CloudBees CI release highlights
What’s new in CloudBees CI 2.319.3.4
- Bundle generated by the Support Core plugin could contain passwords or other sensitive data (SECURITY-2186)
The bundle that is generated by the Support Core plugin could contain passwords or other sensitive data stored in system variables, Java arguments, or other system files.
In version 2.72.2 of the Support Core plugin, a feature was introduced that automatically redacted any passwords stored in the following files:
nodes/master/system.propertiesfor controllers and agents
nodes/slave/name/proc/self/cmdlinefor Linux agents
nodes/slave/name/config.xmlfor each agent
launch log files per each agent located in
To support this fix, a text file named
security-stop-words.txt has been added to the
It contains security stop words that are used to detect passwords or secrets.
When the bundle is generated, the word "REDACTED" replaces any values associated with these stop words.
For example, if one of the security stop words is "passwd", the following string:
will be changed to:
To disable this feature, delete all of the security stop words from the
Any changes made to the
security-stop-words.txt file are applied after a Jenkins instance restart.
- The operations center may run out of disk space if using a local folder as the Configuration as Code (CasC) bundle location (BEE-15449)
If you use a local folder as the Configuration as Code bundle location and an error occurs, a backup folder is automatically added to the operations center. If the local folder contains other files that are not part of a CasC bundle (for example, read-only files, hidden files, or SCM control files), polling synchronization fails and the backup folder is never deleted. Eventually, the operations center may run out of disk space, resulting in a
No space left on deviceexception.
To avoid this issue, you can either use an SCM as the Configuration as Code bundle location, or if using a local folder, ensure that only CasC bundles are stored in the local folder.
This will be corrected in a future version.
- Git submodules are not supported when configuring an SCM as the Configuration as Code bundle location (BEE-15832)
If you configure an SCM as the Configuration as Code bundle location and select Recursively update submodules for the selected Project Repository, an exception is returned.
- Duplicate Pipeline Template Catalogs in the Configuration as Code (CasC) for Controllers jenkins.yaml file on each instance restart (BEE-12722)
If a Pipeline Template Catalog is configured in the CasC
jenkins.yamlfile and the
idproperty is not defined, the catalog is duplicated on each instance restart and in the exported CasC configuration.