Security fixes

Security vulnerabilities were fixed and backported from Jenkins

The following security tickets were fixed and backported from Jenkins:

  • OSS Issue [SECURITY-3090] (+backports)

  • OSS Issue [SECURITY-3103]

  • OSS Issue [SECURITY-3105] (+backports)

  • OSS Issue [SECURITY-3106] (+backports)

  • OSS Issue [SECURITY-3109] (+backports)

  • OSS Issue [SECURITY-3116] (+backports)

  • OSS Issue [SECURITY-3196]

Refer to the CloudBees Security Advisory August 16, 2023 for more information.

New Features

None.

Feature Enhancements

None.

Resolved Issues

None.

Known Issues

Older versions of controllers cannot start after receiving new bundle versions

When the operations center sends new bundle versions to controllers older than 2.401.1.3, the controller cannot start.

This issue does not affect controllers in version 2.401.1.3 or newer.

There are three ways to fix the issue: * Upgrade all controllers to version 2.401.1.3 or newer. * Stop configuring controllers in versions prior to 2.401.1.3 using CasC. * Install a Plugin Catalog on the operations center with a beekeeper exception to install cloudbees-casc-server:2.5.1. The Plugin Catalog can be enabled in operations center by setting the system property Dcom.cloudbees.jenkins.cjp.installmanager.CJPPluginManager.enablePluginCatalogInOC=true.


Duplicate Pipeline Template Catalogs in the Configuration as Code (CasC) for Controllers jenkins.yaml file on each instance restart

If a Pipeline Template Catalog is configured in the CasC jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported CasC configuration.