Security fixes

Security vulnerabilities were fixed from Jenkins

The following security tickets were fixed from Jenkins:

  • OSS issue [SECURITY-3237, SECURITY-3238]

  • OSS issue [SECURITY-3246]

  • OSS issue [SECURITY-3265]

Refer to the CloudBees Security Advisory October 25, 2023 for more information.

Upgrade Notes

Operations center CloudBees Assurance Program plugin changes since 2.414.2.2

The following plugins have been removed from the Operations center CloudBees Assurance Program since 2.414.2.2:

  • Maven Integration plugin (maven-plugin)


Controller CloudBees Assurance Program plugin changes since 2.414.2.2

The following plugins have been added to the Controller CloudBees Assurance Program since 2.414.2.2:

  • GitLab API Plugin (gitlab-api)

  • GitLab Branch Source Plugin (gitlab-branch-source)

  • Jersey 2 API (jersey2-api)

  • Pipeline Maven Integration Plugin (pipeline-maven)

  • Pipeline Maven Plugin API (pipeline-maven-api)

The following plugins have been removed from the Controller CloudBees Assurance Program since 2.414.2.2:

  • Maven Integration plugin (maven-plugin)


New Features

None.

Feature Enhancements

None.

Resolved Issues

None.

Known Issues

Failed parsing of data in the User Activity Monitoring plugin leads to incomplete data

Failed parsing of data from the User Activity Monitoring plugin will overwrite the user activity database. All user activity data that is logged up to that point in time is lost, in order to avoid this, refer to this knowledge base article Why is my user activity missing?.


HTTP Client used for Operations Center to Controllers connection leads to performance issues

Because of known issues in the Java HTTP Client, there could be performance issues in Operations Center to Controllers interactions in heavily loaded environments.

More details about this issue and workarounds are documented in Operations Center Client leaks HTTP Clients since version 2.401.1.3.


Error when renaming an existing EC2 cloud

When the name of an existing cloud node is updated, the user receives a 404 error after selecting save because the cloud page uses the cloud name as part of its URL. When the user saves the name, Jenkins sends the user to the URL with the old cloud name. All node changes are successfully saved.


Clouds do not disappear after the Folder configuration update by a user without Overall/Administer permissions

Clouds deselect after a user without Overall/Administer permissions edits the Folder configuration.


Duplicate Pipeline Template Catalogs in the Configuration as Code for controllers jenkins.yaml file on each instance restart

If a Pipeline Template Catalog is configured in the Configuration as Code jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported Configuration as Code configuration.