CloudBees CI release highlights

What’s new in CloudBees CI 2.332.3.2

Watch the video

New features

Signed Helm charts (BEE-9401)

CloudBees CI on modern cloud platforms Helm charts are now published with a signature that allows you to verify their origin and authenticity.

For more information, refer to Helm chart verification.

A bundle that was already installed can be reapplied with a new button (BEE-15134)

A new Force Reload button has been added to the CloudBees Configuration as Code export and update page to reapply the current bundle, when a bundle update is not available. This button can be used to reset changes that may have been made to the configuration since the bundle was first applied.

Feature enhancements

Analytics collected about CasC bundles stored in the operations center (BEE-8035)

The following new metrics about the CasC bundles stored in the operations center are collected:

  • Global settings in the CloudBees Configuration as Code bundles page

  • Validation error types

  • CasC usage in terms of sections from the bundle.yaml file

    For more information on how to check this on your running instance, refer to Data collection for the CloudBees Analytics Plugin

Individual Configuration as Code bundle locations can be enabled and disabled (BEE-15660)

A new Activated checkbox is now available for each Configuration as Code bundle location, allowing you to enable and disable an individual Configuration as Code bundle location.

Added support for configuring multiple Configuration as Code bundle locations (BEE-9535)

When adding controller CasC bundles to the operations center, you can now configure more than one Configuration as Code bundle location for local folder and source control management (SCM) tool locations.

When upgrading, the Configuration as Code bundle location that you previously configured remains unchanged and does not require any modifications.

If you configure more than one Configuration as Code bundle location, all CasC bundles must use unique bundle names. If more than one CasC bundle has the same bundle name, the bundles are not synchronized with the operations center’s internal storage and are not available to controllers.

For more information on configuring the Configuration as Code bundle location, refer to Adding controller CasC bundles to the operations center.

When the Bitbucket Branch Source plugin was used with Bitbucket Server, rate limiting caused the requests to fail immediately. (BEE-9720)

When requests were made a part of a long-lived process, such as branch indexing or an organization scan, the scan failed immediately.

When Bitbucket Server returns an HTTP 429 response due to rate limiting, the plugin now retries the requests for up to 30 minutes until the request succeeds.

Added a configuration option to the CloudBees Template Plugin’s expanded template size limit (BEE-2808)

The CloudBees Template Plugin was configured with a 1MB template size limit to prevent instance-wide impacts in cases where an error is made in the template definition.

In this release, the limit was made configurable via a system property: (com.cloudbees.hudson.plugins.modeling.impl.SimpleTemplateEngine.MAX_EXPANDED_SIZE_BYTES).

Resolved issues

Response to security scans regarding the H2 database (BEE-14368, BEE-14366, BEE-10343, BEE-14611, BEE-16032)

Routine security scans have detected vulnerabilities in the 1.x version of the H2 database that is embedded in the operations center and in the User Activity Monitoring plugin. Because CloudBees CI only uses the H2 database locally via Java code, rather than starting the H2 console, these security vulnerabilities do not affect CloudBees CI.

Although the H2 security vulnerabilities do not affect CloudBees CI, the H2 database is being upgraded to version 2.x in the operations center as a best practice. The H2 database used in the User Activity Monitoring plugin is being replaced with a simpler storage system with identical functionality.

These updates may require your manual intervention to retain data. During the upgrade, the operations center’s database will be deleted and recreated. The User Activity Monitoring plugin will not retain any prior historical data when it is upgraded, but you can migrate the historical data. Refer to the Upgrade notes for more information.

Public properties were ignored in the items.yaml file (BEE-15125)

When an item’s configuration relied on the default values and it had public properties annotated with DataBoundSetter, an exception was returned.

This issue has been resolved.

If you change the visibility in the jenkins.yaml file using CasC for the operations center, the CasC bundle may no longer be available for the controller it is assigned to (BEE-15266)

If a bundle is assigned to a controller, the bundle does not have an availability pattern defined, and visibility is set to true in the operations center jenkins.yaml file, the UI correctly prevents you from selecting or clearing the Availability pattern checkbox on the CloudBees Configuration as Code bundles page.

However, CasC loads before object creation. When you use CasC, you can bypass this check and change a bundle’s visibility, even if the bundle is assigned to a controller. This can lead to scenarios where a controller is using a bundle for which it no longer has permissions, if the controller had permission before the visibility was changed.

A new warning has been added as an administrative monitor message, to alert administrators when this scenario occurs.

Fix unhandled exception in the bundle check for the updates page (BEE-15886)

When an invalid bundle was selected, there was an issue with the CloudBees Configuration as Code export and update page that caused the Jenkins error page to display when the Bundle update tab or Check for Updates button was selected.

The issue has been resolved. Now, when you request an update to an invalid bundle, a summary of the error is displayed.

Known issues

Duplicate Pipeline Template Catalogs in the Configuration as Code (CasC) for Controllers jenkins.yaml file on each instance restart (BEE-12722)

If a Pipeline Template Catalog is configured in the CasC jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported CasC configuration.

Upgrade notes

H2 Database upgrade (BEE-14818)

To stay current and to prevent potential security vulnerabilities, the H2 database is now upgraded to a newer version automatically when you start the operations center.

When you upgrade, make sure that you don’t have any shared clouds or agents on-lease, because the process will delete and recreate the database.

User Activity Monitoring Plugin database update (BEE-14611)

In the 2.332.3.2 release, the User Activity Monitoring Plugin was updated to use a new database. The new database is installed automatically when you upgrade to version 2.332.3.2 or later, however historical data tracked by the plugin will not be migrated to the new database. You may continue to use the User Activity Monitoring Plugin normally and user activity will be captured again, or you can migrate the data from the old database if you need historical data.

For more information about migrating the historical data, refer to Migrating historical User Activity Monitoring Plugin data.

Migration to Java 11 will soon be required for new releases (BEE-42)

The Jenkins community will begin supporting Java 11-specific features soon (Java 11 byte code), at which point it will no longer be possible to use a Java 8 runtime environment. Because CloudBees CI on modern cloud platforms is based on the Jenkins LTS, future releases of CloudBees CI on modern cloud platforms will have the same requirement.

CloudBees strongly recommends upgrading your CloudBees CI on modern cloud platforms environment to run Java 11 as soon as possible. Some of the Java 11 updates may require action on your part, and there may be a specific order in which you should upgrade components in your environment. For more information, refer to Migrating to Java 11.

When upgrading to Java 11, you must update your Java garbage collection arguments (BEE-16018)

Garbage collection has been updated in Java 11. Many of the previously recommended arguments are no longer supported. When you upgrade your JDK to Java 11, you must also update your garbage collection configuration. Using unsupported Java arguments will result in startup failure.

Jenkins upgrade notes

Jenkins 2.332 upgrade notes