CloudBees Jenkins Enterprise 1.11.37

CloudBees will no longer be supporting CloudBees Jenkins Enterprise 1.x after July 30, 2020. This end-of-life announcement allows CloudBees to focus on driving new technology and product innovation for CloudBees CI. For information on moving to CloudBees CI, please refer to Migrating from CloudBees Jenkins Enterprise 1.x to CloudBees CI on modern cloud platforms which has been created to help you with the migration process. Existing customers can also contact their CSM to help ensure a smooth transition.

RELEASED: 2020-10-07

Based on Jenkins LTS2.249.2-cb-1

Rolling release

Feature enhancements

Beekeeper plugin exceptions

The following enhancements were made to the Beekeeper plugin exceptions feature:

  • User warned when specific plugins are saved as exceptions (FNDJEN-2409)

    When a plugin catalog containing Beekeeper plugin exceptions is selected on the master configuration page, a warning advising users of the implications associated with Beekeeper plugin exceptions is displayed.

  • Send event when Beekeeper plugin exceptions are enabled or disabled (FNDJEN-2421)

    If the CloudBees Assurance Program is enabled on an instance, CloudBees receives a weekly event to indicate if Beekeeper plugin exceptions were allowed or disallowed on that instance.

New option added to the restore configuration section of Restore/Backup jobs (CTR-2295)(CTR-2501)

CloudBees has added a new option to the restore configuration section of Restore/Backup jobs.

Users can now add a comma-separated list of Ant-style patterns to preserve content in the current JENKINS_HOME directory during the restore process, excluding it from the move operation.

A system property is used to set the list of Ant-style patterns. Users need to add cb.backup.restore.keepFilesPattern to the system properties. For example, -Dcb.backup.restore.keepFilesPattern='.snapshots,**/.snapshots' has to be added to the system properties, to preserve `.snapshots filesystem control files in the $JENKINS_HOME directory during the restore process.

See Restoring from the CloudBees Backup Plugin for more information.

Resolved issues

Corrected values from timers used by alerts (CPLT2-6723)

When alerts were defined based on timers, the alerts were triggered erroneously and the reported value was incorrect.

This was fixed by applying the correct unit conversion of durations and rates used by alerts.

Tabular-based layout causing display issues in the CloudBees Template plugin (CPLT2-6649)

Some attribute control GUIs did not display well in newer versions of Jenkins which have switched from tabular to CSS-based layout.

These controls were switched to the newer layout to enable a better display.

Remove obsolete suppress-stack-trace plugin (FNDJEN-3050)

The Suppress Stack Trace plugin’s functionality is now built into Jenkins core.

The new plugin is updated to a 1.6 version, which is empty and can be uninstalled.

[JENKINS-61511] [google-storage-plugin] Outdated/vulnerable dependency (commons-io) (FNDJEN-2042)

The Google Storage Plugin has a vulnerable dependency to commons-io, but it is not exploitable from CloudBees products.

CloudBees updated to the Google Storage Plugin version 1.5.2 to update the dependency, even though it’s not exploitable, to avoid a false-positive in security reports.

[SECURITY-2029] [google-kubernetes-engine] Get rid of groovy-sandbox 1.20 (FNDJEN-3008) (FNDJEN-3002)

The Google Kubernetes Engine 0.8.2 includes a vulnerable dependency, but it is not exploitable from CloudBees products.

The Google Kubernetes Engine has been updated to version 0.8.3, removing the affected dependency.

Durable Task plugin serializes anonymous class via remoting (NGPIPELINE-1362)

Using the sh, bat, and PowerShell steps sometimes results in serialization warnings being logged.

To avoid these errors, Anonymous classes have been converted into Named classes.

Pipelines interrupted while starting incorrectly resume after Jenkins restarts and cannot be stopped (NGPIPELINE-1354)

When Pipeline builds were interrupted during startup, for example, while checking out the SCM for a Pipeline library, their completion state persisted incorrectly.

Because the completion state did not persist correctly, after a Jenkins restart these Pipelines resumed as if they were incomplete and could not be terminated and would pause indefinitely.

This issue has been fixed by making sure that Pipeline builds that are interrupted while starting are persisted correctly so that they do not resume after a Jenkins restart.

Icons missing from Cluster Operations menu items due to incorrect source (CTR-2566)

The Cluster Operations menu items were missing icons due to an incorrect source url. With this fix, the icon urls on the Cluster Operations management menu are now correct.

The format of sidebar links with a context menu is wrong on Jenkins 2.239+ (CTR-1992)

The Cluster Operation menu item in the UI was not displaying correctly after updates to the UI.

With this fix, CloudBees updated the Cluster Operations menu item to be displayed correctly.

Old license displayed after check/install new license (CTR-1583)

The refresh license screen was redirecting to the license screen before the license data was updated and the previous license data was displayed.

Now when users manually refresh the license, they are not redirected until the license is updated.

Issue with Check for new license view (CTR-2491)

With this fix, the Check for newer license view is now compatible with Jenkins core 2.246 and beyond.

Removing an Update Site from a masters' configuration on Operations Center did not correctly remove the Update Site from the master (CTR-2389)

Removing an Update Site now correctly removes the configuration from the master and restores the default configuration.

check configuration would fail when the S3 bucket was provided by scality ring (CTR-1979)

The workaround for incompatibility with scality ring S3 implementation, is to load a non-zero length file in order to validate the configuration.

GitHubAppCredentials are not propagated from Operations Center to connected masters (CTR-2490)

Due to an update to the GitHub Branch Source Plugin in version 2.9.0, GitHubAppCredentials were not properly propagated from Operations Center to connected masters.

With this fix, GitHubAppCredentials are propagated correctly.

Operations Center connections details were not correctly anonymized in the support bundle (CTR-2369)

The Operations Center URL and Proxy details in the Support Component are now correctly anonymized.

Remove the "slave-name" term from the RBAC CLI (CLI-2242)

CloudBees has replaced the "slave" term with "agent" in the CLI output for the CloudBees Role-Based Access Control plugin group-membership command.

Known issues

.NET Framework 4.0 or higher is required to launch controller or agents on Windows services

Starting from this release, .NET Framework 2.0 doesn’t work for launching CloudBees controller or agents as Windows services. Microsoft.NET Framework 4.0 or above is now required for using the default service management features.

This release also upgrades Windows Service Wrapper (WinSW) from 2.3.0 to 2.9.0 and replaces the bundled binary from .NET Framework 2.0 to 4.0. There are many improvements and fixes in these versions, big thanks to NextTurn and all other contributors. You can find the full WinSW changelog here, just a few highlights important to CloudBees users:

  • Prompt for permission elevation when administrative access is required. Now CloudBees users do not need to run the agent process as Administrator to install the agent as a service from GUI.

  • Enable TLS 1.1/1.2 in .NET Framework 4.0 packages on Windows 7 and Windows Server 2008 R2.

  • Enable strong cryptography when running .NET Framework 4.0 binaries on .NET 4.6.

  • Support security descriptor string in the Windows service definition.

  • Support 'If-Modified-Since' and proxy settings for automatic downloads.

  • Fix Runaway Process Killer extension so that it does not kill wrong processes with the same PID on startup.

  • Fix the default domain name in the serviceaccount parameter (jira:JENKINS-12660[])

  • Fix archiving of old logs in the roll-by-size-time mode.

Use-cases affected by .NET Framework 2.0 support removal

If you use .NET Framework 2.0 to run the CloudBees Windows services, the following use cases are likely to be affected:

  • Installing the CloudBees controller as a Windows service from Web UI. The official MSI Installer supports .NET Framework 2.0 for the moment, but it will be changed in future versions.

  • Installing agents as Windows services from GUI. This feature is provided by the Windows Agent Installer Module from the Jenkins core.

  • Installing agents over Windows Management Instrumentation (WMI) via the WMI Windows Agents plugin

  • Auto-updating of Windows service wrappers on agents installed from GUI.

Upgrade guidelines

If all of your CloudBees controller and agent instances already use .NET Framework 4.0 or above, there are no special upgrade steps required.

If you run the CloudBees controller as a Windows Service with .NET Framework 2.0, this instance will require an upgrade of .NET Framework to version 4.0 or above. .NET Framework 4.6.1 or above is recommended because this .NET version provides many platform features by default (e.g. TLS 1.2 encryption and strong cryptography), and Windows Service Wrapper does not have to apply custom workarounds.

If you want to continue running some of your agents with .NET Framework 2.0, the following extra upgrade steps are required:

  1. Disable auto-upgrade of Windows Service Wrapper on agents by setting the -Dorg.jenkinsci.modules.windows_slave_installer.disableAutoUpdate=true flag on the CloudBees controller side.

  2. Upgrade agents with .NET Framework 4.0+ by downloading the recent Windows Service Wrapper 2.x version from WinSW GitHub Releases and manually replacing the wrapper ".exe" files in the agent workspaces.

Upgrade notes

End-of-life announcement

After assessing the viability of our supported plugins, CloudBees no longer supports the Visual Studio Team Service Plugin as of September 9, 2020.

This end-of-life announcement allows CloudBees to focus on driving new technology and product innovation as well as maintaining existing products that are actively used by customers.

After September 9, 2020, the plugin will lose functionality when upgraded. CloudBees recommends replacing it with the Team Foundation Server plugin.

Users should uninstall the plugin to avoid a credentials ID enumeration security bug.

For more information regarding this end-of-life announcement, please contact your Customer Success Manager.