RELEASED: Public: 2022-05-04
- User Activity Monitoring Plugin database update (BEE-14611)
Routine security scans have detected vulnerabilities in the 1.x version of the H2 database that is embedded in the User Activity Monitoring plugin. Because CloudBees CI only uses the H2 database locally via Java code, rather than starting the H2 console, these security vulnerabilities do not affect CloudBees CI.
Although the H2 security vulnerabilities do not affect CloudBees CI, the H2 database used in the User Activity Monitoring plugin is being replaced with a simpler storage system with identical functionality as a best practice. The new database is installed automatically when you upgrade to version 2.332.3.2 or later, however historical data tracked by the plugin will not be migrated to the new database. You may continue to use the User Activity Monitoring Plugin normally and user activity will be captured again, or you can migrate the data from the old database if you need historical data.
Refer to the Upgrade notes for more information: