

This issue has been resolved. The URL now correctly ends with a trailing slash.

Improved concurrency handling (BEE-5406)

A race condition can lead to high CPU usage and blocking threads on complex builds.

This has now been resolved by switching to using ConcurrentHashMap for handling concurrent updates.

Improved handling of out-of-date 409 errors with bitbucket-source-branch plugin (BEE-4929)

While iterating the status of pull requests, merging a pull request could prevent other pull requests from being examined.

This has now been resolved. The plugin now handles a 409 response code from the server, marks the pull request as not mergeable, and continues examining other pull requests.

Fixed a memory leak in the pubsub-light plugin plugin (BEE-6072)

The pubsublight-plugin plugin triggers a memory leak because items are kept in an internal queue.

This has now been resolved in version 1.16 of the plugin.

A plugin catalog could not be uninstalled from a controller that was configured using CasC (BEE-5221 and BEE-2942)

If a plugin catalog was configured for a controller using CasC, it could not be uninstalled, even if the plugin-catalog.yaml file was deleted from the CasC bundle.

If the plugin-catalog.yaml file is deleted from a CasC bundle, any plugin catalogs previously installed in the instance are now properly uninstalled.

The log messages have also been improved to identify invalid plugin catalogs when a CasC bundle is applied.

The Availability pattern checkbox did not verify the regex Availability pattern specified for CasC bundles (BEE-4880)

If the Availability pattern checkbox was selected or deselected, there was no check to verify if the change would result in a bundle no longer being available to the controller it was assigned to.

A safe check has been added that prevents the Availability pattern checkbox state from being changed if it will result in a bundle no longer being available to the controller it is currently assigned to.

Error if the Availability pattern checkbox or the Default bundle drop-down were updated after modifying a regex Availability pattern (BEE-5877)

On the Configuration as Code bundles screen, the form incorrectly requested a second POST command, resulting in an error if:

  • The regex Availability pattern was updated and the change saved.

  • The state of Availability pattern checkbox was changed and the change saved.

  • A Default bundle was selected and the change saved.

This issue has been resolved and the error is no longer incorrectly displayed.

The casc-bundle-set-controller and casc-bundle-set-master CLI commands returned an incorrect error message (BEE-6350)

Previously, if a controller did not exist and you attempted to assign a bundle to it, the casc-bundle-set-controller and casc-bundle-set-master CLI commands returned ERROR: Bundle matching master-id cannot be found, incorrectly indicating the bundle could not be found.

This error message has been improved to indicate the controller could not be found.

The casc-bundle-set-master CLI command was deprecated in version 2.289.2.2 due to offensive terminology. The casc-bundle-set-controller command should be used for all new applications.
Resolved exception caused by the Check for new license button (BEE-6460)

The Check for new license button on the Manage license administration screen caused an error when the license was set using CasC.

This issue has been resolved. To prevent the error from occurring, the Check for new license button has been removed when the license is set using CasC.

Initialization problem caused by empty properties list inside folders defined with CasC (BEE-6614)

An empty list of properties inside a folder in the items.yaml file caused the startup of the instance to fail. The folders containing the empty properties list were also exported by default.

This issue has been resolved. To prevent the error from occurring, empty properties are now accepted as a valid value and are not exported.

Issue enforcing authorization strategies on controllers (BEE-6549)

An issue was preventing controllers from managing their own authorization strategies when the security realm was only enforced in the operations center.

This issue has been resolved. Authorization strategies can now be configured on controllers, when the operations center does not enforce them.

Changed the HTTP endpoint to retrieve port and host used for inbound agent connections (BEE-5617)

CloudBees has determined that an upcoming update to HTTP headers in Jenkins Core 2.290 could potentially break operations center functionality.

In anticipation of the Jenkins Core 2.290 update, the HTTP endpoint now retrieves the port and host used for inbound agent connections. This change should prevent issues with the upcoming Jenkins Core release.

Removed transitive dependencies from bluesteel-master packaging (BEE-6139)

Some transitive dependencies were erroneously packaged in bluesteel-master. They have been removed as a precaution.

Removed transitive dependencies from bluesteel-cjoc packaging (BEE-6198)

Some transitive dependencies were erroneously packaged in bluesteel-cjoc. They have been removed as a precaution.

Upgraded internal Maven version (BEE-4555)

The internal Maven library version was updated to 3.8.1 as a precaution to prevent vulnerabilities.

New Slack App integrations did not work (BEE-6447)

Due to an update in February 2021, the Slack App no longer supports a token query string parameter. As a result, if you tried to install or configure any Slack App integrations since the update, they did not work.

Tokens are now passed to the Slack App using HTTP authorization. This issue has been resolved.

Fixed a high memory consumption issue while loading a plugin catalog (BEE-5114)

High memory consumption was occurring while the plugin catalog loaded. In some cases, it would result in out-of-memory errors.

This issue has been resolved. The problem was identified and fixed to reduce memory usage.

Fixed broken icon in the operations center (BEE-6758)

A change introduced in release 2.289.2.2 broke the icon to access the Controller Provisioning screen.

This issue has been resolved, the icon is restored.

Terminology updates (BEE-2396)

CloudBees is updating terminology to remove offensive text. During this ongoing initiative, “controller” replaces “master,” “agent” replaces “slave,” “allowlist” replaces “whitelist,” and “denylist” replaces “blacklist.”

Known issues

None.

Revisions

Revision 2 (2021-08-02)
The Synchronize bundles from workspace with internal storage Freestyle build step is no longer supported (BEE-7205)

The Synchronize bundles from workspace with internal storage Freestyle build step is not supported for new jobs. For existing jobs, the build step is present, but is non-functional.