We are excited to announce the availability of CloudBees Jenkins Platform 18.104.22.168. This release delivers stability and usability by bumping the Jenkins core to 2.19.x and includes a key security fix. This is also the second “rolling release,” the output from a process we are using to provide the latest functionality to users on a more frequent release cadence. All enhancements and fixes are for the rolling release only. Fixed releases have diverged from rolling releases (locked to 2.7.X) and will follow a separate schedule.
Jenkins Core Bumped to 2.19.x LTS Line
This is the first LTS upgrade on the rolling release and adds key fixes, such as improved dependency management for plugins. With improved dependency management, administrators are warned when dependent plugins are absent during install time. Thus administrators can catch and fix the problem before run time and provide a smooth experience to their users.
Security-360 Fix Incorporated
All customers were sent the fix for Security-360 on Nov 16, 2016. This vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection mechanisms. If you have not installed the fix, we strongly urge you to upgrade to incorporate the security fix in your production environment.
Support for CloudBees Assurance Program in Custom Update Centers
CloudBees Assurance Program (CAP) provides a Jenkins binary and plugins that have been verified for stability and interoperability. Jenkins administrators can easily promote this distribution to their teams by setting CAP as an upstream source in their custom update centers. This reduces the operational burden by allowing admins to use CloudBees-recommended plugins for all their masters, ensuring compliance and facilitating governance.
CloudBees Assurance Program Plugin (CAP) Updates
These CloudBees verified plugins have been updated for this release of the CloudBees Jenkins Platform:
- Mailer version 1.18
- LDAP version 1.13
- JUnit version 1.19
- Email-ext version 2.51
- Token-macro version 2.0
- GitHub version 1.22.3
CloudBees Jenkins Platform Improvements
This release features many reliability improvements for the CloudBees Jenkins Platform, including many stability improvements to CloudBees Jenkins Operations Center connections to client masters.
Improvements & Fixes
|Jenkins core upgraded to 2.19.3 LTS (release notes)||
Improved dependency management - Flags admin when plugins dependencies are present, Jenkins will not load dependent plugins, reducing errors when initializing. Creates a smoother startup through smarter scanning of plugins.
Jobs with lots of history no longer hang the UI - Improved performance from the UI for jobs with lots of build history. Lazy loading renders faster because build history will not automatically load on startup.
Reduce configuration errors caused by invalid form submissions - Browsers will not autocomplete forms in Jenkins, reducing configuration problems due to invalid data in form submissions resulting from using the browser back button. Only select form fields (e.g. job name) will offer autocompletion. For admins, Jenkins users who use the browser back button will no longer corrupt the Jenkins configuration.
|CloudBees Assurance Program (CAP)||
Support for Custom Update Centers - CAP is now available as an upstream source in Custom Update Centers, enabling admins to use CloudBees-recommended plugins for all their masters.
Mailer has been upgraded to version 1.18, includes a minor improvement to rendering page links and now supports the BlueOcean project.
JUnit has been upgraded to version 1.19, includes usability improvements around unsafe characters in the URI, highlighted test results.
Email-ext has been upgraded to version 2.51 contains an improvement pipeline support for expanding the tokens FAILED_TESTS, TEST_COUNTS and TRIGGER_NAME in a pipeline email notification.
Token-macro has been upgraded to 2.0 and contains improved pipeline support, allowing token macro to be used in a pipeline context, polish providing autocomplete when referencing a token name, support for variable expansion and some performance improvements when scanning large Jenkins instances.
|Pipeline usability improvements||
Environment variables in Pipeline jobs are now available as global Groovy variables - simplifies tracking variable scope in a pipeline.
Build and job parameters are available as environment variables and thus accessible as if they were global Groovy variables - parameters are injected directly into the Pipeline script and are no longer available in ‘bindings.’
Makes job parameters, environment variables and Groovy variables much more interchangeable, simplifying pipeline creation and making variable references much more predictable.
|Skip Next Build plugin||Adds the capability to skip all the jobs of a folder and its sub-folders or to skip all the jobs belonging to a “Skip Jobs Group.” Skip Jobs Group is intended to group together jobs that should be skipped simultaneously but are located in different folders.|
|Support bundle||Adds the logs of the client master connectivity to the support bundle.|
|CloudBees Jenkins Platform core||
|Analytics and monitoring||
Role-Based Access Control plugin
The Role-based Access Control REST API ignores requirement for POST requests (allows GET) thereby eliminating 404 HTTP errors when accessing groups from a nested client master folder.
|GitHub Organization Folder plugin||GitHub Organization Folder scanning issue when using custom marker files.|
|CloudBees Assurance Program||
LDAP upgraded to version 1.13, includes a major configuration bug fix.
GitHub has been upgraded to version 1.22.3 and contains a major bug fix for an issue that could crash Jenkins instances using LDAP for authentication
Frequently Asked Questions
What is the CloudBees Assurance Program (CAP)?
The CloudBees Assurance Program (CAP) eliminates the risk of Jenkins upgrades by ensuring that various plugins work well together. CAP brings an unprecedented level of testing to ensure upgrades are no-risk events. The program bundles an ever-growing number of plugins in an envelope that is tested and certified together. The envelope installation/upgrade is an atomic operation - all certified versions are upgraded in lockstep, reducing the cognitive load on administrators in managing plugins.
Who is the CloudBees Assurance Program program designed for?
The program is designed for Jenkins administrators who manage Jenkins for their engineering organizations.
When was the CloudBees Assurance Program launched?
The program was launched in September 2016.
What is a rolling release?
The CAP program delivers a CloudBees Jenkins Platform on a regular cadence and this is called the “rolling” release model. A new release typically lands every 4-6 weeks.
Do I have to upgrade on every release?
You are encouraged too but aren’t required. You can skip a release or two and the assurance program ensures your upgrades would be smooth.
What release am I on?
You can tell which version you are running by checking the footer of your CJE or CJOC instance.
How to Upgrade
Review the CloudBees Jenkins Enterprise Installation Guide and the CloudBees Jenkins Operations Center User Guide for details about upgrading, but here are the basics:
- Identify which CloudBees Jenkins Enterprise release line (rolling vs. fixed) you are currently running.
- Visit go.cloudbees.com to download the latest release for your release line. (You must be logged in to see available downloads).
- If you are running CloudBees Jenkins Operations Center, you must upgrade it first, because you cannot connect a new CloudBees Jenkins Enterprise instance to an older version of CloudBees Jenkins Operations Center.
- Install the CloudBees Jenkins Platform as appropriate for your environment, and start the CloudBees Jenkins Platform instance.
- If the instance needs additional input during upgrade, the setup wizard prompts for additional input when you first access the instance.
Related Knowledgebase Articles
- What plugins are installed on a fresh install of CloudBees Jenkins Platform 2.x?
- What plugins are upgraded when upgrading from CloudBees Jenkins Platform 1.x to 2.x?
- What do the options in Beekeeper Upgrade Assistant mean?
- What plugins are upgraded when I upgrade an instance from CloudBees Jenkins Platform 2.x to a newer 2.x version?
Release Notes and Related Documentation
- CloudBees Jenkins Enterprise 22.214.171.124 release notes
- CloudBees Jenkins Operations Center 126.96.36.199 release notes
- CloudBees Jenkins Operations Center User Guide
- CloudBees Assurance Program