Security fixes
- Security vulnerabilities were fixed and backported from Jenkins (BEE-31202)
-
Refer to the CloudBees Security Advisory March 21, 2023 for more information.
Known issues
- The offline Update Center signature may expire and old versions of the product do not start up (BEE-10093)
-
The offline Update Center can only be updated by upgrading a trusted WAR file, giving no added security by signing the file that is inside the WAR file. The product might not start up when the certificate used to sign the JSON is no longer valid (occurs if the product had not been upgraded in a long time). The JSON embedded inside the WAR file is no longer signed.
- Duplicate Pipeline Template Catalogs in the Configuration as Code (CasC) for Controllers
jenkins.yaml
file on each instance restart (BEE-12722) -
If a Pipeline Template Catalog is configured in the CasC
jenkins.yaml
file and theid
property is not defined, the catalog is duplicated on each instance restart and in the exported CasC configuration.