CloudBees Role-Based Access Control Plugin 5.54

RELEASED: Public: {2021-03-18}

Security advisory

TBD

Security fixes

BEE-174 RBAC permissions bypass

An issue with the RBAC authorization made it possible for users to view nested resources, even if they did not have permission to view the parent resources.

This issue has been resolved, and permissions are now checked on the parent container, in addition to the target container. Additionally, a new caching mechanism improves performance while browsing system resources. For more information, please see Restricting access and delegating administration with Role-Based Access Control - Troubleshooting

New features

None.

Feature enhancements

None.

Resolved issues

None.

Known issues

RBAC performance issue, release 2.277.1.2 revision 2 (2021-03-18)

An issue with the Role-Based Access Control plugin can cause a negative impact to user interface performance while accessing nested folders and jobs on connected masters that have an authorization strategy managed by Operations Center. The issue is known, and the fix will be published as part of an incremental release on March 19, 2021.

This issue only affects the 2.277.1.2 revision 2 release.

Upgrade notes

None.