Upgraded Jenkins OSS LTS from
Upgraded Active Directory Plugin from
Upgraded Apache HttpComponents Client 4.x API Plugin from
Upgraded Amazon Web Services SDK library from
Upgraded Command Agent Launcher Plugin from
Upgraded Config File Provider Plugin from
Upgraded Amazon EC2 Plugin from
Upgraded CloudBees Flow from
Upgraded JSch Plugin from
Upgraded Mailer Plugin from
Upgraded Metrics Plugin from
Upgraded CloudBees Jenkins Enterprise License Entitlement Check from
Upgraded Operations Center Agent Plugin from
Upgraded Operations Center Cluster Operations Plugin from
Upgraded Operations Center EC2 Cloud Plugin from
Upgraded Operations Center Elasticsearch Provider Plugin from
Upgraded Operations Center JNLP Agent Controller Plugin from
Upgraded Operations Center License Entitlement Check from
Upgraded Operations Center Monitoring Plugin from
Upgraded Operations Center RBAC Plugin from
Upgraded Operations Center Server Plugin from
Upgraded Operations Center Single Sign-On Plugin from
Upgraded Operations Center Update Center Plugin from
Upgraded Secure Requester Whitelist Plugin from
1.4. We have added compatibility with the Jenkins Configuration as Code Plugin.
Upgraded SSH Slaves Plugin from
Upgraded Unique ID Plugin from
Upgraded Pipeline API Plugin from
Added CloudBees Analytics Plugin version
Added Trilead API Plugin version
Upgraded Jackson2 API Plugin from
2.9.10. Previous releases of Jackson were vulnerable to numerous CVEs listed in https://github.com/FasterXML/jackson/wiki/Jackson-Release-2.9.10#databind which are fixed in this release.
Upgraded Operations Center Context Plugin from
184.108.40.206. Maven jobs could not be moved/copied using the Move/Copy/Promote feature. With this fix, there is a new file (permalinks) inside the builds folder which is autogenerated by Jenkins core, and the Move/Copy operations are overwriting it now.
Upgraded Script Security Plugin from
1.66. A cache used by the class loader for sandboxed Groovy scripts was cleared out every time the garbage collector ran. This clearing out could lead to performance issues for complex sandboxed scripts, particularly in environments where the garbage collector ran frequently, as it significantly reduced the effectiveness of the cache. The cache used by the class loader for sandboxed Groovy scripts is no longer cleared out by the garbage collector.
Upgraded SSH Credentials Plugin from
1.17.3. SSH keys saved as credentials without a new line at the end of the key caused errors with downstream consumers of the SSH keys. With this fix, SSH keys saved as credentials without a new line at the end of the key now work as expected.
The JSON field that is present for all inherited classes of Cause "_class" was missing on BuildTriggerCause, which was an issue when using it with groovy code in Pipelines. With this fix, the field "_class" is now present again. When creating Pipelines with groovy scripts, JSON files that contained a null attribute would cause the build to fail, and an exception was fired, "org.kohsuke.stapler.export.NotExportableException: class net.sf.json.JSONNull doesn't have @ExportedBean". With this fix, when creating Pipelines with groovy scripts, if the JSON file has a null value, Jenkins will remove the attribute from the JSON when exporting it.
When the authorization strategy on Operations Center was not RBAC (Role Based Access Control), Operation Center's SSO (single sign-on) was not functioning properly, even when the user was granted access to the master. Instead, after creating a team, users were redirected to the Team Master login page. With this fix, Operations Center correctly propagates the security realm to the master even when RBAC is not the authorization strategy.
Users were unable to override default webhook URLs to receive webhook events, for example, in cases where a Jenkins master is behind a firewall and there is a proxy service to receive webhook events or the Jenkins master is down and there is queuing service to collect webhook events to be delivered to Jenkins master when it comes back up. With this fix, users can now use the JVM property jenkins.hook.url to configure a webhook URL.
For instances where an invalid repository URL was entered, the error was not handled properly. With this fix, when an invalid repository URL is entered, an error is displayed in the UI.
The previously provided version of the Jira plugin, 3.0.9, bundled Jackson 1.x in its dependencies making it vulnerable to CVE-2017-7525. This upgrade to Jira plugin version 3.0.10 excludes these Jackson libraries.
Blue Ocean was unable to show the visualization for Pipelines when build causes for the Pipeline were null. With this fix, Blue Ocean now checks if build causes are null before attempting to access them.
When viewing the visualization for an in-progress Pipeline Build in Blue Ocean, it was not possible to select sequential stages inside of a parallel stages other than the first sequential stage to show the steps for that stage in the lower half of the visualization until the stage completed. With this fix, sequential stages inside of a parallel stage can now be selected, even when they are still in progress.
The Blue Ocean Pipeline visualization showed in-progress and completed stages as if they had not started in some cases, and did not show the correct status until after the build was completed. With this fix, the Blue Ocean Pipeline visualization correctly shows the status of in-progress and completed stages even while the build is ongoing.
We have fixed the SSE Gateway Plugin issue that was causing a memory leak.
When used with the SSE Gateway Plugin, the PubSub “light” Bus Plugin was generating a memory leak. With this fix, the plugins no longer generate a memory leak.