Security fixes
- Confidential information disclosure via aggregated node list in High Availability (HA) controllers
-
The REST API endpoint for listing agents on High Availability (HA) controllers was mistakenly accessible to anonymous users. Some users with limited permissions could also see confidential job-related information they should not have seen. This has been fixed and permission checks now work as expected.
Upgrade Notes
- Operations center CloudBees Assurance Program plugin changes since 2.462.3.3
-
The following plugins have been added to the Operations center CloudBees Assurance Program since 2.462.3.3:
-
OpenId Connect Authentication Plugin (
oic-auth)
-
- Controller CloudBees Assurance Program plugin changes since 2.462.3.3
-
The following plugins have been added to the Controller CloudBees Assurance Program since 2.462.3.3:
-
OpenId Connect Authentication Plugin (
oic-auth)
-
Known Issues
- Duplicate Plugins in Operations Center Plugin Manager UI
-
When you search for a specific plugin under Available tab in operations center Plugin Manager, the search results shows duplicate entries of the searched plugin.
- Cannot add CyberArk / Hashicorp Vault credentials from the Add button of a credentials form
-
When you try to add a CyberArk credential or Hashicorp Vault credential from the Add button of a credentials form, it fails with the error
Domain is read-onlyand the credential is not created. The workaround is to create the those types of credentials from the Manage Jenkins > Credentials page for root credentials or a Folder Credentials page for folder credentials.
- Updated support for the Integer version type in the Configuration as Code bundle
-
Updated support for the Integer version type in the Configuration as Code bundle