CloudBees Role-Based Access Control Plugin 5.46.4

1 minute read

RELEASED: Public: {2021-03-18}

Security advisory


Security fixes

BEE-174 RBAC permissions bypass

An issue with the RBAC authorization made it possible for users to view nested resources, even if they did not have permission to view the parent resources.

This issue has been resolved, and permissions are now checked on the parent container, in addition to the target container. Additionally, a new caching mechanism improves performance while browsing system resources. For more information, please see Restricting access and delegating administration with Role-Based Access Control - Troubleshooting

New features


Feature enhancements


Resolved issues


Known issues

RBAC performance issue, release revision 2 (2021-03-18)

An issue with the Role-Based Access Control plugin can cause a negative impact to user interface performance while accessing nested folders and jobs on connected controllers that have an authorization strategy managed by Operations Center. The issue is known, and the fix will be published as part of an incremental release on March 19, 2021.

This issue only affects the revision 2 release.

Upgrade notes
