RELEASED: Public: 2020-11-12
Security fixes
For the following fixes to take effect, a manual restart is required. |
- RBAC permissions were not applied correctly when RBAC on views is disabled(CTR-2748)
-
Since the November rolling release (2.249.3.1), it’s not possible to define groups on views, so the expected permissions set should be coming from the view’s parent item. However there was a bug which made the permission set to be the root one (ie. whatever is defined at root level).
This fix is making the view use the permission set coming from the view’s owner. So if the view is inside a folder, then the folder groups and roles are applied. Or if the view is on the root level, the global groups and roles are applied.
- Nested folders did not have their RBAC configuration correctly migrated (CTR-2740)
-
A previous version update caused an issue with nested folders RBAC configuration. This version corrects this nested folders RBAC configuration issue by performing an additional migration of the RBAC configuration for all the folders in the Jenkins instance not just the folders defined at the top level.