CloudBees Jenkins Enterprise New User Experience 1.2.24

1 minute read

RELEASED: Public: 2019-09-23

Security advisory

  • Administer permissions not removed for Team masters when switching from RBAC to different authorization strategy (CTR-484) Problem: When the Operations Center authorization strategy is changed from the CloudBees Role Based Authorization strategy to something else Team masters would still have a copy of the outdated configuration. This would allow users who had previously been granted Administer permissions via the RBAC configuration to still have the Administer permission even though they should no longer have this level of access.

    Fix: If the authorization strategy in Operations Center is not CloudBees Role Based Authorization strategy then the obsolete configuration will be removed from masters.

New features

None

Resolved issues

  • CloudBees Internal Ticket: CTR-600

    Problem: When the authorization strategy on Operations Center was not RBAC (Role Based Access Control), Operation Center’s SSO (single sign-on) was not functioning properly, even when the user was granted access to the master. Instead, after creating a team, users were redirected to the Team Master login page.

    Fix: With this fix, CloudBees Jenkins Operations Center correctly propagates the security realm to the master even when RBAC is not the authorization strategy.

Known issues

None