CloudBees Jenkins Platform Client Master 2.107.1.2

8 minute read

RELEASED: Public: 2018-03-15

Based on Jenkins LTS2.107.1-cb-3

Rolling release Security release

Security advisory

Security advisory * Security Advisory 2018-02-26

+ Fixes the security issues described in the advisory. These fixes were delivered through an incremental upgrade to customers that were using * 2.89.4.2.

Verified plugins

  • Ant Plugin

    1.8 verified optional

  • Async Http Client

    1.7.24.1 verified installed by default

  • Authentication Tokens API Plugin

    1.3 verified optional

  • Branch API Plugin

    2.0.18 verified optional

  • CloudBees Jenkins Advisor Plugin

    2.0 verified optional

  • Config File Provider Plugin

    2.17 verified optional

  • Credentials Binding Plugin

    1.15 verified optional

  • Credentials Plugin

    2.1.16 verified installed by default

  • Display URL API

    2.1.0 verified installed by default

  • Folders Plugin

    6.3 verified installed by default

  • GitHub Branch Source Plugin

    2.3.2 verified optional

  • Gradle Plugin

    1.26 verified optional

  • JUnit Plugin

    1.23 verified installed by default

  • Jackson 2 API Plugin

    2.8.11.1 verified installed by default

  • Javadoc Plugin

    1.4 verified optional

  • Jenkins GIT server Plugin

    1.7 verified optional

  • Jenkins Git client plugin

    2.7.1 verified optional

  • Jenkins Git plugin

    3.8.0 verified optional

  • Jenkins MSBuild Plugin

    1.29 verified optional

  • Jenkins MSTestRunner plugin

    1.3.0 verified optional

  • Jenkins Mailer Plugin

    1.20 verified installed by default

  • Jenkins SSH Slaves plugin

    1.26 verified optional

  • LDAP Plugin

    1.20 verified optional

  • MapDB API Plugin

    1.0.9.0 verified installed by default

  • Metrics Plugin

    3.1.2.10 verified installed by default

  • OWASP Markup Formatter Plugin

    1.5 verified optional

  • Plain Credentials Plugin

    1.4 verified optional

  • SAML Plugin

    1.0.4 verified optional

  • SCM API Plugin

    2.2.6 verified installed by default

  • SSH Credentials Plugin

    1.13 verified optional

  • Script Security Plugin

    1.41 verified installed by default

  • Secure Requester Whitelist Plugin

    1.2 verified optional

  • Structs Plugin

    1.14 verified installed by default

  • Token Macro Plugin

    2.1 verified installed by default

  • Variant Plugin

    1.1 verified installed by default

  • Windows Slaves Plugin

    1.3.1 verified optional

Proprietary plugins

  • Beekeeper Upgrade Assistant Plugin

    2.89.0.3 proprietary installed by default

  • CloudBees Amazon AWS CLI Plugin

    1.5.8 proprietary optional

  • CloudBees Amazon Web Services Deploy Engine Plugin

    1.17 proprietary optional

  • CloudBees Azure CLI Plugin

    1.2 proprietary optional

  • CloudBees Back-up Plugin

    3.38.1 proprietary optional

  • CloudBees Blue Ocean Default Theme

    0.3 proprietary installed by default

  • CloudBees Even Scheduler Plugin

    3.8 proprietary optional

  • CloudBees Fast Archiving Plugin

    5.6 proprietary optional

  • CloudBees Folders Plus Plugin

    3.4 proprietary installed by default

  • CloudBees Git Validated Merge Plugin

    3.23 proprietary optional

  • CloudBees Groovy View Plugin

    1.7 proprietary optional

  • CloudBees High Availability Management plugin

    4.14 proprietary optional

  • CloudBees Jenkins Enterprise License Entitlement Check

    8.9 proprietary installed by default

  • CloudBees Label Throttling Plugin

    3.6 proprietary optional

  • CloudBees License Manager

    9.20 proprietary installed by default

  • CloudBees Long-Running Build Plugin

    1.11 proprietary optional

  • CloudBees Monitoring Plugin

    2.7 proprietary optional

  • CloudBees Nodes Plus Plugin

    1.16 proprietary optional

  • CloudBees OpenShift CLI Plugin

    1.4 proprietary optional

  • CloudBees Pipeline (Deprecated)

    1.9.1 proprietary optional

  • CloudBees Pipeline Stage View Extensions

    2.1 proprietary optional

  • CloudBees Pipeline: Groovy Checkpoint Plugin

    2.7 proprietary optional

  • CloudBees Pipeline: REST API (Deprecated)

    1.9.1 proprietary optional

  • CloudBees Pipeline: Templates Plugin

    2.7 proprietary optional

  • CloudBees Plugin Usage Plugin

    1.7 proprietary optional

  • CloudBees Pull Request Builder for GitHub

    1.12 proprietary optional

  • CloudBees Quiet Start Plugin

    1.4 proprietary optional

  • CloudBees Restart Aborted Builds Plugin

    1.10 proprietary optional

  • CloudBees Role-Based Access Control Plugin

    5.19 proprietary installed by default

  • CloudBees SSH Build Agents Plugin

    2.1 proprietary optional

  • CloudBees Skip Next Build Plugin

    4.1 proprietary optional

  • CloudBees Support Plugin

    3.15 proprietary optional

  • CloudBees Template Plugin

    4.35 proprietary optional

  • CloudBees VMWare Autoscaling Plugin

    4.3.7 proprietary optional

  • CloudBees View Creation Filter Plugin

    1.5 proprietary optional

  • CloudBees WikiText Security Plugin

    3.8 proprietary optional

  • Operations Center Agent

    2.107.1.4 proprietary installed by default

  • Operations Center Analytics Configuration

    2.107.1.4 proprietary optional

  • Operations Center Analytics Reporter

    2.107.1.4 proprietary optional

  • Operations Center Client Plugin

    2.107.1.4 proprietary installed by default

  • Operations Center Cloud

    2.107.1.4 proprietary optional

  • Operations Center Context

    2.107.1.4 proprietary installed by default

Compatible plugins

  • Amazon EC2 plugin

    1.36.1-cb-2 compatible optional

  • Amazon Web Services SDK

    1.11.119 compatible optional

  • Autofavorite for Blue Ocean

    1.2.2 compatible optional

  • Azure PublisherSettings Credentials Plugin

    1.2 compatible optional

  • Bitbucket Branch Source Plugin

    2.2.9 compatible optional

  • Bitbucket Pipeline for Blue Ocean

    1.4.2 compatible optional

  • Blue Ocean

    1.4.2 compatible optional

  • Blue Ocean Core JS

    1.4.2 compatible optional

  • Blue Ocean Pipeline Editor

    1.4.2 compatible optional

  • CloudBees Amazon Web Services Credentials Plugin

    1.21 compatible optional

  • CloudBees Docker Build and Publish plugin

    1.3.2 compatible optional

  • CloudBees Docker Hub/Registry Notification

    2.2.1 compatible optional

  • Command Agent Launcher Plugin

    1.2 compatible installed by default

  • Common API for Blue Ocean

    1.4.2 compatible installed by default

  • Conditional BuildStep

    1.3.6 compatible optional

  • Config API for Blue Ocean

    1.4.2 compatible optional

  • Copy Artifact Plugin

    1.39 compatible optional

  • Dashboard View

    2.9.11 compatible optional

  • Dashboard for Blue Ocean

    1.4.2 compatible optional

  • Deployed On Column Plugin

    1.8 compatible optional

  • Deployer Framework Plugin

    1.1 compatible optional

  • Display URL for Blue Ocean

    2.1.1 compatible optional

  • Docker Commons Plugin

    1.11 compatible optional

  • Docker Pipeline

    1.13 compatible optional

  • Durable Task Plugin

    1.16 compatible optional

  • Email Extension Plugin

    2.61 compatible optional

  • Events API for Blue Ocean

    1.4.2 compatible optional

  • External Monitor Job Type Plugin

    1.7 compatible optional

  • Favorite

    2.3.1 compatible optional

  • Git Pipeline for Blue Ocean

    1.4.2 compatible optional

  • GitHub API Plugin

    1.90 compatible optional

  • GitHub Pipeline for Blue Ocean

    1.4.2 compatible optional

  • GitHub plugin

    1.29.0 compatible optional

  • HTML Publisher plugin

    1.14 compatible optional

  • Handy Uri Templates 2.x API Plugin

    2.1.6-1.0 compatible optional

  • JIRA Integration for Blue Ocean

    1.4.2 compatible optional

  • JWT for Blue Ocean

    1.4.2 compatible optional

  • JavaScript GUI Lib: ACE Editor bundle plugin

    1.1 compatible optional

  • JavaScript GUI Lib: Handlebars bundle plugin

    1.1.1 compatible optional

  • JavaScript GUI Lib: Moment.js bundle plugin

    1.1.1 compatible optional

  • JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin

    1.2.1 compatible optional

  • Jenkins Active Directory plugin

    2.6 compatible optional

  • Jenkins Apache HttpComponents Client 4.x API Plugin

    4.5.3-2.1 compatible optional

  • Jenkins Design Language

    1.4.2 compatible optional

  • Jenkins JIRA plugin

    2.4.2 compatible optional

  • Jenkins JSch dependency plugin

    0.1.54.1 compatible optional

  • Jenkins Mercurial plugin

    2.3 compatible optional

  • Jenkins Parameterized Trigger plugin

    2.35.1 compatible optional

  • Jenkins Pub-Sub "light" Bus

    1.12 compatible optional

  • Jenkins build timeout plugin

    1.18 compatible optional

  • Jenkins promoted builds plugin

    3.0 compatible optional

  • Kubernetes plugin

    1.1.4 compatible optional

  • Matrix Authorization Strategy Plugin

    2.2 compatible optional

  • Matrix Project Plugin

    1.12 compatible optional

  • Maven Integration plugin

    3.1 compatible optional

  • Monitoring

    1.67.0 compatible optional

  • Node Iterator API Plugin

    1.5.0 compatible optional

  • NodeJS Plugin

    1.2.4 compatible optional

  • PAM Authentication plugin

    1.3 compatible optional

  • Personalization for Blue Ocean

    1.4.2 compatible optional

  • Pipeline

    2.5 compatible optional

  • Pipeline Graph Analysis Plugin

    1.6 compatible optional

  • Pipeline SCM API for Blue Ocean

    1.4.2 compatible optional

  • Pipeline implementation for Blue Ocean

    1.4.2 compatible optional

  • Pipeline: API

    2.26 compatible installed by default

  • Pipeline: Basic Steps

    2.6 compatible optional

  • Pipeline: Build Step

    2.5.1 compatible optional

  • Pipeline: Declarative

    1.2.7 compatible optional

  • Pipeline: Declarative Agent API

    1.1.1 compatible optional

  • Pipeline: Declarative Extension Points API

    1.2.7 compatible optional

  • Pipeline: GitHub Groovy Libraries

    1.0 compatible optional

  • Pipeline: Groovy

    2.45 compatible optional

  • Pipeline: Input Step

    2.8 compatible optional

  • Pipeline: Job

    2.17 compatible optional

  • Pipeline: Milestone Step

    1.3.1 compatible optional

  • Pipeline: Model API

    1.2.7 compatible optional

  • Pipeline: Multibranch

    2.17 compatible optional

  • Pipeline: Nodes and Processes

    2.18 compatible optional

  • Pipeline: REST API Plugin

    2.9 compatible optional

  • Pipeline: SCM Step

    2.6 compatible optional

  • Pipeline: Shared Groovy Libraries

    2.9 compatible optional

  • Pipeline: Stage Step

    2.2 compatible optional

  • Pipeline: Stage Tags Metadata

    1.2.7 compatible optional

  • Pipeline: Stage View Plugin

    2.9 compatible optional

  • Pipeline: Step API

    2.14 compatible installed by default

  • Pipeline: Supporting APIs

    2.18 compatible optional

  • REST API for Blue Ocean

    1.4.2 compatible optional

  • REST Implementation for Blue Ocean

    1.4.2 compatible optional

  • Run Condition Plugin

    1.0 compatible optional

  • SSH Agent Plugin

    1.15 compatible optional

  • Server Sent Events (SSE) Gateway Plugin

    1.15 compatible optional

  • Stack Trace Suppression Plugin

    1.5 compatible optional

  • Support Core Plugin

    2.44 compatible installed by default

  • Unique ID Library Plugin

    2.1.3 compatible optional

  • Web for Blue Ocean

    1.4.2 compatible optional

  • bouncycastle API Plugin

    2.16.2 compatible installed by default

  • i18n for Blue Ocean

    1.4.2 compatible optional

  • jQuery plugin

    1.12.4-0 compatible optional

Plugin modifications

  • JEP-200: XStream and Remoting now use whitelists

    XStream and Remoting now use whitelists instead of blacklists

  • This change is a major security hardening, which protects instances from class deserialization attacks. See

  • this page for more information.

  • This change has a high risk of regressions in Jenkins plugins. The list of affected plugins is available

  • on this Wiki page.

  • Open-source Tier 3 plugins are not included in

  • CloudBees Assurance Program, and they need to be updated before the upgrade to this version. Please follow

  • these upgrade guidelines +* If you use home-made or other 3rd-party plugins, they may be affected by the change as well.

  • You can find troubleshooting and reporting guidelines for this issue in

  • this KB Article.

  • Use XML 1.1

    Config files now use XML 1.1, which allows for the support of additional characters that are not considered legal in XML 1.0 documents. Configuration files generated by previous versions will be silently updated to the new version, and are not backwards compatible with older instances.

While this change should be transparent for most users, there are two points worth noting:

  • Move/Copy/Promote operations from a master with this version to an older version master will fail, as the copied artifacts will contain XML 1.1 configuration files which cannot be be parsed by the older master. A warning will be displayed when attempting to perform a Move/Copy/Promote operation under these circumstances. Move/Copy/Promote operations from an older version to a newer one are unaffected.

  • Downgrading to a previous version is generally discouraged, and will fail with numerous XML parsing exceptions when downgrading to a version older than this one, due to the configuration files having a declaration tag specifying that they are XML 1.1. If a downgrade must be performed, it will be necessary to perform a global find/replace operation on all XML files.

  • Upgraded Jenkins LTS from 2.89.4-cb-4 to 2.107.1-cb-3

  • Release Notes

    Upgraded Active Directory Plugin from 2.4 to 2.6

  • Release Notes

    Upgraded Apache HttpComponents Client 4.x API Plugin from 4.5.3-2.0 to 4.5.3-2.1

  • Release Notes

    Upgraded Blue Ocean Plugin from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded Blue Ocean Autofavorite from 1.1.0 to 1.2.2

  • Release Notes

    Upgraded Bitbucket Pipeline for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded Common API for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded Config API for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded Dashboard for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded Events API for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded Git Pipeline for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded GitHub Pipeline for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded i18n for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded JIRA Integration for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded JWT for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded Personalization for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded Pipeline REST API for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded Blue Ocean Pipeline Editor from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded Pipeline SCM API for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded REST API for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded REST Implementation for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded Web for Blue Ocean from 1.3.5 to 1.4.2

  • Release Notes

    Upgraded CloudBees Folders Plugin from 6.1.2 to 6.3

  • Release Notes

    Upgraded CloudBees High Availability from 4.12 to 4.14

  • Release Notes

    Upgraded CloudBees Jenkins Advisor Plugin from 1.3 to 2.0

  • Release Notes

    Upgraded CloudBees License Manager from 9.18.1 to 9.20

  • Release Notes

    Upgraded CloudBees Support Plugin from 3.14 to 3.15

  • Release Notes

    Upgraded Command Agent Launcher Plugin from 1.1 to 1.2

  • Release Notes

    Upgraded Docker Commons Plugin from 1.9 to 1.11

  • Release Notes

    Upgraded CloudBees Docker Hub Notification from 2.2.0 to 2.2.1

  • Release Notes

    Upgraded Git Plugin from 3.6.4 to 3.8.0

  • Release Notes

    Upgraded Git Client Plugin from 2.6.0 to 2.7.1

  • Release Notes

    Upgraded CloudBees Backup Plugin from 3.38 to 3.38.1

  • Release Notes

    Upgraded Jackson2 API Plugin from 2.8.10.1 to 2.8.11.1

  • Release Notes

    Upgraded JUnit Plugin from 1.21.1-cb-1 to 1.23

  • Release Notes

    Upgraded LDAP Plugin from 1.18 to 1.20

  • Release Notes

    Upgraded Maven Plugin from 3.0 to 3.1

  • Release Notes

    Upgraded Mercurial Plugin from 2.2 to 2.3

  • Release Notes

    Upgraded Operations Center Agent Plugin from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Analytics Configuration from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Analytics Reporter Plugin from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Client Plugin from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Cloud Plugin from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Context Plugin from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Pipeline Graph Analysis Plugin from 1.5 to 1.6

  • Release Notes

    Upgraded Pipeline: Model API from 1.2.5 to 1.2.7

  • Release Notes

    Upgraded Pipeline: Model Definition from 1.2.5 to 1.2.7

  • Release Notes

    Upgraded Pipeline: Declarative Extension Points API from 1.2.5 to 1.2.7

  • Release Notes

    Upgraded Pipeline: Stage Tags Metadata from 1.2.5 to 1.2.7

  • Release Notes

    Upgraded Promoted Builds Plugin from 2.31 to 3.0

  • Release Notes

    Upgraded Script Security Plugin from 1.39 to 1.41

  • Release Notes

    Upgraded SSH Slaves Plugin from 1.24 to 1.26

  • Release Notes

    Upgraded Structs Plugin from 1.13 to 1.14

  • Release Notes

    Upgraded Pipeline API Plugin from 2.25 to 2.26

  • Release Notes

    Upgraded Pipeline Groovy Plugin from 2.44 to 2.45

Added blueocean-core-js version 1.4.2

Added jenkins-design-language version 1.4.2