Security fixes
- LDAP permissions were not updated until Jenkins was restarted (BEE-5618)
-
When you used LDAP to grant users new permissions in RBAC, the changes were not effective until you restarted Jenkins.
Permissions are now updated in RBAC without having to restart Jenkins.
New features
- Configuration as Code job and organization item creation (BEE-5276, BEE-5279, BEE-5280, BEE-5281, BEE-5282, BEE-5284, BEE-7078)
-
CasC for controllers now supports the creation of the following items using the controller’s
items.yaml
file:-
Freestyle jobs
-
Pipeline jobs
-
Multibranch Pipeline jobs
-
GitHub Organization
-
Bitbucket Team/Project
-
When these items are created in an instance, it is possible to export their configuration in a YAML format that can be used to create and configure the item using CasC.
Support has also been added for Folders with extended fields. It is now possible to configure and export all properties for a folder, including the EnvVarFolderProperties
and configuration fields. Previously, only EnvVarsFolderProperty
could be exported for use with CasC.
Creating Folders with extended fields, Freestyle jobs, Pipeline jobs, Multibranch Pipeline jobs, GitHub Organizations, and Bitbucket Team/Projects is a Preview feature. For more information, refer to Creating items with CasC for controllers.
- CasC for the operations center job and controller item creation (BEE-3273, BEE-5279, BEE-5284, BEE-7078)
-
CasC for the operations center now supports the creation of the following items using the operations center’s
items.yaml
file:-
Freestyle jobs
-
Client controllers
-
When these items are created in an instance, it is possible to export their configuration in a YAML format that can be used to create and configure the item using CasC.
Support has also been added for Folders with extended fields. It is now possible to configure and export all properties for a folder, including the EnvVarFolderProperties
and configuration fields. Previously, only EnvVarsFolderProperty
could be exported for use with CasC.
When using CasC for the operations center to create controller items, you can also now define controller-level groups and roles using RBAC. Unlike the global RBAC configuration that is defined in the operations center’s rbac.yaml
file, the controller item and its RBAC configuration are defined in the operations center’s items.yaml
file.
Creating Folders with extended fields, Freestyle jobs, and client controllers is a Preview feature. For more information, refer to Creating items with CasC for the operations center.
- New customer survey and user activity data collection to improve CloudBees products (BEE-4503)
-
CloudBees CI now includes an optional survey to determine customer satisfaction and collects user activity data via the CloudBees Analytics Plugin to help CloudBees make decisions about future product enhancements.
Feature enhancements
- Updated minimum Jenkins version to LTS 2.303 (BEE-4700)
-
The minimum required Jenkins version was updated to the latest LTS, version 2.303.
- If an error occurs while reloading a CasC bundle, the error message is now displayed in the UI (BEE-7217)
-
If an error occurs while reloading a CasC bundle, the error message is now displayed in the UI and the log file.
Previously, the default error page was shown in the UI and the error message only appeared in the log file.
Resolved issues
- Race condition error when client controllers started (BEE-2493)
-
A race condition could occur when client controllers started, causing tests to fail intermittently.
The race condition has been fixed, this issue is resolved.
- The
casc-bundle/set-global-availability-pattern-behavior
HTTP API endpoint returned no information for thevisibility
value (BEE-5923) -
When the
casc-bundle/set-global-availability-pattern-behavior
HTTP API endpoint was called, an empty response was returned even if the default behavior of the availability pattern had been properly set.The
casc-bundle/set-global-availability-pattern-behavior
HTTP API endpoint now returns the newvisibility
value. - If the Jenkins Configuration as Code plugin was not installed and the current CasC configuration was exported, the export failed (BEE-6931)
-
If the Jenkins Configuration as Code plugin is not installed, the current configuration can now be exported without error and the
jenkins.yaml
file is not included in the export. - The
plugin-catalog.yaml
file was exported as part of the CasC current configuration in the operations center (BEE-7093) -
When the Current Configuration tab was selected in the CloudBees Configuration as Code export and update screen, the
plugin-catalog.yaml
file was included in the exported configuration, even though it is not supported with CasC for the operations center.The
plugin-catalog.yaml
file is no longer included in the exported configuration. - Reentrant locking in Role-based Access Control (RBAC) groups causes Jenkins to become unresponsive (BEE-7033)
-
Making concurrent modifications to RBAC groups was occasionally causing Jenkins to become unresponsive. The issue was caused by a deadlock, as a result of the reentrant locking strategy.
The deadlock issue has been resolved. Making concurrent modifications to RBAC groups no longer causes Jenkins to become unresponsive.
- Role-based access control (RBAC) groups couldn’t be copied using the Move and Copy operations (BEE-5454)
-
Previously, when you copied a folder that contained an RBAC group from one controller to another controller, the RBAC group was not copied to the new destination.
Now, you can copy RBAC groups from one controller to another using the Move and Copy operations, if you have permission to create groups on the destination controller.
- Disable the collection of Jenkins anonymous usage statistics on CloudBees CI startup (BEE-6654)
-
Previously, CloudBees CI collected anonymous usage statistics and sent them to the Jenkins community.
The collection of Jenkins usage statistics is now disabled by default on startup. You can reenable the collection of usage statistics, if you so choose.
- Analytics could be triggered too early in the startup process, causing exceptions to be logged (BEE-6579)
-
The code now also checks that the controller is far enough along in its startup sequence, in addition to the completed status of the startup wizard.
- If a Windows agent (running as a service) is restarted, the
WinSW
wrapper will stop all child processes, including a launched script fromdurable-task
(BEE-3024) -
Durable task now calls the Windows binary wrapper for Batch and Powershell script files. The launched scripts are detached from the launching process and protected against unwanted termination signals.
- Apache Commons Digester Library Removal (BEE-624)
-
The Apache Commons Digester, which is included as a dependency of Jenkins Core, is old and poorly maintained. This library and its dependencies have been a source of a number of security vulnerabilities. Therefore, the Jenkins community has decided to remove it from the Jenkins Core.
The Apache Commons Digester Library is removed as a dependency from Jenkins Core and all plugins in the CloudBees Assurance Program are made compatible with this change. In addition, almost all Jenkins community plugins have been upgraded to be compatible with this change.
If you’re using your own proprietary plugin or one of the few Jenkins community plugins that do have a compatible version, please consult our KB article before upgrading: Commons Digester Library Removal.
- Unsynchonized access of a WeakHashMap in script-security could cause an infinite loop (BEE-7028)
-
The unsynchronized access had been fixed with appropriate locking.
Known issues
- Spaces in configuration for
systemd
caused Java startup to fail (BEE-7072) -
After upgrading, you may find that Java fails to start, causing an error. This could result from having spaces in the
systemd
configuration.To configure CloudBees CI to support spaces in the
systemd
configuration, add the following arguments to the Jenkins service configuration file:JENKINS_JAVA_OPTIONS=(-Djava.awt.headless=true)
JENKINS_JAVA_OPTIONS+=("-Dkey=value with spaces")
For most RedHat and CentOS distributions, the service configuration file is located at: /etc/sysconfig/cloudbees-core-oc.
- The
casc-bundle/regenerate-token
HTTP API endpoint does not reset the token in the operations center (BEE-7364) -
When the
casc-bundle/regenerate-token
HTTP API endpoint is called, no response is returned and the token is not properly reset. This will be corrected in a future version. - If the
optOutProperty
is included in the operations center CasCitems.yaml
file for controller items, the operations center fails to restart (BEE-7679) -
If the
optOutProperty
is included in the operations centeritems.yaml
file for controller items, the operations center CasC bundle is updated, and Reload Configuration is selected from the Configuration as Code export and update screen, a warning is displayed, and the operations center fails to restart. This will be corrected in a future version.
Upgrade notes
CloudBees recommends that you upgrade to the August 2021 release of Jenkins LTS as soon as possible. The August 2021 release includes a change that removes the Apache Commons Digester from Jenkins Core. If you use Jenkins plugins that are not in the CloudBees Assurance Program (CAP), you should update them before upgrading your CloudBees products to ensure compatibility with the August release. If your company uses its own proprietary (non-CloudBees) plugins, CloudBees recommends that you test them against Jenkins version 2.302+ prior to the August release. As always, backing up your data before upgrading is strongly encouraged. For details about this change and a list of impacted plugins, please refer to our knowledge base article Commons Digester Library Removal.