Skip to content

@aheritier aheritier released this Jan 15, 2020 · 7 commits to master since this release

Security release

CSRF vulnerability and missing permission checks in Health Advisor by CloudBees Plugin

SECURITY-1708 / CVE-2020-2093 (CSRF), CVE-2020-2094 (missing permission check)

Health Advisor by CloudBees Plugin 3.0 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to send an email with fixed content to an attacker-specified recipient.

Additionally, these form validation methods do not require POST requests, resulting in a CSRF vulnerability.

Health Advisor by CloudBees Plugin 3.0.1 requires POST requests and Overall/Administer permission for the affected form validation methods.

Assets 2

@release-drafter release-drafter released this Oct 16, 2019 · 8 commits to master since this release

October 16th, 2019

3.0 is here!!! 🎆

This release changed a lot of Java APIs, thus the new major release number. The plugin remains 100% compatible with previous settings if you upgrade but if you are managing this plugin with groovy you will have to update your scripts (see the documentation and troubleshooting guide).

Thanks to all contributors

🚀 New features and improvements

Jenkins Configuration as Code

This new version adds compatibility with Jenkins Configuration as Code. Here is a sample to configure it:

advisor:
  acceptToS: true
  email: "jdoe@acme.com"
  ccs:
    - "list1@acme.com"
    - "list2@acme.com"
  excludedComponents:
    - "ItemsContent"
    - "GCLogs"
    - "Agents"
    - "AgentsConfigFile"
    - "ConfigFileComponent"
    - "RootCAs"
    - "SlaveLogs"
    - "OtherConfigFilesComponent"
    - "HeapUsageHistogram"
  nagDisabled: false

UX Improvements

The User Experience was reviewed to provide better user feedback during the setup and the usage of the plugin.
Administrative Monitors and the configuration screen were improved to provide a better ergonomics and provide a better look and feel.

configuration

Known issue

if you install for the first time this plugin and don't yet have the Support Core plugin installed it is required to restart your master after the installation.
Support Core is a dependency of Jenkins Health Advisor by CloudBees and for now, this one doesn't support to be dynamically loaded (JENKINS-59775 / JENKINS-59696). If you don't restart your master you can fill you server logs.

Assets 2

@release-drafter release-drafter released this Oct 4, 2019 · 95 commits to master since this release

October 4th, 2019

This release is improving the user experience (logs, configuration UI, ...) and upgrades the jenkins core requirement to 2.138.4.
It is also rebranding the plugin to adopt its new name "Jenkins Health Advisor by CloudBees" and use its new logo.

Changelog

Assets 2

@aheritier aheritier released this Oct 4, 2019 · 132 commits to master since this release

August 22nd, 2019

  • Advisor is back for OSS users
  • All changes done in releases 2.0 to 2.9 are documented in these release notes
Assets 2

@aheritier aheritier released this Oct 4, 2019 · 135 commits to master since this release

December 19th, 2017

  • Upgrade async-http-client and update AdvisorClient
Assets 2

@aheritier aheritier released this Oct 4, 2019 · 138 commits to master since this release

December 15th, 2017

  • Change upload recurrence period from minutes to hours
  • Remove Grand Central account requirement
  • Update parent to 2.34, switch to wiremock-standalone and update dependencies
Assets 2

@aheritier aheritier released this Oct 4, 2019 · 144 commits to master since this release

November 17th, 2017

  • Now supports 2.19.3+!
  • Connectivity indicator display on configuration page
  • Logging improvements
  • Additional test coverage
Assets 2

@aheritier aheritier released this Oct 4, 2019 · 166 commits to master since this release

September 5th, 2017

  • Fix for "Connect Now" error.
Assets 2

@aheritier aheritier released this Oct 4, 2019 · 169 commits to master since this release

August 25th, 2017

  • Change admin notification.
  • Security fixes
Assets 2

@aheritier aheritier released this Oct 4, 2019 · 174 commits to master since this release

August 22nd, 2017

First release.

Assets 2
You can’t perform that action at this time.