Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1516300 - How to keep OCP Jenkins and plugins updated
Summary: How to keep OCP Jenkins and plugins updated
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Image
Version: 3.6.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 3.7.z
Assignee: Ben Parees
QA Contact: Dongbo Yan
Depends On:
TreeView+ depends on / blocked
Reported: 2017-11-22 12:34 UTC by Sudarshan Chaudhari
Modified: 2018-04-05 09:32 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: No Doc Update
Doc Text:
Clone Of:
Last Closed: 2018-04-05 09:32:08 UTC
Target Upstream Version:

Attachments (Terms of Use)
screen shot of the jenkins (deleted)
2017-11-22 12:34 UTC, Sudarshan Chaudhari
no flags Details
jenkins manage page (deleted)
2018-02-07 08:01 UTC, wewang
no flags Details
jenkins v3.7 web (deleted)
2018-02-07 08:29 UTC, wewang
no flags Details

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:0636 None None None 2018-04-05 09:32:45 UTC

Description Sudarshan Chaudhari 2017-11-22 12:34:53 UTC
Created attachment 1357449 [details]
screen shot of the jenkins

Description of problem: 
	Warning appears in the jenkins saying "New Version of jenkins (2.73.3) is available for download and jenkins 2.46.3 core and libraries" as shows in the attached screen shoot

Version-Release number of selected component (if applicable):
OCP 3.6 

How reproducible:


Steps to Reproduce:
1. create a new app using jenkins template as show in 
2. login in to jenkins and check activity.

Actual results:

     Jenkins 2.46.3 core and libraries:
     Multiple security vulnerabilities
     Multiple security vulnerabilities
     Pipeline: Input Step 2.7:
     Users with read access could interact with input step by default
     Script Security Plugin 1.29:
     Unsafe entries in default whitelist
     Multiple sandbox bypasses
     Subversion Plug-in 2.7.2:
     CSRF vulnerability and insufficient permission checks allow capturing          credentials
     Git plugin 3.3.0:
        CSRF vulnerability in Git plugin allows capturing credentials
     Pipeline: Build Step 2.1:
     Missing permission check allows building all jobs
     Pipeline: Groovy 2.30:
     Arbitrary code execution due to incomplete sandbox protection
Expected results:

    There should be no error
Additional info:

Comment 1 Ben Parees 2017-11-22 14:21:54 UTC
we ship new jenkins images w/ updated plugins and core jenkins versions on release boundaries. the 3.7 image will be delivered soon and move to LTS 2.73.

Comment 15 wewang 2018-02-07 07:56:01 UTC
Hi ben, 
I can reproduce the bug 
jenkins version: 3a9dee18d3af

1. Create jenkins apps with access registry jenkins image 
$ oc new-app --template=jenkins-ephemeral
2.Check the jenkins version in webconsole, pls see attachment

Comment 16 wewang 2018-02-07 08:01:50 UTC
Created attachment 1392491 [details]
jenkins manage page

Comment 18 wewang 2018-02-07 08:29:58 UTC
Created attachment 1392497 [details]
jenkins v3.7 web

Comment 19 wewang 2018-02-07 08:31:22 UTC
about 3.7 version                             v3.7                ae27a01507c6       

jenkins already is latest ,but had warning info see attachment 1392497 [details]

Comment 20 wewang 2018-02-07 08:32:19 UTC
sorry, jenkins is not using latest

Comment 21 wewang 2018-02-07 09:08:27 UTC
Let me clear my comments:>
1. v3.6 jenkins images from access and brew is not using latest version jenkins

2. v3.7 jenkins images from registry.access and brew is not using latest version jenkins

3. v3.9 jenkins image from brew  is using latest jenkins

4. latest jenkins image from brew is using latest jenkins

Comment 22 Ben Parees 2018-02-07 16:00:16 UTC
> v3.7 jenkins images from registry.access and brew is not using latest version jenkins

per my comment 4, the v3.7 image on registry.access is LTS 2.89, as expected.

docker run -it  rpm -qa | grep jenkins-2
jenkins-2.89.2-1.el7.noarch                              v3.7                ae27a01507c6        8 days ago          1.69 GB

Comment 23 Ben Parees 2018-02-07 16:02:00 UTC
the only meaningful issue I see here is that the ansible installer is not currently installing version-tagged jenkins imagestreams in 3.7 (the jenkins imagestream installed by v3.7 points to "latest" instead of "v3.7").

This issue is tracking that problem:

But the jenkins v3.7 image itself contains the correct jenkins version.

Comment 25 wewang 2018-02-08 03:28:35 UTC
Yes, v3.7 image on registry.access is LTS 2.89 
# docker run -it  rpm -qa | grep jenkins-2

so it's expected, verified it

Comment 29 errata-xmlrpc 2018-04-05 09:32:08 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

Note You need to log in before you can comment on or make changes to this bug.