Security fixes
- Security vulnerabilities were fixed from Jenkins
-
The following security tickets were fixed from Jenkins:
-
OSS issue [SECURITY-3237, SECURITY-3238]
-
OSS issue [SECURITY-3246]
-
OSS issue [SECURITY-3265]
-
Refer to the CloudBees Security Advisory October 25, 2023 for more information.
Upgrade Notes
- Operations center CloudBees Assurance Program plugin changes since 2.414.2.2
-
The following plugins have been removed from the Operations center CloudBees Assurance Program since 2.414.2.2:
-
Maven Integration plugin (
maven-plugin)
-
- Controller CloudBees Assurance Program plugin changes since 2.414.2.2
-
The following plugins have been added to the Controller CloudBees Assurance Program since 2.414.2.2:
-
GitLab API Plugin (
gitlab-api) -
GitLab Branch Source Plugin (
gitlab-branch-source) -
Jersey 2 API (
jersey2-api) -
Pipeline Maven Integration Plugin (
pipeline-maven) -
Pipeline Maven Plugin API (
pipeline-maven-api)
-
The following plugins have been removed from the Controller CloudBees Assurance Program since 2.414.2.2:
-
Maven Integration plugin (
maven-plugin)
Known Issues
- Failed parsing of data in the User Activity Monitoring plugin leads to incomplete data
-
Failed parsing of data from the User Activity Monitoring plugin will overwrite the user activity database. All user activity data that is logged up to that point in time is lost, in order to avoid this, refer to this knowledge base article Why is my user activity missing?.
- HTTP Client used for operations center to controller connection leads to performance issues
-
Due to known issues in the Java HTTP Client, there could be performance issues in operations center to controller interactions in heavily loaded environments.
For more details about this issue and workarounds, refer to Operations Center Client leaks HTTP Clients since version 2.401.1.3.
- YAML file is not validated in the Default YAML field of the Configure Controller Provisioning page
-
On the Configure Controller Provisioning page, the YAML file is not validated when it is configured in the Default YAML field.
- Auto-update bundle version may incorrectly update the wrong bundle version if multiple
bundle.yamlfiles exist in the repository -
When using "Auto-update bundle version", the wrong bundle may be updated if multiple
bundle.yamlfiles exist in the repository.
- Wrapped token file can not be deleted by the operations center
-
The
.wrappedTokenfile is inadvertently being included in the bundle by the operations center bundle retriever and giving a structural warning,[STRUCTURE] - The following files have been detected in the bundle folder but they are not yaml files: .wrappedToken.
- Add CloudBees CI communications to the CasC Bundle Retriever
-
When a bundle is retrieved from the SCM there are benign warnings in the logs about communication with the operations center.
- Error when renaming an existing EC2 cloud
-
When the name of an existing cloud node is updated, the user receives a 404 error after selecting save because the cloud page uses the cloud name as part of its URL. When the user saves the name, Jenkins sends the user to the URL with the old cloud name. All node changes are successfully saved.
- GitHub plugin settings would not load on startup
-
The GitHub plugin configuration failed to load during the Operations center startup. Refer to GitHub Plugin settings not loaded on startup after upgrading for more information.
- Clouds do not disappear after the Folder configuration update by a user without Overall/Administer permissions
-
Clouds deselect after a user without Overall/Administer permissions edits the Folder configuration.
- Duplicate plugins in the Operations center Plugin Manager UI
-
When you search for a specific plugin under the Available tab in the Operations center Plugin Manager, the search results show duplicate entries for the plugin.