July 2020 product highlights

CloudBees CD

The following are highlights of the 10.0.1 patch release. Refer to the full release notes for a complete list of changes.

New features

  • CloudBees CD supported platforms page is enhanced to include system and component requirements.

  • Improved response time for Pipeline Runs and Release List pages.

  • New email notification server settings:

    setFromEmailHeader: If true, set the From header in the email message. Default is true.

    smtpSSLProtocols: Comma-separated list of protocols that are enabled for SSL connections to the SMTP server. Used to set mail.

    smtp.ssl.protocols system property. Default is TLSv1.2.

  • Behavior change: HTTPS is now required when downloading catalog plugins.

  • Several customer reported issues are resolved.

CloudBees Build Acceleration

The CloudBees Build Acceleration team released both a 2020.07.00 preview release and a 11.3 long term support (LTS) release. The LTS release is a roll-up of preview and patch releases from January 2020 until now, with the addition of new features. Refer to the full release notes for a complete list of changes.

New features

CloudBees CI, CloudBees Jenkins Distribution, CloudBees Jenkins Platform, CloudBees Jenkins Enterprise

The following are highlights of the 2020 July release. Refer to the full release notes for a complete list of changes.

Security advisory

This advisory announces vulnerabilities in Jenkins, CloudBees Jenkins Distribution, CloudBees Jenkins Platform, and CloudBees CI.

New features

CloudBees Core is now CloudBees CI

CloudBees is introducing new, self-describing product names across our entire product line that make them easier for anyone in our target market to find, and to understand intuitively what they do.

With the release of version 2.235.2.3, what you’ve known previously as CloudBees Core, is now called CloudBees CI. CloudBees CI on modern cloud platforms is designed to run on Kubernetes. CloudBees CI on traditional platforms has been developed for on-premise installations. It is still a fully-featured, cloud native solution that can be hosted on-premise or in the public cloud used to deliver CI at scale. The only thing that’s changed is the name—​and all the new features listed below.

Feature enhancements

  • ServiceNow Plugin enhancements (CPLT2-6278)

    The ServiceNow Plugin is now certified on Orlando, New York, and Madrid versions of ServiceNow.

    The plugin includes the following enhancements:

    Pipeline Snippet Generator All Pipeline steps provided by this plugin are visible in the Pipeline Snippet Generator. You can use the Snippet Generator UI to configure your Pipeline step and generate the Groovy code to copy and paste into your Pipeline.

    New Pipeline steps Two new steps were added: serviceNowCreate and serviceNowUpdate. The syntax for each one is available in the Snippet Generator. All four existing steps have moved to the "Advanced/Deprecated" section in Snippet Generator, but remain functionally the same.

    Credentials Plugin integration ServiceNow instance credentials are now managed using the Credentials Plugin.

  • ElasticSearch 7 support for elasticsearch-reporter-plugin (CPLT2-6525)

    Support for ElasticSearch 7 was added. Support for ElasticSearch 5 was dropped because of its end-of-life status.

  • Update Kubernetes plugin to 1.26.2 (CPLT2-6643)

    The Kubernetes plugin was updated to version 1.26.2.

  • Pick up sidecar injector 2.0.4 (CPLT2-6637)

    Sidecar injector was updated to 2.0.4.

    The update removed the use of an attribute that is not supported by OpenShift 3.11. In addition, Docker images are now published with the OS/Arch attribute, which is mandatory to run in OpenShift.

  • CloudBees Slack Integration plugin: Developer experience improvements (STICKY-332)

    To improve the user experience for users configuring their Slack and GitHub settings, various updates were made to the Personalized Slack Messaging feature, including adding a separate page for a user to configure themselves.

    This update only affects installations that include the CloudBees Slack Integration Plugin.

  • SCM/Slack integration optional plugin dependencies added into CAP (STICKY-344)

    A couple of plugins to CAP that were dependencies for the Slack/SCM app integrations including:

  • Personalized Slack Messaging uses hibernation friendly URLs (STICKY-546)

    Before, if a Managed Master was using hibernation, then it could happen that after a build the links to CloudBees CI shown in the GitHub pull request (PR) could point to a master which had since hibernated, leading to 503 errors.

    Slack messages linking to CloudBees CI now check for a master with hibernation enabled and automatically select an alternate redirect URL which will automatically wake the master if needed and then open the desired page once it is ready.

  • CloudBees SCM Reporting uses hibernation friendly URLs (STICKY-170)

    Before, if a Managed Master was using hibernation, then it could happen that after a build the links to CloudBees CI shown in the GitHub pull request (PR) could point to a master which had since hibernated, leading to 503 errors.

    GitHub reporting links to CloudBees CI now check for a master with hibernation enabled and automatically select an alternate redirect URL which will automatically wake the master if needed and then open the desired page once it is ready.

  • Enable GitHub App wizard for CloudBees SCM Reporting (STICKY-541)

    Before, to enable GitHub Checks, users had to create a GitHub App manually, which was tedious and error-prone.

    Repository or organization folders associated with github.com using a personal access token can now be converted to use GitHub App authentication using a wizard. See Enabling GitHub App authentication for more information.

    Currently this option is not offered for GitHub Enterprise due to an outstanding bug in that product’s implementation of app creation.
  • Bitbucket support added to CloudBees SCM Reporting plugin (STICKY-564)

    The CloudBees GitHub Reporting feature now supports Bitbucket as an SCM option and has been renamed to CloudBees SCM Reporting.

    Update only affects installations with the CloudBees SCM Reporting Plugin.

  • Enable use of multiple webhook secrets when using GitHub App wizard (STICKY-329)

    When using the GitHub App creation wizard to configure CloudBees SCM Reporting, even if CloudBees CI already has a webhook secret registered, the wizard can add another secret.

  • Plugin version mention in Checks feedback link (STICKY-458)

    Before, it was hard to tell from feedback messages what version of the CloudBees SCM Reporting plugin was being run.

    The plugin version number is now included in the feedback link displayed in the Checks tabs.

    Update only affects installations with the CloudBees SCM Reporting Plugin.

  • Manage Jenkins page layout update (CTR-1468)

    With this release we have moved management links to the correct category under Manage Jenkins.

Resolved issues

  • Switch from beta.kubernetes.io/os to kubernetes.io/os (CPLT2-6532)

    In Kubernetes 1.14+, the "OS" node label changed from beta.kubernetes.io/os to kubernetes.io/os. The Kubernetes Plugin tries to ensure that default Pod Templates run on Linux by applying a nodeSelector with the Linux OS label. If the label applied by the Kubernetes Plugin does not match the label in the Kubernetes cluster, the Pod will not be scheduled due to a nodeSelector label mismatch.

    To resolve this issue, the Kubernetes Plugin now uses the kubernetes.io/os label as the default nodeSelector label.

    Pod Templates that do not specify a nodeSelector will not be scheduled properly on Kubernetes clusters older than 1.14. Upgrade to Kubernetes 1.14+ to resolve the issue. To work around the issue on older versions of Kubernetes, manually apply the beta.kubernetes.io/os=linux node selector to pod templates, or manually apply the kubernetes.io/os=linux label to worker nodes.

  • Sidecar should handle Certificate Signing Request (CSR) renewal automatically (CPLT2-6615)

    When the certificate used to secure the communications to sidecar injector expired, there was no mechanism to renew it and the sidecar injector was no longer usable.

    To resolve this, a regular job has been added to the sidecar-injector chart so that the certificate is automatically renewed, if needed. When using rbac.autoApproveCSR=false, a new CSR will need to be approved one month before certificate expiration.

  • Sidecar injector is missing Service CA bundle in OpenShift Container Platform (OCP) 4 (CPLT2-6647)

    The Service CA bundle is now included. It enhances security when accessing sidecar injector on OpenShift by relying on the Service CA available in the platform.

  • Master restart logic can lead to missing Ingress/Service (CPLT2-6520)

    When restarting a master, sometimes the associated service and/or ingress disappears.

    The restart procedure now ensures service and ingress are in place after the restart.

  • Helm template evaluation error on OperationsCenter.RunAsUser (CPLT2-6622)

When using the OperationsCenter.RunAsUser attribute in a values.yaml file, the template evaluation fails with an error about incompatible types.

Additional type checks have been added to ensure successful template evaluation whether the attribute is passed through command or through values.yaml.

  • Missing update/patch permissions for secrets (CPLT2-6628)

    When recreating a master with the same name as before, the configuration-as-code bundle needs to be updated, but Operations Center is missing the corresponding permissions.

    Operations Center now has the permission to update and patch secrets.

  • KubectlBuildWrapper is broken (CPLT2-6641)

    A regression in KubectlBuildWrapper prevented its usage.

    The regression has been fixed so that KubectlBuildWrapper can now be used.

  • CVE-2019-15847 Correct the vulnerability (CPLT2-5958)

    The POWER9 backend in GNU Compiler Collection (GCC) before version 10 could optimize multiple calls of the __builtin_darn intrinsic into a single call, thus reducing the entropy of the random number generator. This occurred because a volatile operation was not specified.

    To resolve this, GCC was updated to 9.3.0 in the Alpine 3.12 base image. GCC was backported from trunk to 9.3.0.

  • Add permission check for CloudBees ServiceNow Plugin(CPLT2-6369)

    A potential security leak existed due to the HTTP method not being required.

    To fix this, the POST HTTP method is required on calls to validate.

  • Remove mock-security-realm from envelope (CPLT2-6613)

    CloudBees CI on modern cloud platforms and CloudBees Jenkins Enterprise Operations Center images included the Mock Security Realm plugin, which is not intended for production usage, only exploration.

    This plugin has been removed from the product. It may still be installed from the update center, if desired.

  • Multiple bug fixes for the CloudBees SCM Reporting plugin and the CloudBees Slack Integration plugin.

  • [JENKINS-62545] Infinite loop in FlowGraphTable.addTreeSibling for corrupted flow graphs (NGPIPELINE-1222)

    Traversing a Pipeline execution using the FlowGraphTable API (used primarily for the Pipeline Steps view) could cause infinite loops for corrupted Pipelines in rare cases.

    With this fix, the FlowGraphTable API now returns an error if it detects that a Pipeline is corrupted in a way that would have previously caused an infinite loop.

  • Upgrade GitHub API and GitHub Branch Source plugins to OkHttp3 (NGPIPELINE-374)

    The outdated okhttp v2.7.5 library does not support modern features including TLS 1.3.

    GitHub API and GitHub Branch Source plugins have been updated to use newer okhttp3 APIs with v3.12.12.

  • Plugin Catalog and CloudBees Configuration as Code should provide a way of specifying a proxy (FNDJEN-2078)

    Configuration as Code for Masters cannot download plugins if they are under a proxy.

    CloudBees Installation Manager now configures the proxy established in the jenkins.yaml file of the configuration bundle before attempting to download any plugin.

Known issues

None

CloudBees SDM

New feature

Query aggregation and group by clause allows users of CloudBees SDM to run queries with aggregate functions such as count, sum, and average, to group the results by one or more fields. These functions provide basic query capabilities that are required to implement a set of valuable queries, reports, and policies to make seeing, interpreting, and comparing results easier.

This advanced report feature lets you:

  • Use aggregation function in reports to count relationships.

  • Use aggregation function to compute minimum, maximum, average, and sum.

  • Group by date to allow for trend reports.

  • Group by date to allow for summary reports.

Feature enhancements

  • The Common Data Model is enriched with the first set of common data interfaces around issue management, build, and source control management domains that make it easy to bring in data from all the tools in the toolchain, under a common domain and language. This enables users to access and leverage that data to get visibility and actionable insights to the various aspects of their particular software delivery process.

  • The CloudBees SDM documentation has been reorganized using a new information architecture that better reflects the user journey. Content structure now starts with key concepts that users need to know when they first start and progresses through topics that build upon features and capabilities.