CloudBees CI on traditional platforms 2.277.3.1

Rolling release: 2021-04-20

Based on Jenkins LTS 2.277.2-cb-6

Security advisories

CloudBees Security Advisory 2021-04-20

CloudBees Security Advisory 2021-04-21

Critical issues

Remove the jquery and jquery-detached plugins from your CloudBees CI instance

The jquery and jquery-detached plugins have been removed from all CloudBees Jenkins-based products and are no longer part of CloudBees Assurance Program. However, these plugins are not automatically uninstalled from your CloudBees CI instance as other plugins you use may still have dependencies on them. Please ensure that your CloudBees CI instance does not have any dependencies on these plugins, and then remove them. For instructions on how to check for dependencies in a particular plugin, refer to How to determine if a plugin is in use.

New features

None.

Feature enhancements

None.

Resolved issues

None.

Known issues

None.

Upgrade notes

CloudBees High Availability plugin

CloudBees has upgraded the JGroups dependency for the CloudBees High Availability plugin, which means instances with JGroups customized through the GUI fail to start and existing jgroups.xml files may no longer be compatible.

Users with instances using the CloudBees High Availability plugin with JGroups customized through the GUI (under Manage Jenkins > Configure System > High Availability Configuration) must be updated to 2.249.2.4 or higher.

Users with instances that have a customized jgroups.xml file in $JENKINS_HOME must update it manually (or switch to using our defaults). See Upgrade guide for instances running High Availability previous to 2.249.2.3 for more information on customizing the configuration.

Jenkins 2.277 upgrade notes

Revisions

Revision 2 (2021-04-21)

This revision includes security updates to address vulnerabilities in Jenkins, CloudBees Jenkins Distribution, CloudBees Jenkins Platform, and CloudBees CI.

CloudBees Security Advisory 2021-04-21

Revision 3 (2021-04-27)
Unable to use provided settings.xml for Maven Configuration (BEE-3617)

There is an error in version 3.7.1 of the Config File Provider plugin, which is included in version 2.277.3.1.2 of CloudBees CI and CloudBees Jenkins Distribution, and versions 2.277.3.1.2 and 2.249.31.0.1.2 of CloudBees Jenkins Platform. The error prevents the user from using the provided settings.xml and the provided global settings.xml for the Maven Configuration on the Global Tool Configuration page. This is now corrected in version 3.7.2 of the Config File Provider plugin.