CloudBees Jenkins Operations Center Enhanced Security Policy Available in 1.7.109 / 1.8.19

Stephen Connolly's picture

Just a quick post to say that we have consolidated and enhanced the security policy portion of the client master security setting enforcement provided by CloudBees Jenkins Operations Center:

You can now force connected masters to mirror the CJOC configuration for:

  • Cross Site Request Forgery protection
  • Markup formatter settings
  • Remoting channel (used by build agents, the Jenkins CLI and CJOC to master communication) security settings
  • Remember me functionality (e.g. if there is a corporate policy to disable remember me functionality)
  • Metadata download settings

If you want to be able to configure the policy you need to ensure the following:

  • If your CJOC server is running the 1.7 release of CJOC you need to ensure on your CJOC server that the operations center server plugin has been upgraded to at least 1.7.109 (if you are upgrading from a version less than 1.7.100 then you will also need to ensure all operations center plugins are upgraded to at least 1.7.100 as for CJOC you must be either all below 1.7.100 or all above 1.7.100)
  • If your CJOC server is running the 1.8 release of CJOC you need to ensure on your CJOC server that the operations center server plugin has been upgraded to at least 1.8.19

The policy will only be enforced on connected masters that are running a version of the operations center client plugin that enforces the policy:

  • If your connected master is running the 1.7 line of operations center plugins, you need to ensure on that connected master that the operations center client plugin has been upgraded to 1.7.109 (if you are upgrading from a version less than 1.7.100 then you will also need to ensure all operations center plugins are upgraded to at least 1.7.100 as for connected masters you must be either all below 1.7.100 or all above 1.7.100)
  • If your connected master is running the 1.8 line of operations center plugins you need to ensure on that connected master that the operations center client plugin has been upgraded to at least 1.8.19.

Some other things to note:

  • Only connected masters that have been upgraded to 1.7.109 1.8.19 will enforce the policy
  • On any one Jenkins instance do not mix 1.7 and 1.8 operations center plugins
  • In any CloudBees Jenkins Operations Center cluster, in order to support rolling upgrades, the connected masters must be running the same or an adjacent release line of operations center plugins
    • If CJOC is running the 1.7 line then connected masters can be a mix of 1.6 (already end of support since November 2015), 1.7 and 1.8, but each individual master must not mix plugin lines
    • If CJOC is running the 1.8 line then connected masters can be a mix of 1.7 and 1.8 (and the next release line of CJOC) but each master must be 
  • For the 1.7 line of operations center plugins, do not mix versions of operations center plugins below 1.7.100 with those above 1.7.100
Blog Categories: 

Add new comment