CloudBees CI on modern cloud platforms 2.479.3.1

The following plugins have been added to the Operations center CloudBees Assurance Program since 2.479.2.3:

The following plugins have been added to the Controller CloudBees Assurance Program since 2.479.2.3:

Support for Java 21 was added for non-FIPS versions of CloudBees CI. CloudBees recommends that you upgrade your instances to Java 21 as soon as possible for the best experience. For more information, refer to Migrate to Java 21 for CloudBees CI on modern cloud platforms or Migrate to Java 21 for CloudBees CI on traditional platforms.

In the Manage Jenkins  Configure Controller Provisioning page, you can now define the default values for the startup probe. This ensures that these defaults are applied whenever a new managed controller is started.

A warning is displayed if CloudBees CI High Availability (HA) is enabled and Pipeline durability is not set to the maximum survivability/durability or if any Pipeline job has enabled the "Do not allow the pipeline to resume if the controller restarts" property. This warning, previously shown only to administrators, will now also be visible to users with the SYSTEM_READ or MANAGE permissions.

The Cluster state section of the High Availability (HA) screen now refreshes itself every few seconds without requiring the page to be reloaded.

Since all replicas of a High Availability (HA) controller are expected to be on the same LAN, reverse proxy functionality (for example, used to display a build managed by a replica other than the one with the sticky session) no longer honors the Jenkins (forward) proxy configuration. The corresponding administrative monitor has also been removed, as there is no longer a need to list replica IP addresses among the no-proxy hosts.

The Operations center on Kubernetes occasionally sends CloudBees summaries of the configuration of the managed controller. This summary now includes a list of storage class provisioners (not storage class names) that indicate the types of filesystems that are in use.

Previously, the aggregation API /queue/api/json only returned the output from the replica that processed the request and this resulted in deviation between the API output and the UI Build Queue panel. With the implementation of supporting aggregated output in /queue/api/json, the output now contains queue items from all replicas. This is similar to the other two aggregation APIs /jobs/../api/json and /computer/api/json.

Previously, only users with administrator rights could access this administrative monitor. Now, users with SYSTEM_READ permission can also view the warning, but they cannot take any action on it (for example, uninstall the plugin or dismiss the notification).

When one replica in a High Availability (HA) controller saved $JENKINS_HOME/config.xml, the other replicas reloaded it from disk as expected, but also resaved it. This was not the best use of I/O, and potentially a source of occasional errors in network filesystems.

When a replica is terminated unexpectedly, some queue items could get lost and this causes Pipelines to wait indefinitely. Now, these queue items are rescheduled automatically and allow the Pipelines to proceed normally.

When you upgraded a High Availability (HA) controller to the 2.479.3.1 release, it may have triggered a display of unwanted entries in the Manage Old Data screen. Now, it no longer displays the unwanted entries.

Under certain circumstances, a Multi-branch project configured to use the Initial Index Build Prevention strategy may have incorrectly refused to trigger a build of a new commit, whether from an event or branch indexing. Now, a Multi-branch project no longer incorrectly refuses to trigger a build of a new commit.

Under certain circumstances, a High Availability (HA) controller queue maintenance could trigger a StackOverflowError between QueueLoadBalancer and Queue#getCauseOfBlockageForItem.

When using the Multi-branch project trait to avoid triggering builds due to branch reindexing without real changes, no messages were printed to the branch indexing log that explains why a build was or was not being triggered. This made it more difficult to diagnose problems.

When the Elasticsearch Reporter plugins were installed on the operations center and configured to push the configuration to the managed controllers, an High Availability (HA) managed controller lacked the controller plugins. Errors could be thrown that synchronized settings from the operations center with the result that some replicas would be unable to use the operations center single sign-on (SSO) and potentially other functions.

When a Multi-branch Pipeline project is configured to abort builds of merged or otherwise closed branches or change requests ahead of actually deleting them, builds that run on corresponding branch projects were not consistently aborted in High Availability (HA) controllers.

The incorrect logs related to Failed to write in the CI Catalog Server were not accurate and could have led to a false analysis.

The operations center displayed an administrative monitor advising you to uninstall Blue Ocean, but if you tried to uninstall it, some components would be reinstalled on the next startup. (It was possible to either dismiss the monitor or disable the plugins without uninstalling them.) Now, these plugins are not forcibly installed, or they are not included in the default list of plugins to install in the setup wizard.

The Jenkins instance will now immediately fail to start if the Update Center JSON file is unavailable or cannot be parsed.

Added enhanced support for data persistence of the Configuration as Code bundle that is assigned to the controller via the API and Jenkins CLI workflow.

This change improves the resilience of the client controllers by implementing a fallback mechanism. When the Configuration as Code bundle file is inaccessible due to proxy issues, the system will automatically revert to the existing configuration, ensuring continued operations without disruptions. This provides a more reliable experience in environments with proxy-related access limitations or misconfigurations.

The Configuration as Code remote validation did not work properly with the override merge strategy as an unexpected warning was raised without a descriptive reason.

When a NullPointerException was returned after reading the value of a describable’s property, the Configuration as Code item export ignored the describable object.

The plugin catalog is no longer displayed in the controller UI when running in FIPS mode.

In FIPS mode, the CloudBees Platform Common plugin (cloudbees-platform-common) now enforces the use of secure URLs for the delivery automation endpoint. Any attempt to configure an insecure URL will be rejected, ensuring compliance with FIPS requirements.

The severity of FIPS-related errors in the Controller Lifecycle Notification plugin (operations-center-webhooks) has been upgraded from changed to errors. This change ensures that critical compliance issues are more prominently highlighted.

The generation of the User Activity Report summary no longer takes a long time in environments with many duplicated User IDs or emails.

Previously, only users with the ADMINISTRATOR permission could access this admin monitor. Now, users with SYSTEM_READ permission can also view the warning, but they will not be able to take any action on it (for example, uninstall the plugin or dismiss the notification).

Since the release of the CloudBees HashiCorp Vault Plugin version 1.501, the HA/HS replication support for credentials configured via this plugin was not functional. Since the release of the CloudBees HashiCorp Vault Plugin version 1.521, replication support for folder-level authentication configurations in this plugin was also not functional.

The operations center and controllers were not correctly subscribed in the messaging system with a dynamic load which led to new submissions not being analyzed and data could not be seen since the CloudBees CI 2.462.1.3 release.

Previously, a negative value was displayed for the file size in the CloudBees Pipeline Explorer UI when the log size was greater than 2GB. This issue has been resolved.

When an SSH Username with private key credential was created or updated, the validation messages in the form were not updated because a JavaScript error prevented it. Now, when the validation message is displayed and the value is changed, the validation error is updated.

With the EDDSA API plugin, the SSH ed25519 key is now supported and can be used during key exchange negotiations.

Removed an incorrect validation that was performed in the Update Center data file when a mirror server was configured to manage the plugins using Configuration as Code. The file was considered invalid when a new CloudBees CI version was available.

After upgrading to CloudBees CI version 2.462.1.3 or later, authentication to the operations center Configuration as Code Retriever endpoint API at ${OC_URL}/casc-retriever/* fails. This is due to the removal of the authentication method enabled by the attribute .OperationsCenter.CasC.Retriever.secrets.adminPassword.

The Github Plugin configuration failed to load during the Operations center startup. Refer to GitHub Plugin settings not loaded on startup after upgrading for more information.

When you search for a specific plugin under Available tab in operations center Plugin Manager, the search results shows duplicate entries of the searched plugin.

CloudBees CI users running versions 2.479.1.4, 2.479.2.3, and 2.479.3.1 with the Firefox web browser will be unable to unpack compressed tar archives with the .tgz suffix due to a bug in Eclipse Jetty 12.0.0 through 12.0.14. The issue has been fixed in Eclipse Jetty 12.0.15 and will be included in a future release of CloudBees CI.