CloudBees Jenkins Platform based on Jenkins 2.x Release Lines
For CloudBees Jenkins Platform 2.7+, updates will be available in two release lines:
- CloudBees Jenkins Platform Rolling Release
- Cloudbees Jenkins Platform Fixed Release
Each support line has its own backporting policy which affects the scope of issue resolution for that line.
Rolling |
Fixed |
|
Bug and Security Fixes |
||
Security Fixes |
Yes |
Yes |
Bug Fixes |
Yes |
Yes |
Features |
||
New Features |
Yes |
No |
Compatibility and Upgrades |
||
Verify Compatibility |
Yes |
Yes |
Verify Upgrades |
Yes |
Yes |
CloudBees Jenkins Platform Rolling Release
The CloudBees Jenkins Platform Rolling release is based on the CloudBees Jenkins Enterprise distribution. Rolling releases are published as important fixes and new features for the platform become available, which can be as soon as four weeks from the last release.
Rolling releases are a continuous stream of updates for the CloudBees Jenkins Platform and, as such, are the recommended release train and the gold standard of quality and stability for the CloudBees Jenkins Platform.
Rolling releases are supported for up to nine months with tested upgrade paths to the latest Rolling release of the CloudBees Jenkins Platform. The latest Rolling release contains all S1/S2 bug and security fixes, and customers are expected to upgrade to the latest release to receive those fixes.
The Rolling CloudBees Jenkins Platform release is comprised of the CloudBees Jenkins Enterprise distribution and the CloudBees proprietary plugins.
You can read more about the CloudBees Plugin Tiers and their support policies here.
Support for this line encompasses the following:
- Bug and security fixes
- Severity 1 (S1) and Severity 2 (S2) security fixes are eligible against this line and are subject to a risk assessment by the CloudBees engineering team and community contributors when the bug is found in an open source component.
- Non-security bug fixes are subject to a risk assessment by the CloudBees engineering team and community contributors when the bug is found in an open source component.
- Fixes are only released to the latest release in this line.
- Features and suggestions
- Suggestions on new features are subject to an evaluation against the product roadmap by CloudBees product managers and a risk assessment by CloudBees engineers.
- New features will be available only in the latest release in this line.
- Compatibility and upgrades
- We endeavor to maintain compatibility of functionality between older and newer releases of components of the CloudBees Jenkins Platform that are nine months-old and newer.
- We endeavor to maintain verified upgrade paths between older and newer releases of CloudBees Jenkins Platform Rolling releases, with verified paths being tested between versions that are nine months old, up to the latest release.
- Support will not encompass the following:
- Bug and security fixes will not be patched on older releases, but instead released with a future CloudBees Jenkins Platform release.
- Releases provided by:
- CloudBees, as CloudBees Jenkins Platform releases
CloudBees Jenkins Platform Fixed Release
The CloudBees Jenkins Platform Fixed release is based on the CloudBees Jenkins Enterprise distribution and the CloudBees proprietary features.
This is the more traditional model of software delivery, with releases delivered only when security fixes for the distribution are made available. Fixed release lines consist solely of incremental security and bug patches for S1/S2 issues, and are suitable for organizations that prefer a more conservative approach to upgrades at the expense of newer CloudBees Jenkins Platform features.
Fixed releases are supported for up to 12 months, with the final three months of support limited to diagnosis-only help on reported issues. New CloudBees Jenkins Platform Fixed release lines will be delivered as frequently as every six months, allowing for six months’ upgrade lead time and featuring verified upgrade paths between each line.
Support for this line encompasses the following:
- Bug and security fixes
- In general, Severity 1 (S1) and Severity 2 (S2) bug fixes and backports are eligible against this line and are subject to a risk assessment by CloudBees engineering and community contributors when the bug is found in an open source component.
- Severity 1 (S1) and Severity 2 (S2) security fixes and backports are eligible against this line and are subject to a risk assessment by CloudBees engineering and community contributors when the bug is found in an open source component.
- Features and suggestions
- New features will not be released to this line.
- Suggestions on new features will not be accepted for this line.
- Compatibility and upgrades
- For the final three months of this line’s support lifecycle, compatibility support for CloudBees Jenkins Platform Fixed releases will become diagnosis-only, with no fixes or backports made to the older lines.
- We endeavor to maintain verified upgrade paths between older and newer releases of the CloudBees Jenkins Platform and between Rolling and Fixed releases, with verified paths being tested between versions nine months old, up to the latest release.
- For the final three months of a line’s support lifecycle, upgradeability support for CloudBees Jenkins Platform Fixed releases will generally become diagnosis-only with no fixes or backports made to the older lines.
- Support will not encompass the following:
- New features will not be released for this line.
- Releases provided by:
- CloudBees, as CloudBees Jenkins Platform releases
Support Timelines
Please refer to our Supported Product Versions and Release End of Life section.
CloudBees Jenkins Platform based on Jenkins 1.x Release Lines
We endeavor to resolve customer issues with the most minimal amount of change to their systems, balanced by our ability to support those systems.
CloudBees supports several Long Term Support (LTS) lines per the Support Timelines table, below.
Each support line has its own backporting policy which affects the scope of issue resolution for that line:
- The current LTS line, maintained by the community:
- Security fixes are delivered only to the latest release in this line
- Bug fixes are subject to Jenkins community review and approval
- Releases provided by:
- Jenkins community, optionally augmented by the CloudBees Jenkins Enterprise plugins
- Note: The Jenkins community provides at most three releases for any LTS line before switching to the next LTS line. Once the LTS line is no longer current, the customer will need to either upgrade to the current LTS line or switch to the corresponding CloudBees Jenkins Platform release
- CloudBees, as a CloudBees Jenkins Platform release
- CloudBees-maintained LTS-1: This LTS line is maintained by CloudBees and delivered to customers through CloudBees Jenkins Platform releases
- Security fixes are delivered only to the latest release in this line
- Non-security bug fixes are subject to a risk assessment by the CloudBees engineering team
- Releases provided by:
- CloudBees, as CloudBees Jenkins Platform releases
- CloudBees-maintained LTS-2: this LTS line is maintained by CloudBees and delivered to customers through CloudBees Jenkins Platform releases
- Security fixes are delivered only for the latest release in this line
- Severity 1 (S1) and Severity 2 (S2) non-security bug fixes are eligible against this line and are subject to a risk assessment by the CloudBees engineering team
- Releases provided by:
- CloudBees, as CloudBees Jenkins Platform releases
When a customer reports an issue in their specific line of Jenkins, we need to determine the category of root cause for this issue. The categories are in the Category of Issues section.
Visual Representation of Supported Trains
Category of Issues
Category |
Analysis |
Actions/Impact |
Configuration Issue |
These issues can be resolved by changing system settings or by modifying a JVM system property. |
No upgrade of Jenkins core or a plugin is required to resolve these issues. |
External Issue |
These issues can be resolved by changing an external system; for example, a bug in an SCM server may cause it to send malformed data to Jenkins. |
No change to Jenkins is required to resolve these issues. |
Jenkins Core Issue |
These issues can only be resolved by a code change in the Jenkins core. |
CloudBees first priority is to try to make the fix available in the next release of the line the customer is running. If the fix is ineligible for inclusion in that release line (either for technical reasons, such as requiring a new feature only available in a newer line, or resulting from the risk assessment of the fix), the customer may be required to upgrade to a newer release line where that fix is eligible. In certain cases, it may be possible to provide a hot fix/patch in the form of a plugin that may mitigate the issue; such hot fix plugins are only developed for serious issues where the approach is technically feasible. |
Plugin Issue |
These issues can only be resolved by a code change in the plugin(s). |
CloudBees first priority is to make the fix available in the next release of the plugin(s).
|
Interaction Issue Between the Jenkins Core and Plugin(s) |
This is a combination of the previous two categories where the fix is required both in the Jenkins core and a corresponding plugin. |
Typically, these issues can only be resolved in the Jenkins community weekly line and will only become available in older lines as they overtake the weekly version containing the fix. Unfortunately, due to the cross-system nature of these issues, resolution will generally require the customer to change the core version of Jenkins and upgrade plugins. |
Feature Suggestions
Feature requests or software enhancements are additions of new functionality beyond correcting defects or enabling previously existing functionality.
Customers are encouraged to file feature requests for community plugins on the Jenkins JIRA. The CloudBees team does not accept feature requests for OSS plugins or the core.
Bug and Security Issue Severity Levels Definition
Bug Severity Levels |
Description |
Severity 1 (S1) |
Proven error of the product in the production environment. The product software halts, crashes or is inaccessible, resulting in a critical impact on the operation. No workaround is available. |
Severity 2 (S2) |
The product will operate, but due to an error in the production environment, its operation is severely restricted. No workaround is available. |
Severity 3 (S3) |
The product will operate with limitations due to an error in the production environment that is not critical to the overall operation. For example, a workaround forces a user and/or a systems operator to use a time-consuming procedure to operate the system, or removes a non-essential feature. |
Severity 4 (S4) |
Due to an error in the production environment, the product can be used with only slight inconvenience. |
Security/CVE Severity Levels |
Description |
Severity 1 (S1) |
This rating is given to flaws that could be easily exploited by a remote, unauthenticated attacker and lead to system compromise (arbitrary code execution) without requiring user interaction. These are the types of vulnerabilities that can be exploited by worms. Flaws that require an authenticated remote user, a local user or an unlikely configuration are not classed as Severity 1 vulnerability. |
Severity 2 (S2) |
This rating is given to flaws that can easily compromise the confidentiality, integrity or availability of resources. These are the types of vulnerabilities that allow local users to gain privileges, allow unauthenticated remote users to view resources that should otherwise be protected by authentication, allow authenticated remote users to execute arbitrary code or allow remote users to cause a denial of service. These flaws require an authenticated remote user or a local user. Vulnerabilities in unlikely configuration are not classed as Severity 2 vulnerability. |
Severity 3 (S3) |
This rating is given to flaws that may be more difficult to exploit but could still lead to some compromise of the confidentiality, integrity or availability of resources under certain circumstances. These are the types of vulnerabilities that could have had a critical impact or important impact, but are less easily exploited based on a technical evaluation of the flaw, or affect unlikely configurations. |
Severity 4 (S4) |
This rating is given to all other issues that have a security impact. These are the types of vulnerabilities that are believed to require unlikely circumstances to be able to be exploited, or where a successful exploit would give minimal consequences. |
Support Timelines
CloudBees Jenkins Enterprise
CloudBees Version |
Jenkins Core Version |
CloudBees GA Date |
Jenkins OSS LTS GA Date |
Intermediate CloudBees Releases |
End of Feature Improvements |
End Of Life |
16.06 |
1.651 |
2016-07-07 |
2016-04-14 |
2016-09-14 |
2017-04-14 |
Note: Older LTS lines not listed here are no longer supported. Please see the How to Upgrade Jenkins guide.
CloudBees Jenkins Operations Center
CloudBees Version |
Jenkins Core Version |
CloudBees GA Date |
Jenkins OSS LTS GA Date |
Intermediate CloudBees Releases |
End of Feature Improvements |
End Of Life |
1.8 |
1.625 |
2015-11-19 |
2015-10-14 |
(Older 1.625.X releases listed here) |
: |
2017-07-17 |
Note: Older LTS lines not listed here are no longer supported. Please see the How to Upgrade Jenkins guide.
Supported Platforms
CloudBees Jenkins Platform on Azure Marketplace - Support
Customers who purchased CloudBees Jenkins Platform through the Azure Marketplace (“project”, “team”, “workgroup” and “pro” offers) are eligible to the CloudBees Gold Support.
Note that the customers who purchased the “Solo” offer are not eligible to CloudBees support.
- Navigate to http://support.cloudbees.com
- If you have a CloudBees login, sign in to the portal. Otherwise, click on “Submit a request”
- In the dropdown list “Purpose of this new request”, select “CloudBees Jenkins Platform on Azure Marketplace”
- Fill the support form
Supported Java Application Servers
CloudBees recommends running CloudBees Jenkins Operations Center and CloudBees Jenkins Enterprise as standalone applications installed with one of the following:
- Running eitherjava -jar jenkins-oc.war or java -jar jenkins.war
- Installing the native package for Red Hat (.rpm), Debian/Ubuntu (.deb) or Windows (.msi)
CloudBees also supports running CloudBees Jenkins Operations Center and CloudBees Jenkins Enterprise on Java application servers with the following requirements:
- The CloudBees Jenkins Operations Center .war application (resp CJE .war application) must be the only web application running on the Java application server.
- The restart capabilities of the application server must not be used. The only supported ways to restart a Jenkins instance is to restart the process of the JVM or to use the built-in restart feature of Jenkins, if it is enabled by the installer.
Application Server |
Minimum Version |
End Of Support |
Apache Tomcat 7.0 and lower |
Not supported |
|
Apache Tomcat 8.0 |
v8.0.32 |
2017-03-01 |
Apache Tomcat 8.5 |
v8.5.0 |
(1) |
Apache Tomcat 9.0 |
Not yet supported, as it is still a milestone release |
(1) |
(1) CloudBees only supports two versions of Apache Tomcat and strives to support the latest GA version.
As several documents published by the Apache Tomcat community say that the ETA for the release of Apache Tomcat 9.0 is Q4 2016, we plan to support Apache Tomcat 9.0 soon after, during Q1 2017. The CloudBees Jenkins Platform will then support Apache Tomcat version 9.0 and 8.5. Version 8.0 will no longer be supported. The same logic will apply for the end of support of Apache Tomcat 8.5 and for all the versions of Apache Tomcat.
Supported Docker Environments
CloudBees supports running CloudBees Jenkins Operations Center and/or client masters in Docker containers, subject to the following constraints:
- The Docker images must be the images provided by CloudBees:
cloudbees/jenkins-enterprise and cloudbees/jenkins-operations-center - The Docker Engine used to run these containers must run on a Linux platform and be a standalone Docker Engine provided by Docker, Inc. or by a Linux distribution provider (e.g., Red Hat or CentOS). To run the CloudBees Jenkins Platform through a Docker orchestration service (e.g., Swarm, Kubernetes, Mesos or Amazon ECS), please see information about CloudBees Jenkins Platform - Private SaaS Edition, which offers such capabilities.
Supported Java Virtual Machines and Operating Systems
See CloudBees Support Knowledge Base:
- CloudBees Jenkins Platform Supported Java Versions
- Supported Operating Systems for CloudBees Jenkins Platform
Compatibility Matrix for CloudBees Jenkins Operations Center and Client Masters
Operations Center |
|||
2.X |
1.8 |
||
Client Master |
2.X |
Yes |
No |
16.06 |
Yes | Yes |
Starting with CloudBees Jenkins Platform 2.7, the version of CloudBees Jenkins Operations Center must always be more recent or as old as the version of the client masters that are connected to the CloudBees Jenkins Operations Center. However, the client masters connected to a CloudBees Jenkins Operations Center do not have to be at the same version.
For example, CloudBees Jenkins Operations Center version 2.7.19 can be connected to client masters that are version 2.7.19 and/or 16.06.
0 Comments