RELEASED: Public: 2018-03-15
Based on Jenkins
LTS2.107.1-cb-3
Rolling release Security release
Security advisory
Security advisory * Security Advisory 2018-02-26
+ Fixes the security issues described in the advisory. These fixes were delivered through an incremental upgrade to customers that were using * 2.89.4.2.
Verified plugins
-
Ant Plugin
1.8 verified optional
-
Async Http Client
1.7.24.1 verified installed by default
-
Authentication Tokens API Plugin
1.3 verified optional
-
Branch API Plugin
2.0.18 verified optional
-
CloudBees Jenkins Advisor Plugin
2.0 verified optional
-
Config File Provider Plugin
2.17 verified optional
-
Credentials Binding Plugin
1.15 verified optional
-
Credentials Plugin
2.1.16 verified installed by default
-
Display URL API
2.1.0 verified installed by default
-
Folders Plugin
6.3 verified installed by default
-
GitHub Branch Source Plugin
2.3.2 verified optional
-
Gradle Plugin
1.26 verified optional
-
JUnit Plugin
1.23 verified installed by default
-
Jackson 2 API Plugin
2.8.11.1 verified installed by default
-
Javadoc Plugin
1.4 verified optional
-
Jenkins GIT server Plugin
1.7 verified optional
-
Jenkins Git client plugin
2.7.1 verified optional
-
Jenkins Git plugin
3.8.0 verified optional
-
Jenkins MSBuild Plugin
1.29 verified optional
-
Jenkins MSTestRunner plugin
1.3.0 verified optional
-
Jenkins Mailer Plugin
1.20 verified installed by default
-
Jenkins SSH Slaves plugin
1.26 verified optional
-
LDAP Plugin
1.20 verified optional
-
MapDB API Plugin
1.0.9.0 verified installed by default
-
Metrics Plugin
3.1.2.10 verified installed by default
-
OWASP Markup Formatter Plugin
1.5 verified optional
-
Plain Credentials Plugin
1.4 verified optional
-
SAML Plugin
1.0.4 verified optional
-
SCM API Plugin
2.2.6 verified installed by default
-
SSH Credentials Plugin
1.13 verified optional
-
Script Security Plugin
1.41 verified installed by default
-
Secure Requester Whitelist Plugin
1.2 verified optional
-
Structs Plugin
1.14 verified installed by default
-
Token Macro Plugin
2.1 verified installed by default
-
Variant Plugin
1.1 verified installed by default
-
Windows Slaves Plugin
1.3.1 verified optional
Proprietary plugins
-
Beekeeper Upgrade Assistant Plugin
2.89.0.3 proprietary installed by default
-
CloudBees Amazon AWS CLI Plugin
1.5.8 proprietary optional
-
CloudBees Amazon Web Services Deploy Engine Plugin
1.17 proprietary optional
-
CloudBees Azure CLI Plugin
1.2 proprietary optional
-
CloudBees Back-up Plugin
3.38.1 proprietary optional
-
CloudBees Blue Ocean Default Theme
0.3 proprietary installed by default
-
CloudBees Even Scheduler Plugin
3.8 proprietary optional
-
CloudBees Fast Archiving Plugin
5.6 proprietary optional
-
CloudBees Folders Plus Plugin
3.4 proprietary installed by default
-
CloudBees Git Validated Merge Plugin
3.23 proprietary optional
-
CloudBees Groovy View Plugin
1.7 proprietary optional
-
CloudBees High Availability Management plugin
4.14 proprietary optional
-
CloudBees Jenkins Enterprise License Entitlement Check
8.9 proprietary installed by default
-
CloudBees Label Throttling Plugin
3.6 proprietary optional
-
CloudBees License Manager
9.20 proprietary installed by default
-
CloudBees Long-Running Build Plugin
1.11 proprietary optional
-
CloudBees Monitoring Plugin
2.7 proprietary optional
-
CloudBees Nodes Plus Plugin
1.16 proprietary optional
-
CloudBees OpenShift CLI Plugin
1.4 proprietary optional
-
CloudBees Pipeline (Deprecated)
1.9.1 proprietary optional
-
CloudBees Pipeline Stage View Extensions
2.1 proprietary optional
-
CloudBees Pipeline: Groovy Checkpoint Plugin
2.7 proprietary optional
-
CloudBees Pipeline: REST API (Deprecated)
1.9.1 proprietary optional
-
CloudBees Pipeline: Templates Plugin
2.7 proprietary optional
-
CloudBees Plugin Usage Plugin
1.7 proprietary optional
-
CloudBees Pull Request Builder for GitHub
1.12 proprietary optional
-
CloudBees Quiet Start Plugin
1.4 proprietary optional
-
CloudBees Restart Aborted Builds Plugin
1.10 proprietary optional
-
CloudBees Role-Based Access Control Plugin
5.19 proprietary installed by default
-
CloudBees SSH Build Agents Plugin
2.1 proprietary optional
-
CloudBees Skip Next Build Plugin
4.1 proprietary optional
-
CloudBees Support Plugin
3.15 proprietary optional
-
CloudBees Template Plugin
4.35 proprietary optional
-
CloudBees VMWare Autoscaling Plugin
4.3.7 proprietary optional
-
CloudBees View Creation Filter Plugin
1.5 proprietary optional
-
CloudBees WikiText Security Plugin
3.8 proprietary optional
-
Operations Center Agent
2.107.1.4 proprietary installed by default
-
Operations Center Analytics Configuration
2.107.1.4 proprietary optional
-
Operations Center Analytics Reporter
2.107.1.4 proprietary optional
-
Operations Center Client Plugin
2.107.1.4 proprietary installed by default
-
Operations Center Cloud
2.107.1.4 proprietary optional
-
Operations Center Context
2.107.1.4 proprietary installed by default
Compatible plugins
-
Amazon EC2 plugin
1.36.1-cb-2 compatible optional
-
Amazon Web Services SDK
1.11.119 compatible optional
-
Autofavorite for Blue Ocean
1.2.2 compatible optional
-
Azure PublisherSettings Credentials Plugin
1.2 compatible optional
-
Bitbucket Branch Source Plugin
2.2.9 compatible optional
-
Bitbucket Pipeline for Blue Ocean
1.4.2 compatible optional
-
Blue Ocean
1.4.2 compatible optional
-
Blue Ocean Core JS
1.4.2 compatible optional
-
Blue Ocean Pipeline Editor
1.4.2 compatible optional
-
CloudBees Amazon Web Services Credentials Plugin
1.21 compatible optional
-
CloudBees Docker Build and Publish plugin
1.3.2 compatible optional
-
CloudBees Docker Hub/Registry Notification
2.2.1 compatible optional
-
Command Agent Launcher Plugin
1.2 compatible installed by default
-
Common API for Blue Ocean
1.4.2 compatible installed by default
-
Conditional BuildStep
1.3.6 compatible optional
-
Config API for Blue Ocean
1.4.2 compatible optional
-
Copy Artifact Plugin
1.39 compatible optional
-
Dashboard View
2.9.11 compatible optional
-
Dashboard for Blue Ocean
1.4.2 compatible optional
-
Deployed On Column Plugin
1.8 compatible optional
-
Deployer Framework Plugin
1.1 compatible optional
-
Display URL for Blue Ocean
2.1.1 compatible optional
-
Docker Commons Plugin
1.11 compatible optional
-
Docker Pipeline
1.13 compatible optional
-
Durable Task Plugin
1.16 compatible optional
-
Email Extension Plugin
2.61 compatible optional
-
Events API for Blue Ocean
1.4.2 compatible optional
-
External Monitor Job Type Plugin
1.7 compatible optional
-
Favorite
2.3.1 compatible optional
-
Git Pipeline for Blue Ocean
1.4.2 compatible optional
-
GitHub API Plugin
1.90 compatible optional
-
GitHub Pipeline for Blue Ocean
1.4.2 compatible optional
-
GitHub plugin
1.29.0 compatible optional
-
HTML Publisher plugin
1.14 compatible optional
-
Handy Uri Templates 2.x API Plugin
2.1.6-1.0 compatible optional
-
JIRA Integration for Blue Ocean
1.4.2 compatible optional
-
JWT for Blue Ocean
1.4.2 compatible optional
-
JavaScript GUI Lib: ACE Editor bundle plugin
1.1 compatible optional
-
JavaScript GUI Lib: Handlebars bundle plugin
1.1.1 compatible optional
-
JavaScript GUI Lib: Moment.js bundle plugin
1.1.1 compatible optional
-
JavaScript GUI Lib: jQuery bundles (jQuery and jQuery UI) plugin
1.2.1 compatible optional
-
Jenkins Active Directory plugin
2.6 compatible optional
-
Jenkins Apache HttpComponents Client 4.x API Plugin
4.5.3-2.1 compatible optional
-
Jenkins Design Language
1.4.2 compatible optional
-
Jenkins JIRA plugin
2.4.2 compatible optional
-
Jenkins JSch dependency plugin
0.1.54.1 compatible optional
-
Jenkins Mercurial plugin
2.3 compatible optional
-
Jenkins Parameterized Trigger plugin
2.35.1 compatible optional
-
Jenkins Pub-Sub "light" Bus
1.12 compatible optional
-
Jenkins build timeout plugin
1.18 compatible optional
-
Jenkins promoted builds plugin
3.0 compatible optional
-
Kubernetes plugin
1.1.4 compatible optional
-
Matrix Authorization Strategy Plugin
2.2 compatible optional
-
Matrix Project Plugin
1.12 compatible optional
-
Maven Integration plugin
3.1 compatible optional
-
Monitoring
1.67.0 compatible optional
-
Node Iterator API Plugin
1.5.0 compatible optional
-
NodeJS Plugin
1.2.4 compatible optional
-
PAM Authentication plugin
1.3 compatible optional
-
Personalization for Blue Ocean
1.4.2 compatible optional
-
Pipeline
2.5 compatible optional
-
Pipeline Graph Analysis Plugin
1.6 compatible optional
-
Pipeline SCM API for Blue Ocean
1.4.2 compatible optional
-
Pipeline implementation for Blue Ocean
1.4.2 compatible optional
-
Pipeline: API
2.26 compatible installed by default
-
Pipeline: Basic Steps
2.6 compatible optional
-
Pipeline: Build Step
2.5.1 compatible optional
-
Pipeline: Declarative
1.2.7 compatible optional
-
Pipeline: Declarative Agent API
1.1.1 compatible optional
-
Pipeline: Declarative Extension Points API
1.2.7 compatible optional
-
Pipeline: GitHub Groovy Libraries
1.0 compatible optional
-
Pipeline: Groovy
2.45 compatible optional
-
Pipeline: Input Step
2.8 compatible optional
-
Pipeline: Job
2.17 compatible optional
-
Pipeline: Milestone Step
1.3.1 compatible optional
-
Pipeline: Model API
1.2.7 compatible optional
-
Pipeline: Multibranch
2.17 compatible optional
-
Pipeline: Nodes and Processes
2.18 compatible optional
-
Pipeline: REST API Plugin
2.9 compatible optional
-
Pipeline: SCM Step
2.6 compatible optional
-
Pipeline: Shared Groovy Libraries
2.9 compatible optional
-
Pipeline: Stage Step
2.2 compatible optional
-
Pipeline: Stage Tags Metadata
1.2.7 compatible optional
-
Pipeline: Stage View Plugin
2.9 compatible optional
-
Pipeline: Step API
2.14 compatible installed by default
-
Pipeline: Supporting APIs
2.18 compatible optional
-
REST API for Blue Ocean
1.4.2 compatible optional
-
REST Implementation for Blue Ocean
1.4.2 compatible optional
-
Run Condition Plugin
1.0 compatible optional
-
SSH Agent Plugin
1.15 compatible optional
-
Server Sent Events (SSE) Gateway Plugin
1.15 compatible optional
-
Stack Trace Suppression Plugin
1.5 compatible optional
-
Support Core Plugin
2.44 compatible installed by default
-
Unique ID Library Plugin
2.1.3 compatible optional
-
Web for Blue Ocean
1.4.2 compatible optional
-
bouncycastle API Plugin
2.16.2 compatible installed by default
-
i18n for Blue Ocean
1.4.2 compatible optional
-
jQuery plugin
1.12.4-0 compatible optional
Plugin modifications
-
JEP-200: XStream and Remoting now use whitelists
XStream and Remoting now use whitelists instead of blacklists
-
This change is a major security hardening, which protects instances from class deserialization attacks. See
-
this page for more information.
-
This change has a high risk of regressions in Jenkins plugins. The list of affected plugins is available
-
Open-source Tier 3 plugins are not included in
-
CloudBees Assurance Program, and they need to be updated before the upgrade to this version. Please follow
-
these upgrade guidelines +* If you use home-made or other 3rd-party plugins, they may be affected by the change as well.
-
You can find troubleshooting and reporting guidelines for this issue in
-
Config files now use XML
1.1
, which allows for the support of additional characters that are not considered legal in XML1.0
documents. Configuration files generated by previous versions will be silently updated to the new version, and are not backwards compatible with older instances.
While this change should be transparent for most users, there are two points worth noting:
-
Move/Copy/Promote operations from a master with this version to an older version master will fail, as the copied artifacts will contain XML
1.1
configuration files which cannot be be parsed by the older master. A warning will be displayed when attempting to perform a Move/Copy/Promote operation under these circumstances. Move/Copy/Promote operations from an older version to a newer one are unaffected. -
Downgrading to a previous version is generally discouraged, and will fail with numerous XML parsing exceptions when downgrading to a version older than this one, due to the configuration files having a declaration tag specifying that they are XML
1.1
. If a downgrade must be performed, it will be necessary to perform a global find/replace operation on all XML files. -
Upgraded Jenkins LTS from
2.89.4-cb-4
to2.107.1-cb-3
-
Upgraded Active Directory Plugin from
2.4
to2.6
-
Upgraded Apache HttpComponents Client 4.x API Plugin from
4.5.3-2.0
to4.5.3-2.1
-
Upgraded Blue Ocean Plugin from
1.3.5
to1.4.2
-
Upgraded Blue Ocean Autofavorite from
1.1.0
to1.2.2
-
Upgraded Bitbucket Pipeline for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded Common API for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded Config API for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded Dashboard for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded Events API for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded Git Pipeline for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded GitHub Pipeline for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded i18n for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded JIRA Integration for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded JWT for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded Personalization for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded Pipeline REST API for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded Blue Ocean Pipeline Editor from
1.3.5
to1.4.2
-
Upgraded Pipeline SCM API for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded REST API for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded REST Implementation for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded Web for Blue Ocean from
1.3.5
to1.4.2
-
Upgraded CloudBees Folders Plugin from
6.1.2
to6.3
-
Upgraded CloudBees High Availability from
4.12
to4.14
-
Upgraded CloudBees Jenkins Advisor Plugin from
1.3
to2.0
-
Upgraded CloudBees License Manager from
9.18.1
to9.20
-
Upgraded CloudBees Support Plugin from
3.14
to3.15
-
Upgraded Command Agent Launcher Plugin from
1.1
to1.2
-
Upgraded Docker Commons Plugin from
1.9
to1.11
-
Upgraded CloudBees Docker Hub Notification from
2.2.0
to2.2.1
-
Upgraded Git Plugin from
3.6.4
to3.8.0
-
Upgraded Git Client Plugin from
2.6.0
to2.7.1
-
Upgraded CloudBees Backup Plugin from
3.38
to3.38.1
-
Upgraded Jackson2 API Plugin from
2.8.10.1
to2.8.11.1
-
Upgraded JUnit Plugin from
1.21.1-cb-1
to1.23
-
Upgraded LDAP Plugin from
1.18
to1.20
-
Upgraded Maven Plugin from
3.0
to3.1
-
Upgraded Mercurial Plugin from
2.2
to2.3
-
Upgraded Operations Center Agent Plugin from
2.89.0.2
to2.107.1.4
-
Upgraded Operations Center Analytics Configuration from
2.89.0.2
to2.107.1.4
-
Upgraded Operations Center Analytics Reporter Plugin from
2.89.0.2
to2.107.1.4
-
Upgraded Operations Center Client Plugin from
2.89.0.2
to2.107.1.4
-
Upgraded Operations Center Cloud Plugin from
2.89.0.2
to2.107.1.4
-
Upgraded Operations Center Context Plugin from
2.89.0.2
to2.107.1.4
-
Upgraded Pipeline Graph Analysis Plugin from
1.5
to1.6
-
Upgraded Pipeline: Model API from
1.2.5
to1.2.7
-
Upgraded Pipeline: Model Definition from
1.2.5
to1.2.7
-
Upgraded Pipeline: Declarative Extension Points API from
1.2.5
to1.2.7
-
Upgraded Pipeline: Stage Tags Metadata from
1.2.5
to1.2.7
-
Upgraded Promoted Builds Plugin from
2.31
to3.0
-
Upgraded Script Security Plugin from
1.39
to1.41
-
Upgraded SSH Slaves Plugin from
1.24
to1.26
-
Upgraded Structs Plugin from
1.13
to1.14
-
Upgraded Pipeline API Plugin from
2.25
to2.26
-
Upgraded Pipeline Groovy Plugin from
2.44
to2.45
Added blueocean-core-js version 1.4.2
Added jenkins-design-language version 1.4.2