CloudBees Jenkins Platform based on Jenkins 2.x Release Lines

For CloudBees Jenkins Platform 2.7+, updates will be available in two release lines:

• CloudBees Jenkins Platform Rolling Release
• Cloudbees Jenkins Platform Fixed Release

Each support line has its own backporting policy which affects the scope of issue resolution for that line.

	Rolling	Fixed
Bug and Security Fixes
Security Fixes	Yes	Yes
Bug Fixes	Yes	Yes
Features
New Features	Yes	No
Compatibility and Upgrades
Verify Compatibility	Yes	Yes
Verify Upgrades	Yes	Yes

 

CloudBees Jenkins Platform Rolling Release

The CloudBees Jenkins Platform Rolling release is based on the CloudBees Jenkins Enterprise distribution. Rolling releases are published as important fixes and new features for the platform become available, which can be as soon as four weeks from the last release.

Rolling releases are a continuous stream of updates for the CloudBees Jenkins Platform and, as such, are the recommended release train and the gold standard of quality and stability for the CloudBees Jenkins Platform.

Rolling releases are supported for up to nine months with tested upgrade paths to the latest Rolling release of the CloudBees Jenkins Platform. The latest Rolling release contains all S1/S2 bug and security fixes, and customers are expected to upgrade to the latest release to receive those fixes.

The Rolling CloudBees Jenkins Platform release is comprised of the CloudBees Jenkins Enterprise distribution and the CloudBees proprietary plugins. 

You can read more about the CloudBees Plugin Tiers and their support policies here.

Support for this line encompasses the following:

• Bug and security fixes
• Severity 1 (S1) and Severity 2 (S2) security fixes are eligible against this line and are subject to a risk assessment by the CloudBees engineering team and community contributors when the bug is found in an open source component.
• Non-security bug fixes are subject to a risk assessment by the CloudBees engineering team and community contributors when the bug is found in an open source component.
• Fixes are only released to the latest release in this line.

• Features and suggestions
• Suggestions on new features are subject to an evaluation against the product roadmap by CloudBees product managers and a risk assessment by CloudBees engineers.
• New features will be available only in the latest release in this line.

• Compatibility and upgrades
• We endeavor to maintain compatibility of functionality between older and newer releases of components of the CloudBees Jenkins Platform that are nine months-old and newer.
• We endeavor to maintain verified upgrade paths between older and newer releases of CloudBees Jenkins Platform Rolling releases, with verified paths being tested between versions that are nine months old, up to the latest release.

• Support will not encompass the following:
• Bug and security fixes will not be patched on older releases, but instead released with a future CloudBees Jenkins Platform release.

• Releases provided by:
• CloudBees, as CloudBees Jenkins Platform releases

CloudBees Jenkins Platform Fixed Release

The CloudBees Jenkins Platform Fixed release is based on the CloudBees Jenkins Enterprise distribution and the CloudBees proprietary features.

This is the more traditional model of software delivery, with releases delivered only when security fixes for the distribution are made available. Fixed release lines consist solely of incremental security and bug patches for S1/S2 issues, and are suitable for organizations that prefer a more conservative approach to upgrades at the expense of newer CloudBees Jenkins Platform features.

Fixed releases are supported for up to 12 months, with the final three months of support limited to diagnosis-only help on reported issues. New CloudBees Jenkins Platform Fixed release lines will be delivered as frequently as every six months, allowing for six months’ upgrade lead time and featuring verified upgrade paths between each line.

Support for this line encompasses the following:

• Bug and security fixes
• In general, Severity 1 (S1) and Severity 2 (S2) bug fixes and backports are eligible against this line and are subject to a risk assessment by CloudBees engineering and community contributors when the bug is found in an open source component.
• Severity 1 (S1) and Severity 2 (S2) security fixes and backports are eligible against this line and are subject to a risk assessment by CloudBees engineering and community contributors when the bug is found in an open source component.

• Features and suggestions
• New features will not be released to this line.
• Suggestions on new features will not be accepted for this line.

• Compatibility and upgrades
• For the final three months of this line’s support lifecycle, compatibility support for CloudBees Jenkins Platform Fixed releases will become diagnosis-only, with no fixes or backports made to the older lines.
• We endeavor to maintain verified upgrade paths between older and newer releases of the CloudBees Jenkins Platform and between Rolling and Fixed releases, with verified paths being tested between versions nine months old, up to the latest release.
• For the final three months of a line’s support lifecycle, upgradeability support for CloudBees Jenkins Platform Fixed releases will generally become diagnosis-only with no fixes or backports made to the older lines.

• Support will not encompass the following:
• New features will not be released for this line.

• Releases provided by:
• CloudBees, as CloudBees Jenkins Platform releases

Support Timelines

Please refer to our Supported Product Versions and Release End of Life section.

CloudBees Jenkins Platform based on Jenkins 1.x Release Lines

We endeavor to resolve customer issues with the most minimal amount of change to their systems, balanced by our ability to support those systems.

CloudBees supports several Long Term Support (LTS) lines per the Support Timelines table, below.

Each support line has its own backporting policy which affects the scope of issue resolution for that line:

• The current LTS line, maintained by the community:
• Security fixes are delivered only to the latest release in this line
• Bug fixes are subject to Jenkins community review and approval
• Releases provided by:
• Jenkins community, optionally augmented by the CloudBees Jenkins Enterprise plugins
• Note: The Jenkins community provides at most three releases for any LTS line before switching to the next LTS line. Once the LTS line is no longer current, the customer will need to either upgrade to the current LTS line or switch to the corresponding CloudBees Jenkins Platform release
• CloudBees, as a CloudBees Jenkins Platform release

• CloudBees-maintained LTS-1: This LTS line is maintained by CloudBees and delivered to customers through CloudBees Jenkins Platform releases
• Security fixes are delivered only to the latest release in this line
• Non-security bug fixes are subject to a risk assessment by the CloudBees engineering team
• Releases provided by:
• CloudBees, as CloudBees Jenkins Platform releases

• CloudBees-maintained LTS-2: this LTS line is maintained by CloudBees and delivered to customers through CloudBees Jenkins Platform releases
• Security fixes are delivered only for the latest release in this line
• Severity 1 (S1) and Severity 2 (S2) non-security bug fixes are eligible against this line and are subject to a risk assessment by the CloudBees engineering team
• Releases provided by:
• CloudBees, as CloudBees Jenkins Platform releases

When a customer reports an issue in their specific line of Jenkins, we need to determine the category of root cause for this issue. The categories are in the Category of Issues section.

Visual Representation of Supported Trains

 

Category of Issues

Category	Analysis	Actions/Impact
Configuration Issue	These issues can be resolved by changing system settings or by modifying a JVM system property.	No upgrade of Jenkins core or a plugin is required to resolve these issues.
External Issue	These issues can be resolved by changing an external system; for example, a bug in an SCM server may cause it to send malformed data to Jenkins.	No change to Jenkins is required to resolve these issues.
Jenkins Core Issue	These issues can only be resolved by a code change in the Jenkins core.	CloudBees first priority is to try to make the fix available in the next release of the line the customer is running. If the fix is ineligible for inclusion in that release line (either for technical reasons, such as requiring a new feature only available in a newer line, or resulting from the risk assessment of the fix), the customer may be required to upgrade to a newer release line where that fix is eligible. In certain cases, it may be possible to provide a hot fix/patch in the form of a plugin that may mitigate the issue; such hot fix plugins are only developed for serious issues where the approach is technically feasible.
Plugin Issue	These issues can only be resolved by a code change in the plugin(s).	CloudBees first priority is to make the fix available in the next release of the plugin(s). For plugins that are maintained by CloudBees, we aim to ensure that the plugin is compatible with all of our supported release lines. Thus in the majority of cases, upgrading the plugin should not require changing the core release line. However, where a feature has been added to one of our plugins and that plugin requires specific technical features only available in newer release lines of Jenkins, the customer may be required to upgrade the Jenkins core in order to upgrade the plugin and resolve the issue. For plugins that are maintained by the community, the community maintainer is responsible for determining the policy to be followed with regard to tracking the baseline version of Jenkins that new releases will remain compatible with. CloudBees will encourage the maintainer to ensure that the plugin is compatible with all of our supported release lines, but we cannot enforce this. The customer may be required to upgrade the core version of Jenkins in order to upgrade the plugin and resolve their issue.
Interaction Issue Between the Jenkins Core and Plugin(s)	This is a combination of the previous two categories where the fix is required both in the Jenkins core and a corresponding plugin.	Typically, these issues can only be resolved in the Jenkins community weekly line and will only become available in older lines as they overtake the weekly version containing the fix. Unfortunately, due to the cross-system nature of these issues, resolution will generally require the customer to change the core version of Jenkins and upgrade plugins.

Feature Suggestions

Feature requests or software enhancements are additions of new functionality beyond correcting defects or enabling previously existing functionality.

Customers are encouraged to file feature requests for community plugins on the  Jenkins JIRA. The CloudBees team does not accept feature requests for OSS plugins or the core.

Bug and Security Issue Severity Levels Definition

Bug Severity Levels	Description
Severity 1 (S1)	Proven error of the product in the production environment. The product software halts, crashes or is inaccessible, resulting in a critical impact on the operation. No workaround is available.
Severity 2 (S2)	The product will operate, but due to an error in the production environment, its operation is severely restricted. No workaround is available.
Severity 3 (S3)	The product will operate with limitations due to an error in the production environment that is not critical to the overall operation. For example, a workaround forces a user and/or a systems operator to use a time-consuming procedure to operate the system, or removes a non-essential feature.
Severity 4 (S4)	Due to an error in the production environment, the product can be used with only slight inconvenience.

 

Security/CVE Severity Levels	Description
Severity 1 (S1)	This rating is given to flaws that could be easily exploited by a remote, unauthenticated attacker and lead to system compromise (arbitrary code execution) without requiring user interaction. These are the types of vulnerabilities that can be exploited by worms. Flaws that require an authenticated remote user, a local user or an unlikely configuration are not classed as Severity 1 vulnerability.
Severity 2 (S2)	This rating is given to flaws that can easily compromise the confidentiality, integrity or availability of resources. These are the types of vulnerabilities that allow local users to gain privileges, allow unauthenticated remote users to view resources that should otherwise be protected by authentication, allow authenticated remote users to execute arbitrary code or allow remote users to cause a denial of service. These flaws require an authenticated remote user or a local user. Vulnerabilities in unlikely configuration are not classed as Severity 2 vulnerability.
Severity 3 (S3)	This rating is given to flaws that may be more difficult to exploit but could still lead to some compromise of the confidentiality, integrity or availability of resources under certain circumstances. These are the types of vulnerabilities that could have had a critical impact or important impact, but are less easily exploited based on a technical evaluation of the flaw, or affect unlikely configurations.
Severity 4 (S4)	This rating is given to all other issues that have a security impact. These are the types of vulnerabilities that are believed to require unlikely circumstances to be able to be exploited, or where a successful exploit would give minimal consequences.

Support Timelines

CloudBees Jenkins Enterprise

CloudBees Version	Jenkins Core Version	CloudBees GA Date	Jenkins OSS LTS GA Date	Intermediate CloudBees Releases	End of Feature Improvements	End Of Life
16.06	1.651	2016-07-07	2016-04-14	1.651.21.1 1.651.3.1	2016-09-14	2017-04-14

Note: Older LTS lines not listed here are no longer supported.  Please see the How to Upgrade Jenkins guide.

 

CloudBees Jenkins Operations Center

CloudBees Version	Jenkins Core Version	CloudBees GA Date	Jenkins OSS LTS GA Date	Intermediate CloudBees Releases	End of Feature Improvements	End Of Life
1.8	1.625	2015-11-19	2015-10-14	1.625.21.1 1.625.18.5 (Older 1.625.X releases listed here)	:	2017-07-17

Note: Older LTS lines not listed here are no longer supported.  Please see the How to Upgrade Jenkins guide.

Supported Platforms

CloudBees Jenkins Platform on Azure Marketplace - Support

Customers who purchased CloudBees Jenkins Platform through the Azure Marketplace (“project”, “team”, “workgroup” and “pro” offers) are eligible to the CloudBees Gold Support.

Note that the customers who purchased the “Solo” offer are not eligible to CloudBees support.

1. Navigate to http://support.cloudbees.com
2. If you have a CloudBees login, sign in to the portal. Otherwise, click on “Submit a request”
3. In the dropdown list “Purpose of this new request”, select “CloudBees Jenkins Platform on Azure Marketplace”
4. Fill the support form

Supported Java Application Servers

CloudBees recommends running CloudBees Jenkins Operations Center and CloudBees Jenkins Enterprise as standalone applications installed with one of the following:

• Running eitherjava -jar jenkins-oc.war or java -jar jenkins.war
• Installing the native package for Red Hat (.rpm), Debian/Ubuntu (.deb) or Windows (.msi)

CloudBees also supports running CloudBees Jenkins Operations Center and CloudBees Jenkins Enterprise on Java application servers with the following requirements:

• The CloudBees Jenkins Operations Center .war application (resp CJE .war application) must be the only web application running on the Java application server.
• The restart capabilities of the application server must not be used. The only supported ways to restart a Jenkins instance is to restart the process of the JVM or to use the built-in restart feature of Jenkins, if it is enabled by the installer.

Application Server	Minimum Version	End Of Support
Apache Tomcat 7.0 and lower	Not supported
Apache Tomcat 8.0	v8.0.32	2017-03-01
Apache Tomcat 8.5	v8.5.0	(1)
Apache Tomcat 9.0	Not yet supported, as it is still a milestone release	(1)

(1) CloudBees only supports two versions of Apache Tomcat and strives to support the latest GA version.

As several documents published by the Apache Tomcat community say that the ETA for the release of Apache Tomcat 9.0 is Q4 2016, we plan to support Apache Tomcat 9.0 soon after, during Q1 2017. The CloudBees Jenkins Platform will then support Apache Tomcat version 9.0 and 8.5. Version 8.0 will no longer be supported. The same logic will apply for the end of support of Apache Tomcat 8.5 and for all the versions of Apache Tomcat.

Supported Docker Environments

CloudBees supports running CloudBees Jenkins Operations Center and/or client masters in Docker containers, subject to the following constraints:

• The Docker images must be the images provided by CloudBees:
  cloudbees/jenkins-enterprise and cloudbees/jenkins-operations-center
• The Docker Engine used to run these containers must run on a Linux platform and be a standalone Docker Engine provided by Docker, Inc. or by a Linux distribution provider (e.g., Red Hat or CentOS). To run the CloudBees Jenkins Platform through a Docker orchestration service (e.g., Swarm, Kubernetes, Mesos or Amazon ECS), please see information about CloudBees Jenkins Platform - Private SaaS Edition, which offers such capabilities.

Supported Java Virtual Machines and Operating Systems

See CloudBees Support Knowledge Base:

• CloudBees Jenkins Platform Supported Java Versions
• Supported Operating Systems for CloudBees Jenkins Platform

Compatibility Matrix for CloudBees Jenkins Operations Center and Client Masters

		Operations Center
		2.X	1.8
Client Master	2.X	Yes	No
	16.06	Yes	Yes

Starting with CloudBees Jenkins Platform 2.7, the version of CloudBees Jenkins Operations Center must always be more recent or as old as the version of the client masters that are connected to the CloudBees Jenkins Operations Center. However, the client masters connected to a CloudBees Jenkins Operations Center do not have to be at the same version.

For example, CloudBees Jenkins Operations Center version 2.7.19 can be connected to client masters that are version 2.7.19 and/or 16.06.