CloudBees Jenkins Platform Operations Center 2.107.1.2

RELEASED: Public: 2018-03-15

Based on Jenkins LTS2.107.1-cb-3

Rolling release[.badge .badge-pill .ml-1 .badge-warning]Security release

Security advisory

Security advisory * Security Advisory 2018-02-26

+ Fixes the security issues described in the advisory. These fixes were delivered through an incremental upgrade to customers that were using * 2.89.4.2.

Verified plugins

  • Async Http Client

    1.7.24.1 verified installed by default

  • Authentication Tokens API Plugin

    1.3 verified optional

  • CloudBees Jenkins Advisor Plugin

    2.0 verified optional

  • Config File Provider Plugin

    2.17 verified optional

  • Credentials Binding Plugin

    1.15 verified optional

  • Credentials Plugin

    2.1.16 verified installed by default

  • Display URL API

    2.1.0 verified installed by default

  • Folders Plugin

    6.3 verified installed by default

  • JUnit Plugin

    1.23 verified installed by default

  • Jackson 2 API Plugin

    2.8.11.1 verified installed by default

  • Javadoc Plugin

    1.4 verified optional

  • Jenkins Mailer Plugin

    1.20 verified installed by default

  • Jenkins SSH Slaves plugin

    1.26 verified optional

  • LDAP Plugin

    1.20 verified optional

  • MapDB API Plugin

    1.0.9.0 verified installed by default

  • Metrics Plugin

    3.1.2.10 verified installed by default

  • OWASP Markup Formatter Plugin

    1.5 verified optional

  • Plain Credentials Plugin

    1.4 verified optional

  • SAML Plugin

    1.0.4 verified optional

  • SCM API Plugin

    2.2.6 verified installed by default

  • SSH Credentials Plugin

    1.13 verified optional

  • Script Security Plugin

    1.41 verified installed by default

  • Secure Requester Whitelist Plugin

    1.2 verified optional

  • Structs Plugin

    1.14 verified installed by default

  • Token Macro Plugin

    2.1 verified installed by default

  • Variant Plugin

    1.1 verified installed by default

Proprietary plugins

  • Beekeeper Upgrade Assistant Plugin

    2.89.0.3 proprietary installed by default

  • CloudBees Back-up Plugin

    3.38.1 proprietary optional

  • CloudBees Folders Plus Plugin

    3.4 proprietary installed by default

  • CloudBees High Availability Management plugin

    4.14 proprietary installed by default

  • CloudBees Jenkins Enterprise License Entitlement Check

    8.9 proprietary installed by default

  • CloudBees License Manager

    9.20 proprietary installed by default

  • CloudBees Monitoring Plugin

    2.7 proprietary installed by default

  • CloudBees Nodes Plus Plugin

    1.16 proprietary optional

  • CloudBees Plugin Usage Plugin

    1.7 proprietary optional

  • CloudBees Quiet Start Plugin

    1.4 proprietary optional

  • CloudBees Restart Aborted Builds Plugin

    1.10 proprietary optional

  • CloudBees Role-Based Access Control Plugin

    5.19 proprietary optional

  • CloudBees SSH Build Agents Plugin

    2.1 proprietary optional

  • CloudBees Skip Next Build Plugin

    4.1 proprietary optional

  • CloudBees Support Plugin

    3.15 proprietary installed by default

  • CloudBees Update Center Plugin

    4.29 proprietary optional

  • CloudBees VMWare Autoscaling Plugin

    4.3.7 proprietary optional

  • CloudBees WikiText Security Plugin

    3.8 proprietary optional

  • Operations Center Agent

    2.107.1.4 proprietary installed by default

  • Operations Center Analytics

    2.107.1.4 proprietary optional

  • Operations Center Analytics Configuration

    2.107.1.4 proprietary optional

  • Operations Center Analytics Feeder

    2.107.1.4 proprietary optional

  • Operations Center Analytics Kibana Dashboards

    2.107.1.4 proprietary optional

  • Operations Center Analytics Reporter

    2.107.1.4 proprietary optional

  • Operations Center Analytics Viewer

    2.107.1.4 proprietary optional

  • Operations Center Context

    2.107.1.4 proprietary installed by default

  • Operations Center Elasticsearch Provider

    2.107.1.4 proprietary optional

  • Operations Center Embedded elasticsearch

    2.73.0.1 proprietary optional

  • Operations Center JNLP Agent Controller Plugin

    2.107.1.5 proprietary optional

  • Operations Center Monitoring Plugin

    2.107.1.4 proprietary optional

  • Operations Center Server Cluster Operations

    2.107.1.4 proprietary optional

  • Operations Center Server EC2 Cloud

    2.107.1.4 proprietary optional

  • Operations Center Server License Entitlement Check

    2.107.1.4 proprietary installed by default

  • Operations Center Server Mesos Cloud

    2.107.1.4 proprietary optional

  • Operations Center Server Plugin

    2.107.1.4 proprietary installed by default

  • Operations Center Server Role Based Access Control

    2.107.1.4 proprietary optional

  • Operations Center Single Sign-On Plugin

    2.107.1.4 proprietary optional

  • Operations Center Update Center Plugin

    2.107.1.4 proprietary optional

Compatible plugins

  • Amazon EC2 plugin

    1.36.1-cb-2 compatible optional

  • Amazon Web Services SDK

    1.11.119 compatible optional

  • CloudBees Amazon Web Services Credentials Plugin

    1.21 compatible optional

  • Command Agent Launcher Plugin

    1.2 compatible installed by default

  • Durable Task Plugin

    1.16 compatible optional

  • Email Extension Plugin

    2.61 compatible optional

  • Jenkins Active Directory plugin

    2.6 compatible optional

  • Jenkins Apache HttpComponents Client 4.x API Plugin

    4.5.3-2.1 compatible optional

  • Jenkins JSch dependency plugin

    0.1.54.1 compatible optional

  • Matrix Authorization Strategy Plugin

    2.2 compatible optional

  • Matrix Project Plugin

    1.12 compatible optional

  • Maven Integration plugin

    3.1 compatible optional

  • Monitoring

    1.67.0 compatible optional

  • Node Iterator API Plugin

    1.5.0 compatible installed by default

  • PAM Authentication plugin

    1.3 compatible optional

  • Pipeline: API

    2.26 compatible installed by default

  • Pipeline: Step API

    2.14 compatible installed by default

  • SSH Agent Plugin

    1.15 compatible optional

  • Stack Trace Suppression Plugin

    1.5 compatible optional

  • Support Core Plugin

    2.44 compatible installed by default

  • Unique ID Library Plugin

    2.1.3 compatible optional

  • bouncycastle API Plugin

    2.16.2 compatible installed by default

  • mesos

    0.15.1 compatible optional

Plugin modifications

  • JEP-200: XStream and Remoting now use whitelists

    XStream and Remoting now use whitelists instead of blacklists

  • This change is a major security hardening, which protects instances from class deserialization attacks. See this page for more information.

  • This change has a high risk of regressions in Jenkins plugins. The list of affected plugins is available

  • on this Wiki page.

  • Open-source Tier 3 plugins are not included in

  • CloudBees Assurance Program, and they need to be updated before the upgrade to this version. Please follow

  • these upgrade guidelines +* If you use home-made or other 3rd-party plugins, they may be affected by the change as well.

  • You can find troubleshooting and reporting guidelines for this issue in

  • this KB Article.

  • Use XML 1.1

    Config files now use XML 1.1, which allows for the support of additional characters that are not considered legal in XML 1.0 documents. Configuration files generated by previous versions will be silently updated to the new version, and are not backwards compatible with older instances.

While this change should be transparent for most users, there are two points worth noting:

  • Move/Copy/Promote operations from a master with this version to an older version master will fail, as the copied artifacts will contain XML 1.1 configuration files which cannot be be parsed by the older master. A warning will be displayed when attempting to perform a Move/Copy/Promote operation under these circumstances. Move/Copy/Promote operations from an older version to a newer one are unaffected.

  • Downgrading to a previous version is generally discouraged, and will fail with numerous XML parsing exceptions when downgrading to a version older than this one, due to the configuration files having a declaration tag specifying that they are XML 1.1. If a downgrade must be performed, it will be necessary to perform a global find/replace operation on all XML files.

  • Release Notes

    Upgraded Jenkins OSS LTS from 2.89.4-cb-4 to 2.107.1-cb-3

  • Release Notes

    Upgraded Active Directory Plugin from 2.4 to 2.6

  • Release Notes

    Upgraded Apache HttpComponents Client 4.x API Plugin from 4.5.3-2.0 to 4.5.3-2.1

  • Release Notes

    Upgraded CloudBees Folders Plugin from 6.1.2 to 6.3

  • Release Notes

    Upgraded CloudBees High Availability from 4.12 to 4.14

  • Release Notes

    Upgraded CloudBees Jenkins Advisor Plugin from 1.3 to 2.0

  • Release Notes

    Upgraded CloudBees License Manager from 9.18.1 to 9.20

  • Release Notes

    Upgraded CloudBees Support Plugin from 3.14 to 3.15

  • Release Notes

    Upgraded Command Agent Launcher Plugin from 1.1 to 1.2

  • Release Notes

    Upgraded CloudBees Backup Plugin from 3.38 to 3.38.1

  • Release Notes

    Upgraded Jackson2 API Plugin from 2.8.10.1 to 2.8.11.1

  • Release Notes

    Upgraded JUnit Plugin from 1.21.1-cb-1 to 1.23

  • Release Notes

    Upgraded LDAP Plugin from 1.18 to 1.20

  • Release Notes

    Upgraded Maven Plugin from 3.0 to 3.1

  • Release Notes

    Upgraded Mesos Plugin from 0.14.1 to 0.15.1

  • Release Notes

    Upgraded Operations Center Agent Plugin from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Analytics Plugin from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Analytics Configuration from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Analytics Dashboards from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Analytics Feeder from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Analytics Reporter Plugin from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Analytics Viewer Plugin from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Cluster Operations Plugin from 2.89.0.3 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Context Plugin from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center EC2 Cloud Plugin from 2.89.0.1 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Elasticsearch Provider Plugin from 2.89.0.1 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center JNLP Agent Controller Plugin from 2.89.0.1 to 2.107.1.5

  • Release Notes

    Upgraded Operations Center License Entitlement Check from 2.89.0.2 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Mesos Cloud Plugin from 2.89.0.1 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Monitoring Plugin from 2.89.0.1 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center RBAC Plugin from 2.89.0.1 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Server Plugin from 2.89.0.3 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Single Sign-On Plugin from 2.89.0.1 to 2.107.1.4

  • Release Notes

    Upgraded Operations Center Update Center Plugin from 2.89.0.1 to 2.107.1.4

  • Release Notes

    Upgraded Script Security Plugin from 1.39 to 1.41

  • Release Notes

    Upgraded SSH Slaves Plugin from 1.24 to 1.26

  • Release Notes

    Upgraded Structs Plugin from 1.13 to 1.14

  • Release Notes

    Added SCM API Plugin version 2.2.6

  • Release Notes

    Added Pipeline API Plugin version 2.26