Security fixes
- Confidential information disclosure via aggregated node list in High Availability (HA) controllers
-
The REST API endpoint for listing agents on High Availability (HA) controllers was mistakenly accessible to anonymous users. Some users with limited permissions could also see confidential job-related information they should not have seen. This has been fixed and permission checks now work as expected.
Upgrade Notes
- Operations center CloudBees Assurance Program plugin changes since 2.462.3.3
-
The following plugins have been added to the Operations center CloudBees Assurance Program since 2.462.3.3:
-
OpenId Connect Authentication Plugin (
oic-auth)
-
The following plugins have been removed from the Operations center CloudBees Assurance Program since 2.462.3.3:
-
View Job Filters (
view-job-filters)
- Controller CloudBees Assurance Program plugin changes since 2.462.3.3
-
The following plugins have been added to the Controller CloudBees Assurance Program since 2.462.3.3:
-
OpenId Connect Authentication Plugin (
oic-auth)
-
Known Issues
- Replaying a build in a High Availability (HA) controller could sometimes lead to a warning about script approval and failure
-
When replaying a build in a High Availability (HA) controller and the build gets load balanced to another replica, it could be scheduled with an incorrect sandbox status.
- Cannot add CyberArk / Hashicorp Vault credentials from the Add button of a credentials form
-
When you try to add a CyberArk credential or Hashicorp Vault credential from the Add button of a credentials form, it fails with the error
Domain is read-onlyand the credential is not created. The workaround is to create the those types of credentials from the Manage Jenkins > Credentials page for root credentials or a Folder Credentials page for folder credentials.
- Updated support for the Integer version type in the Configuration as Code bundle
-
Updated support for the Integer version type in the Configuration as Code bundle
- GitHub plugin settings would not load on startup
-
The GitHub plugin configuration failed to load during the Operations center startup. Refer to GitHub Plugin settings not loaded on startup after upgrading for more information.
- Duplicate plugins in the Operations center Plugin Manager UI
-
When you search for a specific plugin under the Available tab in the Operations center Plugin Manager, the search results show duplicate entries for the plugin.