CloudBees CI release highlights

What’s new in CloudBees CI 2.414.2.2

Watch video

Security fixes

CasC Export should escape variable expressions

CasC Export now escapes variable expressions. However, variable expressions are not replaced when imported, unless a new configuration is set as pass thru.

This fix introduces a breaking change and any bundle using the variable resolution will stop working. To continue to use and resolve variables in your bundle, configure your CloudBees CI instance before loading your CasC bundles. To configure your CloudBees CI instance do one of the following:

  • Enable the Enable or disable the variable resolution in the item creation for administrator setting on the System configuration page.

  • Configure the cascItemsConfiguration value in the YAML file.

Upgraded multiple dependencies to address security concerns

Guava was upgraded to version 32.1.2-jre in the google-kubernetes-engine and google-storage plugins.

JSON Smart was upgraded to version 2.5.0 in the warnings-ng and analysis-model-api plugin.

okio-jvm was upgraded to 3.5.0 in the okhttp-api plugin.

Spring Security Core was upgraded to 5.8.6 where applicable.

SSHD-Common was upgraded to 2.10.0 where applicable.

New Features

Initial release of CloudBees High Availability

CloudBees introduces the initial release of the High Availability feature that provides the following:

  • Controller Failover: High Availability protects against a single point of failure of a controller. If a controller fails, the Pipeline builds that normally run on that controller are automatically triggered or continued by another replica.

  • Rolling restart with zero downtime for CloudBees CI on modern cloud platforms: If a controller replica is restarted, all of the other replicas keep running, and the user experiences no downtime.

  • Load balancing: One logical controller can spread its workload across multiple replicas and keep them in sync.

  • Auto-scaling for CloudBees CI on modern cloud platforms: You can set up managed controllers to increase the number of replicas, depending on the workload. They upscale when the CPU usage overcomes a threshold and downscale when the conditions return to normal.

Feature Enhancements

Searching logs in CloudBees Pipeline Explorer now accounts for the active filter by default

When performing a search while a tree view filter is active, CloudBees Pipeline Explorer will only search lines included in that filter by default. This behavior can be toggled on and off.

CloudBees Pipeline Explorer time zone preference

The timestamps for within the log view will now use the time zone preference from the user settings, User Defined Time Zone.

CloudBees Pipeline Explorer resize utility drawers

Users can now resize the tree view and the issue explorer drawers when they are open. Closing/opening the drawers maintain previous setting.

CloudBees Pipeline Explorer improve timestamp formatting experience

This experience has been improved by adding a Save button and the reset action was replaced with a Reset button.

Improve texts on the configuration page for controller items

Adapted the label and inline help texts for the Configuration as Code property on the configuration page of controller items.

Resolved Issues

When CloudBees Pipeline Explorer was enabled, some pages were very slow for complex Pipelines, leading to controller-wide performance issues in some cases

When CloudBees Pipeline Explorer was enabled, some pages, such as Blue Ocean and the Pipeline Steps view, were very slow for complex Pipelines. This can lead to high CPU usage on the controller, causing controller-wide performance issues. CloudBees Pipeline Explorer plugin now avoids performance-intensive computation in APIs that are used to access all of the Pipeline steps.

Credentials cache not working when controller disconnected from operations center

When a controller disconnected from the operations center, yet the operations center was still running, attempts to look up credentials from the operations center would fail rather than falling back to a cached list as expected.

This issue is resolved.

Custom Update Center signature check uses an outdated certificate

The Update Center certificate was updated recently, and that modification needs to be taken care of for custom Update Center signature checks. The Custom Update Center signature now uses the updated Update Center certificate.

Configuration as Code Resolved Issues

Pre-validation GitHub subscriber is not ignoring hidden (.*) folders Hidden files are now properly ignored during pre-validation.

Variable not substituted in Jenkins Health Advisor by CloudBees using Configuration as Code ${variable} notation is now supported for email and cc fields.

Trigger builds remotely and quietPeriod were not exported with Configuration as Code. 'Trigger builds remotely' and 'Quiet Period' properties are now exported and imported properly.

CloudBees Pipeline Explorer Resolved Issues

The CloudBees Pipeline Explorer did not display the loading status at the initial page load. The loading status is now displayed during the initial load.

The tree view in the CloudBees Pipeline Explorer incorrectly omitted stages and parallel branches sometimes, and displayed parallel branches for incomplete builds in an inconsistent order. The tree view no longer omits stages or parallel branches and always shows parallel branches in a consistent order.

When displaying a line menu, if you leave the menu without any selection and hover again on the line, it displays the menu again. This issue has been resolved.

When the Pipeline Explorer’s LogStorage is active, the classic console view should be robust against most metadata errors. When the CloudBees Pipeline Explorer is enabled, the classic console output view now displays the available content, even if the log file is corrupted and cannot be displayed natively in the CloudBees Pipeline Explorer.

When activating a filter on an incomplete build, the CloudBees Pipeline Explorer displayed an error in some cases. The CloudBees Pipeline Explorer no longer fails when it activates a filter for incomplete builds.

In the Pipeline Explorer, redundant tree context badges appear on the first line of each page. This issue has been fixed and now the redundant markers do not appear on the first line of each page.

Previously auto-polling might not work correctly in some cases in CloudBees Pipeline Explorer This issue has been fixed and auto-polling now works correctly.

Fix inconsistent behavior when reloading an empty configuration

When an RBAC configuration from a disk reloads, and the configuration file was cleared, it does not reflect in the live configuration. This issue has been resolved.

Download Task sensitive to default HTTP timeouts

In environment with slower network, the download or larger plugins may be subjected to the default read and connection timeouts of the HTTP client (10 seconds). In which case it fails with a SocketTimeoutException.

System properties com.cloudbees.plugins.updatecenter.UpdateCenter.HTTP_CONNECT_TIMEOUT_SECONDS and com.cloudbees.plugins.updatecenter.UpdateCenter.HTTP_READ_TIMEOUT_SECONDS have been added to be able to adjust those timeouts if needed.

Removal of prototype.js from various plugins

Removed the usage of prototype.js from the following plugins:

  • cloudbees-plugin-usage

  • cloudbees-template

  • cloudbees-update-center-plugin

  • cloudbees-workflow-template

  • master-provisioning-core

  • nectar-rbac

  • operations-center-context

  • workflow-cps-checkpoint

Update the login and signup pages in CloudBees CI

Improve the CloudBees login experience to clarify that you are logging in to a CloudBees product. The branding for the login and signup pages has now been updated in CloudBees CI.

Operations center startup blocked by Update Center item loading

The loading of Update Center items is slowed down by the sha256 and sha512 calculation of the stored plugin and core binaries. This can delay the startup of the operations center for several minutes for Update Center items with a large plugins base.

Checksums are now saved during download and manual uploads, and during loading only if the checksums file does not exist.

Updated various plugins to be compatible with SnakeYAML 2.0

The following plugins are now compatible with SnakeYAML 2.0:

  • blueocean-rest-impl

  • cloudbees-casc-client

  • cloudbees-casc-items-api

  • cloudbees-casc-server

  • cloudbees-workflow-template

  • google-kubernetes-engine

Known Issues

Failed parsing of data in the User Activity Monitoring plugin leads to incomplete data

Failed parsing of data from the User Activity Monitoring plugin will overwrite the user activity database. All user activity data that is logged up to that point in time is lost, in order to avoid this, refer to this knowledge base article Why is my user activity missing?.

HTTP Client used for Operations Center to Controllers connection leads to performance issues

Because of known issues in the Java HTTP Client, there could be performance issues in Operations Center to Controllers interactions in heavily loaded environments.

More details about this issue and workarounds are documented in Operations Center Client leaks HTTP Clients since version 2.401.1.3.

YAML section in Pod Template not recognized

Starting with Kubernetes plugin (version 4029.v5712230ccb_f8) the YAML parsing library was updated to snakeyaml-engine:2.5 which implements YAML specification 1.2.2. In this specification, the YAML merge operator (<<) was removed. Therefore, any usage of the merge operator in pod definitions needs to be removed.

For more information, refer to xref: YAML version 1.2.

Older versions of controllers cannot start after receiving new bundle versions

When the operations center sends new bundle versions to controllers older than 2.401.1.3, the controller cannot start.

This issue does not affect controllers in version 2.401.1.3 or newer.

There are three ways to fix the issue: * Upgrade all controllers to version 2.401.1.3 or newer. * Stop configuring controllers in versions prior to 2.401.1.3 using CasC. * Install a Plugin Catalog on the operations center with a beekeeper exception to install cloudbees-casc-server:2.5.1. The Plugin Catalog can be enabled in operations center by setting the system property Dcom.cloudbees.jenkins.cjp.installmanager.CJPPluginManager.enablePluginCatalogInOC=true.

Duplicate Pipeline Template Catalogs in the Configuration as Code (CasC) for Controllers jenkins.yaml file on each instance restart

If a Pipeline Template Catalog is configured in the CasC jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported CasC configuration.

Error when renaming an existing EC2 cloud

When the name of an existing cloud node is updated, the user receives a 404 error after selecting save. This is because the cloud page uses the cloud name as part of its URL. When the user saves the name, Jenkins sends the user to the URL with the old cloud name. Please note that all node changes are saved successfully.