CloudBees CI on modern cloud platforms 2.555.1.36485

Upgrade Notes

Java 17 is no longer supported and Java 21 is now required

As of the CloudBees CI 2.555.1.36485 release, Java 17 is no longer supported, and you must migrate to Java 21. An administrative monitor is available to notify you if either the operations center or any connected controllers are running with Java 17. For information on migrating from Java 17 to Java 21, refer to:

If you have any concerns or questions, please contact CloudBees Support.

New health check endpoint now enforced on managed controllers: CloudBees CI 2.504.1.6 introduced a new health check endpoint for controllers and added an option in the managed controller configuration to enable this endpoint. Since CloudBees CI 2.492.3.5 (the last release without the new endpoint) is no longer supported, the option to enable the new endpoint has been removed. Managed controller provisioning now always uses the new /health/ endpoint, sometimes with a probe query parameter to fine-tune behavior, instead of the older /whoAmI/api/json?tree=authenticated endpoint. The new /health/ endpoint provides richer functionality, especially for High Availability (HA) controllers.

The Configuration as Code option useNewHealthCheck: true in the operations center items.yaml file is also no longer supported.

Managed controllers running an older version should not be reprovisioned by an updated operations center until they are upgraded to a supported version, as their probes will fail and the pod will not become ready. Managed controllers running CloudBees CI version 2.492.3.5 or earlier are not supported under the CloudBees CI maintenance lifecycle policy and may not work correctly with the new health check endpoint. According to the CloudBees CI version skew policy, running this version of the operations center with an older managed controller is not supported until the managed controller has been updated.

Client controllers are not affected. If your load balancer allows you to configure a health check endpoint, /health/ is recommended.

Operations center CloudBees Assurance Program plugin changes since 2.541.3.36069

The following plugins have been added to the operations center CloudBees Assurance Program since 2.541.3.36069:

Jackson 3 API Plugin (jackson3-api)
SnakeYAML Engine API Plugin (snakeyaml-engine-api)

Controller CloudBees Assurance Program plugin changes since 2.541.3.36069

The following plugins have been added to the controller CloudBees Assurance Program since 2.541.3.36069:

Jackson 3 API Plugin (jackson3-api)
SnakeYAML Engine API Plugin (snakeyaml-engine-api)

Jenkins 2.555 upgrade notes

New Features

Kubernetes Gateway API Beta: CloudBees CI on modern cloud platforms support of Kubernetes Gateway API as an alternative to Ingress-based routing is now in Beta.

CloudBees validates Gateway API with Istio and Envoy Gateway. Any implementation with Gateway API Core conformance is supported; Extended conformance (GEP-1619) is recommended for High Availability (HA) and High Scalability controllers.

For more information, refer to Kubernetes Gateway API for CloudBees CI on modern cloud platforms.

HA-specific agents display

High Availability (HA) controllers now display a dedicated page listing agents. This page is shown by default instead of the standard Jenkins Nodes page, but a link is provided to access the original page if needed. Compared to the Jenkins Nodes page, the new agent view:

Hides cloned agents representing HA multiple executors by default; you can expand them to view details as needed.
Displays the replica to which each agent is connected, the build it is running (if applicable), and the launch log, depending on user permissions.
Indicates agent type (inbound permanent, outbound permanent, or cloud), which is significant for HA management.
Shows node monitor data aggregated from other replicas when available, currently after a delay.
Refreshes automatically.

Added support for Swarm agents in HA controllers: HA controllers now include an optional integration with the Swarm plugin (swarm), enabling Swarm agents to work reliably with high availability features such as multiple executors and rolling restarts.

Since the Swarm plugin is not in the CloudBees Assurance Program, you must upgrade the Swarm plugin on each controller before upgrading CloudBees CI; otherwise the CloudBees High Availability (Active/Active) Plugin (cloudbees-replication) will not start.

Feature Enhancements

Removed deprecated CSRF proxy compatibility settings: Jenkins 2.543 removed the client IP address from CSRF crumb validation. As a result, the crumbIssuerProxyCompatibility system property (automatically set on HA controllers), the excludeClientIPFromCrumb Configuration as Code (CasC) attribute, and the OperationsCenter.CSRF.ProxyCompatibility Helm value no longer have any effect and have been removed.

The externalTrafficPolicy=Local workaround on ingress-nginx, which was previously recommended to preserve client IP addresses for crumb validation, is also no longer necessary.

Google Compute Engine plugin and HA controller agent enhancements

The Google Compute Engine plugin (google-compute-engine) includes the following new features:

For CloudBees CI HA controllers with idle agents enabled, a new Terminate idle agents during shutdown option is now available. When a replica goes down (for example, during a rolling restart), idle agents connected to that replica become orphaned and are not visible to other replicas. Although a periodic cleanup task eventually removes orphaned agents after approximately three hours, this delay can result in unnecessary resource consumption. To prevent this, enable the Terminate idle agents during shutdown option.
The minimumNumberOfInstances and minimumNumberOfSpareInstances settings are now supported. Use these settings to keep prewarmed agents available for immediate builds. Minimum instance counts can be configured for specific time ranges and days of the week. This feature is similar to the functionality available in the Amazon EC2 plugin (ec2).
You can now configure custom metadata key-value pairs for agent VMs. Previously, only implicit metadata settings such as startup-script were supported. The new configuration accepts any number of key-value pairs, including values that contain newline characters.

Operations center now rejects controllers with an incompatible JDK: When the operations center runs a higher bytecode version than the controller JVM can execute, the operations center now marks the controller as disconnected. Previously, the controller appeared connected even though the communication was internally broken.

Hibernation monitor now uses consistent health check endpoint in all routing modes: Previously, when the hibernation monitor redirected to a managed controller in the browser, it used different endpoints depending on the routing mode: the generic /login endpoint in path-based routing mode, and a special endpoint defined by the hibernation plugin in subdomain-based routing mode (to handle a CORS violation). The hibernation monitor now uses the special hibernation plugin endpoint in all routing modes.

Resolved Issues

Fixed UrlFolderIcon performance issue with large folder or Role-Based Access Control configurations: Fixed a performance issue where the UrlFolderIconContributor CSP contributor iterated over all folders and performed per-user Role-Based Access Control (RBAC) permission checks on every HTTP request. On controllers with large numbers of folders and RBAC groups, this caused HTTP worker threads to block, making the controller unresponsive.

CloudBees Role-Based Access Control plugin upgrade failure caused by Matrix Authorization Strategy plugin version requirement: When upgrading CloudBees CI from version 2.492.2.3 or later to 2.541.2.35785 or earlier, the CloudBees Role-Based Access Control plugin (nectar-rbac) required version 3.2.9 of the Matrix Authorization Strategy plugin (matrix-auth). Because the Matrix Authorization Strategy plugin is no longer in the CloudBees Assurance Program (CAP), it was not automatically upgraded, causing the CloudBees Role-Based Access Control plugin (and any plugins that depend on it, including several relating to the operations center) to also fail to upgrade. This could result in errors or failures when starting the controller or operations center.

The CloudBees Role-Based Access Control plugin now requires a minimum of version 3.2.5 of the Matrix Authorization Strategy plugin, which has been in the CloudBees Assurance Program for over a year.

Upgrading CloudBees CI versions more than one year apart in a single step is not supported.

casc-bundle-service ConfigMap now correctly formatted: The CloudBees Helm chart now correctly formats casc-bundle-service ConfigMap content, avoiding an invalid configuration.

MapDB corruption no longer causes controller connectivity loss: In rare cases, corruption of MapDB database caused controllers to lose connectivity because the transport messaging system never came up. MapDB now detects and resets the corruption, preventing connectivity loss.

CloudBees Unify API endpoint is now configurable: CloudBees CI controllers can be integrated with CloudBees Unify to visualize CI jobs and builds, analyze test results, and orchestrate software releases. For deployments with a custom CloudBees Unify API endpoint, the endpoint is now configurable via the CloudBees CI UI or CasC bundle for controllers using the single-controller integration and opted-out controllers using multi-controller integration via the operations center. For opted-in controllers, the endpoint and other connection settings remain managed by the operations center and are not editable.

Cached build logs were not deleted with CloudBees Pipeline Explorer: Cached build logs downloaded to /tmp/jenkins/external-logs are now deleted after the 30-minute timeout. Previously, these logs were not being removed as expected.

Node monitors were not synchronized across HA replicas: Changes to the configuration of node monitors in an HA controller were not propagated across replicas without a restart.

Incorrect display of Approved Folders node monitor column in HA controller: In an HA controller, the Approved Folders node monitor column in the Nodes page incorrectly displayed content such as … more even when no approved folders existed.

Known Issues

Blue Ocean and team controllers end-of-life

Starting with the July 2026 CloudBees CI on modern cloud platforms release, Blue Ocean and Team controllers will reach end-of-life (EOL) and will no longer be supported. After this date, Blue Ocean and Team controllers will not receive updates, security patches, or technical support and will be removed from the CloudBees Assurance Program (CAP).

What this means for you:

Team controllers will cease to function starting with the July 2026 release.
Blue Ocean may continue to work, but is no longer supported by CloudBees.
No further updates or security patches will be provided.
Technical support for Blue Ocean and Team controllers will no longer be available.

CloudBees strongly encourages all customers to complete their migration away from Team controllers before the EOL date to ensure uninterrupted service. For detailed migration guidance, please refer to In-place conversion of team controllers to managed controllers. If you have questions or need assistance, please contact CloudBees Support.

Duplicate plugins in the Operations center Plugin Manager UI: When you search for a specific plugin under the Available tab in the Operations center Plugin Manager, the search results show duplicate entries for the plugin.