CloudBees CI release highlights

What’s new in CloudBees CI 2.452.3.2

Watch video

Upgrade Notes

Git plugin uses Apache MINA for SSH transport

The Git plugin now uses JGit with Apache MINA only as SSH transporters.


The commons-lang3 library is no longer bundled with the infradna-backup plugin

The commons-lang3 library is no longer bundled with the infradna-backup plugin and the dependency now uses the commons-lang3 plugin.


Operations center CloudBees Assurance Program plugin changes since 2.452.2.3

The following plugins have been added to the Operations center CloudBees Assurance Program since 2.452.2.3:

  • EDDSA API Plugin (eddsa-api)


Controller CloudBees Assurance Program plugin changes since 2.452.2.3

The following plugins have been added to the Controller CloudBees Assurance Program since 2.452.2.3:

  • EDDSA API Plugin (eddsa-api)


New Features

Controller health check endpoint when using Hibernation

Added a new HTTP endpoint to the Hibernation monitor. The new endpoint can be used by external health check systems to generate alerts when a controller is not healthy, without waking up the controller.

Feature Enhancements

In the CloudBees Pipeline Explorer build info bar, link the SCM commit and commit message to that specific commit in the SCM repository

When possible, the SCM commit and commit message in the CloudBees Pipeline Explorer build info bar now link to that specific commit in the SCM repository.


Fixed sharing of VaultAWSCredentials between the operations center and controller

The AWS Credentials defined in the HashiCorp Vault store in the Operations center were not usable in controllers.

The AWS Credentials defined in Operations center are now shared and usable in controllers.


Vault credentials lookup performs less API calls

In UsernamePassword credentials and in SSHCredentials, the CloudBees HashiCorp Vault plugin sent multiple requests to HashiCorp Vault to retrieve credentials information.

Now, all information related to the credentials is retrieved in just one request to HashiCorp Vault.


Support added to store passwords and tokens used in plugins.yaml in files

In Configuration as Code Plugin Management 2.0 (bundles with apiVersion: 2), you could define passwords and tokens using environment variables.

Now, you can set that value using system properties and text files. For more information, refer to Plugin management with CasC.


Optional high detail logging for the Configuration as Code (CasC) bundle checkout process

Optional logging allows the logging contents of the folders to be involved in the bundle checkout at every step of the process.

This logging can have a performance impact and will generate massive logs, so it’s deactivated by default, and can be enabled with a system property.


Configuration as Code (CasC) list of bundles is now sorted alphabetically

In the Configuration as Code (CasC) UI, where multiple bundles are present per bundle location, the bundles are now shown in alphabetical order.


Hazelcast data structures enumerated in support bundles of High Availability (HA) controllers

The support bundles that are generated from the High Availability (HA) controllers now include, by default, a list of Hazelcast structures and associated statistics that can be useful to diagnose delayed communication between replicas, buffering issues, excessive memory usage, and so on.

Resolved Issues

Controller side API tokens are not deleted on first use

The API tokens created on controllers with the operations center SSO enabled were lost on first usage. They are no longer revoked if the user configuration option Synchronize details on login is disabled.

This issue is resolved.


Improvements to multiple CloudBees Pipeline Explorer elements positioning

In the CloudBees Pipeline Explorer, various elements positioning have been improved. These elements are: the BFA indicator, the search input when there is an error, and badges that display the log and map.


CyberArk credentials are now replaced by the credentials from Configuration as Code (CasC) bundles

Prior to this fix, the CyberArk credentials within a CloudBees CI instance were not removed when applying a CasC bundle with CyberArk credentials to that instance.

Now, only the CyberArk credentials from the CasC bundle are kept. The other credentials are deleted from CloudBees CI (not from CyberArk).

CyberArk credentials declared in CloudBees CI that were not part of your CasC bundles but were used to view credentials from CasC were added to your credentials list. This fix deletes all credentials that are not in CasC.

HTTP status code changed to reflect missing Configuration as Code bundle against a controller

When using Configuration as Code (CasC), if a controller is configured against the operations center, but has no associated bundle, the request for a linkfile returns a 400 (bad request) error instead of 200 (ok) error.


Pipeline policy violations might be reported in a nondeterministic order

When multiple Pipeline policies or rules were run, the list of policy violations might be displayed in an arbitrary order. Now, the order should be predictable.


NullPointerException when updating Configuration as Code bundle version with apiVersion 2

When updating the Configuration as Code bundle version number while hot reloadable plugins were present resulted in a NullPointerException error.

This issue is resolved.


NullPointerException when validating Kubernetes Cluster Endpoint

When using credentials in the Kubernetes Cluster Endpoints configuration, the Validate functionality shows an Angry Jenkins in the UI and a NullPointerException in the logs.

This issue is resolved.


A NullPointerException occurs when an item leaves the queue

A NullPointerException caused noise in the logs that prevented an item that recently left the queue to be proxied.

This issue is resolved.


Clouds do not disappear after the Folder configuration update by a user without Overall/Administer permissions

Clouds deselect after a user without Overall/Administer permissions edits the Folder configuration.

This issue is resolved.


CloudBees CasC Client plugin and CasC bundle retriever alignment

The algorithm used to authenticate communications between CloudBees CasC Client plugin (cloudbees-casc-client) and the CloudBees CasC bundle retriever (cast-retriever) has been updated.

The casc-client and casc-retriever versions are now aligned as follows:

  • cloudbees-casc-client >= 2.60 requires casc-retriever >= 1.0.25

  • cloudbees-casc-client < 2.60 requires casc-retriever ⇐ 1.0.22


Possible RBAC cache lock issue because of Backup Projects Admin Monitor

An Admin Monitor checking Backup Projects for security issues led to possible locks in the RBAC cache.

The check now runs in a way that ensures this problem no longer occurs.

Known Issues

Some RBAC permissions would not load when using the FINE logger