CloudBees CasC Server Plugin 1.31

1 minute read

RELEASED: Public: 2021-11-04

Security fixes

Non-constant time checking was performed for the controller CasC bundle access token (BEE-8344)

The CasC bundle access token that is used to authenticate the request between the controller and the operations center server was checked in non-constant time, resulting in a potential security vulnerability.

This issue has been resolved. The controller CasC bundle access token is now checked using a constant time comparison.

New features


Feature enhancements

The CasC bundle now supports multiple levels of subfolders (BEE-8260)

The CasC bundle.yaml file now allows you to include a folder or subfolder in any section, without requiring that you list each individual YAML file contained within the subfolder. Previously, if a YAML file was added or removed from the bundle, it also had to be added or removed from the bundle.yaml file descriptor.

Resolved issues


Known issues


Upgrade notes