Critical issues

Upgrading the CloudBees CasC API plugin


The CloudBees CasC API plugin has been promoted to the CloudBees Assurance Program (CAP). If you have previously modified the plugin-catalog.yaml file to include the CasC API plugin, when you upgrade, your controller(s) will not start properly and you may receive exceptions.


You must edit the plugin-catalog.yaml file to remove the CasC plugin and version string: cloudbees-casc-api: {version: X.X}, where X.X represents the version of the CasC plugin. For more information, see Updating a plugin catalog on operations center.

Remove the jquery and jquery-detached plugins from your CloudBees CI instance

The jquery and jquery-detached plugins have been removed from all CloudBees Jenkins-based products and are no longer part of CloudBees Assurance Program. However, these plugins are not automatically uninstalled from your CloudBees CI instance as other plugins you use may still have dependencies on them. Please ensure that your CloudBees CI instance does not have any dependencies on these plugins, and then remove them. For instructions on how to check for dependencies in a particular plugin, refer to How to determine if a plugin is in use.

New features

Initial release of Creating folders with Configuration as Code (CasC)

Previously released as a Preview feature, Creating folders with CasC is now fully supported.

CasC allows users to create folders if the items.yaml file is included with the configuration bundle.

Initial release of Configuring Role-Based Access Control (RBAC) with Configuration as Code (CasC)

Previously released as a Preview feature, Configuring RBAC with CasC is now fully supported.

RBAC can now be configured with CasC by adding an rbac.yaml file to the configuration bundle and adding an authorizationStrategy attribute to the jenkins.yaml file.

New CasC server plugin to provide CloudBees CI Configuration as Code Bundle management in the operations center (BEE-1256)

The Configuration as Code Bundle management functionality was previously included in the operations center server plugin. The code related to CloudBees CI configuration bundle management was extracted from the operations center server plugin and is now included in the new CasC server plugin. When installing or upgrading operations center, the CasC server plugin is installed by default and does not need to be manually installed.

Feature enhancements

Add CloudBees Configuration as Code as part of the support bundle (BEE-397)

When a new support bundle is generated, it is possible to add the CloudBees Configuration as Code bundle. If desired, the YAML files can also be anonymized.

Resolved issues

Threading issue causes exception when creating controller (BEE-213)

A threading issue occasionally caused an exception when you attempted to create a controller in the operations center.

The threading issue was identified and fixed. This issue is resolved.

Reporting error causes builds to fail (BEE-1284)

A random error in CloudBees SCM Reporting occasionally modified the Notifications#context field, causing builds to fail with a ConcurrentModificationException. When the error occurred, the failed build blocked the build queue.

A multithreading error was identified and corrected. This issue has been resolved.

A plugin catalog cannot include more than 150 plugins (BEE-750)

The 150 limit has been removed from the plugin catalog, to allow an unlimited set of defined plugins.

CloudBees Unified Data Plugin used overly broad terminology (BEE-746)

The CloudBees Unified Data Plugin used overly broad terminology on the status page for CloudBees Analytics and on the management link to that page. The terminology has been improved to be more specific.

Disabled permissions did not cause the role creation to fail (BEE-726)

If the rbac.yaml file contains disabled permissions, the role creation process and instance startup now properly fail.

Disabled permissions that were already created in the instance are not removed or synced during the rbac.yaml file process.

Role-Based Access Control cannot be configured if controllers are managed by the operations center (BEE-632)

The controller quickly fails if Role-Based Access Control is managed by the operations center and the configuration bundle contains the rbac.yaml file. This is an incorrect configuration and should not be used.

Preparation for Jenkins 2.277-2 version (BEE-2702)

The endpoint to obtain the administrative monitors has changed. Now the CloudBees navigation is using the new URL.

"Configuration as Code for Masters" has been renamed to "Configuration as Code Bundles" (BEE-1232)

"Configuration as Code for Masters" has been renamed to "Configuration as Code Bundles" in operations center management links.

Remove the Ignore button from the Configuration as Code Bundles management page for controllers (BEE-235)

There is no reason to ignore a bundle update on the Configuration as Code Bundles management page, so the button has been removed from the UI.

Folder configuration should support the display name in the configuration bundle (BEE-224)

When using Configuration as Code with Folders, the displayName property of the folder is now exported and imported as expected.

A role cannot be filtered using Configuration as Code (BEE-223)

Roles can now be filtered on folders as part of the items.yaml file.

github-branch-source plugin authentication failure (BEE-754)

github-branch-source-plugin fails to authenticate with GitHub App ID due to sleep interrupted exception.

Removed incorrect rate limit check in GitHub App Installation Token retrieval.

New clients for each backup (BEE-453)

Previously, each backup job had a long-living S3 client that was reused for all backups until either Jenkins was restarted or the job was reconfigured. However, when you used an IAM role, the resulting session’s credentials were retained indefinitely without being refreshed.

With this change, a new S3 client is created for each backup and left for garbage collection once the backup thread is complete. Therefore, each backup gets new session credentials.

Backups that involve multiple steps fail (BEE-465)

When a restricted backup that can’t be run anonymously requires multiple steps, the job fails.

This issue has been resolved. Jobs no longer fail because they contain multiple backup or restore steps.

License expiration alert displays incorrectly (BEE-469)

The alert message that warns you a license is about to expire was displaying incorrectly, with some actionable buttons disappearing from the screen.

This issue has been resolved. The full alert message is now viewable.

Known issues


Upgrade notes

CloudBees High Availability plugin

CloudBees has upgraded the JGroups dependency for the CloudBees High Availability plugin, which means instances with JGroups customized through the GUI fail to start and existing jgroups.xml files may no longer be compatible.

Users with instances using the CloudBees High Availability plugin with JGroups customized through the GUI (under Manage Jenkins > Configure System > High Availability Configuration) must be updated to or higher.

Users with instances that have a customized jgroups.xml file in $JENKINS_HOME must update it manually (or switch to using our defaults). See Upgrade guide for instances running High Availability previous to for more information on customizing the configuration.


Revision 2 (2021-04-08)
Disabled permissions and group permissions cannot be removed from roles (BEE-2976)

Disabled permissions and group permissions granted into roles were not removed when roles were created with Configuration as Code (CASC) for Role-Based Access Control. Now, existing permissions in roles are completely replaced by data in the rbac.yaml file.