Jenkins High Availability 4.39

1 minute read

RELEASED: Public: June 22, 2022

Security advisory

TBD

Security fixes

Encrypt JGroups HA network messages (BEE-16793)

Before this fix the communication between HA nodes regarding the election of the primary node was not encrypted.

With this fix all the underlying JGroups communication is encrypted. Refer to the Upgrade notes for more information.

New features

None.

Feature enhancements

None.

Resolved issues

None.

Known issues

None.

Upgrade notes

Encrypt JGroups HA network messages

  • The keystore used for encryption is automatically generated on startup, so there is a risk of multiple HA nodes trying to create the file at the same time if they are all restarted together.To avoid this, restart one of the HA nodes (any node is acceptable) and then restart the others.

  • If a custom jgroups.xml file is in use, then the following snippet can be added to it to get message encryption:

<SYM_ENCRYPT sym_algorithm="AES"
keystore_name="${JENKINS_HOME}/jgroups_sym_encrypt.keystore"
store_password="changeit"
alias="jgroupsKey" />