CloudBees CI on traditional platforms 2.190.2.2

Rolling release: 2019-10-29

Based on Jenkins LTS 2.190.2-cb-5

Resolved issues

Update blue-ocean to 1.19.0 (NGPIPELINE-679, -646, -638)

Upgraded Blue Ocean Plugin from 1.18.1 to 1.19.0. Blue Ocean was unable to show the visualization for Pipelines when build causes for the Pipeline were null. With this fix, Blue Ocean now checks if build causes are null before attempting to access them.

When viewing the visualization for an in-progress Pipeline Build in Blue Ocean, it was not possible to select sequential stages inside of a parallel stages other than the first sequential stage to show the steps for that stage in the lower half of the visualization until the stage completed. With this fix, sequential stages inside of a parallel stage can now be selected, even when they are still in progress.

The Blue Ocean Pipeline visualization showed in-progress and completed stages as if they had not started in some cases, and did not show the correct status until after the build was completed. With this fix, the Blue Ocean Pipeline visualization correctly shows the status of in-progress and completed stages even while the build is ongoing.

Publish github-branch-source 2.5.8 (NGPIPELINE-703)

Upgraded GitHub Branch Source Plugin from 2.5.6 to 2.5.8. Users were unable to override default webhook URLs to receive webhook events, for example, in cases where a Jenkins master is behind a firewall and there is a proxy service to receive webhook events or the Jenkins master is down and there is queuing service to collect webhook events to be delivered to Jenkins master when it comes back up. With this fix, users can now use the JVM property jenkins.hook.url to configure a webhook URL.

For instances where an invalid repository URL was entered, the error was not handled properly. With this fix, when an invalid repository URL is entered, an error is displayed in the UI.

Update for 2.9.10 (JENSEC-533)

Upgraded Jackson2 API Plugin from 2.9.9.1 to 2.9.10. Previous releases of Jackson were vulnerable to numerous CVEs listed in https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.10#databind which are fixed in this release.

Update Jira Plugin 3.0.10

Upgraded JIRA Plugin from 3.0.9 to 3.0.10. The previously provided version of the Jira plugin, 3.0.9, bundled Jackson 1.x in its dependencies making it vulnerable to CVE-2017-7525. This upgrade to Jira plugin version 3.0.10 excludes these Jackson libraries.

Fix Copy with Builds error (CTR-680)

Upgraded Operations Center Context Plugin from 2.176.0.6 to 2.190.0.1. Maven jobs could not be moved/copied using the Move/Copy/Promote feature. With this fix, there is a new file (permalinks) inside the builds folder which is autogenerated by Jenkins core, and the Move/Copy operations are overwriting it now.

Pipelines with groovy scripts issues (CTR-712, -512)

Upgraded Pipeline Event Step from 1.5 to 1.7. The JSON field that is present for all inherited classes of Cause "_class" was missing on BuildTriggerCause, which was an issue when using it with groovy code in Pipelines. With this fix, the field "_class" is now present again. When creating Pipelines with groovy scripts, JSON files that contained a null attribute would cause the build to fail, and an exception was fired, "org.kohsuke.stapler.export.NotExportableException: class net.sf.json.JSONNull doesn’t have @ExportedBean". With this fix, when creating Pipelines with groovy scripts, if the JSON file has a null value, Jenkins will remove the attribute from the JSON when exporting it.

Memory leak issue (NGPIPELINE-673)

Upgraded PubSub Light Plugin from 1.12 to 1.13. When used with the SSE Gateway Plugin, the PubSub “light” Bus Plugin was generating a memory leak. With this fix, the plugins no longer generate a memory leak.

Update to 1.66 (NGPIPELINE-745, -741)

Upgraded Script Security Plugin from 1.63 to 1.66. A cache used by the class loader for sandboxed Groovy scripts was cleared out every time the garbage collector ran. This clearing out could lead to performance issues for complex sandboxed scripts, particularly in environments where the garbage collector ran frequently, as it significantly reduced the effectiveness of the cache. The cache used by the class loader for sandboxed Groovy scripts is no longer cleared out by the garbage collector.

Memory leak issue (NGPIPELINE-674)

Upgraded SSE Gateway Plugin from 1.17 to 1.20. We have fixed the SSE Gateway Plugin issue that was causing a memory leak.

SSH keys issue (JENSEC-639)

Upgraded SSH Credentials Plugin from 1.17.1 to 1.17.3. SSH keys saved as credentials without a new line at the end of the key caused errors with downstream consumers of the SSH keys. With this fix, SSH keys saved as credentials without a new line at the end of the key now work as expected.

Operations Center Security realm issue (CTR-600)

When the authorization strategy on Operations Center was not RBAC (Role Based Access Control), Operation Center’s SSO (single sign-on) was not functioning properly, even when the user was granted access to the master. Instead, after creating a team, users were redirected to the Team Master login page. With this fix, Operations Center correctly propagates the security realm to the master even when RBAC is not the authorization strategy.

Known issues

None