Security fixes
- Security vulnerabilities were fixed and backported from Jenkins
-
Refer to the CloudBees Security Advisory January 24, 2024 for more information.
Upgrade Notes
- Operations center CloudBees Assurance Program plugin changes since 2.426.2.2
-
The following plugins have been added to the Operations center CloudBees Assurance Program since 2.426.2.2:
-
Google Cloud Platform SDK :: Storage (
gcp-java-sdk-storage
)
-
- Controller CloudBees Assurance Program plugin changes since 2.426.2.2
-
The following plugins have been added to the Controller CloudBees Assurance Program since 2.426.2.2:
-
CloudBees Google Cloud Storage Cache Plugin (
cloudbees-google-cloud-storage-cache
) -
Google Cloud Platform SDK :: Storage (
gcp-java-sdk-storage
)
-
New Features
- Cross-replica script console
-
In a High Availability (HA) controller, under Manage Jenkins > CloudBees CI High Availability, there is now a Script Console link in the sidebar that allows you to run a Groovy script on each replica. The return value is a map of collected results. You can also POST to
/manage/highAvailability/scriptText
with a script parameter to use this system from automation.
Feature Enhancements
- Rolling Upgrades with High Availability (HA)
-
-
Proxy configuration screens to new replicas during a rolling upgrade
When performing a rolling upgrade of a High Availability (HA) controller, some replicas may run newer versions of CloudBees CI. If a user’s web session is still associated with an older replica, all configuration pages are now transparently redirected to a newer replica.
-
Configuration synchronization blocked from newer to older replicas
In a High Availability (HA) controller controller during a rolling upgrade, any configuration changes that occur on newer replicas are no longer reloaded by older replicas. The configuration changes will continue to be synchronized from older to newer replicas, or with replicas that have the same versions.
-
Builds adopted by older HA replicas during rolling upgrade no longer allowed
Sometimes, during a rolling upgrade of a High Availability (HA) managed controller, a build from a newer replica was adopted by an older replica. This is no longer allowed. Builds can only be adopted by replicas that run the same or a newer version of CloudBees CI.
-
- Completed builds not loaded from newer replicas during rolling upgrade
-
To avoid potential problems with nonforward-compatible changes to the format of build records, replicas in a High Availability (HA) controller that run an older version of CloudBees CI will decline to load records from builds completed in newer replicas. This makes these newly completed builds temporarily invisible. After a rolling upgrade completes, all replicas continue to load all of the completed builds.
- CloudBees Pipeline Explorer Related Builds View
-
Pipeline Explorer users can now access a panel that shows the builds related to the current build. The tree view also shows the related builds in the stage in which the build was triggered. Related builds include builds triggered in the current build and the build that triggered the current build.
- CloudBees Pipeline Explorer Build Failure Analyzer Integration
-
The CloudBees Pipeline Explorer users that have installed the Build Failure Analyzer (BFA) plugin can now access a side panel and view indications that are found after a BFA scan and are also marked in the logs. Users can run manual BFA scans to manage and rerun the scans as needed.
- CloudBees Pipeline Explorer Feature Enhancements
-
-
Add the ability to disable search input to prevent search failures
When the index size is too big compared to the limit configured, the search is prevented by disabling the search input.
-
Context badges do not show node or parallel badges
Node or parallel badges are now shown in the context badges (available in test insights and issue explorer).
-
Issue explorer rename
Renamed “Issue Explorer” to “Unsuccessful steps”.
-
Change the name displayed for failing tests in the Test Insights drawer to include the test class name
The entry for each failing test now shows the class name of the test, and now excludes the names of the stages that contain the step that recorded the failing test.
-
- New endpoint to download all available Configuration as Code schemas
-
Now it is possible to download the schema files used during the Configuration as Code Bundle validation. It is available through the UI (
JENKINS_URL/core-casc-schema-download/
) or through the following endpoints:-
JENKINS_URL/core-casc-schema-download/download/bundle-descriptor.json
for the bundle descriptor -
JENKINS_URL/core-casc-schema-download/download/plugin-catalog.json
for the plugin catalog -
JENKINS_URL/core-casc-schema-download/download/plugins.json
for the plugins file -
JENKINS_URL/core-casc-schema-download/download/items.json
for the items file -
JENKINS_URL/core-casc-schema-download/download/rbac.json
for the RBAC file -
JENKINS_URL/core-casc-schema-download/download/variables.json
for the variables file
-
- HashiCorp Vault integration: Support for Custom AppRole Paths in Authentication Configuration
-
Introduced an enhancement that allows users to specify custom paths while creating an AppRole in the authentication process. If no path is provided, it will resort to the current default behavior.
Resolved Issues
- Links to CloudBees Pipeline Explorer from Pipeline Steps View take your tree view preferences into account when applying filters
-
When you navigate to the CloudBees Pipeline Explorer from the Pipeline Steps View for a
node
step and your preferences preventnode
steps from being shown, the CloudBees Pipeline Explorer now activates the filter for the stage that contains thenode
step.
- Synchronize completed build metadata between HA replicas
-
A build that runs in one replica of a High Availability (HA) controller is invisible to other replicas until it finishes. The build metadata can then be edited. These changes are now reflected in all of the replicas.
- Accidental clean up of active HA cluster logs
-
The garbage collection of old High Availability (HA) cluster logs might try to accidentally clean active logs. This issue is now resolved.
- Resources are not set for the Configuration as Code Bundle Retriever container
-
Resources request and limits are now set for the Configuration as Code Bundle Retriever container.
- Branch migration is not reverted on unexpected failure
-
Only some failures were being captured, we have extended the range of exceptions that will be treated and, therefore, perform a rollback on migration in case of error.
- Incorrect strategy used to compute the Configuration as Code item deletion report
-
The Configuration as Code item deletion report used the active strategy to compute the report instead of the strategy specified in the updated bundle.
Configuration as Code item deletion report now uses the strategy of the updated bundle.
- Incorrect messages returned in CloudBees CasC Client Plugin validation log
-
The validation log for the CloudBees CasC Client Plugin (
cloudbees-casc-client
) incorrectly returned the following messages even though the plugin worked properly:-
Some plugins can not be installed
-
Some items could not be created
-
The issue is resolved and the log no longer returns those messages.
- Manually set availability patterns wiped out on migration
-
Now, when you manually migrate the CloudBees CasC Server (
cloudbees-casc-server
) plugin from 1.X to 2.X via the UI, the set availability patterns are migrated and preserved in the new version.The indicated availability pattern will be applied to bundles that match the bundle name in all branches.
- Remote Configuration as Code bundle checkout endpoint and CLI now provide a clear error if there is a problem checking out one of the bundles
-
If there is an error that tries to perform a checkout operation on a remote bundle store, the REST API and CLI now returns an error message and a cause of the error. Additionally, the response code is set appropriately to indicate an error (
HTTP 500
for the REST API and1
for the CLI).
- HashiCorp Vault Plugin support for complex KV2 mount names
-
If the mount name for the KV2 Vault secret engine contained forward slashes (
//
), the validation returned apermission denied
error.
This issue is resolved. The mount name for the KV2 Vault secret engine is now split into a different form field that allows you to specify a complex mount name separately and to access it correctly.
If the Vault KV2 credentials are configured with Configuration as Code, it is recommended that you update the Configuration as Code configuration and specify the mountName
separately.
- Add JVM options field back to Shared Agents
-
The JVM options field was removed from Jenkins OSS. This fix brings it back as a specific configuration field for operations center Shared Agents. At the same time, this makes the launcher configuration homogeneous between Shared Agents and Shared Clouds.
Known Issues
Some RBAC permissions would not load when using the FINE logger
- Failed parsing of data in the User Activity Monitoring plugin leads to incomplete data
-
Failed parsing of data from the User Activity Monitoring plugin will overwrite the user activity database. All user activity data that is logged up to that point in time is lost, in order to avoid this, refer to this knowledge base article Why is my user activity missing?.
- HTTP Client used for Operations Center to Controllers connection leads to performance issues
-
Because of known issues in the Java HTTP Client, there could be performance issues in Operations Center to Controllers interactions in heavily loaded environments.
More details about this issue and workarounds are documented in Operations Center Client leaks HTTP Clients since version 2.401.1.3.
- Clouds do not disappear after the Folder configuration update by a user without Overall/Administer permissions
-
Clouds deselect after a user without Overall/Administer permissions edits the Folder configuration.
- Duplicate Pipeline Template Catalogs in the Configuration as Code for controllers
jenkins.yaml
file on each instance restart -
If a Pipeline Template Catalog is configured in the Configuration as Code
jenkins.yaml
file and theid
property is not defined, the catalog is duplicated on each instance restart and in the exported Configuration as Code configuration.
- Duplicate Plugins in Operations center Plugin Manager UI
-
When searching for a specific plugin under 'Available' tab in operations center Plugin Manager, the search results shows duplicate entries of the searched plugin.