CloudBees CI release highlights

What’s new in CloudBees CI 2.426.3.3

Watch video

Security fixes

Security vulnerabilities were fixed and backported from Jenkins

Refer to the CloudBees Security Advisory January 24, 2024 for more information.

Upgrade Notes

Operations center CloudBees Assurance Program plugin changes since 2.426.2.2

The following plugins have been added to the Operations center CloudBees Assurance Program since 2.426.2.2:

  • Google Cloud Platform SDK :: Storage (gcp-java-sdk-storage)


Controller CloudBees Assurance Program plugin changes since 2.426.2.2

The following plugins have been added to the Controller CloudBees Assurance Program since 2.426.2.2:

  • CloudBees Google Cloud Storage Cache Plugin (cloudbees-google-cloud-storage-cache)

  • Google Cloud Platform SDK :: Storage (gcp-java-sdk-storage)


New Features

Cross-replica script console

In a High Availability (HA) controller, under Manage Jenkins > CloudBees CI High Availability, there is now a Script Console link in the sidebar that allows you to run a Groovy script on each replica. The return value is a map of collected results. You can also POST to /manage/highAvailability/scriptText with a script parameter to use this system from automation.

Feature Enhancements

Rolling Upgrades with High Availability (HA)
  • Proxy configuration screens to new replicas during a rolling upgrade

    When performing a rolling upgrade of a High Availability (HA) controller, some replicas may run newer versions of CloudBees CI. If a user’s web session is still associated with an older replica, all configuration pages are now transparently redirected to a newer replica.

  • Configuration synchronization blocked from newer to older replicas

    In a High Availability (HA) controller controller during a rolling upgrade, any configuration changes that occur on newer replicas are no longer reloaded by older replicas. The configuration changes will continue to be synchronized from older to newer replicas, or with replicas that have the same versions.

  • Builds adopted by older HA replicas during rolling upgrade no longer allowed

    Sometimes, during a rolling upgrade of a High Availability (HA) managed controller, a build from a newer replica was adopted by an older replica. This is no longer allowed. Builds can only be adopted by replicas that run the same or a newer version of CloudBees CI.


Completed builds not loaded from newer replicas during rolling upgrade

To avoid potential problems with nonforward-compatible changes to the format of build records, replicas in a High Availability (HA) controller that run an older version of CloudBees CI will decline to load records from builds completed in newer replicas. This makes these newly completed builds temporarily invisible. After a rolling upgrade completes, all replicas continue to load all of the completed builds.


CloudBees Pipeline Explorer Related Builds View

Pipeline Explorer users can now access a panel that shows the builds related to the current build. The tree view also shows the related builds in the stage in which the build was triggered. Related builds include builds triggered in the current build and the build that triggered the current build.


CloudBees Pipeline Explorer Build Failure Analyzer Integration

The CloudBees Pipeline Explorer users that have installed the Build Failure Analyzer (BFA) plugin can now access a side panel and view indications that are found after a BFA scan and are also marked in the logs. Users can run manual BFA scans to manage and rerun the scans as needed.


CloudBees Pipeline Explorer Feature Enhancements
  • Add the ability to disable search input to prevent search failures

    When the index size is too big compared to the limit configured, the search is prevented by disabling the search input.

  • Context badges do not show node or parallel badges

    Node or parallel badges are now shown in the context badges (available in test insights and issue explorer).

  • Issue explorer rename

    Renamed “Issue Explorer” to “Unsuccessful steps”.

  • Change the name displayed for failing tests in the Test Insights drawer to include the test class name

    The entry for each failing test now shows the class name of the test, and now excludes the names of the stages that contain the step that recorded the failing test.


New endpoint to download all available Configuration as Code schemas

Now it is possible to download the schema files used during the Configuration as Code Bundle validation. It is available through the UI (JENKINS_URL/core-casc-schema-download/) or through the following endpoints:

  • JENKINS_URL/core-casc-schema-download/download/bundle-descriptor.json for the bundle descriptor

  • JENKINS_URL/core-casc-schema-download/download/plugin-catalog.json for the plugin catalog

  • JENKINS_URL/core-casc-schema-download/download/plugins.json for the plugins file

  • JENKINS_URL/core-casc-schema-download/download/items.json for the items file

  • JENKINS_URL/core-casc-schema-download/download/rbac.json for the RBAC file

  • JENKINS_URL/core-casc-schema-download/download/variables.json for the variables file


HashiCorp Vault integration: Support for Custom AppRole Paths in Authentication Configuration

Introduced an enhancement that allows users to specify custom paths while creating an AppRole in the authentication process. If no path is provided, it will resort to the current default behavior.

Resolved Issues

Links to CloudBees Pipeline Explorer from Pipeline Steps View take your tree view preferences into account when applying filters

When you navigate to the CloudBees Pipeline Explorer from the Pipeline Steps View for a node step and your preferences prevent node steps from being shown, the CloudBees Pipeline Explorer now activates the filter for the stage that contains the node step.


Synchronize completed build metadata between HA replicas

A build that runs in one replica of a High Availability (HA) controller is invisible to other replicas until it finishes. The build metadata can then be edited. These changes are now reflected in all of the replicas.


Accidental clean up of active HA cluster logs

The garbage collection of old High Availability (HA) cluster logs might try to accidentally clean active logs. This issue is now resolved.


Resources are not set for the Configuration as Code Bundle Retriever container

Resources request and limits are now set for the Configuration as Code Bundle Retriever container.


Branch migration is not reverted on unexpected failure

Only some failures were being captured, we have extended the range of exceptions that will be treated and, therefore, perform a rollback on migration in case of error.


Incorrect strategy used to compute the Configuration as Code item deletion report

The Configuration as Code item deletion report used the active strategy to compute the report instead of the strategy specified in the updated bundle.

Configuration as Code item deletion report now uses the strategy of the updated bundle.


Incorrect messages returned in CloudBees CasC Client Plugin validation log

The validation log for the CloudBees CasC Client Plugin (cloudbees-casc-client) incorrectly returned the following messages even though the plugin worked properly:

  • Some plugins can not be installed

  • Some items could not be created

The issue is resolved and the log no longer returns those messages.


Manually set availability patterns wiped out on migration

Now, when you manually migrate the CloudBees CasC Server (cloudbees-casc-server) plugin from 1.X to 2.X via the UI, the set availability patterns are migrated and preserved in the new version.

The indicated availability pattern will be applied to bundles that match the bundle name in all branches.


Remote Configuration as Code bundle checkout endpoint and CLI now provide a clear error if there is a problem checking out one of the bundles

If there is an error that tries to perform a checkout operation on a remote bundle store, the REST API and CLI now returns an error message and a cause of the error. Additionally, the response code is set appropriately to indicate an error (HTTP 500 for the REST API and 1 for the CLI).


HashiCorp Vault Plugin support for complex KV2 mount names

If the mount name for the KV2 Vault secret engine contained forward slashes ( // ), the validation returned a permission denied error.

This issue is resolved. The mount name for the KV2 Vault secret engine is now split into a different form field that allows you to specify a complex mount name separately and to access it correctly.

If the Vault KV2 credentials are configured with Configuration as Code, it is recommended that you update the Configuration as Code configuration and specify the mountName separately.


Add JVM options field back to Shared Agents

The JVM options field was removed from Jenkins OSS. This fix brings it back as a specific configuration field for operations center Shared Agents. At the same time, this makes the launcher configuration homogeneous between Shared Agents and Shared Clouds.

Known Issues

Some RBAC permissions would not load when using the FINE logger


Failed parsing of data in the User Activity Monitoring plugin leads to incomplete data

Failed parsing of data from the User Activity Monitoring plugin will overwrite the user activity database. All user activity data that is logged up to that point in time is lost, in order to avoid this, refer to this knowledge base article Why is my user activity missing?.


HTTP Client used for Operations Center to Controllers connection leads to performance issues

Because of known issues in the Java HTTP Client, there could be performance issues in Operations Center to Controllers interactions in heavily loaded environments.

More details about this issue and workarounds are documented in Operations Center Client leaks HTTP Clients since version 2.401.1.3.


Clouds do not disappear after the Folder configuration update by a user without Overall/Administer permissions

Clouds deselect after a user without Overall/Administer permissions edits the Folder configuration.


Duplicate Pipeline Template Catalogs in the Configuration as Code for controllers jenkins.yaml file on each instance restart

If a Pipeline Template Catalog is configured in the Configuration as Code jenkins.yaml file and the id property is not defined, the catalog is duplicated on each instance restart and in the exported Configuration as Code configuration.


Duplicate Plugins in Operations center Plugin Manager UI

When searching for a specific plugin under 'Available' tab in operations center Plugin Manager, the search results shows duplicate entries of the searched plugin.