CloudBees CasC Server Plugin 1.1.2

1 minute read

RELEASED: Public: 2021-11-04

Security fixes

Non-constant time checking was performed for the controller CasC bundle access token (BEE-8344)

The CasC bundle access token that is used to authenticate the request between the controller and the operations center server was checked in non-constant time, resulting in a potential security vulnerability.

This issue has been resolved. The controller CasC bundle access token is now checked using a constant time comparison.

New features

None.

Feature enhancements

None.

Resolved issues

None.

Known issues

None.

Upgrade notes

None.