CloudBees CI on modern cloud platforms 2.452.2.3

Up until now, only Administrators were able to create, update, and do anything with Configuration as Code bundles. With this new feature, Administrators can grant different permissions to their team members to allow them to perform different tasks with Configuration as Code.

Configuration as Code Plugin Management (apiVersion: 2) now includes a new repository layout that allows users to configure a download URL that accepts parameters such as the plugin ID.

plugins:
  - id: "beer"
    parameters:
      env: "staging"
      tier: "customization"
    repositoryId: test-repo
  - id: "chucknorris"
    parameters:
      env: "staging"
      tier: "customization"
    repositoryId: test-repo
repositories:
  - id: test-repo
    layout: parameters
    url: http://my-web-server/$env/$tier/$pluginId.hpi
▼

The Configuration as Code bundle now suppresses the log file strings that read No items.yaml in configuration bundle or No rbac.yaml in configuration bundle when not applicable.

When there is a CloudBees CI installation on EKS using ALB, the annotation alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true is now predefined automatically on High Availability (HA) managed controllers to ensure that browser sessions consistently display a single replica.

A hibernated managed controller could previously be kept awake by anonymous HTTP requests. Now, only authenticated web traffic is considered “activity”.

If CloudBees CI is installed on a public-facing network with hibernation enabled, there was previously nothing to prevent malicious actors from visiting the hibernation redirect, queue, or proxy URL endpoints and forcing the managed controller to wake up gratuitously. Now, there is a Helm chart option to generate a random token that must be included in these URLs.

The new Pipeline policy rule Agent without Retry can be used to guide Pipeline authors to make sure agent usages are retried automatically if there is an infrastructure outage.

When a managed controller is set to hibernate, a new sidebar link now appears on the dashboard and on items (such as jobs) that offer the hibernation redirect link.

The CyberArk Credentials Provider plugin already caches details of the GetPassword request to CyberArk, but not the password itself. Additionally, the plugin always makes a call to retrieve the credentials password.

Failed parsing of data from the User Activity Monitoring plugin resets the user activity database that leads to incomplete data. If you cannot update to a version that includes the fix, please open a new ticket with the CloudBees Support team. There is a new version of the UAM (v 1.50) that can be provided by our support team.

Because of known issues in the Java HTTP Client, there could be performance issues in the Operations Center to Controllers interactions in heavily loaded environments.

The CloudBees HashiCorp Vault plugin is leaking HTTP clients when calling Vault and this could cause performance issues over time.

The CloudBees SCM Reporting Plugin was causing unwanted and frequent credentials lookup from controllers that defined GitHub Multibranch and Organization items. This could lead to further performance problems and delays on credentials related operations.

The resources of the Hibernation Monitor pod container are not configurable via the Helm Chart. The issue has been fixed. The resources are now configurable under the Hibernation.Resources object.

When you enable subdomains in a cluster (Subdomain=true) and hibernation (Hibernation.Enabled=true), the redirect page on the hibernation monitor (/hibernation/ns/extra-namespace/redirect/) wakes the controller, but it used an invalid liveness check URL and the web page stated that it was still waiting for the controller to finish starting, even after it had already started.

The Pipeline idiom retry(count: …, conditions: [kubernetesAgent()…]) or Declarative retries with agent Kubernetes is intended to detect cases when the agent was disconnected and retry the block (creating a fresh pod from the same template).

If a High Availability (HA) managed controller was created in a cluster using network policies, the reverse proxy used to forward connections between replicas did not work. This has been fixed.

Addressed a code path where a thread could be leaked on reverse proxying failure.

In CloudBees Pipeline Explorer, when you click on the input box for the "Go to line number" feature, it immediately caused the page to load the last entered number. This behavior has been fixed to only trigger when you press the Enter key after you type in a line number or click on the arrow icon to the right of the input box.

When a parallel stage collapses in the CloudBees Pipeline Explorer Map, the node display breaks.

Fixed occurrences of java.lang.IllegalArgumentException: Expecting yaml to be parseable as a map in the operations center in CloudBees CI on modern cloud platforms when the Ingress Annotations field is blank in the controller Provisioning configuration. The exception is a red herring.

The CloudBees Update Centers offer the latest compatible version with the CBCI release of non-CAP plugins. If the latest release of one of them is not compatible, that version was not offered by the Update Center, being provided the latest compatible one.

The Cyberark Credentials Provider used an outdated version of MapDB for on-disk caching layer.

The operations center generates sublicenses for controllers. The sublicense signature used the deprecated SHA1 algorithm. It now uses the SHA512 algorithm.

When using credentials in the Kubernetes Cluster Endpoints configuration, the Validate functionality shows an Angry Jenkins in the UI and a null pointer exception in Jenkins logs.

If a Pipeline Template Catalog is configured in the Configuration as Code jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported Configuration as Code configuration.

The NonConfigurableKubernetesCloud setting on the pod template page appeared to be editable. However, it is read-only.

Clouds deselect after a user without Administer permissions edit the Folder configuration.