CloudBees, Inc.

Modern cloud platforms 2.138.4.3

New Features

Minor Allow YAML to override default ingress annotations

Allow overriding of default ingress with YAML annotations.

Minor CLI commands to install and disable plugins

This Jenkins feature adds plugin management and automation via the CLI. Benefits are configuration as code and GitOps plugin management.

Minor Tuning of configuration permissions to improve security

In organizations where central administrators delegate permissions to team administrators, team administrators needed access to a wide range of configuration parameters. As an unintended consequence of this very broad scope, certain of these permissions could have caused 'harm' to Jenkins or leaked all credentials.

This new feature provides fine-grained control and improves the granting of permissions, reducing or eliminating these risks.

Minor Credential-masking plugin to improve security

The new Enhanced Credentials Masking plugin masks credentials even if they are referenced as a Declarative Pipeline syntax variable outside the withCredentials code block.

Previously, it was possible for unscrupulous developers to extract credentials masked by withCredentials when those credentials were referenced as a variable outside a pipeline block.

With the new plugin, customer credentials are not exposed outside the code block, improving the security of CloudBees Core.

Minor Cross team collaboration external HTTP endpoints

This feature allows users to trigger jobs based on an external event being published by systems that produce JSON webhooks. This feature works with pipelines on all masters.

Cross-team collaboration reduces manual handoffs across teams, and jobs can start automatically when a notification is published, which facilitates continuous delivery. This also permits the integration with homemade systems or systems without an out-of-the-box webhook integration (such as Artifactory).

Security against malicious or fake webhooks is provided by HMAC authentication and remote IP address filtering.

Resolved issues

Minor Kubernetes plugin resource issues

Cleanup of Kubernetes pods to resolve resource consumption.

Minor Can't delete the last Kubernetes Pod Template on Core master

Modified the Kubernetes plugin so that all Kubernetes Pod Templates on a CloudBees Core Master may be deleted.

Minor EKS unable to retrieve CA file when using self-signed cert

When using self-signed certificates in CloudBees Core, EKS was unable to retrieve the client CA file. This update addresses that issue.

Minor Pick up security fixes from the new OpenJDK version

This release updates OpenJDK to 8u181-jdk-alpine3.8.

Minor Exception during startup causes a broken running instance

During startup, a java.nio.file.FileAlreadyExistsException may occur against envelope.json, which could leave Jenkins in a running but unusable state.

To fix this, we've modified startup behavior to prevent instance initialization when there is a problem with the installation of the envelope.

Minor Text cleanup for the CLI backup-master command

Fixed several minor grammatical errors in messages returned by the CLI backup command.

Minor Build directories and contents are backed up when deselected

In the CloudBees Backup configuration, users can select/deselect the following items:

Build records Job configurations System configuration Users were finding that even with build records deselected their backups contained build artifacts and logs.

Although there are situations where keeping the directory information for lastSuccessful symlinks is necessary, retaining the contents of those directories is not desirable.

Behavior has been modified to NOT include the contents of last** symbolic links when the user excludes build records.

Minor Jenkins HA Monitor tool doesn't work

The Jenkins HA Tool (versions 4.14 and up) was failing to read a license file and shutting down, thus rendering it useless.

The tool has been repackaged to include additional dependencies in JAR-with-dependencies.

Known issues

None