Jenkins Health Advisor by CloudBees 3.2.3

Thanks to @Dohbedoh this release will avoid conflicts with the support-core plugin which could sometimes delete the bundle prepared by Advisor. It should resolves the issues like Health Advisor bundle cannot be uploaded due 'No such file or directory'.

🐛 Bug Fixes

• JENKINS-64262 - Store temporary bundles in subdirectory + clean them up (#88) @Dohbedoh

📦 Dependency updates

• Bump support-core from 2.70 to 2.72 (#91) @dependabot
• Bump plugin from 4.12 to 4.14 (#89) @dependabot
• Bump bom-2.204.x from 16 to 18 (#87) @dependabot

Jenkins Health Advisor by CloudBees 3.2.2

Bug fix release to update the Terms of Service URL (our terms didn't change).

🐛 Bug Fixes

• JENKINS-63814 - New Terms of Service URL (#74) @aheritier

📦 Dependency updates

• Bump bom-2.204.x from 12 to 16 (#84) @dependabot
• Bump plugin from 4.7 to 4.12 (#83) @dependabot
• Bump bom-2.204.x from 11 to 12 (#73) @dependabot
• Bump wiremock-standalone from 2.27.1 to 2.27.2 (#72) @dependabot

👻 Maintenance

• Update code owners (#76) @aheritier
• Work around problem in io.jenkins.configuration-as-code:test-harness (#80) @jglick

Jenkins Health Advisor by CloudBees 3.2.1

🔒 Security release

Incorrect permission check in Health Advisor by CloudBees Plugin

SECURITY-1998 / CVE-2020-2258

Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to view an administrative configuration page.

Health Advisor by CloudBees Plugin (3.0.3/3.1.1/3.2.1) requires Overall/Administer to view its administrative configuration page.

Jenkins Health Advisor by CloudBees 3.1.1

🔒 Security release

Incorrect permission check in Health Advisor by CloudBees Plugin

SECURITY-1998 / CVE-2020-2258

Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to view an administrative configuration page.

Health Advisor by CloudBees Plugin (3.0.3/3.1.1/3.2.1) requires Overall/Administer to view its administrative configuration page.

Jenkins Health Advisor by CloudBees 3.0.2

🔒 Security release

Incorrect permission check in Health Advisor by CloudBees Plugin

SECURITY-1998 / CVE-2020-2258

Health Advisor by CloudBees Plugin 3.2.0 and earlier does not correctly perform a permission check in an HTTP endpoint.

This allows attackers with Overall/Read permission to view an administrative configuration page.

Health Advisor by CloudBees Plugin (3.0.3/3.1.1/3.2.1) requires Overall/Administer to view its administrative configuration page.

Jenkins Health Advisor by CloudBees 3.2.0

• Bump jenkins version requirement from 2.138.4 to 2.204.6
• JENKINS-62739 - Remove Bootstrap CSS (#60) @aheritier @fqueiruga @timja
  • This update makes the plugin UI more compatible Jenkins Themes and especially the Dark Theme

🛠️ Chore changes

• Use built in to GitHub dependabot (v2) (#66) @aheritier
• Improve BundleUploadTest#execute_pluginDisabled() test (#66) @aheritier
• Remove recommended configurations to fix the build ( ref jenkins-infra/pipeline-library#145 ) (#66) @aheritier
• Add Contributors and Installs badges @aheritier
• Install Release Drafter as a github action @aheritier

📦 Dependency updates

• Bump plugin from 3.50 to 4.4 (#65) @dependabot
• Bump support-core from 2.63 to 2.69 (#61) @dependabot
• Bump gson from 2.8.1 to 2.8.6 (#64) @dependabot
• Bump wiremock-standalone from 2.22.0 to 2.27.1 (#68) @dependabot
• Bump hamcrest-core from 1.3 to 2.2 (#63) @dependabot
• Bump hamcrest-library from 1.3 to 2.2 (#67) @dependabot
  • Remove hamcrest-all (#60) @aheritier

Jenkins Health Advisor by CloudBees 3.1.0

Classifies the Management link of Jenkins Health Advisor by CloudBees under the Troubleshooting category of the new Manage Jenkins screen for Jenkins 2.226+ users (It doesn't change anything for users of oldest versions).

Jenkins Health Advisor by CloudBees 3.0.1

🔒 Security release

CSRF vulnerability and missing permission checks in Health Advisor by CloudBees Plugin

SECURITY-1708 / CVE-2020-2093 (CSRF), CVE-2020-2094 (missing permission check)

Health Advisor by CloudBees Plugin 3.0 and earlier does not perform permission checks in methods performing form validation. This allows users with Overall/Read access to send an email with fixed content to an attacker-specified recipient.

Additionally, these form validation methods do not require POST requests, resulting in a CSRF vulnerability.

Health Advisor by CloudBees Plugin 3.0.1 requires POST requests and Overall/Administer permission for the affected form validation methods.

Jenkins Health Advisor by CloudBees 3.0

October 16th, 2019

3.0 is here!!! 🎆

This release changed a lot of Java APIs, thus the new major release number. The plugin remains 100% compatible with previous settings if you upgrade but if you are managing this plugin with groovy you will have to update your scripts (see the documentation and troubleshooting guide).

Thanks to all contributors

• @fcojfernandez
• @varyvol
• @raul-arabaolaza
• @oleg-nenashev

🚀 New features and improvements

Jenkins Configuration as Code

• JENKINS-59695 - Add JCasC compatibility (#39)

This new version adds compatibility with Jenkins Configuration as Code. Here is a sample to configure it:

advisor:
  acceptToS: true
  email: "jdoe@acme.com"
  ccs:
    - "list1@acme.com"
    - "list2@acme.com"
  excludedComponents:
    - "ItemsContent"
    - "GCLogs"
    - "Agents"
    - "AgentsConfigFile"
    - "ConfigFileComponent"
    - "RootCAs"
    - "SlaveLogs"
    - "OtherConfigFilesComponent"
    - "HeapUsageHistogram"
  nagDisabled: false

UX Improvements

• JENKINS-59767 - Replace the comma separated list for CC by a list of emails (#55)
• JENKINS-59697 - Add an Apply button (#53)
• JENKINS-59707 - Improve UX and users feedbacks

The User Experience was reviewed to provide better user feedback during the setup and the usage of the plugin.
Administrative Monitors and the configuration screen were improved to provide a better ergonomics and provide a better look and feel.

Known issue

if you install for the first time this plugin and don't yet have the Support Core plugin installed it is required to restart your master after the installation.
Support Core is a dependency of Jenkins Health Advisor by CloudBees and for now, this one doesn't support to be dynamically loaded (JENKINS-59775 / JENKINS-59696). If you don't restart your master you can fill you server logs.

Jenkins Health Advisor by CloudBees 2.11

October 4th, 2019

This release is improving the user experience (logs, configuration UI, ...) and upgrades the jenkins core requirement to 2.138.4.
It is also rebranding the plugin to adopt its new name "Jenkins Health Advisor by CloudBees" and use its new logo.

Changelog

• JENKINS-59454 - Increase Advisor bundle generation delay to 30mins (#31) @Evildethow
• JENKINS-59613 - Rename "CloudBees Jenkins Advisor" to "Jenkins Health Advisor by CloudBees" (#32) @aheritier
• JENKINS-59614 - New logo for Jenkins Health Advisor by CloudBees (#34) @aheritier
• JENKINS-59618 - Upgrade plugin parent POM 3.46 -> 3.50 + set the new plugin metadata (#34) @aheritier
• JENKINS-59629 - Not validating the TOS is confusing (#35) @Evildethow
• JENKINS-59644 - Bump the Jenkins core requirement to 2.138.4 ( + cleanup ) (#36) @aheritier
• JENKINS-56647 - Upgrade support-core dependency to 2.62 (#38) @aheritier
• JENKINS-59648 - UX improvements (#37) @aheritier