Security fixes

Confidential information disclosure via aggregated node list in High Availability (HA) controllers

The REST API endpoint for listing agents on High Availability (HA) controllers was mistakenly accessible to anonymous users. Some users with limited permissions could also see confidential job-related information they should not have seen. This has been fixed and permission checks now work as expected.

Upgrade Notes

Operations center CloudBees Assurance Program plugin changes since 2.462.3.3

The following plugins have been added to the Operations center CloudBees Assurance Program since 2.462.3.3:

  • OpenId Connect Authentication Plugin (oic-auth)

The following plugins have been removed from the Operations center CloudBees Assurance Program since 2.462.3.3:

  • View Job Filters (view-job-filters)


Controller CloudBees Assurance Program plugin changes since 2.462.3.3

The following plugins have been added to the Controller CloudBees Assurance Program since 2.462.3.3:

  • OpenId Connect Authentication Plugin (oic-auth)


New Features

None.

Feature Enhancements

None.

Resolved Issues

None.

Known Issues

Duplicate Plugins in Operations Center Plugin Manager UI

When you search for a specific plugin under Available tab in operations center Plugin Manager, the search results shows duplicate entries of the searched plugin.


Cannot add CyberArk / Hashicorp Vault credentials from the Add button of a credentials form

When you try to add a CyberArk credential or Hashicorp Vault credential from the Add button of a credentials form, it fails with the error Domain is read-only and the credential is not created. The workaround is to create the those types of credentials from the Manage Jenkins > Credentials page for root credentials or a Folder Credentials page for folder credentials.


Authentication to operations center Configuration as Code Retriever API fails

After upgrading to version 2.462.1.3 or later, authentication to the operations center Configuration as Code Retriever endpoint API at ${OC_URL}/casc-retriever/* fails. This is due to the removal of the authentication method enabled by the attribute .OperationsCenter.CasC.Retriever.secrets.adminPassword.


Updated support for the Integer version type in the Configuration as Code bundle

Updated support for the Integer version type in the Configuration as Code bundle