CloudBees CI on modern cloud platforms 2.541.1.35570

The following plugins have been removed from the operations center CloudBees Assurance Program since 2.528.3.35200:

The following plugins have been added to the controller CloudBees Assurance Program since 2.528.3.35200:

The system property -Dcom.cloudbees.opscenter.client.plugin.OperationsCenterRootAction.remotingSlaveManager=true is no longer supported by controllers; shared agent management is now always performed via HTTP. The operations center will continue to support remoting mode for older controllers using this option until those versions are no longer supported in one year.

The Overall/Manage permission introduced with Jenkins version 2.222 is now enabled by default in CloudBees CI. For more information on this permission, refer to Delegate administration.

When you add or edit a HashiCorp Vault credential, a Scope field now appears. Select SYSTEM if you want the credential to be available only to the controller, which prevents credentials from being accessible in Pipelines and jobs. Select GLOBAL to retrieve application credentials for use in your Pipelines and jobs. Existing Vault credentials will continue working as they always have, so you do not need to make any changes. For extra security, it is a good idea to set Vault authentication credentials to SYSTEM, so Pipeline code cannot access them.

Under certain conditions, after a replica crashed in an HA controller, remaining replicas could take too long attempting to query the defunct replica for information about load (such as the number of running builds). This could block access to the Jenkins queue, leading to liveness probe failures and outages.

In the CloudBees CyberArk Credentials Provider plugin (cloudbees-cyberark-credentials), empty safe names in CyberArk configurations are now rejected by form validation and skipped at runtime, preventing the plugin from omitting the Safe parameter and unintentionally searching across all safes accessible to the configured AppID. When an empty safe name is encountered at runtime, it is now ignored and a warning is logged.

Starting with version 937.2.2, the Bitbucket Branch Source plugin no longer officially supports Bitbucket Server due to the Atlassian End of Support Policy. The plugin should continue working with existing Bitbucket Server installations, though official support has been removed. However, CloudBees cannot guarantee future compatibility of the Bitbucket Branch Source plugin with Bitbucket Server.

In an HA controller environment, using the open source SSH launcher on a permanent agent did not work when you selected multiple executors.

If a backup was taken after a Restore job without restarting the controller, stale metadata files were erroneously included in the backup. Restoring from such a backup caused a FileAlreadyExistsException during startup due to file duplication.

The CasC /casc-bundle-mgnt/force-reload-bundle endpoint now correctly returns a 200 status code upon successful reload.

Resolved an issue when configuring custom Update Centers on the operations center, where changing the plugin versioning strategy did not apply to plugins that were already configured. When an Update Center was configured with an upstream source and the plugin versioning strategy was changed (for example, from Require explicit configuration before publishing to Implicit publish the latest version), newly stored plugins still followed the previous strategy. Plugin versioning strategy changes now correctly apply to all plugins.

Fixed an issue where catalog imports would permanently fail due to transient Git connection errors (for example, Connection closed or Could not read from remote repository). These errors are now eligible for automatic retry.

An exception could appear in the operations center system log under certain conditions when processing messages from controllers, as observed when using the trigger remote job feature. The error is now reported more clearly.

The Checkpoints list, which was inadvertently hidden at the build level in the Pipeline Stage View following a security patch in the CloudBees CI 2.528.1.29783 release, has been restored. The underlying security improvements remain fully active.

Addressed an issue where setting the image registry override for the CasC Bundle Retriever to null during the Helm upgrade process for CloudBees CI on modern cloud platforms caused the deployment to fail instead of defaulting to a common registry.

Under certain timing conditions, a TCP inbound agent whose connection was closed due to a transient controller outage could attempt to reconnect but encountered an error that was incorrectly treated as fatal. This issue affected in-cluster agents connected to an HA controller.

When a container was restarted, typically due to a crash, in a replica pod of an HA controller, it was given a suffixed name (for example, -2) for HA replica tracking. However, some information in support bundles, such as the replicas/live/*/ and replicas/exited/*/ subdirectories, still used the bare pod name. Support bundles now use the correct suffixed pod names.

Previously, the CloudBees Backup plugin (infradna-backup) serialized the Jenkins object in $JENKINS_HOME/com.infradna.hudson.plugins.backup.store.DAVStore.xml. The issue has been resolved.

Previously, in AWS IAM Roles for Service Accounts (IRSA) multi-cluster environments, operations center event listeners would stop functioning after the Kubernetes access token to the controller’s Kubernetes cluster had expired, thus it was unable to watch the events from other Kubernetes clusters.

When you search for a specific plugin under the Available tab in the Operations center Plugin Manager, the search results show duplicate entries for the plugin.