Bug 1972361

Summary: Bump jenkins version to 2.289.1
Product: OpenShift Container Platform Reporter: Akram Ben Aissi <abenaiss>
Component: JenkinsAssignee: Akram Ben Aissi <abenaiss>
Status: CLOSED ERRATA QA Contact: Jitendar Singh <jitsingh>
Severity: medium Docs Contact:
Priority: high    
Version: 4.7CC: adam.kaplan, aos-bugs, ddelcian, gmontero, jitsingh, mcooper, pbhattac, proguski
Target Milestone: ---   
Target Release: 4.7.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1972354
: 1972366 (view as bug list) Environment:
Last Closed: 2021-08-17 12:12:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1972354    
Bug Blocks: 1891132, 1902826, 1934116, 1971016, 1972366, 1974891    

Description Akram Ben Aissi 2021-06-15 17:50:01 UTC 
+++ This bug was initially created as a clone of Bug #1972354 +++

+++ This bug was initially created as a clone of Bug #1972351 +++

Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Daniel Del Ciancio 2021-06-16 20:40:34 UTC 
Just an update on this matter.  The customer has reached out to me earlier today and there it seems there has been a misunderstanding in the cause of the issue.
The problem was not caused by a bad Jenkins image published by Red Hat, but instead, by a custom plugin dependency that the customer had introduced into their custom Jenkins starter kit image.

As part of the Jenkins starter kit image, custom plugins were being added, however, the "latest" version of these plugins were being installed.  This caused newer versions of any dependent plugins to be downloaded, however, there is no guarantee that these plugins are compatible with the version of Jenkins we provide.

This means that there is no urgent need to bump up the Jenkins version.  I have asked the customer to pin to a specific Jenkins version as well as pin any associated custom plugins so that both remain compatible with one another.

I was wondering if there could be any plugin upgrade validation that could prevent upgrading to a plugin version that is incompatible with the underlying Jenkins version?
Comment 3 Adam Kaplan 2021-06-28 15:28:43 UTC 
*** Bug 1891693 has been marked as a duplicate of this bug. ***
Comment 5 Adam Kaplan 2021-08-03 21:45:24 UTC 
Downgrading the severity of this to "Medium" to conform with our Bugzilla standards

- Bumping Jenkins will address CVEs with medium severity/"Moderate" impact score.
- Priority is "High" to reflect aggregate importance of addressing CVEs.
Comment 9 Jitendar Singh 2021-08-09 13:00:31 UTC 
VERIFIED.
Comment 11 errata-xmlrpc 2021-08-17 12:12:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.7.24 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:3032
Comment 12 jawed 2021-09-21 12:59:54 UTC 
*** Bug 1972088 has been marked as a duplicate of this bug. ***
Comment 13 Red Hat Bugzilla 2023-09-15 01:09:55 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days