Critical issues

Regression in CloudBees Plugin Usage Plugin 2.0, 2.2

CloudBees CI versions 2.263.1.2 and 2.263.2.2 have a potential issue involving the CloudBees Plugin Usage Plugin versions 2.0 and 2.2:

This plugin produces the analysis.json file in $JENKINS/pup. On large instances, for example with many jobs, this file can be quite large. At the next restart of the controller, the plugin usage analyzer tries to parse this file and with large files this could take some time and it may block the start-up process of the controller thereby leading to longer startup time.

CloudBees recommends that you upgrade to CloudBees CI version 2.263.4.1 or later, or upgrade the CloudBees Plugin Usage Plugin to version 2.6. If you cannot upgrade to 2.263.4.1, it’s best to disable the CloudBees Plugin Usage Plugin (short name cloudbees-plugin-usage) until then. If Jenkins is not accessible, see Disabling a plugin when Jenkins is down

This issue is only a problem on startup. Another workaround is to remove the file $JENKINS/pup/analysis.json before starting or restarting Jenkins.

Security fixes

Remove jQuery on cloudbees-monitoring-plugin (CPLT2-6943)

The following jQuery files are no longer being used and have been removed:

  • /scripts/jquery.flot.time.js

  • /scripts/jquery.flot.resize.js

  • /scripts/jquery-2.1.0.min.js

  • /scripts/jquery.flot.hiddengraphs.js

  • /scripts/jquery.flot.js

New features

Update support-core to 2.72 (FNDJEN-3356)

CloudBees now supports the Jenkins Support Core plugin version 2.72 . For more information, see https://github.com/jenkinsci/support-core-plugin/releases.

Detect Insecure Pipeline Interpolation (Password Leaking) (NGPIPELINE-1277)

CloudBees CI now adds warnings on build and log pages when potentially unsafe Groovy constructions are used. For more information, see String interpolation.

Feature enhancements

New logo for CloudBees Plugin Usage Analyzer plugin (FNDJEN-3316)

The plugin now has its own logo in order to differentiate it from the Jenkins Controller plugin manager. For more information on this, see How to determine if a plugin is in use.

Update Operations Center Context plugin dependencies (CTR-2603)

The Operations Center Context plugin is now using jQuery 3.5.1.

Dependency updates (CTR-2944)
  • Minimum jenkins-core upgraded to 2.263.1.2

  • Minimum nectar-license plugin version upgraded to 8.28

  • Minimum cloudbees-template plugin version upgraded to 4.49

  • Minimum script-security plugin version upgraded to 1.75

Change product license URL (CTR-736)

The URL of our license terms has changed to https://www.cloudbees.com/r/subscription.

Resolved issues

Cross Team Collaboration could not use the Operations Center router with CasC for Masters (CTR-2088)

With this fix, Cross Team Collaboration can now use the Operations Center router in the Configuration as Code (CasC) for Masters configuration.

Trigger remote job widget is rendering '[' when error on path (CTR-2560)

An invalid path of the downstream job is now properly managed and displayed in the configuration of the Trigger builds on remote/local jobs build step.

Plugins from an https server with SNI certificates cannot be downloaded in Plugin Catalog through Installation Manager (FNDJEN-3070)

Before this release users were unable to download plugins defined in a plugin catalog from servers using SNI certificates.

CloudBees Installation Manager 2.89.0.33 allows downloading plugins from servers configured with SNI certificates. In addition, the new version follows redirections if needed for the plugin download.

Known issues

Instances using CloudBees Plugin Usage Plugin version 2.0 experience a long start up time (FNDJEN-3377)

When using CloudBees Plugin Usage Plugin version 2.0 and the controller restarts, the web UI may display the “Please wait while Jenkins is getting ready to work” message for an unusually long period of time. After the instance is started up, the start-up performance logs show that the {{AnalyzerWork.initialize}} had taken a long time.

The loading of the previous plugin usage report file {{analysis.json}} takes too long. CloudBees will fix this issue in an upcoming release. See this knowledge base article CloudBees Plugin Usage Plugin 2.0 slows down Controller Start Up for immediate steps to remedy the issue until the fix is available.

Regressions related to user-created content [CBCI-389]

This release contains multiple regressions related to files in user-created content served by the following CloudBees products:

  • CloudBees CI

  • CloudBees Jenkins Distribution

  • CloudBees Jenkins Platform

  • CloudBees Jenkins Enterprise

You may experience the following issues with user-created content:

  • If you use external artifact storage, like the Artifact Manager S3 Plugin or Compress Artifacts Plugin, it is not possible to download entire directories of archived artifacts as Zip files. Instead, you receive an error message.

  • Zip files containing directories of workspaces, archived artifacts, and similar user-created content do not include top-level directories anymore (typically called “archive” for archived artifacts, and the job name for workspaces), which can break expectations about Zip file structure, for example, in scripted clients.

  • File handles are not closed correctly whenever individual files are downloaded from workspaces, archived artifacts, and similar user-created content. This can result in Jenkins running out of file handles.

These issues are resolved in release 2.263.2.3.

Upgrade notes

CloudBees recommends that you start to prepare for the March release of Jenkins LTS as soon as possible. The March release will include important updates. If you use Jenkins LTS plugins that are not in the CloudBees Assurance Program (CAP), you should update them before upgrading your CloudBees products to ensure compatibility with the March release. If your company uses its own proprietary (non-CloudBees) plugins, CloudBees recommends that you test them against Jenkins version 2.266+ prior to the March release. And, as always, backing up your data before upgrading is strongly encouraged. For details about changes in the March Jenkins LTS release, see https://www.jenkins.io/blog/2020/11/10/spring-xstream/ and https://www.jenkins.io/doc/developer/views/table-to-div-migration/.

If upgrading from a rolling release older than 2.387.1.3, customers may experience technical difficulties. CloudBees ensures compatibility only between supported versions of the product and recommends upgrading early and often to avoid these difficulties. If you are having difficulties upgrading, contact CloudBees Support for assistance.

CloudBees Role-Based Access Control Plugin

With this upgrade, for security reasons, we are disabling the ability to configure RBAC groups and role filters at the views level.

See CloudBees Role-Based Access Control Plugin 5.42 for more information about the security vulnerability.

This change means that any previous groups or role filters created in a view will not be applied and you will not be able to configure them.

This update only affects the views themselves, not the items within them. Previous permissions applied to the items are still enforced.

If you were filtering roles on views before this upgrade, these filters will no longer work, so your users may have a more permissive permission scheme on the views.

CloudBees recommends running this script in your script console to determine if you have a configuration on your instance that will be affected by this change.

If you do have a configuration that will be affected by this change, you have two options:

  1. (CloudBees recommended approach) Recreate each view inside a folder and apply the RBAC configuration to the folder. The folder RBAC configuration is propagated to the view since it is inside the folder.

  2. Enable RBAC configuration on views by setting the system property nectar.plugins.rbac.groups.ViewProxyGroupContainer=true.

    This approach is not recommended for security reasons.
CloudBees High Availability plugin

CloudBees has upgraded the JGroups dependency for the CloudBees High Availability plugin, which means instances with JGroups customized through the GUI fail to start and existing jgroups.xml files may no longer be compatible.

Users with instances using the CloudBees High Availability plugin with JGroups customized through the GUI (under Manage Jenkins > Configure System > High Availability Configuration) must be updated to 2.249.2.4 or higher.

Users with instances that have a customized jgroups.xml file in $JENKINS_HOME must update it manually (or switch to using our defaults). See Upgrade guide for instances running High Availability previous to 2.249.2.3 for more information on customizing the configuration.

Revisions

Revision 2 (2021-01-14)

Release Notes

Upgraded Jackson2 API Plugin from 2.12.0 to 2.12.1 to fix regressions in the Docker plugin (JENKINS-64343)