CloudBees CI on traditional platforms 2.263.2.3

Rolling release: 2021-01-21

Based on Jenkins LTS 2.263.2-cb-4

Critical issues

User-created content regressions

Version 2.263.2.3 fixes some critical regressions found in version 2.263.2.2 of the following products:

  • CloudBees CI

  • CloudBees Jenkins Distribution

  • CloudBees Jenkins Platform

  • CloudBees Jenkins Enterprise

Potential issues include:

  • If you use external artifact storage, it is not possible to download entire directories of archived artifacts as Zip files.

  • Zip files containing directories of workspaces, archived artifacts, and similar user-created content are missing top-level directories.

  • File handles are not closed directly whenever individual files are downloaded from workspaces, archived artifacts, and other user-created content. This could result in Jenkins running out of file handles.

CloudBees recommends that you upgrade to version 2.263.2.3 to prevent potential issues with user-created content.

Upgrade notes

CloudBees High Availability plugin

CloudBees has upgraded the JGroups dependency for the CloudBees High Availability plugin, which means instances with JGroups customized through the GUI fail to start and existing jgroups.xml files may no longer be compatible.

Users with instances using the CloudBees High Availability plugin with JGroups customized through the GUI (under Manage Jenkins > Configure System > High Availability Configuration) must be updated to 2.249.2.4 or higher.

Users with instances that have a customized jgroups.xml file in $JENKINS_HOME must update it manually (or switch to using our defaults). See Upgrade guide for instances running High Availability previous to 2.249.2.3 for more information on customizing the configuration.

CloudBees recommends that you start to prepare for the March release of Jenkins LTS as soon as possible. The March release will include important updates. If you use Jenkins LTS plugins that are not in the CloudBees Assurance Program (CAP), you should update them before upgrading your CloudBees products to ensure compatibility with the March release. If your company uses its own proprietary (non-CloudBees) plugins, CloudBees recommends that you test them against Jenkins version 2.266+ prior to the March release. And, as always, backing up your data before upgrading is strongly encouraged. For details about changes in the March Jenkins LTS release, see https://www.jenkins.io/blog/2020/11/10/spring-xstream/ and https://www.jenkins.io/doc/developer/views/table-to-div-migration/.

If upgrading from a rolling release older than 2.235.1.2, customers may experience technical difficulties. CloudBees ensures compatibility only between supported versions of the product and recommends upgrading early and often to avoid these difficulties. If you are having difficulties upgrading, contact CloudBees Support for assistance.

CloudBees Role-Based Access Control Plugin

With this upgrade, for security reasons, we are disabling the ability to configure RBAC groups and role filters at the views level.

See CloudBees Role-Based Access Control Plugin 5.42 for more information about the security vulnerability.

This change means that any previous groups or role filters created in a view will not be applied and you will not be able to configure them.

This update only affects the views themselves, not the items within them. Previous permissions applied to the items are still enforced.

If you were filtering roles on views before this upgrade, these filters will no longer work, so your users may have a more permissive permission scheme on the views.

CloudBees recommends running this script in your script console to determine if you have a configuration on your instance that will be affected by this change.

If you do have a configuration that will be affected by this change, you have two options:

  1. (CloudBees recommended approach) Recreate each view inside a folder and apply the RBAC configuration to the folder. The folder RBAC configuration is propagated to the view since it is inside the folder.

  2. Enable RBAC configuration on views by setting the system property nectar.plugins.rbac.groups.ViewProxyGroupContainer=true.

    This approach is not recommended for security reasons.