RELEASED: Public: June 12, 2024
New features
- Add an option to protect the hibernation monitor (BEE-49179)
-
If CloudBees CI was installed on a public-facing network with hibernation enabled, there was nothing preventing malicious actors from visiting the hibernation redirect, queue, or proxy URL endpoints and forcing the managed controller to wake up gratuitously.
Now, there is a Helm chart option that generates a random token that must be included in these URLs. The token will remain stable across upgrades, and can be rotated by editing the Kubernetes secret, or even deleting it and running a Helm upgrade to regenerate it.