CloudBees CI release highlights

What’s new in CloudBees CI 2.387.2.3

Watch video

Security fixes

Use of unsafe SnakeYaml constructor (BEE-30448)

The use of the SnakeYaml Constructor was replaced with the SafeConstructor implementation.

CloudBees Backup plugin uses SHA-1 hashes for the approvers map (BEE-29578)

The CloudBees Backup plugin used SHA-1 hashes for the approvers map.

The plugin now uses SHA-256 for that approvers map.

New features

Branch/Tag support for Configuration as Code bundles for controllers (BEE-29639)

The CloudBees Configuration as Code Server plugin 2.0 introduces bundle branch and tag support. The plugin update changes the folder structure within JENKINS_HOME that stores the Configuration as Code bundles. Due to the change of the JENKINS_HOME folder structure, your existing bundles must be migrated when upgrading to CloudBees Configuration as Code Server plugin 2.0. Refer to Updating a CasC bundle for a controller for more information.

Branch and tag support for Configuration as Code bundles is a Preview feature.

Feature enhancements

Separate registry and tag parameters for CloudBees CI chart (BEE-4423)

The Helm chart now separates registry and tag parameters for container images. This eases configuration if a Docker registry mirror is used.

Check out the Helm chart values for more details. Refer to Using AWS Elastic Container Registry (ECR) with CloudBees CI for more information.

Add the ability for the bundle list in Configuration as Code bundles to support branches and tags (BEE-29566)

The bundle list in Configuration as Code bundles now supports branches and tags. All results are grouped by bundle name and a collapsible row displays the different branches and tags.

Add the ability for the user to click on the filter and it will only show the assigned controllers (BEE-30868)

The user can now click on the filter and it will only show the assigned controllers. To indicate the activation, there is a Cancel button on the right sidebar.

The user wants to select the default bundle to support branch/tag changes (BEE-31009)

The user can now first select the default bundle and then the branch.

Show missing files in validation messages (BEE-31464)

Validation messages now include missing files. For example, `[CONTVAL] - Missing Jenkins Configuration as Code file specified in the bundle.yaml file. Could not find <comma-separated-not-found-files>'.

Allow disabling remote validations (BEE-31383)

The user can now globally disable remote (operations center to controller) validations of CasC bundles on the General tab of the Configuration as Code Bundles page. Refer to Disabling remote validations for more information.

Add GitHub check to prevalidate bundles repositories pull requests (BEE-29630)

Configuration as Code bundle validation results are now displayed as GitHub checks on the relevant pull request. Refer to Validating bundles prior to update for more information.

Add ability to assign a branch to the bundle when creating a controller (BEE-30871)

When creating a controller you can now assign a branch to a bundle.

Allow enabling and disabling source control management (SCM) checks for each remote (BEE-29636)

A flag now allows the disabling of github checks for each retriever. In addition, checks are activated by default for all SCM retrievers.

Resolved issues

Fixed deletion of external agent service after deleting a managed controller (BEE-31322)

When deleting a managed controller with an external agent service, the service was not deleted as expected.

This issue is resolved.

Upgrade Quarkus and Kubernetes client (BEE-31126)

Quarkus has been upgraded from 1.10.5.Final to 2.16.3.Final (and the Kubernetes client transitively).

Shared Inbound Agent Cloud page is now up to date (BEE-30771)

The main page of a Shared Cloud using Inbound Agents is not up to date as compared to information shown on a permanent Inbound Agent page.

This issue is resolved. The inbound agent page is now aligned with recent updates to the Inbound Agents UI.

Sidecar injector pod fails to start when deployed in namespace labeled for injection (BEE-1416)

When the Sidecar Injector is deployed in a namespace labeled for injection (for example sidecar-injector=enabled), the recreated pod fails to deploy because it is a candidate for injection itself.

The issue has been resolved. The Mutating Webhook Configuration now filters out pods accordingly.

Kubernetes plugin used controller service account instead of credentials (BEE-31860)

The Kubernetes plugin used the controller service account in the controller name space instead of the service account from the credential token.

This issue is resolved. The plugin now uses configured credentials.

A NullPointerException occurred when using the Test LDAP settings button (BEE-20083)

This issue has been fixed.

The Add credentials button is rendered with a black stripe (BEE-29063)

The Jenkins button was removed instead of the YUI button because it fits the current page format.

The Add button now matches the rest of the buttons. This issue has been resolved.

Incorrect plugin descriptions displayed in offline Update Center (BEE-31102)

The incorrect descriptions were displayed for some plugins in the offline Update Center.

This issue is resolved and now the correct plugin descriptions are displayed.

Sanitized excerpt plugin information from Update Centers before rendering in Jenkins user interface (UI) (BEE-31022)

Plugin information from the Update Center may contain some unwanted elements.

Plugin information is now sanitized before displaying in the Jenkins UI.

Terminology updates (BEE-1180)

CloudBees is updating terminology to remove offensive text. During this ongoing initiative, “controller” replaces “master,” “agent” replaces “slave,” “allowlist” replaces “whitelist,” and “denylist” replaces “blacklist.”

In this release, on the Shared Inbound Agent Cloud page, references to offensive terminology were removed and replaced.

Prevalidation endpoint fails when provided bundles contained syntactic errors (BEE-31428)

The prevalidation bundle fails on YAML indentation errors.

Now both the endpoint and CLI return a consistent response when there are malformed YAML files with a failure code and an error description.

No log produced with a hot reload due to plugin catalog updates (BEE-31223)

Application logs are now produced when the hot reload of a Configuration as Code bundle is not possible due to plugins updates in the Plugin Catalog.

Validation error when using anchors (BEE-31136)

When using anchors items and RBAC files, an unexpected exception is raised in validation.

This issue has been resolved.

"Bundle Usage" list does not update after availability pattern change (BEE-30686)

When the availability pattern changes, the list of available controllers for that bundle was not refreshed.

This issue has been resolved.

Unable to revert availability pattern back to bundle setting (BEE-30685)

When the bundle availability was changed on the CloudBees Configuration as Code bundles page, it could not be reverted back to the bundle setting.

A new button was added to reset the availability pattern.

Previous bundles with a descriptor that cannot be parsed prevented a restart (BEE-30447)

When an instance failed to start because the bundle descriptor could not be parsed, the restart after fixing it failed because of the former bundle registry.

The issue has been resolved and now an invalid bundle does not prevent a restart.

Anchors are limited to 50 and not configurable (BEE-29721)

CasC does not honor the jCasC variable for handling more anchors (the default is 50) in both jcasc/jenkins.yaml and items.yaml files within CasC bundles.

This issue has been resolved.

Sanitize the wiki URLs from Update Centers in plugins (BEE-31008)

Plugin information coming from the Update Center may contain some unwanted elements.

Plugin information is now sanitized before displaying in the Jenkins UI.

Move from MapDB to a local XML storage for operations center shared agents lease state (BEE-28991)

Switching to a local XML storage for operations center Cloud Agents lease state the operations-center-cloud.db.* files are no longer generated.

Change the default websocket idle timeout to a default value higher than the default ping interval value (BEE-30832)

Changed the default websocket idle timeout to a default value that is higher than the default ping interval value.

Severe contention on io.jenkins.blueocean.rest.impl.pipeline.PipelineNodeImpl.isRestartable with large Declarative Pipelines (BEE-31789)

CloudBees recommends that you upgrade Blue Ocean if you have large Declarative Pipelines.

Known issues

Prevalidating an invalid YAML does not update check results (BEE-32504)

The prevalidation process does not complete when a bundle with an malformed yaml file is submitted. The errors are not reflected in GitHub.

Duplicate Pipeline Template Catalogs in the Configuration as Code jenkins.yaml file on each instance restart (BEE-12722)

If a Pipeline Template Catalog is configured in the CasC jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported CasC configuration.

Upgrade notes

Kubernetes-client upgrade to 6.x (BEE-30724)

The fabric8 Kubernetes-client has been upgraded from 6.3.1 to 6.4.1.

Promoted Builds integration removed from the Operations Center Context plugin (BEE-31064)::

The Promoted Builds plugin was removed from the CloudBees Assurance Program (CAP). It was previously integrated with the Operations Center Context plugin.