Upgrade jenkins to latest LTS: 2.387.1
gaiksaya opened this issue · comments
Sayali Gaikawad commented
Is your feature request related to a problem? Please describe
We need to upgrade jenkins to latest version in order to resolve the existing CVEs as well as use new features and bug fixes.
https://www.jenkins.io/changelog-stable/
Describe the solution you'd like
We tried upgrading to 2.346.3 but it introduced a 9.8 score CVE. The CVE was resolved in later versions hence using latest makes more sense.
Below are the steps to upgrade:
- Upgrade docker image: Docker is the source of jenkins in this setup. Sample PR #260
- Upgrade Java: The new version upgrades java to either 11 or 17. Current one uses 8 hence need to bump java version in all agent nodes as well. (packer scripts)
- Bump jenkins core version in build.gradle: Associated repos https://github.com/opensearch-project/opensearch-build, https://github.com/opensearch-project/opensearch-build-libraries
- Add documentation on how to upgrade. Documentation should mention EBS backing up as well.
Describe alternatives you've considered
Use the same version
Additional context
No response
Peter Zhu commented
All packer agents need to be updated to have jdk11 as their main jdk.
https://github.com/opensearch-project/opensearch-ci/blob/main/packer/