RELEASED: Public: June 22, 2022
Security fixes
- Encrypt JGroups HA network messages (BEE-16793)
-
Before this fix the communication between HA nodes regarding the election of the primary node was not encrypted.
With this fix all the underlying JGroups communication is encrypted. Refer to the Upgrade notes for more information.
Upgrade notes
Encrypt JGroups HA network messages
-
The keystore used for encryption is automatically generated on startup, so there is a risk of multiple HA nodes trying to create the file at the same time if they are all restarted together.To avoid this, restart one of the HA nodes (any node is acceptable) and then restart the others.
-
If a custom
jgroups.xml
file is in use, then the following snippet can be added to it to get message encryption:
<SYM_ENCRYPT sym_algorithm="AES" keystore_name="${JENKINS_HOME}/jgroups_sym_encrypt.keystore" store_password="changeit" alias="jgroupsKey" />