CloudBees, Inc.

CloudBees Jenkins Team 2.107.1.2

New Features

Major JEP-200: XStream and Remoting now use whitelists

XStream and Remoting now use whitelists instead of blacklists

  • This change is a major security hardening, which protects instances from class deserialization attacks. See this page for more information.
  • This change has a high risk of regressions in Jenkins plugins. The list of affected plugins is available on this Wiki page.
  • Open-source Tier 3 plugins are not included in CloudBees Assurance Program, and they need to be updated before the upgrade to this version. Please follow these upgrade guidelines
  • If you use home-made or other 3rd-party plugins, they may be affected by the change as well.
  • You can find troubleshooting and reporting guidelines for this issue in this KB Article.
Major Use XML 1.1

Config files now use XML 1.1, which allows for the support of additional characters that are not considered legal in XML 1.0 documents. Configuration files generated by previous versions will be silently updated to the new version, and are not backwards compatible with older instances.

While this change should be transparent for most users, there are two points worth noting:

  • Move/Copy/Promote operations from a master with this version to an older version master will fail, as the copied artifacts will contain XML 1.1 configuration files which cannot be be parsed by the older master. A warning will be displayed when attempting to perform a Move/Copy/Promote operation under these circumstances. Move/Copy/Promote operations from an older version to a newer one are unaffected.

  • Downgrading to a previous version is generally discouraged, and will fail with numerous XML parsing exceptions when downgrading to a version older than this one, due to the configuration files having a declaration tag specifying that they are XML 1.1. If a downgrade must be performed, it will be necessary to perform a global find/replace operation on all XML files.

Minor Release Notes

Upgraded Jenkins OSS LTS from 2.89.4-cb-4 to 2.107.1-cb-3

Minor Release Notes

Upgraded Active Directory Plugin from 2.4 to 2.6

Minor Release Notes

Upgraded Apache HttpComponents Client 4.x API Plugin from 4.5.3-2.0 to 4.5.3-2.1

Minor Release Notes

Upgraded Blue Ocean Plugin from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded Blue Ocean Autofavorite from 1.1.0 to 1.2.2

Minor Release Notes

Upgraded Bitbucket Pipeline for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded Common API for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded Config API for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded Dashboard for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded Events API for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded Git Pipeline for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded GitHub Pipeline for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded i18n for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded JIRA Integration for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded JWT for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded Personalization for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded Pipeline REST API for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded Blue Ocean Pipeline Editor from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded Pipeline SCM API for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded REST API for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded REST Implementation for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded Web for Blue Ocean from 1.3.5 to 1.4.2

Minor Release Notes

Upgraded CloudBees Folders Plugin from 6.1.2 to 6.3

Minor Release Notes

Upgraded CloudBees Jenkins Advisor Plugin from 1.3 to 2.0

Minor Release Notes

Upgraded CloudBees License Manager from 9.18.1 to 9.20

Minor Release Notes

Upgraded CloudBees Support Plugin from 3.14 to 3.15

Minor Release Notes

Upgraded Command Agent Launcher Plugin from 1.1 to 1.2

Minor Release Notes

Upgraded Docker Commons Plugin from 1.9 to 1.11

Minor Release Notes

Upgraded CloudBees Docker Hub Notification from 2.2.0 to 2.2.1

Minor Release Notes

Upgraded Git Plugin from 3.6.4 to 3.8.0

Minor Release Notes

Upgraded Git Client Plugin from 2.6.0 to 2.7.1

Minor Release Notes

Upgraded Jackson2 API Plugin from 2.8.10.1 to 2.8.11.1

Minor Release Notes

Upgraded JUnit Plugin from 1.21.1-cb-1 to 1.23

Minor Release Notes

Upgraded LDAP Plugin from 1.18 to 1.20

Minor Release Notes

Upgraded Maven Plugin from 3.0 to 3.1

Minor Release Notes

Upgraded Mercurial Plugin from 2.2 to 2.3

Minor Release Notes

Upgraded Pipeline Graph Analysis Plugin from 1.5 to 1.6

Minor Release Notes

Upgraded Pipeline: Model API from 1.2.5 to 1.2.7

Minor Release Notes

Upgraded Pipeline: Model Definition from 1.2.5 to 1.2.7

Minor Release Notes

Upgraded Pipeline: Declarative Extension Points API from 1.2.5 to 1.2.7

Minor Release Notes

Upgraded Pipeline: Stage Tags Metadata from 1.2.5 to 1.2.7

Minor Release Notes

Upgraded Promoted Builds Plugin from 2.31 to 3.0

Minor Release Notes

Upgraded Script Security Plugin from 1.39 to 1.41

Minor Release Notes

Upgraded SSH Slaves Plugin from 1.24 to 1.26

Minor Release Notes

Upgraded Structs Plugin from 1.13 to 1.14

Minor Release Notes

Upgraded Pipeline API Plugin from 2.25 to 2.26

Minor Release Notes

Upgraded Pipeline Groovy Plugin from 2.44 to 2.45

Minor

Added blueocean-core-js version 1.4.2

Minor

Added jenkins-design-language version 1.4.2

Resolved issues

None

Known issues

None

See also