Security fixes

Security vulnerabilities were fixed and backported from Jenkins (BEE-31202)

Refer to the CloudBees Security Advisory March 21, 2023 for more information.

New features

None.

Feature enhancements

None.

Resolved issues

None.

Known issues

The offline Update Center signature may expire and old versions of the product do not start up (BEE-10093)

The offline Update Center can only be updated by upgrading a trusted WAR file, giving no added security by signing the file that is inside the WAR file. The product might not start up when the certificate used to sign the JSON is no longer valid (occurs if the product had not been upgraded in a long time). The JSON embedded inside the WAR file is no longer signed.

Duplicate Pipeline Template Catalogs in the Configuration as Code (CasC) for Controllers jenkins.yaml file on each instance restart (BEE-12722)

If a Pipeline Template Catalog is configured in the CasC jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported CasC configuration.

Upgrade notes

Kubernetes-client upgrade to 6.x (BEE-28247)::

The fabric8 Kubernetes-client has been upgraded from 5.x to 6.x. When configuring a managed controller and using the advanced YAML field; it is now possible to add additional entries such as CustomResourceDefinitions (CRDs) for which the Kubernetes-client has no model. They are now passed as is to the underlying Kubernetes API server.

NOTE: When declaring custom YAML snippets in a controller, apiVersion is now required by the Kubernetes-client library. Additional validation has been added to the UI component to validate that use case.

If the apiVersion is missing, the controller reprovisioning will fail when the operations center is upgraded. For more information on this topic, refer to this knowledge base article, The apiVersion on a resource being deserialized is required after upgrading Kubernetes-client 6.x. This article contains a script you can run to check for invalid configurations. The configurations listed in the output of this script need to be fixed by providing a valid apiVersion.

Contact CloudBees Support for any further questions.