CloudBees CI release highlights

What’s new in CloudBees CI 2.452.2.3

Watch video

New Features

Configuration as Code Permissions

Up until now, only Administrators were able to create, update, and do anything with Configuration as Code bundles. With this new feature, Administrators can grant different permissions to their team members to allow them to perform different tasks with Configuration as Code.

The following five new permissions have been added to the CloudBees permissions:

  • CasC Administer: This permission grants overall Configuration as Code permissions to a user/group without granting them overall cluster permissions. Users and groups with this permission will be able to perform actions such as: seeing the update log, seeing which branch/bundle is in use, exporting the bundle, and many others.

  • CasC Item: This permission grants users the ability to perform certain actions on a Configuration as Code controller such as: create an item using the endpoint/CLI, create a group that is attached to that item, and manage RBAC for that item.

  • CasC Checkout: This permission grants users the ability to checkout bundles.

  • CasC Read: This permission grants users the ability to see which branch or bundle is in use in the operations center or in a Configuration as Code controller.

  • CasC Read Checkout: This permission grants users the ability to see which bundle was checked out by the operations center.

Refer to CasC permissions for more information.

Feature Enhancements

CloudBees Pipeline Explorer improvements related to traversing the log
  • The CloudBees Pipeline Explorer shows all build causes

    Previously, the CloudBees Pipeline Explorer only showed build causes if there was an upstream build trigger. Now, the CloudBees Pipeline Explorer shows all types of build causes. They are shown in the map view and the related builds panel.

  • In the CloudBees Pipeline Explorer Map, add a message when a Pipeline does not contain stages

    In the CloudBees Pipeline Explorer Map, a message is now displayed when a Pipeline does not contain stages.

  • CloudBees Pipeline Explorer no longer shows a redundant duration for in progress builds

    The CloudBees Pipeline Explorer previously showed both a duration and a relative start time for incomplete builds that were always identical. Now, only the relative start time is shown for in progress builds.


Configuration as Code Plugin Management - New customization mechanism for download URL

Configuration as Code Plugin Management (apiVersion: 2) now includes a new repository layout that allows users to configure a download URL that accepts parameters such as the plugin ID.

Any plugin using this new layout will configure the parameter values. For example:

plugins: - id: "beer" parameters: env: "staging" tier: "customization" repositoryId: test-repo - id: "chucknorris" parameters: env: "staging" tier: "customization" repositoryId: test-repo repositories: - id: test-repo layout: parameters url: http://my-web-server/$env/$tier/$pluginId.hpi

Improvement of log entries

The Configuration as Code bundle now suppresses the log file strings that read No items.yaml in configuration bundle or No rbac.yaml in configuration bundle when not applicable.


New Pipeline policy rule for use of agents without retry

The new Pipeline policy rule Agent without Retry can be used to guide Pipeline authors to make sure agent usages are retried automatically if there is an infrastructure outage.


New full caching capability to CyberArk Credentials Provider

The CyberArk Credentials Provider plugin already caches details of the GetPassword request to CyberArk, but not the password itself. Additionally, the plugin always makes a call to retrieve the credentials password.

Now a new option, Cache Password, when enabled, caches the encrypted value of the password, that saves in API calls and cache writes.

Resolved Issues

Failed parsing of data in the User Activity Monitoring plugin leads to incomplete data

Failed parsing of data from the User Activity Monitoring plugin resets the user activity database that leads to incomplete data. If you cannot update to a version that includes the fix, please open a new ticket with the CloudBees Support team. There is a new version of the UAM (v 1.50) that can be provided by our support team.

This issue has been resolved.


HTTP Client used for operations center to controller connection leads to performance issues

Because of known issues in the Java HTTP Client, there could be performance issues in the Operations Center to Controllers interactions in heavily loaded environments.

This is now resolved after switching to OkHttp client instead.


CloudBees HashiCorp Vault plugin is leaking HTTP clients

The CloudBees HashiCorp Vault plugin is leaking HTTP clients when calling Vault and this could cause performance issues over time.

The issue has been fixed.


CloudBees SCM Reporting Plugin causes frequent credentials lookup

The CloudBees SCM Reporting Plugin was causing unwanted and frequent credentials lookup from controllers that defined GitHub Multibranch and Organization items. This could lead to further performance problems and delays on credentials related operations.

The issue has been fixed.


Prevent possible thread leak in ReverseProxy

Addressed a code path where a thread could be leaked on reverse proxying failure.

This issue has been fixed.


In the CloudBees Pipeline Explorer, the "Go to line number" feature erroneously triggered when the input box was clicked

In CloudBees Pipeline Explorer, when you click on the input box for the "Go to line number" feature, it immediately caused the page to load the last entered number. This behavior has been fixed to only trigger when you press the Enter key after you type in a line number or click on the arrow icon to the right of the input box.


In the CloudBees Pipeline Explorer Map, the node display breaks when it collapses a parallel stage

When a parallel stage collapses in the CloudBees Pipeline Explorer Map, the node display breaks.

This issue has been fixed.


Non-CAP plugins defined in the Configuration as Code bundle are compatible with the CloudBees CI release

The CloudBees Update Centers offer the latest compatible version with the CBCI release of non-CAP plugins. If the latest release of one of them is not compatible, that version was not offered by the Update Center, being provided the latest compatible one.

With Configuration as Code, however, the latest version was always offered even if it was not compatible, and it had to use the Plugin Catalog to fix the compatible version.

Now, the issue is fixed and the Configuration as Code bundle installs the latest compatible version.


Migrate from MapDB to Caffeine Cache

The Cyberark Credentials Provider used an outdated version of MapDB for on-disk caching layer.

It now uses Caffeine as its in-memory cache.


Operations center sublicense signature uses SHA512 instead of SHA1

The operations center generates sublicenses for controllers. The sublicense signature used the deprecated SHA1 algorithm. It now uses the SHA512 algorithm.

Known Issues

Some RBAC permissions would not load when using the FINE logger


NullPointerException when validating Kubernetes Cluster Endpoint

When using credentials in the Kubernetes Cluster Endpoints configuration, the Validate functionality shows an Angry Jenkins in the UI and a null pointer exception in Jenkins logs.


Clouds do not disappear after the Folder configuration update by a user without Overall/Administer permissions

Clouds deselect after a user without Overall/Administer permissions edits the Folder configuration.