CloudBees Jenkins Enterprise New User Experience 1.2.24

1 minute read

RELEASED: Public: 2019-09-23

Security advisory

  • Administer permissions not removed for team controllers when switching from RBAC to different authorization strategy (CTR-484) Problem: When the Operations Center authorization strategy is changed from the CloudBees Role Based Authorization strategy to something else team controllers would still have a copy of the outdated configuration. This would allow users who had previously been granted Administer permissions via the RBAC configuration to still have the Administer permission even though they should no longer have this level of access.

    Fix: If the authorization strategy in Operations Center is not CloudBees Role Based Authorization strategy then the obsolete configuration will be removed from controllers.

New features

None

Resolved issues

  • CloudBees Internal Ticket: CTR-600

    Problem: When the authorization strategy on Operations Center was not RBAC (Role Based Access Control), Operation Center’s SSO (single sign-on) was not functioning properly, even when the user was granted access to the controller. Instead, after creating a team, users were redirected to the team controller login page.

    Fix: With this fix, CloudBees Jenkins Operations Center correctly propagates the security realm to the controller even when RBAC is not the authorization strategy.

Known issues

None