Release Notes for CloudBees Core for VMware Tanzu (PKS)
See also: CloudBees Core Release Notes
Release Date: December 7, 2018
Features included in this release:
- Allow YAML to override default ingress annotations - Allow overriding of default ingress with YAML annotations.
- CLI commands to install and disable plugins - This feature provides plugin management and automation via the CLI. Benefits are configuration as code and GitOps plugin management.
- Tuning of configuration permissions to improve security - In organizations
where central administrators delegate permissions to team administrators, team administrators
needed access to a wide range of configuration parameters. As an unintended consequence of
this very broad scope, certain of these permissions could have caused ‘harm’ to Jenkins or
leaked all credentials.
This new feature provides fine-grained control and improves the granting of permissions, reducing or eliminating these risks.
- Credential-masking plugin to improve security - The new Enhanced Credentials
Masking plugin masks credentials even if they are referenced as a Declarative Pipeline syntax
variable outside the withCredentials code block.
Previously, it was possible for unscrupulous developers to extract credentials masked by withCredentials when those credentials were referenced as a variable outside a pipeline block.
With the new plugin, customer credentials are not exposed outside the code block, improving the security of CloudBees Core.
- Cross-team collaboration: external HTTP endpoints - This feature allows
users to trigger jobs based on an external event being published by systems that produce
JSON webhooks. This feature works with pipelines on all masters.
Cross-team collaboration reduces manual handoffs across teams, and jobs can start automatically when a notification is published, which facilitates continuous delivery. This also permits the integration with “homemade” systems or systems without an out-of-the-box webhook integration (such as Artifactory).
Security against malicious or fake webhooks is provided by HMAC authentication and remote IP address filtering.
Fixed issues in this release:
- Kubernetes plugin resource issues - Cleanup of Kubernetes pods to resolve resource consumption.
- Can’t delete the last Kubernetes Pod Template on Core master - Modified the Kubernetes plugin so that all Kubernetes Pod Templates on a CloudBees Core Master may be deleted.
- EKS unable to retrieve CA file when using self-signed cert - When using self-signed certificates in CloudBees Core, EKS was unable to retrieve the client CA file. This update addresses that issue.
- Pick up security fixes from the new OpenJDK version - This release updates OpenJDK to 8u181-jdk-alpine3.8.
- Exception during startup causes a broken running instance -
During startup, a java.nio.file.FileAlreadyExistsException may occur against
envelope.json, which could leave Jenkins in a running but unusable state.
To fix this, we’ve modified startup behavior to prevent instance initialization when there is a problem with the installation of the envelope.
- Text cleanup for the CLI backup-master command - Fixed several minor grammatical errors in messages returned by the CLI backup command.
- Build directories and contents are backed up when deselected -
In the CloudBees Backup configuration, users can select/deselect the following items:
- Build records
- Job configurations
- System configuration
Although there are situations where keeping the directory information for lastSuccessful symlinks is necessary, retaining the contents of those directories is not desirable.
Behavior has been modified to NOT include the contents of last** symbolic links when the user excludes build records.
- Jenkins HA Monitor tool doesn’t work - The Jenkins HA Tool
(versions 4.14 and up) was failing to read a license file and shutting down, thus
rendering it useless.
The tool has been repackaged to include additional dependencies in JAR-with-dependencies.
Known issues in this release: