CloudBees CI on traditional platforms 2.414.3.7

Apache Ivy has been upgraded from 2.5.1 to 2.5.2 in the pipeline-groovy-lib plugin.

The commons-httpclient library used in WebDAV and Azure stores (transitively through com.sun.jersey:jersey.client) is vulnerable to man in the middle (MITM) attacks. The fix removes the commons-httpclient library and uses the native Java HttpClient.

The following plugins have been removed from the Operations center CloudBees Assurance Program since 2.414.2.2:

The following plugins have been added to the Controller CloudBees Assurance Program since 2.414.2.2:

The GitLab Branch Source plugin and the GitLab API plugin were added to the CloudBees Assurance Program (CAP). These plugins enable users to have a supported way of creating multibranch and organization folder jobs backed by a GitLab server. These plugins will now receive necessary updates and security fixes under the CloudBees Assurance Program (CAP).

The new CloudBees CI feature Bundle Update Timing is now available. With this new feature, instances using Configuration as Code can be configured to:

The Maven Integration (maven-plugin) plugin was removed from the CloudBees Assurance Program (CAP). As an alternative to this plugin, CloudBees recommends the use of the Pipeline Maven Integration plugin (pipeline-maven).

New ability to view a report of all of your controllers and their associated bundles. The report is now available on the Operations center CasC management page. The user can search for controllers as well as search and filter the bundles.

CasC Items plugin now supports GitLab organization folders and multibranch projects.

Now, the queue size on each cluster member is displayed in the High Availability (HA) summary.

The High Availability (HA) diagnostic page now displays a list of replicas and some load information, such as running builds and online agents.

Adapted the label and inline help texts for the Configuration as Code property on the configuration page of controller items.

Previously, when a High Availability (HA) controller terminated, its builds were adopted at random by other replicas. Now, the adoption is preferentially directed toward replicas that currently have the least load according to a simple metric.

Base64 support for secret masking was added in this release. Now when users configuring jobs use any type of credentials, the Base64 version of their secret is added to the list of patterns that the application masks. This should reduce the number of leaks when the verbose mode of curl (or an equivalent mechanism) is used. However, there are limits to credentials masking. Refer to Limitations of Credentials Masking for more information.

When CloudBees Pipeline Explorer was enabled, some pages, such as Blue Ocean and the Pipeline Steps view, were very slow for complex Pipelines. This can lead to high CPU usage on the controller, causing controller-wide performance issues. CloudBees Pipeline Explorer plugin now avoids performance-intensive computation in APIs that are used to access all of the Pipeline steps.

All operations center supporting Branch and Tag for controller CasC bundles cannot send new bundle versions to the controllers older than 2.401.1.3. When those controllers receive a new bundle version, they cannot start.

Now a warning message is generated if a nonexistent or invalid field is found during validation.

When a controller disconnected from the operations center, yet the operations center was still running, attempts to look up credentials from the operations center would fail rather than falling back to a cached list as expected.

Cluster Ops backup on operations center is failing because certain classes were not found during the backup cluster operation.

The Update Center certificate was updated recently, and that modification needs to be taken care of for custom Update Center signature checks. The Custom Update Center signature now uses the updated Update Center certificate.

An expired certificate was previously embedded in the product, causing the download of some tool installers and plugins to fail. The certificate has been updated.

The loading of Update Center items is slowed down by the sha256 and sha512 calculation of the stored plugin and core binaries. This can delay the startup of the operations center for several minutes for Update Center items with a large plugins base.

When the operations center SSO is used and the operations center is configured with an SSO-type security realm that only defines a user’s external groups within the context of a browser request, a connected controller is authenticated with the correct user ID, but none of the groups. This issue has been resolved.

The CasC browser label gitLab is used by both the git-plugin and gitlab-branch-source plugins. The label used by gitlab-branch-source has now been changed to gitLabBrowser.

Synchronizing the next build number of jobs can be a bottleneck in HA controllers on slow network filesystems. This process is now improved and the issue has been resolved.

Previously, High Availability (HA) controller replicas could partially load build records even when the builds were in progress on other controllers, leading to errors. Now, a replica only loads a build record when the build is complete or when it is adopting a build in progress.

In some cases, logging call errors to the Operations center could cause thread contention. Rate limiting has now been applied to these use cases to prevent logging from causing thread contention.

File corruption in the bundle log directory can stop a controller startup, instead of a smooth recovery. This issue has been resolved.

Certain operations, such as contacting the operations center for user lookup, could create excessive Java threads. This issue has now been resolved.

If you schedule a build using a High Availability (HA) controller, but it does not start before the replica shuts down, the corresponding adopted queue item in another replica now uses the same ID. This allows external tools to track the build when it does start (or the item is cancelled).

In some cases, the administrative monitor that displays incompatible High Availability (HA) agents can be displayed, even when an incompatible agent is not found. This issue has been resolved and the administrative monitor is no longer displayed.

The log recorders are now correctly synchronized between replicas of a controller in High Availability (HA) mode.

"Granted at" is now properly honored.

Failed parsing of data from the User Activity Monitoring plugin will overwrite the user activity database. All user activity data that is logged up to that point in time is lost, in order to avoid this, refer to this knowledge base article Why is my user activity missing?.

Because of known issues in the Java HTTP Client, there could be performance issues in Operations Center to Controllers interactions in heavily loaded environments.

When the name of an existing cloud node is updated, the user receives a 404 error after selecting save. This is because the cloud page uses the cloud name as part of its URL. When the user saves the name, Jenkins sends the user to the URL with the old cloud name. Please note that all node changes are successfully saved.

Clouds deselect after a user without Overall/Administer permissions edits the Folder configuration.

If a Pipeline Template Catalog is configured in the Configuration as Code jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported Configuration as Code configuration.

When searching for a specific plugin under 'Available' tab in operations center Plugin Manager, the search results shows duplicate entries of the searched plugin.