CloudBees CasC Server Plugin 1.31

1 minute read

On this page

Security advisory
Security fixes
New features
Feature enhancements
Resolved issues
Known issues
Upgrade notes

RELEASED: Public: 2021-11-04

Security advisory

CloudBees Security Advisory 2021-11-04

Security fixes

Non-constant time checking was performed for the controller CasC bundle access token (BEE-8344): The CasC bundle access token that is used to authenticate the request between the controller and the operations center server was checked in non-constant time, resulting in a potential security vulnerability.

This issue has been resolved. The controller CasC bundle access token is now checked using a constant time comparison.

New features

None.

Feature enhancements

The CasC bundle now supports multiple levels of subfolders (BEE-8260): The CasC bundle.yaml file now allows you to include a folder or subfolder in any section, without requiring that you list each individual YAML file contained within the subfolder. Previously, if a YAML file was added or removed from the bundle, it also had to be added or removed from the bundle.yaml file descriptor.

Resolved issues

None.

Known issues

None.

Upgrade notes

None.