SECURITY-595: Code execution through crafted URLs; SECURITY-904: workspace browser allowed accessing files outside the workspace; SECURITY-1072: forced migration of user records; SECURITY-1193: potential denial of service through cron expression form validation.
Allow overriding of default ingress with YAML annotations.
This Jenkins feature adds plugin management and automation via the CLI. Benefits are configuration as code and GitOps plugin management.
In organizations where central administrators delegate permissions to team administrators, team administrators needed access to a wide range of configuration parameters. As an unintended consequence of this very broad scope, certain of these permissions could have caused 'harm' to Jenkins or leaked all credentials.
This new feature provides fine-grained control and improves the granting of permissions, reducing or eliminating these risks.
The new Enhanced Credentials Masking plugin masks credentials even if they are referenced as a Declarative Pipeline syntax variable outside the withCredentials code block.
Previously, it was possible for unscrupulous developers to extract credentials masked by withCredentials when those credentials were referenced as a variable outside a pipeline block.
With the new plugin, customer credentials are not exposed outside the code block, improving the security of CloudBees Core.
This feature allows users to trigger jobs based on an external event being published by systems that produce JSON webhooks. This feature works with pipelines on all masters.
Cross-team collaboration reduces manual handoffs across teams, and jobs can start automatically when a notification is published, which facilitates continuous delivery. This also permits the integration with
homemade systems or systems without an out-of-the-box webhook integration (such as Artifactory).
Security against malicious or fake webhooks is provided by HMAC authentication and remote IP address filtering.
Cleanup of Kubernetes pods to resolve resource consumption.
Modified the Kubernetes plugin so that all Kubernetes Pod Templates on a CloudBees Core Master may be deleted.
When using self-signed certificates in CloudBees Core, EKS was unable to retrieve the client CA file. This update addresses that issue.
This release updates OpenJDK to 8u181-jdk-alpine3.8.
During startup, a java.nio.file.FileAlreadyExistsException may occur against envelope.json, which could leave Jenkins in a running but unusable state.
To fix this, we've modified startup behavior to prevent instance initialization when there is a problem with the installation of the envelope.
Fixed several minor grammatical errors in messages returned by the CLI backup command.
In the CloudBees Backup configuration, users can select/deselect the following items:
Build records Job configurations System configuration Users were finding that even with build records deselected their backups contained build artifacts and logs.
Although there are situations where keeping the directory information for lastSuccessful symlinks is necessary, retaining the contents of those directories is not desirable.
Behavior has been modified to NOT include the contents of last** symbolic links when the user excludes build records.
The Jenkins HA Tool (versions 4.14 and up) was failing to read a license file and shutting down, thus rendering it useless.
The tool has been repackaged to include additional dependencies in JAR-with-dependencies.