RELEASED: Public: June 12, 2024
New features
- Add option to protect the hibernation monitor (BEE-49179)
-
If CloudBees CI is installed on a public-facing network with hibernation enabled, malicious actors could not be prevented from visiting the hibernation redirect, queue, or proxy URL endpoints and forcing the managed controller to wake up.
Now, there is a Helm chart option to generate a random token that must be included in these URLs. The token will remain stable across upgrades, and can be rotated by editing the Kubernetes secret, or deleting it and running a Helm upgrade to regenerate it.