What's new in Jenkins 2.455 Weekly
Apr 23, 2024
- Remove ASM dependencies from core.
New in Jenkins 2.440.3 (Apr 17, 2024)
- Security fix. (security advisory)
- Ensure threads in the Computer.threadPoolForRemoting executor service always have the Jenkins webapp ClassLoader set as the context ClassLoader to prevent random class loading issues when code is running in this ExecutorService. (issue 72796)
- Customization of agent log files did not work for inbound agents. (issue 72799)
- Update Spring Security to 5.8.11. Update Spring Framework to 5.3.33. (pull 9042, Spring Security 5.8.11 release notes, Spring Framework 5.3.33 release notes)
- Update bundled Trilead API Plugin to 2.84.86.vf9c960e9b_458. (Trilead API 2.84.86.vf9c960e9b_458 release notes)
- Update Apache Mina in the CLI from 2.11.0 to 2.12.1. (Mina 2.12.1 release notes)
- Upgrade bundled plugins. (pull 8914, pull 8961, pull 8988, pull 9018, pull 9036, pull 9091, pull 9098, pull 9103)
New in Jenkins 2.454 Weekly (Apr 16, 2024)
- Support symbols in the newJob page. (issue 72947)
- Create-item button is no longer disabled when a duplicate name is present. (issue 73007)
- Fix the appearance of badges. (pull 9155)
- After reconfiguring a static inbound agent in the GUI using fields such as WebSocket, deprecated in 2.440.x, the suggested launch instructions would incorrectly include tunnel (with no argument) even if that field had been left blank. (issue 73011)
- Fix the WorkspaceCleanupThread to consider workspaces with suffixes even if the original is nonexistent. Reduce the number of remoting calls made by WorkspaceCleanupThread. (issue 65829)
- If the variant plugin is installed at the same time as a plugin that has an OptionalExtension, these extensions would not be correctly discovered until the next scan for new Extensions. (issue 72998)
- Installed plugin view no longer jumps during first load. (issue 69588)
New in Jenkins 2.452 Weekly (Apr 2, 2024)
- Remove People view. Administrators can install the new People View plugin to restore this functionality. (People View plugin)
- Update Apache Mina in the CLI from 2.11.0 to 2.12.1. (pull 9089)
- Developer: Provide current administrative monitor as a context object when loading its description. (pull 9071)
New in Jenkins 2.450 Weekly (Mar 19, 2024)
- Add a computer icon legend and a new icon for agents that are not accepting tasks. (issue 69191)
- Add components for dropdown items. Refer to the new Design Library Dropdowns page for implementation details. (pull 8827)
New in Jenkins 2.449 Weekly (Mar 13, 2024)
- Support Session ID for External Job Monitor to avoid HTTP 503 response. (pull 8825)
- Allow recursive remote file copy even if local and remote nodes have incompatible character sets at binary level, e.g. ISO-8859-1 and CP-1047. (issue 72540)
- Add "copy to clipboard" button to the build console output. (pull 8960)
- Do not attempt to self-restart on operating systems where this is not supported. (issue 72833)
- Fix a crash when restarting Jenkins on macOS. (issue 65911)
- Update bundled Trilead API Plugin to 2.84.86.vf9c960e9b_458. (pull 9022)
- Ensure threads in the Computer.threadPoolForRemotingexecutor service always have the Jenkins webapp ClassLoader set as the context ClassLoader to prevent random class loading issues when code is running in this ExecutorService. (issue 72796)
- Add experimental APIs to control which agents are loaded and when. (pull 8979)
New in Jenkins 2.448 Weekly (Mar 5, 2024)
- NonPipeline builds interrupted by a controller restart will now be marked as aborted rather than failed. (pull 8986)
- Proxy configuration saved via the GUI always configured an authenticator even if the username was blank. (pull 8990)
- Restore functionality of some dropdown list form fields outside configuration forms (regression in 2.446). (issue 72759)
- Customization of agent log files did not work for inbound agents. (issue 72799)
- Setting a proper owner for Jenkins.clouds after Jenkins.load(). (pull 8976)
New in Jenkins 2.447 Weekly (Feb 27, 2024)
- Use the symbol for parameters in build history of pending jobs. (pull 8977)
- Do not show empty tooltips. (issue 71148)
- Developer: Update Stapler from 1822.v120278426e1c to 1839.ved17667b_a_eb_5 to no longer generate line JavaScript with Stapler bound objects to improve compatibility with ContentSecurityPolicy Plugin. (Stapler 1839.ved17667b_a_eb_5 Release Notes)
New in Jenkins 2.440.1 (Feb 22, 2024)
- Changes since 2.440:
- Important security fixes. (security advisory)
- Fix missing folder icons. (issue 72407)
- Update the bundled Matrix Project Plugin from 818.v7eb_e657db_924 to 822.824.v14451b_c0fd42. (issue 72603)
- Find selected radio option when validating instead of the last one used. (issue 72505)
- Notable changes since 2.426.3:
- Add an Appearance category to the setup wizard. (pull 8822)
- Add missing *_fr.properties in win32errors and hudson, lib, and Jenkins resources. Translate hudson/Messages.properties, hudson/model/Messages.properties, and jenkins/model/Messages.properties into French. (pull 8594, pull 8595, pull 8578, pull 8577)
- Update to various UI elements. Style widget panes to match Jenkins. Modernize icons, controls, and fonts. (pull 8802, pull 8780, pull 8761, pull 8689, pull 8740, pull 8693, pull 8705)
- Add telemetry for basic Java system properties describing the environment. (pull 8787)
- Turkish localization fixes for build, login, and user management pages. (pull 8631)
- Fix a minor memory leak in a Remoting log statement. Add forward proxy support for WebSocket. Support custom certificate options for WebSocket. (pull 8643)
- Remove build timeline widget from the build history pages of views, jobs, and agents. (issue 60866)
- More consistently report errors launching outbound agents. (pull 8675)
- Stop recommending JNLP URL in agent launch instructions. (pull 8639)
- Deprecate all configurable options in Launch agent by connecting it to the controller (inbound in JCasC), as these are only useful in conjunction with the deprecated jnlpUrl mode. (pull 8762)
- The jnlpUrl ${JENKINS_URL}/computer/${AGENT_NAME}/jenkinsagent.jnlp argument to the agent JAR has been deprecated. Use url ${JENKINS_URL} and name ${AGENT_NAME} instead, potentially also passing in webSocket, tunnel, and/or work directory options as needed. (pull 8773)
- Removed deprecated and unused class UserProperties. (pull 8679)
- Deactivate the administrative monitor when all previously offline agents are again online. (issue 72159)
- Prepare node monitors to work with configuration as code. (issue 64816)
- Rework node monitor configuration. (issue 72371)
- Allow configuration of disk thresholds globally and for each agent. Improve the warning when disk space is too low. Ensure agents are taken offline when disk space is low. (issue 72009)
- Fail fast when attempting to load a broken plugin that contains the Jenkins test harness in production. (pull 8714)
- Add packaging support for Unix domain sockets. (pull 442 (packaging))
- Accept all 2xx and 3xx status codes to validate proxy in HTTP Proxy Configuration. (issue 72343)
- Ensure uptime is independent of system clock. (issue 72157)
- Show monitoring data on agent page. (pull 8725)
- Use a notification and Jenkins modal for 'Apply' button failures. (pull 8394)
- BootFailure subclasses can now override the Jenkins startup failure page. (pull 8442)
- Reduce the window of time during which a crash may lead to an inconsistent state on Linux. (pull 8815)
- Restore printing output from println and similar methods for the groovy CLI command (regression in 2.427). (issue 72181)
- Refer to the correct option in the security configuration help text. (issue 72222)
- Restore security configuration help text and remove obsolete help text. (pull 8630)
- Some agent-related objects could be kept in memory after being disconnected and removed from the computer list. (pull 8640)
- Avoid incorrect styling when deleting the first of two shell steps in a job definition. (issue 72196)
- Prevent a deadlock that can occur when loading PermalinkProjectAction.Permalink. (pull 8736)
- Display strings consistently in the requested language when running Jenkins in a JVM with a non-english locale. (issue 72449)
- Fix nested job link in mobile view. (issue 72288)
- Do not show option to copy items when there are no items visible. (issue 72443)
- Display correct time zone in build history. (issue 71965)
- The tunnel property on an inbound agent was inadvertently broken for JCasC usage in 2.437. It remains deprecated and usages should be deleted (regression in 2.437). (pull 8793)
- Fix SimpleScheduledRetentionStrategy on inbound agents. Allow suspended inbound agents to again accept tasks when they are reconnected and the configured scheduling policy is enabled. (issue 72370)
- Remove code that may have caused an agent-side hang under a rare race condition. (Remoting PR 713)
- Reduce the likelihood of thread creation errors on agents. (Remoting PR 717)
New in Jenkins 2.446 Weekly (Feb 20, 2024)
- Modernize progress bar UI in various locations.
- Add ability for custom update centers to override the suggested plugin list.
- Enable readonly mode for dropdown menus when using the Extended Read Permission plugin.
- Restore progress animation in build history and build time trend views (regression in 2.434).
- Admin monitor does not animate on page load (regression in 2.445).
New in Jenkins 2.444 Weekly (Feb 6, 2024)
- Prevent authenticated access to Resource Root URL. (issue 72636)
- Improve locale parsing for loading of localised help files. (issue 72627)
- Support noCertificateCheck with webSocket on the CLI. (issue 72532)
- Show error message in progressive logs on 4xx status codes. (issue 72509)
- Avoid stacktrace from artifactarchiver when no artifacts are found. (issue 71700)
- Upgrade Winstone to 6.18 in order to update Jetty from 10.0.18 to 10.0.20. (Winstone 6.15 changelog, Winstone 6.16 changelog, Winstone 6.17 changelog, Winstone 6.18 changelog, Jetty 10.0.18 changelog, Jetty 10.0.19 changelog, Jetty 10.0.20 changelog)
- Developer: Unrestricted FilePath.isDescendant (pull 8913)
- Introduce an API to be used by the Folders plugin to fix some corner cases involving branch project reloading. (issue 72613)
New in Jenkins 2.443 Weekly (Jan 31, 2024)
- Find selected radio option when validating instead of the last one. (issue 72505)
- Fix missing folder icons. (issue 72407)
- A security fix in 2.394 caused a substantial slowdown in displaying build artifacts when using remote artifact managers such as in S3. (pull 8874)
- Adjust heap dump file name for compatibility with OpenJDK file suffix requirements. (issue 72579)
- Update the bundled Matrix Project Plugin from 818.v7eb_e657db_924 to 822.824.v14451b_c0fd42. (issue 72603)
New in Jenkins 2.426.3 (Jan 25, 2024)
- Important security fixes. (security advisory)
- Avoid repeated tool downloads from misconfigured HTTP servers. (issue 72469)
- Fix redirect when renaming a cloud. (issue 71737)
New in Jenkins 2.442 Weekly (Jan 24, 2024)
- Important security fixes. (security advisory)
New in Jenkins 2.441 Weekly (Jan 16, 2024)
- Remove unused material icons.
- Fix build button rendering for Dashboard View plugin.
- Change focus in the new item page only if from has a valid job name.
New in Jenkins 2.440 Weekly (Jan 10, 2024)
- Add an Appearance category to the setup wizard. (pull 8822)
- BootFailure subclasses can now override the Jenkins startup failure page. (pull 8442)
- Reduce the window of time during which a crash may lead to an inconsistent state on Linux. (pull 8815)
- Update the appearance of controls in header. (pull 8791)
- Allow icon size to be changed in the node overview table. (pull 8802)
New in Jenkins 2.438 Weekly (Dec 26, 2023)
- Update the appearance of the stop button. (pull 8780)
- Use a notification and Jenkins modal for 'Apply' button failures. (pull 8394)
- Display correct time zone in build history. (issue 71965)
- The tunnel property on an inbound agent was inadvertently broken for JCasC usage in 2.437. It remains deprecated and usages should be deleted (regression in 2.437). (pull 8793)
New in Jenkins 2.437 Weekly (Dec 19, 2023)
- Add telemetry for basic Java system properties describing the environment.
- Restyle widget panes.
- Rework node monitor configuration.
- Ensure uptime is independent of system clock.
- Show monitoring data on agent page.
- Deprecate all configurable options in **Launch agent by connecting it to the controller** (inbound in JCasC), as these are only useful in conjunction with the deprecated jnlpUrl mode.
- The jnlpUrl ${JENKINS_URL}/computer/${AGENT_NAME}/jenkinsagent.jnlp argument to the agent JAR has been deprecated. Use url ${JENKINS_URL} and name ${AGENT_NAME} instead, potentially also passing in webSocket, tunnel, and/or work directory options as needed.
- Display strings consistently in the requested language when running Jenkins in a JVM with a non-english locale.
- Fix nested job link in mobile view.
- Do not show option to copy items when there are no items visible.
- Developer: Allow replacing onclick attributes containing inline JS on l:task with datacallback.
- Allow users to make side panel sticky.
New in Jenkins 2.436 Weekly (Dec 12, 2023)
- Prevent a deadlock that can occur when loading PermalinkProjectAction.Permalink. (pull 8736)
New in Jenkins 2.434 Weekly (Nov 28, 2023)
- Deactivate the administrative monitor when all previously offline agents are again online. (issue 72159)
- Prepare node monitors to work with configuration as code. (issue 64816)
- Introduce an API for build visualization plugins to serve alternative build console views and an API for plugins to produce links to the build console. (issue 71715)
New in Jenkins 2.433 Weekly (Nov 21, 2023)
- Deactivate the administrative monitor when all previously offline agents are again online. (issue 72159)
- Prepare node monitors to work with configuration as code. (issue 64816)
- Introduce an API for build visualization plugins to serve alternative build console views and an API for plugins to produce links to the build console. (issue 71715)
New in Jenkins 2.426.1 (Nov 15, 2023)
- Short container image tags (without "jdk" in them) such as jenkins/jenkins:2.426.1 are now using Java 17. If you need to continue using Java 11, use tags like jenkins/jenkins:2.426.1-jdk11. The Windows container images of this release switch from a windowsservercore-1809 Temurin base image to a windowsservercore-ltsc2019 Microsoft base image. Note also that a proper set of tags is now published for these Windows images and they include "ltsc2019" instead of only "2019".
- Show form validation results for form elements that are initially hidden. Remove previous form validation errors when the form validation is updated with new content.
- Fix multibranch Pipeline Add source and other uses that mix inputs and buttons
- Add sleep call when -noReconnect is not specified for Kubernetes agents.
- Add proxy support for Remoting.
- Fix agent allocation due to label issue detected by vSphere Cloud plugin.
- Fix drag and drop handle for existing repeatables.
- Add telemetry for Jenkins uptime
- Upgrade Winstone from 6.12 to 6.14. This includes the upgrade of Jetty from 10.0.15 to 10.0.17. The Jetty upgrade includes fixes for several CVEs. (Winstone 6.13 changelog, Winstone 6.14 changelog, Jetty 10.0.16 changelog, Jetty 10.0.17 changelog.
- Show the description of boolean build parameter values on the Parameters view.
- Allow clouds to be reordered. This was previously possible, but disappeared when the cloud management was moved to a separate page.
- Update SnakeYAML plugin to 2.2 to silence security scanners.
New in Jenkins 2.432 Weekly (Nov 14, 2023)
- Stop recommending JNLP URL in agent launch instructions. (pull 8639)
- Removed deprecated and unused class UserProperties. (pull 8679)
- Some agent-related objects could be kept in memory after being disconnected and removed from the computer list. (pull 8640)
New in Jenkins 2.431 Weekly (Nov 7, 2023)
- Remove build timeline widget from the build history pages of views, jobs, and agents. (issue 60866)
- More consistently report errors launching outbound agents. (pull 8675)
- Warn users at 12 months prior to end of Java support and again at 3 months prior to end of Java support. (issue 72252)
- Add support for Unix Domain Sockets. Upgrade Jetty from 10.0.17 to 10.0.18. (issue 72266)
New in Jenkins 2.430 Weekly (Nov 1, 2023)
- Fix drag and drop handles for existing repeatables (regression in 2.335). (issue 72189)
- Refer to the correct option in the security configuration help text. (issue 72222)
- Restore security configuration help text and remove obsolete help text. (pull 8630)
- Turkish localization fixes for build, login, and user management pages. (pull 8651, pull 8631)
- Fix a minor memory leak in a Remoting log statement. Add forward proxy support for WebSocket. Support custom certificate options for WebSocket. (pull 8643)
New in Jenkins 2.414.3 (Oct 18, 2023)
- Important security fix. (security advisory)
- Use Java 17 as the default Java version in container images that do not specify a Java version in the container label. (Docker pull request 1724)
- Update commons-compress from 1.23.0 to 1.24.0. (Apache Commons Compress 1.24.0 Release Notes)
- Do not create a large number of threads when making numerous HTTP requests. (issue 72016)
- Reduce high memory usage from XStream2.AssociatedConverterImpl (regression in 2.405). (issue 72076)
- Add telemetry collecting basic information about the security configuration. (issue 71996)
- Upgrade Winstone from 6.12 to 6.14. This includes the upgrade of Jetty from 10.0.15 to 10.0.17. The Jetty upgrade includes fixes for several CVEs. (Winstone 6.13 changelog, Winstone 6.14 changelog, Jetty 10.0.16 changelog, Jetty 10.0.17 changelog, CVE-2023-44487)
- Restore context menus of model links in build history views and administrative monitors (regression in 2.402). (issue 71890)
New in Jenkins 2.427 Weekly (Oct 10, 2023)
- Fix agent allocation due to label issue detected by vSphere Cloud plugin (regression in 2.421). (issue 71937)
- Show form validation results for form elements that are initially hidden. (regression in 2.355). (issue 71252)
- Remove previous form validation errors when the form validation is updated with new content. (regression in 2.355). (issue 71252)
- Disable anonymous usage statistics when run in FIPS mode. (pull 8483, JEP-237)
- Developer: HudsonPrivateSecurityRealm objects are now serializable. (issue 72114)
- Developer: Add extension point to notify about in-process scripting events. (issue 41516)
- Developer: Optionally support a FIPS140 compliant algorithm in the Jenkins' own user database. (issue 71971, pull 8393, JEP-237)
New in Jenkins 2.426 Weekly (Oct 3, 2023)
- Remove outdated Prototype.js library. (issue 70906, pull 7781, blog post)
- Use Java 17 as the default Java version in container images that do not specify a Java version in the container label. (Docker pull request 1724)
- Automate the display of an administrative monitor when approaching Java end of life (EOL) dates. (pull 8526)
- Optimized project deletion. (pull 8528)
- Stop shipping net.sf.kxml:kxml2 because Jenkins no longer depends on it. (pull 8503)
- Reduce high memory usage from XStream2.AssociatedConverterImpl (regression in 2.405). (issue 72067)
- Developer: Added setters for View#filterExecutor and View#filterQueue. Fix missing help sections for view filter executor and queue fields. (pull 8511)
- Developer: introduce FIPS property for JEP-237 (Jenkins Enhancement Proposal 237)
New in Jenkins 2.424 Weekly (Sep 20, 2023)
- Important security fixes.
New in Jenkins 2.414.2 (Sep 20, 2023)
- Important security fixes. (security advisory)
- Add allow-same-origin to the sandbox Content-Security-Policy directive of workspace and artifact browsers if the Resource Root URL feature is not used. Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests. (issue 71366)
- The plain text console log will still be printed even if some console annotations are corrupt. (issue 61452)
- New login page breaks login-theme-plugin (regression in 2.404). (issue 71238)
- Fix invalid CSS which caused some buttons to become invisible on hover (regression in 2.402). (issue 71238)
New in Jenkins 2.423 Weekly (Sep 12, 2023)
- Move node monitoring option to app bar. (pull 8381)
- Symbols display in breadcrumbs now. (issue 71983)
- Developer: make branding an extension via SimplePageDecorator. (pull 8462)
New in Jenkins 2.422 Weekly (Sep 5, 2023)
- Prevent incorrect readResolve implementations from breaking agent label parsing. (pull 8448)
- Update several buttons and menus to replace YahooUI in more locations. (pull 8418)
- List plugins in deterministic order to improve diagnosability of plugin linkage errors. (issue 71950)
- Add telemetry collecting basic information about the security configuration. (pull 8440)
- Update Turkish localization for the new job page. (pull 8446)
- Upgrade to Winstone 6.13 to include Jetty 10.0.16. (Winstone 6.13 release notes, Jetty 10.0.16 changelog)
- Developer: Initialize default view slightly earlier in the initialization process. (pull 8413)
New in Jenkins 2.414.1 (Sep 4, 2023)
- Important security fix. (2023-07-26 security advisory)
- Add allow-same-origin to the sandbox Content-Security-Policy directive of workspace and artifact browsers if the Resource Root URL feature is not used. Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests. (issue 71366)
- Update Debian images to version 12.0 (bookworm). (Docker pull request 1687)
- Add last build status to job page. (pull 8129)
- Remove rebuilder plugin from the setup wizard plugin selection. (issue 71630)
- Only disable the plugin manager "install" button if no plugins are selected (regression in 2.414). (issue 71698)
New in Jenkins 2.421 Weekly (Aug 29, 2023)
- Add a nicer 404 error page. (issue 71087)
- Add appearance system configuration page. (pull 8403)
- Optimize performance of label parsing. (pull 8395)
- Fix invalid CSS which caused some buttons to become invisible on hover. (issue 71479)
- Message no longer appears twice when the agentLog option is used. (issue 38520)
New in Jenkins 2.420 Weekly (Aug 23, 2023)
- Move plugins page title into sidebar so that plugins app bar is at the top of the page. (pull 8376)
- Remove eval call in hudsonbehavior.js. (issue 71514)
- Update Turkish localizations for the job configuration page. (pull 8368)
- Refresh link design. (pull 8375)
- Display a notice when plugin updates are available or when there are no plugins installed. (pull 8208)
- Update the design of the content blocks. (pull 8363)
- Remove the unnecessary hashelp class additions from hudsonbehaviour.js. (pull 8355)
- Hide administrative monitors icons/popup in the header of Manage Jenkins, as they're shown directly on the page. (issue 71848)
- The plain text console log will still be printed even if some console annotations are corrupt. (issue 61452)
- Fix link to job in the message informing administrators of trigger computations that run for an unusually long time. (issue 71833)
- Deprecate findAncestor and findAncestorClass in hudsonbehaviour.js. (pull 8357)
New in Jenkins 2.418 Weekly (Aug 8, 2023)
- New login page breaks login theme plugin. (issue 71238)
- Fix "Manage Jenkins" context menu (regression in 2.415). (issue 71744)
- Fix mistranslation of Japanese message in mailing list reference. (pull 8324)
New in Jenkins 2.417 Weekly (Aug 1, 2023)
- Small optimization in computer list.
- Remove the treeview option for artifactList.
- Remove a workaround that was only necessary for OpenJDK 11.0.16 and earlier.
- Use new jenkins-button styling for 'expandableTextbox' button.
- Log agent usage by job.
- Make tab panes accessible via keyboard.
- Add allow-same-origin to the sandbox ContentSecurityPolicy directive of workspace and artifact browsers if the Resource Root URL feature is not used. Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests.
- Add the X-Content-Type-Options HTTP header to the response from the agent listener. Silence security scanners that incorrectly report an issue when the HTTP header is missing.
- Only disable the plugin manager "install" button if no plugins are selected (regression in 2.414).
New in Jenkins 2.401.3 (Jul 26, 2023)
- Important security fix. (security advisory)
- Remove incorrect text from JENKINS_HOME help. (pull 8161)
New in Jenkins 2.415 Weekly (Jul 18, 2023)
- Replace browser confirm with modal dialogs in many places. (issue 71438)
- Add last build status to job page. (pull 8129)
- Remove the rebuild plugin from the setup wizard plugin selection. (pull 8258)
- Estimate project duration accurately in more cases (regression in 2.407). (pull 8233)
- Developer: API for alert, confirm, prompt, modal and form dialogs (issue 71438)
- Remove long deprecated hudson.util.IOUtils#DIR_SEPARATOR, hudson.util.IOUtils#DIR_SEPARATOR_WINDOWS, hudson.util.IOUtils#DIR_SEPARATOR_UNIX, hudson.util.IOUtils#LINE_SEPARATOR, hudson.util.IOUtils#LINE_SEPARATOR_WINDOWS, and hudson.util.IOUtils#LINE_SEPARATOR_UNIX which are available from org.apache.commons.io.IOUtils. (pull 7641)
New in Jenkins 2.414 Weekly (Jul 11, 2023)
- Allow cancelling the quiet down mode of a safe restart with an optional custom message for safe restarts (with new default message). Use a less dangerous color for the safeRestart banner. Allow setting the full prepareShutdown message instead of only the reason. Show a hint on the "Jenkins Unavailable" page about safe restarts. (issue 70059)
- Move the 'Update' and 'Install' buttons to the app bar. (pull 8025)
- Improve CSP compatibility by uninlining javascript code. (issue 71034)
- Make the style of the legacy API token revoke button consistent with other buttons. (pull 8210)
New in Jenkins 2.413 Weekly (Jul 4, 2023)
- Update appearance of buttons for password and secretTextarea matching 'jenkinsbutton's. (pull 8179)
- Display a notice in the log manager page when no logs are available. (pull 8186)
- Restore missing build history for external jobs (regression in 2.409). (issue 71553)
New in Jenkins 2.401.2 (Jun 28, 2023)
- Warn administrators when their Linux operating system is approaching end of life. (pull 7913, pull 8082, issue 71428, End of life operating systems)
New in Jenkins 2.412 Weekly (Jun 27, 2023)
- Improve CSP compatibility. (issue 71042)
- Add or update MIME types for JavaScript files, JavaScript module files, AV1 Image File (AVIF) files, Web Open Font Format (WOFF) files, and WebAssembly files. (pull 8173)
- Improve CSP compatibility by removing inline JS event handlers. (issue 71040)
- Use CSS variables for logger colours. (pull 8164)
New in Jenkins 2.411 Weekly (Jun 20, 2023)
- Update the Log Recorders interface. (pull 8087)
- Add Japanese translation of Apply. (pull 8140)
- Switch the doublelaunch checker to a regular administrative monitor. (pull 8127)
- Remove animations on login page causing high CPU usage in some cases. (issue 71246)
New in Jenkins 2.410 Weekly (Jun 13, 2023)
- Improve sign in/register screens appearance on mobile.
- Allow user deletion from the trash can icon (regression in 2.405).
- Fix a bug when searching for matching form elements
- Developer: plugins can now contribute widgets for Computer, ComputerSet, View, Job.
New in Jenkins 2.409 Weekly (Jun 7, 2023)
- Use jenkinsbutton for repeatable buttons. (pull 7717)
- Do not show Fedora 38 as an end of life operating system before actual end of life in 2024. (issue 71394)
- Hide the arrow next to the restart checkbox if the environment doesn't support it. (pull 8076)
- Use correct update center proxy configuration hyperlink in error messages. (issue 71244)
- Add support for jakarta.inject annotations. (pull 8065)
New in Jenkins 2.401.1 (May 31, 2023)
- Fix the writing of emojis to XML (regression in 2.403). (issue 71182)
- Do not write NUL values to XML files. A technically illegal #x0 (NUL) could be written to Jenkins XML files but could no longer be read. Now the write will fail as well (regression in 2.398). (issue 71139)
- Remove "undefined" trailing text from system dropdown menu. (issue 71345)
- Fix the warning icon in the workspaces temporary directory message. (issue 71160)
- Show full width filter field for builds on pages less than 970 pixels wide. (issue 71115)
New in Jenkins 2.407 Weekly (May 30, 2023)
- Warn administrators when their Linux operating system is approaching end of life. (pull 7913)
- Announce early end of life for Red Hat Enterprise Linux 7 and its derivatives (like CentOS Linux 7, Scientific Linux 7, and Oracle Linux 7). (pull 7913)
- Minor footer appearance tweaks. (pull 7989)
- Reduce the circumstances under which recent old builds will be loaded when starting new builds. (pull 7998)
- Developer: Make Cloud#reconfigure method public. (pull 8053)
New in Jenkins 2.405 Weekly (May 16, 2023)
- Adjust form label padding. (pull 7962)
- Use dialogs to delete computers, views, clouds, users and logrecorders. (issue 13545)
- Improve class loading behavior looking up special formatters for XML configuration files. (pull 7976)
- Upgrade from Guice 5 to 6. (pull 7990, Guice 6.0.0 release notes)
- Restore support for ECharts API plugin (regression in 2.404). (issue 71236)
- Make "Skip to content" link visible through keyboard navigation. (pull 7956)
- Fix support of clouds without a config.jelly file. (pull 7972)
- Developer: Queue items elements are now formalized using jenkins.model.queue.QueueItem. (pull 7926)
New in Jenkins 2.387.3 (May 3, 2023)
- Restore New Node button in computer overview for users with node creation permission. (issue 70820)
- Fix Delete Build button text overflow. (issue 70809)
- Hide Restart Jenkins checkbox in the update center if the controller doesn't support it. (issue 69489)
- Support emojis in Job DSL scripts. (issue 69489)
New in Jenkins 2.403 Weekly (May 2, 2023)
- Remove support for WebSocket agents when running inside Jetty 9. (pull 7101)
- Align source code text and line numbers in views that render source code with the Prism plugin. (issue 70805)
- Rework clouds management into multiple pages to better scale to a large numbers of clouds. Users of EC2 Plugin should update it to version 2.0.7 or newer for compatibility. (issue 70729)
- Show full width filter field for builds on pages less than 970 pixels wide. (issue 71115)
- Do not write NUL values to XML files. A technically illegal #x0 (NUL) could be written to Jenkins XML files but could no longer be read. Now the write will fail as well (regression in 2.398). (issue 71139)
- Fix the warning icon in the workspaces temporary directory message. (issue 71160)
- Do not display a list of page sections on the System page breadcrumb. (issue 71152)
- Add padding to the right side of the full width side panel. (issue 70115)
- Developer: The experimental projectViewNested view has been removed without replacement. (issue 70927)
New in Jenkins 2.402 Weekly (Apr 25, 2023)
- Update appearance and framework for link dropdown menus. (pull 7474)
- Remove duplicate section headers from the Tools page. Remove border at the top of the Tools page for consistency with other pages. (pull 7716)
- Hide the filter field when there's no build in Build History Widget. (issue 70220)
- Restore conditional rendering of headers in some pages and remove non-functional drag handle from some headers (regression in 2.335). (issue 71089)
- Upgrade Winstone from 6.10 to 6.11. This includes the upgrade of Jetty from 10.0.13 to 10.0.15. (Winstone 6.11 release notes, Jetty 10.0.14 changelog, Jetty 10.0.15 changelog)
New in Jenkins 2.401 Weekly (Apr 18, 2023)
- Add updates count badge to Updates sidebar item.
- Simplify loading of JavaScript and CSS. Users of OWASP DependencyTrack must upgrade to 4.3.1 or later, and users of ServiceNow CI/CD must upgrade to 2.1 or later.
- Properly iterate over class names in heterogeneous lists .
- Upgrade Spring Framework from 5.3.26 to 5.3.27.
New in Jenkins 2.400 Weekly (Apr 11, 2023)
- Fix radio buttons in repeated blocks in configuration forms (regression in 2.391). (issue 70988)
- Fix null pointer exception on the "Manage Jenkins" page when HTTP/2 is enabled. (issue 70630)
New in Jenkins 2.387.2 (Apr 5, 2023)
- Adjust WebSocket idle timeout to 60 seconds by default, to avoid "WebSocketTimeoutException: Connection Idle Timeout" issues. (issue 69955)
- Restore the redirect destination of the pluginManager/installNecessaryPlugins API endpoint. (issue 70599)
- Update bundled plugins to include fixes announced in 2023-01-24 and 2023-02-15 Jenkins security advisories. (Jenkins Security Advisory 2023-01-24, Jenkins Security Advisory 2023-02-15)
New in Jenkins 2.399 Weekly (Apr 5, 2023)
- Sign war file and Windows installer with new code signing certificate.
New in Jenkins 2.397 Weekly (Mar 28, 2023)
- Add missing Turkish translations for plugins management page. (pull 7767)
- Add missing Turkish translations for tools management page. (pull 7762)
- Don't remove id inside symbol. (issue 70730)
- Fix "delete build" button text overflow. (issue 70809)
- Bump spring-framework-bom from 5.3.25 to 5.3.26. (Spring framework BOM 5.3.26 release notes, pull 7760)
New in Jenkins 2.396 Weekly (Mar 21, 2023)
- Revamp icon legend as a modal. (pull 7718)
- Remove the expandbutton component as it's no longer used. (pull 7732)
- Refresh the design of the About Jenkins page. (pull 7712)
- Hide Restart Jenkins checkbox in the update center if the controller doesn't support it. (issue 69489)
- Restore New Node button in computer overview for users with node creation permission. (issue 70820)
- Suppress some noisy stack traces from ProcessTree. (pull 7681)
- Avoid a ClassCastException from TokenBasedRememberMeServices2 (not known to occur in realistic environments). (pull 7724)
- SlaveRestarter implementations are now only installed on static agents. Use Djenkins.slaves.restarter.JnlpSlaveRestarterInstaller.forceInstall=true to fall back to the previous behaviour in case of any issue. (pull 7693)
New in Jenkins 2.395 Weekly (Mar 14, 2023)
- Introduce user experimental flags. (issue 69853)
- The stopbuilds command did nothing if the last build of the job was already finished, even while earlier builds were running. (pull 7679)
- Add copy button to Jenkins home directory. (pull 7678)
- Simplify the names of the settings in Manage Jenkins. (pull 7661)
- Adjust websocket idle timeout to 60s seconds by default to avoid "WebSocketTimeoutException: Connection Idle Timeout" issues. Idle timeout is configurable via jenkins.websocket.idleTimeout=. (issue 69955)
New in Jenkins 2.394 Weekly (Mar 9, 2023)
- Limit the maximum number of search results.
New in Jenkins 2.393 Weekly (Feb 28, 2023)
- Disable unwanted browser form validation. (issue 70662)
- Restore installNecessaryPlugins redirect destination. (issue 70599)
- Warn user that copy button requires HTTPS. (issue 21052)
New in Jenkins 2.392 Weekly (Feb 21, 2023)
- Add a copy button for the code snippets that start agents. (pull 7625)
- Update bundled plugins to include fixes announced in 20230124 and 20230215 Jenkins security advisories. (pull 7651, 2023-01-24 security advisory, 2023-02-15 security advisory)
- Developer: Ensure required Jelly arguments are correctly labeled as required. (pull 7644)
New in Jenkins 2.391 Weekly (Feb 14, 2023)
- The default connection mode for the Java CLI client is now webSocket. You can specify http to continue to use the former default (for example because you are running Jenkins in a servlet container other than the recommended builtin Jetty, or because you are running an unusual reverse proxy which does not support WebSocket). You can also continue to specify ssh to use SSH transport (for example because you prefer to authenticate with a private key rather than an API token), or use a native SSH client. (pull 7605)
- Correct responsive behavior on resize of the 'About Jenkins' page. (issue 70191)
- Fix the behaviour of filtering in Build History Widget. (issue 70438)
- Fix behaviour of booleanRadio in a repeatable section. (issue 70139)
- Fix computer links navigation consistency. (pull 7608)
- Upgrade bundled Winstone from 6.7 to 6.10. Add the excludeProtocols option. Improve logging during shutdown. (pull 7632, Winstone 6.10 changelog, Winstone 6.9 changelog, Winstone 6.8 changelog)
New in Jenkins 2.375.3 (Feb 8, 2023)
- Resolve implied dependencies on WMI Windows Agent plugin. (issue 70301)
- Prevent Angry Jenkins when checking a non http(s) based update center URL. (issue 70240)
- Remove negative letter-spacing to improve legibility in some languages and fonts (regression in 2.340 + 2.350). (issue 70209)
- Restore link to last breadcrumb in Console view. (issue 70169)
New in Jenkins 2.390 Weekly (Feb 7, 2023)
- Running pipeline build logs can now be displayed across controller restarts without reloading in some environments. (pull 7614)
- Update bundled Apache Mina SSHD API plugins from 2.9.1-44.v476733c11f82 to 2.9.2-50.va_0e1f42659a_a. Include fix for unsafe deserialization in SimpleGeneratorHostKeyProvider. (pull 7623, issue 70554, CVE-2022-45047)
- Do not submit empty telemetry data if an error occurred during data collection. (issue 70533)
- Allow WebSocket agent connections to time out after 5m if a write never succeeds. (issue 70531)
New in Jenkins 2.389 Weekly (Jan 31, 2023)
- Move set node temporarily offline/online buttons to appbar. (issue 70394)
- Encode cloud name in Cloud#getUrl. (pull 7573)
- Developer: Agent log location honors system property hudson.triggers.SafeTimerTask.logsTargetDir. (pull 7595)
- Developer: Introduced an API SubTask.getOwnerExecutable to be implemented in Pipeline. (pull 7599)
New in Jenkins 2.388 Weekly (Jan 24, 2023)
- Fix the TcpSlaveAgentListenerRescheduler functionality. TcpSlaveAgentListener is automatically restarted on failure. (issue 70334)
- Upgrade Spring Framework from 5.3.24 to 5.3.25. Spring Framework 5.3.25 includes 18 fixes and documentation improvements. (Spring Framework 5.3.25 release notes)
New in Jenkins 2.375.2 (Jan 11, 2023)
- Add telemetry related to distributed builds. (issue 70199)
- Wait for 10 seconds before attempting to reconnect a WebSocket agent, regardless of whether or not the controller is responding. (Slow down websocket re-connect)
- Memory leak when repeatedly connecting WebSocket agents. (issue 70103)
- Updated bundled Script Security plugin from 1189.vb_a_b_7c8fd5fde to 1190.v65867a_a_47126. Updated JUnit plugin from 1156.vcf492e95a_a_b_0 to 1160.vf1f01a_a_ea_b_7f. (Jenkins Security Advisory 2022-11-15)
- Fix console-view bouncing when new entries appear. (issue 69587)
New in Jenkins 2.386 Weekly (Jan 10, 2023)
- Do not report implied dependencies for WMI Windows Agents plugin. (issue 70301)
- Developer: f:file now uses the morph tag library, all unknown attributes will be copied to the element. (pull 7562)
New in Jenkins 2.385 Weekly (Jan 3, 2023)
- Allow HTML syntax for node descriptions.
- Hide values in tables showing potentially sensitive system properties and environment variables by default.
- Add support for badge icons in Management links.
- Add tabs to System Information page.
- Add missing breadcrumb items for agents.
- Restyle file uploads to match modern forms UI.
- Add missing breadcrumb items in logging views.
- Add missing breadcrumb items in builds.
- Add missing breadcrumb items for agents.
- Add missing breadcrumb items in Views.
- Add missing breadcrumb items in abstract classes.
- Add missing breadcrumb items in User page.
- Add missing breadcrumb items in system information page.
- Update the design of the 'Advanced' button.
- Upgrade XStream from 1.4.19 to 1.4.20. This maintenance release addresses two security vulnerabilities that can cause a denial of service by raising a stack overflow in affected applications. It also provides new converters for Optional and Atomic types.
- Revert "Label 'Dismiss' buttons red." that was introduced in 2.378.
- Do not prompt the user that changes may not have been saved after apply has been clicked.
- Remove negative letter spacing to improve legibility in some languages and fonts.
- Align table headers with columns.
New in Jenkins 2.384 Weekly (Dec 27, 2022)
- Align Build Executor Status collapsed content with build queue design pattern.
- Remove support for log rotation via SIGALRM.
- Restore link to last breadcrumb.
New in Jenkins 2.382 Weekly (Dec 13, 2022)
- Upgrade Guice from 5.0.1 to 5.1.0. Guice 5.1.0 contains eight fixes and improvements. (Guice 5.1.0 Upgrade Guide)
- Add telemetry related to distributed builds. (issue 70199)
- Fix the update of disabled plugins. (issue 69183)
- Provide native Java 11 HTTP client versions of FormValidation#URLCheck methods. (pull 7508)
New in Jenkins 2.381 Weekly (Dec 6, 2022)
- Improve tooltip performance. (issue 70178)
New in Jenkins 2.375.1 (Nov 30, 2022)
- Changes since 2.375:
- Prevent potential deadlocks on websocket agents. (issue 69890)
- Fix Gravatar error on profile page (regression in 2.335). (issue 70023)
- Add telemetry for activation of permissions that are not enabled by default. (issue 70044)
- Notable changes since 2.361.4:
- Update to various UI elements. Modernize icons, navigation, and buttons. (issue 65124, pull 6728, pull 6924, pull 6956, pull 6907, pull 7052, pull 7098, pull 7074, pull 7185, pull 6886, issue 69032, pull 7183, pull 7182, pull 7217, pull 7216, pull 7205, issue 69714, pull 7197)
- Improve breadcrumb bar accessibility. (pull 6912)
- Update the design of notifications. (pull 7049)
- Update the weather and status icons. (issue 65124)
- Prevent a stack overflow when loading a queue (regression in 2.361). (issue 69850)
- Winstone 6.4: Upgrade Jetty from 10.0.11 to 10.0.12. Remove support for OpenSSL-style PEM-encoded RSA private keys when running Jenkins with the embedded Jetty (Winstone) container and TLS. The flags --httpsPrivateKey and --httpsCertificate have been removed. Support HTTP/2 without the use of a custom --extraLibFolder option. (pull 7117, issue 69624, Winstone 6.0 changelog, Winstone 6.1 changelog, Winstone 6.2 changelog, Winstone 6.3 changelog, Winstone 6.4 changelog, Jetty 10 and 11 blog post, Jetty 10.0.12 changelog, Documentation, Remove ability to load pem cert for winstone)
- Add sidebar to plugin manager, increase search bar size. (pull 6783)
- Add support for Apple's touch bar icons. (pull 6768)
- Removed: The signed jenkins-parent-${JENKINS_VERSION}-src.zip source archives have been removed from Artifactory for future releases. Users who wish to download source archives for offline consumption are encouraged to do so via GitHub. (pull 7061, Artifactory, GitHub source code download)
- Display email form validation errors near the data entry field in the setup form. (issue 68952)
- Show recommended actions (e.g., to update affected plugins) in security warnings popup. (pull 7046)
- Clarify safe restart won't wait for Pipeline jobs. (pull 7091)
- Allow form checker to check more than one thing at a time. (pull 6951)
- Add documentation for the --paramsFromStdIn and --version command-line options. (pull 7246)
- Fix sorting of British currency in tables. (pull 7250)
- Improve build progress animation when refreshing parts of the history/executors widget. (issue 68627)
- Fix the resize behavior of Execute Shell build steps. (issue 69320)
- Fix searchBar is null issue in setup wizard and when using custom Jenkins headers. (issue 69250)
- Ensure that temporary network partitions do not cancel the WebSocket ping thread (regression in 2.363). (pull 7195)
New in Jenkins 2.380 Weekly (Nov 29, 2022)
- Update appearance and framework for tooltips. (pull 6408)
- Upgrade Spring Security from 5.7.5 to 5.8.0. Spring Security 5.8.0 includes 71 fixes and improvements. (Spring Security 5.8.0)
- Delete .disabled files when uninstalling a plugin. (issue 68194)
- Developer: better error logging for unexpected problems in Computer.threadPoolForRemoting. (pull 7284)
New in Jenkins 2.361.4 (Nov 14, 2022)
- Prevent a stack overflow when loading a queue (regression in 2.361). (issue 69850)
New in Jenkins 2.361.3 (Nov 2, 2022)
- Fix a race condition that causes file descriptor leaks when cloud agents are created (regression in 2.294). (issue 69534)
- Model link chevron is not in center in user build cause on console log. (issue 69257)
- Table columns get wider or smaller depending on the sort selection. (issue 67864)
New in Jenkins 2.376 Weekly (Nov 2, 2022)
- Avoid unnecessary configuration save when reloading configuration from disk. (pull 7305)
- Update ANTLR2 grammars and code to ANTLR4. (issue 68652)
- Update submit buttons to use .jenkins-button classes. (pull 7203)
- Use inbound as the preferred symbol rather than jnlp for inbound agents in JCasC. (pull 7171)
- Prevent deadlock on WebSocket agents. (pull 7309)
New in Jenkins 2.374 Weekly (Oct 18, 2022)
- Developer: Add support for the app-bar component in the sidepanel.
- Clarify safe restart won't wait for Pipeline jobs.
- Allow Formchecker to check more than one thing at a time
- Replace the old Jenkins table layout in the slow trigger admin monitor with the new Jenkins table layout
- Add documentation for the --paramsFromStdIn and --version command-line options.
- Fix sorting of British currency in tables.
New in Jenkins 2.361.2 (Oct 5, 2022)
- Fix thread safety in websockets handling.
- Fix the resize behavior of Execute Shell build steps (regression in 2.321 or 2.357).
- Fix a potential FileAlreadyExistsException error on startup on systems with slow I/O.
- Fix Plugin Manager selection buttons appearance.
- Fix Java version check in /etc/init.d/jenkins.
- Properly reset attributes of cached symbols.
New in Jenkins 2.372 Weekly (Oct 4, 2022)
- Improve the error message when running the controller on an unsupported Java version. (pull 7185)
- Add a "Reset to default" button to reset update site url to default. (issue 69032)
- Modernize update center check button. (pull 7183)
- Modernize session termination button. (pull 7182)
- Improve performance when killing processes at the end of a build on Windows. (issue 67681)
- Upgrade the bundled Instance Identity plugin from 3.1 to 116.vf8f487400980. (pull 7175)
- Introduce a new interface TriggeredItem. (pull 7131)
New in Jenkins 2.371 Weekly (Sep 27, 2022)
- Support staging of releases (regression in 2.361). (pull 7138)
- An exception is no longer thrown when stopping a stuck build on Windows on Java 17. (issue 69647)
New in Jenkins 2.370 Weekly (Sep 21, 2022)
- Important security fix. (security advisory)
New in Jenkins 2.368 Weekly (Sep 13, 2022)
- Show recommended actions (e.g., to update affected plugins) in security warnings popup. (pull 7046)
- Fix thread safety in websockets handling. (issue 69543)
New in Jenkins 2.361.1 / 2.367 Weekly (Sep 7, 2022)
- Winstone 6.1: Upgrade Jetty from 9.4.46.v20220331 to 10.0.11. Remove support for OpenSSL-style PEM-encoded RSA private keys when running Jenkins with the embedded Jetty container and TLS. (Winstone 6.0 Changelog, Winstone 6.1 Changelog, Jetty blog, Remove ability to load pem cert for winstone)
- Update to various UI elements. Modernize tables, forms, and progress bars.
- Fix an error when rebuilding jobs triggered by polling
- Update Jenkins pom from 1.83 to 1.84. Ensure jar files and javadoc are up to date for 2.361.1.
- Upgrade Remoting from 3025.vf64a_a_3da_6b_55 to 3044.vb_940a_a_e4f72e to improve performance of previous fix for java.lang.OutOfMemoryError: unable to create new native thread on agents. (pull 6936, issue 65873, issue 68954, Remoting 3028.va_a_436db_35078 changelog, Remoting 3044.vb_940a_a_e4f72e changelog)
- Use correct icon lookup, even when plugin ID includes multiple occurrences of "plugin".
- Fix sorting list of installed plugins by timestamp in plugin manager
- Build number cut off on Safari
- Script console input box is not sizeable, yet the box looks like it is
- Developer: Temporarily restore compatibility with PowerMock-based tests (regression in 2.361.1 RC 1). PowerMock will be completely removed on or after June 1, 2023. (
New in Jenkins 2.366 Weekly (Sep 6, 2022)
- Fix searchBar is null issue in setup wizard and when using custom Jenkins headers. (issue 69250)
- Fix a potential FileAlreadyExistsException error on startup on systems with slow I/O. (issue 67624)
- Add focus state in radio buttons. (issue 69398)
- Developer: Temporarily restore compatibility with PowerMock-based tests (regression in 2.358). Support for PowerMock will be completely removed on or after June 1, 2023. (pull 7033)
- Upgrade Simple Logging Facade for Java (SLF4J from from 1.7.36 to 2.0.0. (pull 7021, Changes in version 2.0.0 of the Simple Logging Facade for Java (SLF4J), SLF4J fluent logging API)
New in Jenkins 2.365 Weekly (Aug 24, 2022)
- Developer: Deprecate AdministrativeError (pull 6987)
- Upgrade Spring Security from 5.7.2 to 5.7.3. Spring Security 5.7.3 includes [19 fixes and improvements](https://github.com/spring-projects/spring-security/releases/tag/5.7.3). (pull 6997)
- Fix the resize behavior of Execute Shell build steps (issue 69320)
- Allow agent processes to access the changed inbound agent connection URL (regression in 2.364). (issue 69370)
- Restore focus state for checkboxes (regression in 2.361) (issue 69276)
New in Jenkins 2.364 Weekly (Aug 16, 2022)
- Remove hierarchal sidebar links. (pull 6907)
- Update design of buttons on the dashboard. (pull 6799)
- Developer: Support usage of PluginManager#whichPlugin in JenkinsRule-based tests. (pull 6982)
- Upgrade Winstone from 6.1 to 6.2. (pull 6978, Winstone 6.2 changelog)
New in Jenkins 2.346.3 (Aug 10, 2022)
- Upgrade Spring Framework from 5.3.19 to 5.3.20.
- Revert prior attempts to make log records collectible by limiting discarded messages.
- Connect breadcrumb context menus to items in subfolders.
- Improve progress bar visibility in shaded rows.
- Update Remoting from 4.13.2 to 4.13.3 to improve performance of previous fix for java.lang.OutOfMemoryError: unable to create new native thread on agents.
New in Jenkins 2.363 Weekly (Aug 9, 2022)
- Replace magnifying glass icon with computer icon in node overview. (issue 69202)
- Winstone 6.1: Upgrade Jetty from 9.4.46.v20220331 to 10.0.11 ([Winstone changelog](https://github.com/jenkinsci/winstone/releases/tag/winstone-6.1), [Jetty blog post](https://webtide.com/jetty-10-and-11-have-arrived/)). - Remove support for OpenSSL-style PEM-encoded RSA private keys when running Jenkins with the embedded Jetty (Winstone) container and TLS (jenkinsci/winstone#232). (issue 68694)
- Fix an error when rebuilding jobs triggered by polling (regression in 2.358). (issue 69210)
- Version select input is out of style with other drop down select input (issue 69240)
- Retain the position of the project configuration SCM checkbox when it is selected. (issue 68957)
- Add a space between repeating chunk items. (issue 69230)
New in Jenkins 2.362 Weekly (Aug 2, 2022)
- Introduced SetContextClassLoader utility class to assist in plugin class loading. (pull 6575)
- Upgrade [Eclipse Tyrus](https://github.com/eclipse-ee4j/tyrus) from 2.0.1 to 2.1.0. (pull 6941)
- Upgrade Apache MINA SSHD from 2.8.0 to 2.9.0 ([release notes](https://github.com/apache/mina-sshd/blob/master/docs/changes/2.9.0.md)). (pull 6903)
- Use same styling on test overview bar as other Jenkins components. (issue 68578)
- Remove the tap highlight for iOS devices. (pull 6924)
- Improve performance of a previous fix for java.lang.OutOfMemoryError: unable to create new native thread on agents. (issue 65873)
- (No proposed changelog) (issue 68801)
- Fix sorting by timestamp list of installed plugins in plugin manager. (issue 68750)
- Do not lead to other pages when users press enter key in the filter box of dropdown lists. (issue 68851)
New in Jenkins 2.361 Weekly (Jul 26, 2022)
- Remove 'Workspace' and 'Recent Changes' project summary buttons (pull 6918)
- Tabs now appear above their respective sections, not at the top of the page. (pull 6873)
- Keyboard shortcut added to focus global search bar (CMD + K/CTRL + K). (pull 6893)
- Remove onclick and disabled attributes from f:toggleSwitch. (issue 60866)
- Remove support for Flash-based cross-domain (XDR) transaction support in YUI 2: Connection Manager. (issue 68994)
- Blocked upstream projects in the queue block downstream projects when the option "Block build when upstream project is building" is enabled for the downstream project. Blocked downstream projects in the queue block upstream projects when the option "Block build when downstream project is building" is enabled for the upstream project. (issue 68780)
- Update center checkboxes keep focus state after they have been clicked. (issue 68788)
- Change state of plugin manager "select all" checkbox when it is clicked. (issue 69110)
- Fix build number cutoff in build history widget. (issue 68390)
- Retain the search pattern and results across collapsing and reopening the dropdown list. (issue 68732)
New in Jenkins 2.360 Weekly (Jul 20, 2022)
- Community reported issues: 1×JENKINS-22 1×JENKINS-11
- Remove the "New View" sidebar link. (pull 6703)
- Rework "Updates" table checkbox selection controls. (pull 6806)
- Add breadcrumbs to "Manage Jenkins" and children of it. Developers should ensure they use relative links for navigating between pages if they are a child of "Manage Jenkins". (pull 6126)
- Upgrade Spring Framework from 5.3.21 to 5.3.22. Spring Framework 5.3.22 includes 45 fixes and improvements. (pull 6844, Spring Framework 5.3.22 changelog)
- Do not include links on bread crumb elements that do not define a hyperlink destination. (issue 68986)
- Make context menu shadow darker than before. (issue 68985)
- Make progress bar easy to see. (issue 68672)
New in Jenkins 2.346.2 (Jul 13, 2022)
- Remove deprecated Docker plugin installation script install-plugins.sh. Use plugin installation manager tool through the jenkins-plugin-cli script in the Docker image. (pull 1408, Plugin installation manager tool documentation)
- Ignore duplicate log recorders keyed by same name. (issue 68752)
- Display job icons correctly on the Jenkins dashboard, even when a non-empty context path alters the URL (regression in 2.346.1). (issue 68639)
- Show all log messages when an inbound agent fails to connect (regression in 2.310). (issue 68785)
- Plugins selected for update cannot be unselected once the update has started. (issue 68730)
- Fix offset of radio buttons when selected. (issue 68799)
- Make previous boot attempt timestamps available to boot-failure.groovy startup hooks (regression in 2.308). (issue 68848)
New in Jenkins 2.358 Weekly (Jul 6, 2022)
- Utilize modernized table in old data page. (issue 68198)
- Small revamp to loading spinner design. (issue 68934)
- Copy button design updated. (pull 6698)
- Use modern checkbox for the reboot checkbox of the plugin manager. (issue 68912)
- Reverting prior attempts to make log records collectible. (issue 68417)
- Use a single border around CodeMirror boxes. (issue 68836)
- Use a solid background to make the build history pagination control more visible. (issue 68644)
- Make previous boot attempt timestamps available to boot-failure.groovy startup hooks (regression in 2.308). (issue 68848)
- Do not show the node log details link to users without permission to read the log. (issue 68642)
- Fix links in breadcrumb context menus to items in subfolders. (issue 68906)
- Avoid Amazon Corretto JDK issue by placing initialization logic into a well-defined package namespace. (Amazon Corretto JDK issue due to hotpatch for Apache Log4j 2)
- Upgrade Java Native Access from 5.12.0 to 5.12.1. (JNA 5.12.1 changelog, pull 6718)
- Developer: Deprecate Functions.singletonList which is not normally needed in JEXL. (pull 6740)
- Developer: Jenkins core .properties files are now encoded in UTF-8. (issue 41729)
New in Jenkins 2.357 Weekly (Jun 28, 2022)
- The install-plugins.sh script has been removed from the Docker containers after 18 months as a deprecated script. Manage plugin versions in containers with the plugin installation manager tool. The plugin installation manager tool is available in the image as jenkins-plugin-cli. (Plugin installation manager tool, pull 1380)
- The instance-identity module has been converted to a detached plugin. (issue 55582)
- Update the minimum required Remoting version to 4.2.1. (pull 6671)
- Fix radio buttons selection offset. (issue 68799)
- Plugins selected for update cannot be unselected once the update has started. (issue 68730)
- Fix raster image build status icons no longer displaying when running Jenkins with a non-empty context path due to a malformed URL. (issue 68639)
- Show all log messages when an inbound agent fails to connect (regression in 2.310). (issue 68785)
- Fix 'unavailable plugin' messages in plugin manager. (pull 6656)
- Ignore duplicate log recorders keyed by same name. (issue 68752)
- Tags and other sortable items are now displayed in the alphabetical order if the name contains more than one dot. (pull 6627)
- Add sidepanel links on the error page displayed when a user incorrectly updates their password. (pull 6661)
- Update bundled JUnit plugin from 1.47 to 1119.1121.vc43d0fc45561 for security advisory. (2022-06-22 security advisory, pull 6582)
- Upgrade Spring Security from 5.7.1 to 5.7.2. (Spring project spring-security 5.7.2 release notes, pull 6674)
- Bump spring-framework-bom from 5.3.20 to 5.3.21. (Spring framework BOM 5.3.21 release notes, pull 6674)
- Upgrade Java Native Access (JNA) from 5.11.0 to 5.12.0. (JNA 5.12.0 changelog, pull 6707)
- Allow plugin definition file (plugins.txt) to be generated from contents of the plugins directory. Upgrade plugin installation manager tool from 2.12.6 to 2.12.7. (Plugin installation manager tool 2.12.7 changelog)
- Update bundled Display URL API plugin from 2.3.5 to 2.3.6. (pull 6678)
- Update bundled Pipeline API plugin from 2.42 to 1144.v61c3180fa_03f. (pull 6678)
- Update bundled Plugin Utilities API plugin from 1.5.0 to 2.16.0. (pull 6678)
- Update bundled Checks API plugin from 1.1.1 to 1.7.4. (pull 6678)
- Update bundled ECharts API plugin from 4.9.0-2 to 5.3.2-1. (pull 6678)
- Update bundled SnakeYAML API plugin from 1.27.0 to 1.29.1. (pull 6678)
- Update bundled JQuery3 API plugin from 3.5.1-2 to 3.6.0-2. (pull 6678)
- Update bundled Font Awesome API plugin from 5.15.1-1 to 6.0.0-1. (pull 6678)
- Update bundled SCM API plugin from 2.6.5 to 602.v6a_81757a_31d2. (pull 6678)
- Update bundled Structs plugin from 1.23 to 308.v852b473a2b8c. (pull 6678)
- Replace bundled Bootstrap 4 API plugin 4.5.3-1 with Bootstrap 5 API plugin 5.1.3-6. (pull 6678)
- Replace bundled Popper.js API plugin 1.16.0-7 with Popper.js 2 API plugin 2.11.2-1. (pull 6678)
- Add bundled Pipeline Supporting APIs plugin 813.vb_d7c3d2984a_0. (pull 6678)
New in Jenkins 2.346.1 (Jun 23, 2022)
- Changes since 2.346:
- Important security fixes. (security advisory)
- Remove SSH Plugin from setup wizard plugin selection. (issue 68556)
- Allow running on Java 17 without --enable-future-java. (pull 6602)
- Show remote class loader statistics of agents with new table layout. (issue 68591)
- Fix indistinguishable build scheduling icon when the job is already in-queue (regression in 2.321). (issue 68303)
- Fix the position of the help button when it is not directly attached to an object (regression in 2.320). (issue 68042)
- Restore actions icon size lookup (regression in 2.341). (issue 68296)
- Fix a runtime error when viewing the build time trend on Java 17. (issue 68215)
- Provide supporting infrastructure to enable Pipeline: Groovy to work around a metaspace memory leak for users running Pipeline jobs on Java 11. (pull 6597, issue 63766, JDK-8231454 metaspace leak)
- Restore the frame color of the build progress bar of the executor widget. (pull 6607)
- Keep the Save and Apply buttons in front of menus (regression in 2.337). (issue 68640)
- Fix WebSocket reconnection in edge cases. Upgrade from Remoting 4.13 to 3025.vf64a_a_3da_6b_55. (pull 6576, issue 68542, Remoting 3025.vf64a_a_3da_6b_55 changelog)
- Fix class attribute for Jenkins Symbols using <l:icon … />. (issue 68630)
- Update bundled Script Security Plugin from 1.75 to v35f6a_0b_8207e Update bundled WMI Windows Agents Plugin from 1.0 to 1.8.1 (pull 6582, 2022-05-17 security advisory)
- Notable changes since 2.332.4:
- Modernise form components and Jenkins UI. (issue 67396, pull 6084, pull 6442, issue 68293, pull 5743, issue 68284, pull 6473, pull 6295, pull 6273, pull 6229, pull 6307, pull 5778, pull 6248, pull 5417, pull 6186)
- Update Remoting from 4.11.2 to 4.13 to allow Java Web Start agents to connect (regression in 2.318). Allow agent reconnects on Java 11 and WebSocket. Prevent infinite loop in case of a closed SSL connection. (pull 5983, pull 6329, issue 67000, issue 66446, issue 67928, Remoting 4.12 changelog, Remoting 4.13 changelog)
- Reject connections from agents with unsupported Remoting versions. (issue 50211)
- Update site warnings can now be configured with Configuration as Code. Allow setting a user's primary view via Configuration as Code. (pull 6202, issue 56057, pull 6203, issue 61985)
- Remove support for RoleChecker#check(RoleSensitive) calls which were added again in Jenkins 2.319. All remoting Callable implementations need to perform an actual role check as documented. (pull 5901, Remoting callables documentation)
- Remove the Java Native Runtime (JNR) library from Jenkins core. (pull 6323, Java Native Runtime project)
- Remove unused glibc package from Alpine-based Docker images. (Docker pull request 1361)
- Remove unnecessary packages from Debian-based Docker images. (Docker pull request 1375)
- Winstone 5.24 - Add an option to write the listening port to a file. Remove automatic self-signed certificate if TLS is specified but no keystore (pull 5928, issue 66379, Winstone 5.23 changelog, Winstone 5.24 changelog)
- Render the question mark on the new help button only once so that it is not shown twice, even while using different themes. (pull 6233)
- Wait for the computation to finish when triggering a new build while the build graph is being recomputed. This guarantees that recently updated build triggers are executed. (issue 67237)
- Add slim Debian-based JDK 17 Docker image. (Docker pull request 1360)
- Add Alpine-based JDK 17 Docker image. (Docker pull request 1362)
New in Jenkins 2.356 Weekly (Jun 22, 2022)
- Important security fixes.
New in Jenkins 2.355 Weekly (Jun 14, 2022)
- Update form validation appearance. (issue 68373)
New in Jenkins 2.354 Weekly (Jun 8, 2022)
- Fix build status position. (issue 67846)
- Fix websocket reconnection in edge cases. (issue 68542)
- Developer: Optional property can now have inline help. (pull 6615)
New in Jenkins 2.350 Weekly (Jun 2, 2022)
- Allow running on Java 17 without --enable-future-java. (pull 6602)
- Use the default system font for Google Chrome. (pull 6614)
- Use the newer Jenkins logo for OpenSearch. (pull 6596)
- Save and Apply buttons no longer appear in front of menus (regression in 2.337) (issue 68640)
- Restore the frame color of the build progress bar of the executor widget. (pull 6607)
- Fix websocket reconnection in edge cases. (issue 68542)
- Remove superfluous spacing on job configuration page. (pull 6579)
- Fix class attribute for Jenkins Symbols using <l:icon ... />. (issue 68630)
- Provide supporting infrastructure to enable Pipeline: Groovy to work around a metaspace memory leak (JDK-8231454) for users running Pipeline jobs on Java 11. (issue 63766)
- Fix a runtime error when viewing the build time trend on Java 17. (issue 68215)
- Upgrade Java 8 in Debian-based Docker images from 8u322-b06 to 8u332-b09. (Docker pull request 1340)
- Update plugin installation manager tool in AlmaLinux-based Docker image from 2.10.0 to 2.12.6. (Docker pull request 1359)
- Add slim Debian-based JDK 17 Docker image. (Docker pull request 1360)
- Remove unused glibc package from Alpine-based Docker images. (Docker pull request 1361)
- Add Alpine-based JDK 17 Docker image. (Docker pull request 1362)
- Upgrade Alpine-based Docker images from 3.15.4 to 3.16.0. (Docker pull request 1363, Docker pull request 1364)
- Do not add the jenkins user to the lastlog and faillog databases in Docker images. (Docker pull request 1373)
- Remove unnecessary packages from Debian-based Docker images. (Docker pull request 1375)
- Upgrade Debian-based Docker images from bullseye-20220228 to bullseye-20220509. (Docker pull request 1358, Docker pull request 1380)
New in Jenkins 2.349 Weekly (May 24, 2022)
- Remove SSH Plugin from setup wizard plugin selection. (pull 6581)
- Show remote class loader statistics of agents with new table layout. (issue 68591)
- Job name no longer separates randomly in the table on Firefox. (issue 68205)
- Update bundled Script Security Plugin from 1.75 to v35f6a_0b_8207e Update bundled WMI Windows Agents Plugin from 1.0 to 1.8.1 (pull 6582, 2022-05-17 security advisory)
- Upgrade Spring Security from 5.6.3 to 5.7.1. (pull 6578, Spring project spring-security 5.7.0 release notes, pull 6584, Spring project spring-security 5.7.1 release notes)
- Developer: Bump spring-security-bom from 5.7.0 to 5.7.1. (pull 6584, Spring project spring-security 5.7.1 release notes)
New in Jenkins 2.348 Weekly (May 17, 2022)
- Announce Java 8 end of life for weekly line as June 21 2022 (pull 6566)
- Use native Java Platform functionality rather than Ant to load classes. The old behavior can be restored by setting -Dhudson.ClassicPluginStrategy.useAntClassLoader=true. (pull 6571)
- Upgrade Spring Framework from 5.3.19 to 5.3.20. Spring Framework 5.3.20 includes 14 fixes and improvements. In addition, this releases include fixes for 2 vulnerabilities. (pull 6565, Spring Framework 5.3.20 changelog, CVE-2022-22970, CVE-2022-22971)
- Remove Java Web Start support for launching inbound agents, along with the GUI mode, the platform-specific agent installers, and the JAR signature. (pull 6543, Java Web Start)
- Suppress some uninteresting stack traces related to closed agent channels. (pull 6555)
- Winstone 5.25 - Update Jetty from 9.4.45.v20220203 to 9.4.46.v20220331. (pull 6558, issue 68200, Winstone 5.25 changelog, Jetty 9.4.46 changelog)
- Remove the ability for plugins to specify a minimum Java version. The minimum Java version of a plugin is always the same as the minimum Java version of the plugin's minimum core version. (issue 20679)
- Allow setting an "id" and style attribute for l:icon in combination with symbols. (issue 68381)
- Display icons searched without an icon size CSS value (regression in 2.341). (issue 68296)
- Use a space between the icon and the text in the build executor status view instead of an underline. (issue 68430)
- Developer: New series of colours and new range of semantic colours added (see [Design Library](https://plugins.jenkins.io/design-library/) for more details). (pull 6538)
New in Jenkins 2.347 Weekly (May 10, 2022)
- Use new style checkboxes for plugin manager. (pull 6527)
- Add syntax highlighting support to description at the user configuration page. (pull 6551)
- Allow extra CSS classes with . (issue 68286)
- Fix the position of the help button when it is not directly attached to an object (regression in 2.320). (issue 68042)
- Fix indistinguishable build scheduling icon when the job is already in-queue. (issue 68303)
- Correct encoding for several localized strings. (pull 6550)
New in Jenkins 2.332.3 (May 4, 2022)
- Avoid a deadlock between agent class loading and logging. (issue 68122)
- Replace the computer-flash GIF icon with the hourglass icon. (issue 67742)
- Make "View build information" pages readonly for users who don't have permission. (issue 67967)
- Upgrade bundled Jackson 2 API plugin from 2.12.0 to 2.13.2.20220328-273.v11d70a_b_a_1a_52. (issue 68276, pull 6480, Jackson 2 API plugin changelogs)
- Allow filtering updates in plugin manager by plugin ID (regression in 2.320). (issue 68260)
- Display log entries with missing logger names in the log viewer. (pull 6310)
- Preserve load statistics data for label expressions. (issue 68055)
- Fix bad encoding of security warnings in French showing special characters. (pull 6382)
New in Jenkins 2.346 Weekly (May 4, 2022)
- Search input clear button now respects user's theme. (pull 6521)
- Restore functionality of credentials popup in SSH Build Agents (regression in 2.344). (issue 68338)
New in Jenkins 2.345 Weekly (Apr 26, 2022)
- Refresh the login and signup page. (issue 68293)
- Remove unnecessary padding around 'Build after other projects are built' radios. (pull 6509)
- Add quick filter box for menus created by buttons. (issue 62024)
- Plugin Manager 'Installed' tab filter now resets when clicking search clear button (regression in 2.325). (issue 68291)
- Make bottom border visible in configure page (regression in 2.335). (issue 68031)
- Developer: Upgrade Spring Security from 5.6.2 (released on February 21, 2022) to 5.6.3 (released on April 18, 2022). (pull 6489, Spring project spring-security 5.6.3 release notes)
New in Jenkins 2.344 Weekly (Apr 19, 2022)
- Modernise log recorder pages.
- Allow setting a user's primary view via configuration as code.
- Add a dropdown menu to the build trigger, if it's instantiated by a user.
- Upgrade bundled Jackson 2 API plugin from 2.12.0 to 2.13.2.20220328-273.v11d70a_b_a_1a_52.
- Upgrade [Spring Framework](https://spring.io/projects/spring-framework) from 5.3.18 (released on March 31, 2022) to 5.3.19 (released on April 13, 2022). Spring Framework 5.3.19 includes [12 fixes and improvements](https://github.com/spring-projects/spring-framework/releases/tag/v5.3.19). In addition, Spring Framework 5.3.19 includes a fix for [CVE-2022-22968: Spring Framework Data Binding Rules Vulnerability](https://spring.io/blog/2022/04/13/spring-framework-data-binding-rules-vulnerability-cve-2022-22968).
- Use modern form inputs in Plugin Manager, login form, and setup wizard.
- Remove warning that recommends use of the Authorize project plugin.
- Add a "copy to clipboard" button to the script console output.
- Align shutdown banner with other top banners, align executor starvation icon with other build widget icons, and add a side panel to the plugin uninstallation view.
- Improve the display of help text for agent launch methods.
- The html.jelly template has been removed in favor of the more feature- rich layout.jelly template.
- Allow plugins to be disabled even when dependent plugins are disabled (regression in 2.325).
- Fix dropdown chevrons not separating links and overflowing
- Fix third party weather icons in the table view (regression in 2.341).
- Clicking the build progress bar again takes the user to the console output (regression in 2.340).
- Correct icon resolution for remote icons (regression in 2.335).
- Allow filtering updates in plugin manager by plugin ID (regression in 2.320).
- Move plugin manager search bar back to middle (regression in 2.325).
- Do not print a stack trace when archiveArtifact does not find a file.
- Hide "No builds" when there is a pending build.
New in Jenkins 2.343 Weekly (Apr 12, 2022)
- Improve agent availability help. (issue 67744)
- Reject connections from agents with unsupported Remoting versions. (issue 50211)
- Display communication protocol in agent logs. (issue 40700)
- Preserve load statistics data for label expressions. (issue 68055)
- Avoid a deadlock between agent class loading and logging. (issue 68122)
- Fix the position of icon and text (regression in 2.335). (issue 67846)
- Run downstream jobs (regression in 2.341). (issue 67237)
- Stop builds in the order they are provided from the CLI. (pull 6456)
- Hide textarea preview when the field is read only. (issue 68188)
- When triggering a new build while the build graph is currently being re-computed, jenkins waits for the re-computation to finish. This guarantees that recently updated build triggers are executed. (issue 67237)
New in Jenkins 2.342 Weekly (Apr 6, 2022)
- Prefer --httpPort from JENKINS_ARGS over HTTP_PORT when the two differ. (issue 68007, Packaging pull request 296)
- Remove unnecessary log spam when starting Jenkins under systemd on Debian 11 (regression in 2.333 and 2.332.1). (issue 67995)
- Don't show build status on jobs that are not yet built (regression in 2.321). (issue 67797)
- Ensure inbound agent restart logic is applied. (issue 66446)
- Recover gracefully after incorrect merge of /etc/sysconfig/jenkins on Red Hat-based systems. (issue 68149, pull 301)
New in Jenkins 2.342 Weekly (Apr 5, 2022)
- Change formatting in the "Configure Security" screen. f:dropdownDescriptorSelector now honors help.html for the selected descriptor. (pull 5417)
- Upgrade Spring Framework from 5.3.16 to 5.3.18 (released on March 31, 2022). This release of Spring Framework addresses the security vulnerability CVE-2022-22965. (pull 6422, Spring Framework, Spring project spring-framework 5.3.17 release notes, Spring project spring-framework 5.3.18 release notes, CVE-2022-22965, Spring vulnerability CVE-2022-22965 does not affect Jenkins core)
- Miscellaneous polishing of various components. (pull 6411)
- Extend the medium length load statistics to cover 2 days instead of 1. Sometimes the data for the time period was not displayed correctly (regression in 2.204). (issue 64299)
New in Jenkins 2.341 Weekly (Mar 29, 2022)
- Developers can now use custom symbols in their plugins (link to Symbols docs) (issue 68137)
- Hide "Delete build '#'" button if "Keep this build forever" is selected. (pull 6403)
- Use new color in trend graph. (issue 65928)
- Add more Korean translations. (pull 6394)
- Add Traditional Chinese translation property files. (pull 6386)
- When triggering a new build while the build graph is currently being re-computed, jenkins waits for the re-computation to finish. This guarantees that recently updated build triggers are executed. (issue 67237)
- Make "View build information" pages readonly for users who don't have permission. (issue 67967)
New in Jenkins 2.340 Weekly (Mar 22, 2022)
- Update icons. (pull 6307)
- Run core test suite on Java 17. (pull 6364)
- Vertically align the checkbox with the button in the new item page. (issue 68037)
- Update link and breadcrumb dropdowns. (issue 67396)
- Fix bad encoding of security warnings in French showing special characters. (pull 6382)
- Fail fast when the frontend sends an invalid class name. Upgrade Stapler from 1642.ve454c4518974 to 1666.v0275e61a_9874. (pull 6376, pull 322, Stapler 1666.v0275e61a_9874 changelog)
- Move Polling Log "View as plain text" link to side panel. (issue 67713)
New in Jenkins 2.339 Weekly (Mar 16, 2022)
- Winstone 5.24 - Add an option to write the listening port to a file. Remove automatic self signed certificate if TLS is specified but no keystore (pull 5928, issue 66379, Winstone 5.23 changelog, Winstone 5.24 changelog)
- Make "Unavailable" label in plugin manager theme-able (issue 67953)
- Support Java 17 without --add-opens command-line options. (pull 6356)
- Remove unnecessary log spam when starting Jenkins under systemd on Debian 11 (regression in 2.333 and 2.332.1). (issue 67995)
- Prefer --httpPort from JENKINS_ARGS over HTTP_PORT when the two differ. (Packaging pull request 296)
- Improve appearance of the changeset box (regression in 2.335). (pull 6343)
- Prevent multiline letters from being cut off on the changeset view tab. (pull 6344)
- Skip corrupted fingerprint files. (issue 67602)
- Deprecate PosixException in favor of IOException. (pull 6345)
New in Jenkins 2.332.1 (Mar 9, 2022)
- Switch Linux installers from System V init to systemd.
- Update the bundled Matrix Project plugin from 1.18 to 1.20.
- Update bundled Display URL API plugin to prevent issues starting the mailer plugin for offline installations.
- Keep the same height when dragging and dropping a component (regression in 2.277).
- Correctly render expandable text boxes into multiple lines (regression in 2.197 and 2.176.4).
- Show correct feature name in tooltips of help links (regression in 2.179).
- Launch only one agent to satisfy cloud agent requests that use label expressions.
- Truncate long build names again (regression in 2.332).
- Overwrite grey balls icon with the modern "not built" status.
- Update remoting from 4.11 to 4.12 to allow Java web start agents to connect (regression in 2.318).
- Restart systemd service when the controller exits unexpectedly.
- Restart the Jenkins service after plugin updates on Debian 11 (bullseye).
New in Jenkins 2.338 Weekly (Mar 8, 2022)
- Use modern icons at the workspace view. (pull 6229)
- Add Brazilian Portuguese translation property files. (pull 6319)
- Stop overemphasizing console logs (regression in 2.335). (pull 6342)
- Support focus state on checkboxes (regression in 2.335). (issue 67965)
- Place icons at the same height as their associated text (regression in 2.335). (issue 67858)
- Replace the "unavailable ionicon" icon by a smaller "x". (pull 6291)
- Show only one console box when viewing the build log (regression in 2.335 and 2.226). (pull 6338)
- Allow agent reconnects on Java 11 and websocket. Prevent infinite loop in case of a closed SSL connection. Upgrade from Remoting 4.12 to 4.13. (pull 6329, issue 66446, issue 67928, Remoting 4.13 changelog)
- Ensure inbound agent restart logic is applied. (issue 66446)
- Display log entries with missing logger names in the log viewer. (pull 6310)
- Developer: Add a --debug option to the translation tool to help in troubleshooting. Improve the readability of the translation tool command-line interface (CLI). (pull 6317)
- Developer: Upgrade the Guava library from 31.0.1 (released September 27, 2021) to 31.1 (released February 28, 2022). (pull 6322, Guava 31.1 changelog)
New in Jenkins 2.337 Weekly (Mar 1, 2022)
- Remove the 'cloud configuration has moved to a separate configuration page' notice. (pull 6298)
- Update the appearance of the button bar at the bottom of forms. (pull 6295)
- Persist changes made to boolean radio controls (regression in 2.336). (pull 6311)
- Update bundled Display URL API plugin to prevent issues starting the mailer plugin for offline installations. (issue 67885)
- Keep colors when interacting with ionicons as link icon. (pull 6296)
- Developer: Upgrade Spring Security from 5.6.1 (released on December 20, 2021) to 5.6.2 (released on February 21, 2022). (pull 6297, Spring project spring-security 5.6.2 release notes)
New in Jenkins 2.336 Weekly (Feb 22, 2022)
- Restore missing computer icon in the "System Information" view of an agent (regression in 2.335). (pull 6289)
- Place text correctly on boolean radio controls (regression in 2.335). (issue 67847)
- Don't add leading slash to foreign icons (regression in 2.335). (issue 67823)
- Don't show build status on jobs that are not yet built (regression in 2.321). (pull 6287)
- Use icon of the correct size in list of agents with a specific label (regression in 2.335). (issue 67837)
- Don't prepend icon when it's already there. Resolves missing icons in some cases (regression in 2.335). (issue 67828)
- Restore missing help icon (regression in 2.335). (pull 6280)
New in Jenkins 2.335 Weekly (Feb 17, 2022)
- Modernise form components. (pull 5923)
- Switch Linux installers from System V init to systemd. (issue 41218)
- Winstone 5.22 - Update Jetty from 9.4.43.v20210629 to 9.4.45.v20220203. Append to log file rather than truncating it (Winstone PR-200). Write log file and access logs in UTF-8 encoding rather than default encoding (Winstone PR-200). (pull 6262, issue 66379, Winstone 5.22 changelog, Jetty 9.4.45 changelog, Winstone PR-200)
- Update "Manage Jenkins" icons and controls. The plugins icon now shows how many updates are available. (pull 6273)
- Replace the computer-flash GIF icon with the hourglass icon. (issue 67742)
- Remove support for RoleChecker#check(RoleSensitive) calls which were added again in Jenkins 2.319. All remoting Callable implementations need to perform an actual role check as documented. (pull 5901, Remoting callables documentation)
- Several icons across Jenkins have been updated - the build icon, the delete icon, the settings icon, the about icon and the plugin icon. (pull 6186)
- Use modern table design for "Recorded Fingerprints" and "Legacy API Tokens" tables. (pull 6247)
- Minor form and spacing changes. (pull 6259)
- Update table styling and spacing with small table UI tweaks. (pull 6248)
- Startup completion notification is available with systemd(1). (pull 6228)
- Update the Korean internationalization for build icon descriptions. (pull 6241)
- Extend startup notification timeout as each initialization milestone is attained. (pull 6237)
- Update remoting from 4.11.2 to 4.12 to allow Java web start agents to connect (regression in 2.318). (pull 5983, issue 67227, Remoting 4.12 changelog)
- Overwrite grey balls icon with the modern "not built" status. (issue 67753)
- Link the log recorder configure button to the associated log recorder (regression in 2.322). (pull 6245)
- Render the question mark on the new help button only once so that it is not shown twice, even while using different themes. (pull 6233)
- Truncate long build names again (regression in 2.332). (issue 67689)
- Return zero from RPM init script on successful stop. (issue 31656)
- Do not print Java version message from Debian installer when correct Java version is detected. (issue 55696)
- Restart systemd service when the controller exits unexpectedly. (issue 56219)
- Restart the Jenkins service after plugin updates on Debian 11 (bullseye). (issue 65809)
- Do not fail startup with timeout on systems with slow DNS resolution. Rely on the Jenkins process to check for port availability rather than using a separate shell function. (issue 67404)
- Correctly report startup result on Amazon Linux 2 installed with the rpm package. (issue 674487)
New in Jenkins 2.319.3 (Feb 9, 2022)
- Security fix. (security advisory)
- Fix ClassNotFoundException: io.jenkins.cli.shaded.org.w3c.dom.Node when using JAXB. (issue 67470)
- Upgrade the XStream library from 1.4.18 to 1.4.19. Addresses the CVE-2021-43859 security vulnerability when unmarshalling highly recursive collections or maps causing a Denial of Service. (pull 6231, XStream 1.4.19 changelog, XStream CVE-2021-43859)
- Launch only one agent to satisfy cloud agent requests that use label expressions. (issue 67635)
New in Jenkins 2.334 Weekly (Feb 9, 2022)
- Security fix. (security advisory)
New in Jenkins 2.332 Weekly (Jan 25, 2022)
- Restore the location of the build progress bar (regression in 2.321).
New in Jenkins 2.331 Weekly (Jan 21, 2022)
- Increase width of job configuration form on wide screens. (issue 67198)
- Unify labels in plugin manager. Remove deprecated terminology labels from the Plugin Manager. (pull 6151)
- The JavaMail and JavaBeans Activation Framework (JAF) libraries have been detached from Jenkins core into dedicated plugins. (pull 6165, JavaMail, JavaBeans Activation Framework (JAF))
New in Jenkins 2.330 Weekly (Jan 13, 2022)
New in Jenkins 2.319.2 (Jan 12, 2022)
- Security fix. (security advisory)
- Only apply trimLabels operation to affected nodes when adding or removing them. (issue 67099)
- Improve FilePath telemetry collection and its description. (issue 67332, issue 67226, pull 5957, pull 6031, pull 6061)
New in Jenkins 2.328 Weekly (Jan 11, 2022)
- Use SVG icons for agent context menu and executor status. (pull 6146)
- Modernise the "About Jenkins" page. Update the table and tab design to use normal cased text. (pull 6055)
- Ensure that loggers exist before setting their log levels. In rare cases, setting the log level of a logger may have had no effect. (pull 6143)
New in Jenkins 2.327 Weekly (Jan 4, 2022)
- JRuby support has been removed from the Stapler web framework used in Jenkins core. A small number of JRuby-based plugins are affected; see the blog post for migration notes. (pull 6103, JEP-7: Deprecation of Ruby and Python plugin runtimes, Deprecating non-Java plugins (blog post), Stapler repository, JRuby project)
- Improve visualization of the Environment Variables page. (pull 6096)
- Ensure that links from inline help (shown after clicking "?" icons) always open in new windows. (pull 6095)
- Include plugin short names in some error messages. (pull 6077)
- Developer: Bump spring-security-bom from 5.6.0 to 5.6.1. (pull 6089, Spring project spring-security 5.6.1 release notes)
New in Jenkins 2.326 Weekly (Dec 21, 2021)
- Deprecate SlaveToMasterFileCallable. (issue 67173)
- (No proposed changelog) (pull 6075)
- The agent-to-controller security subsystem is now always enabled. The admin-customizable allowlists for callables and file paths have been removed. The ability to access some files on the controller from agents has been removed. Some plugins are incompatible with this change and may need to be updated, see [the issue tracker](https://issues.jenkins.io/issues/?jql=%22Epic%20Link%22%20%3D%20JENKINS-67173). (issue 67173)
- The agent-to-controller security subsystem is now always enabled. The admin-customizable allowlists for callables and file paths have been removed. The ability to access some files on the controller from agents has been removed. Some plugins are incompatible with this change and may need to be updated, see [the issue tracker](https://issues.jenkins.io/issues/?jql=%22Epic%20Link%22%20%3D%20JENKINS-67173). (issue 67173)
- Add missing SVG for parameterized job icon. (pull 5905)
- Add "Report an issue" link to plugins in the plugin manager. (issue 65113)
- Upgrade [Groovy](https://groovy-lang.org/) from [2.4.12](http://groovy-lang.org/changelogs/changelog-2.4.12.html) (released on June 21, 2017) to [2.4.21](http://groovy-lang.org/changelogs/changelog-2.4.21.html) (released on November 29, 2020). (pull 5939)
- Restore support for symbolic links in the Jenkins home directory (regression in 2.325). (issue 67372)
- Stapler now returns an informative error message when a request is made for an invalid adjunct. (pull 6066)
New in Jenkins 2.325 Weekly (Dec 14, 2021)
- Developer: Add FilePath#validateAntFileMask(String, boolean) overload for convenience. (pull 6033)
- Developer: The option -Dhudson.ClassicPluginStrategy.useAntClassLoader=false allows experiments with plugin-first class loading alternatives. (pull 5970)
- More reliably estimate plugin download progress. (pull 6038)
- Modernise the appearance of the plugin manager (pull 5916)
- Newly created items are again automatically made accessible to their creators to fix a regression in the matrix-auth plugin (regression in 2.324). (issue 21224)
- - Fix a resource leak when shutting down Jenkins. (pull 6034)
- - Fix a resource leak when a plugin fails to load. (pull 6030)
- Filtering now hides unavailable updates on "Updates" tab in Plugin Manager. (issue 65084)
- An agent-to-controller security measure failed to persist configuration. (pull 5888)
- Custom log records with large record parameters no longer interfere with garbage collection. (pull 6018)
New in Jenkins 2.319.1 (Dec 2, 2021)
- Changes since 2.319:
- Do not attempt to canonicalize tar entries when untaring, as the result may be unexpected for symlinks. (issue 67063)
- Fix form submission for file access rules of agent to controller security subsystem (regression in 2.111). (pull 5881, issue 67061, Upgrade guide - Agent to controller path filter security fixes)
- Fix missing hyperlink in build history (regression in 2.314). (issue 67028)
- An exception thrown by a RestartListener no longer leaves Jenkins in a zombie-like state. (issue 67002)
- Prevent LinkageError during class loading (regression in 2.309). (issue 66993)
- Show ongoing first build in build history (regression in 2.314). (issue 66969)
- Jenkins startup could hang due to a deadlock in class loading. (issue 67188)
- Display the "Configure System" icon in the drop down menu. (issue 67033)
- Notable changes since 2.303.3:
- Replace the term "master" for the main Jenkins application with "controller" or "built-in node" in user interface strings and documentation. New installations get the new node and label immediately. Existing installations do not change the node name (e.g. NODE_NAME environment variable) or label of the built-in node until an administrator explicitly performs the migration. If a job definition, Pipeline definition, or tool installer reference must be tied to the built-in node, it should use the label "built-in". (Upgrade guide - Built-In Node Name and Label Migration)
- Modernise the "Manage Jenkins" screen. (pull 5693)
- Modernise the "Build History" search bar. (pull 5692)
- Update appearance for feed bar and description button to be modern and consistent. (pull 5664)
- Improve layout of console output header. (pull 5507)
- Show new status icons in build history. (issue 66659)
- Update tooltips to be consistent across Jenkins. (pull 5763)
- Use SVGs over PNGs for the sidebar when possible. Breadcrumb bar/logo/menu items are now correctly aligned on the left together. Move old war/images folder to webapp so they can be used in frontend - the SVGs are now in the webapp/images/svgs folder. (pull 5663)
- Replace the old icons with the new SVG icons in the job trend page. (issue 65928)
- Graphs now scale correctly on high resolution screens. (pull 5697)
- Screen resolution cookie now has the secure flag set when Jenkins is running on HTTPS. (issue 49675)
- Deprecate the -cp option in the remoting agent.jar command line. Upgrade from Remoting 4.10 to Remoting 4.11. (pull 5821, issue 64831, Remoting 4.11 changelog)
- When the buildWithParameter API is called, if the requests with the same parameters in the queue are merged, the http response code of the request uses a more appropriate 303(see other) instead of 201(created). (issue 66105)
- Fix wrong parameter type for Text Parameter when triggering a build via the buildWithParameters API call. (pull 5704)
- Use the JVM's default keystore type for the Jenkins server when terminating TLS connections within Jenkins. Used if Jenkins is started with the --httpsPort argument. Winstone 5.21: Update Jetty from 9.4.42.v20210604 to Jetty 9.4.43.v20210629. (pull 5670, issue 66379, Winstone 5.20 changelog, Winstone 5.21 changelog, Jetty 9.4.43 changelog)
- Correction of label expression including a "implies" relationship without spaces around. (issue 66613)
- Fix agent handshake when connecting over Websocket on Java 11. Upgrade from Remoting 4.10 to Remoting 4.11. (pull 5821, issue 61212, Remoting 4.11 changelog)
- Remove deprecated, unsafe classes previously copied from Apache Ant. Docker Slaves plugin is incompatible with this change. (issue 66930)
- Load classes from plugins in parallel for faster startup on multicore machines. (issue 23784)
- Remove the Woodstox implementation of the StAX API from Jenkins core. Users of the Azure Artifact Manager, Azure Container Agents, Azure Storage, and Azure SDK API plugins must upgrade those plugins to the latest versions in lockstep with this core upgrade. Plugins that consume Woodstox should depend on it directly or via the Jackson 2 API plugin. (pull 5651, Woodstox implementation, StAX API, Azure Artifact Manager plugin, Azure Container Agents plugin, Azure Storage plugin, Azure SDK API plugin, Jackson 2 API plugin)
- Internal: Experimental support for URLClassLoader can be enabled by setting hudson.ClassicPluginStrategy.useAntClassLoader=false. (pull 5698)
New in Jenkins 2.323 Weekly (Nov 30, 2021)
- New extension point Header as an interface that provides capabilities to render a specific header and a default implementation of that, named JenkinsHeader that is enabled by default. (pull 5909)
- Add configuration-as-code support for managing log recorders. (issue 61278)
- Add path to form elements giving stable selectors for UI testing. (pull 5926)
- Update remoting from 4.11.1 to 4.11.2 to fix code signing. (issue 67227)
- Improve performance by lazy loading build records from the run list. (pull 5942)
- "View as plain text" shows correctly in polling log page. (issue 67193)
New in Jenkins 2.322 Weekly (Nov 23, 2021)
- Issue a warning to the system log when using agent-to-controller file manipulation idioms considered for deprecation, and collect telemetry about this as well. (pull 5890)
- Add descriptions of built-in administrative alerts to the global configuration alert selection page. (pull 5937)
- Modernise System Info and Log Recorder pages. (pull 5925)
- Jenkins startup could hang due to a deadlock in class loading. (issue 67188)
- Display full user name, rather than id, in securityRealm page when using the built-in security realm (regression since 2.243). (pull 5925)
- Display the "Configure System" icon in the drop down menu. (issue 67033)
- Developer: Register UberClassLoader as parallel-capable. (pull 5931)
New in Jenkins 2.321 Weekly (Nov 16, 2021)
- Modernise the table design and add support for Ionicons. (pull 5851)
- Remove superfluous user interface elements, including images, mask-icon, and unnecessary resize handles. (pull 5777)
- Only apply trimLabels operation to affected nodes when adding or removing them. (issue 67099)
- Maven tool configuration works again (regression in 2.320). (issue 67109)
- Show ongoing first build in build history (regression in 2.314). (issue 66969)
- Fix filtering in update tab of plugin manager (regression in 2.320). (pull 5908)
- Permit additional safe types in agent to controller access control (regression in 2.320). (issue 67105)
- Developer: Upgrade the Guice library from 4.0 (released April 28, 2015) to 5.0.1 (released March 2, 2021). (pull 5858, Guice library, Guice 5.0.1 release notes)
- Developer: Bump spring-security-bom from 5.5.3 to 5.6.0. (pull 5921, Spring project spring-security 5.6.0-RC1 release notes, Spring project spring-security 5.6.0 release notes)
New in Jenkins 2.320 Weekly (Nov 9, 2021)
- Upgrade the Guava library from 11.0.1 (released on January 9, 2012) to 31.0.1 (released on September 27, 2021). Plugins have already been prepared to support the new version of Guava; use the Plugin Manager to upgrade all plugins before and after upgrading Jenkins. (pull 5707, JEP-233, Guava web site, Guava 31.0.1 changelog)
- Modernise the 'New view' and 'New node' pages. (pull 5842)
- Improve artifact list readability in dark theme. (pull 5889)
- Use CSS animation for console progress. (pull 5871)
- Allow plugin upload by URL in addition to file name. (issue 4814)
- Update bundled version of Bouncy Castle API plugin from 2.20 to 2.25. (pull 5898, Bouncy Castle release notes)
- Prevent LinkageError during class loading (regression in 2.309). (issue 66993)
- Do not attempt to canonicalize tar entries when untaring, as the result may be unexpected for symlinks. (issue 67063)
- Fix form submission for file access rules of agent to controller security subsystem (regression in 2.111). (pull 5881, issue 67061, Upgrade guide - Agent to controller path filter security fixes)
- Avoid false positives in plugin search (installed tab). (pull 5870)
- Fix missing hyperlink in build history (regression in 2.314). (issue 67028)
- Add space between icon and project name (or build number) in all links to builds. (pull 5887)
- Add space between icon and project name in upstream & downstream section of project page. (issue 66749)
- Replace outdated URLs with working redirects. (issue 67032)
- An exception thrown by a RestartListener no longer leaves Jenkins in a zombie-like state. (issue 67002)
- Display the time zone of the user when an administrator updates a user account. (issue 66845)
- Developer: Provide a stable version of ObjectWebASM (currently 9.1) on the classpath. (pull 5524, ObjectWebASM web site)
- Developer: Use the upstream version of AntClassLoader without custom patches. (pull 5856)
New in Jenkins 2.319 Weekly (Nov 5, 2021)
- Important security fixes. (security advisory)
- Security hardening: Require role check for remoting callables. (LTS upgrade guide, developer documentation)
- Always allow configuring agent-to-controller security subsystem.
New in Jenkins 2.303.3 (Nov 4, 2021)
- Important security fixes. (security advisory)
- Security hardening: Require role check for remoting callables. (LTS upgrade guide, developer documentation)
- Always allow configuring agent-to-controller security subsystem.
- Correction of Label expression including a "implies" relationship without spaces around. (issue 66613)
New in Jenkins 2.318 Weekly (Oct 26, 2021)
- Add XStream2 constructor matching super. (issue 66955)
- Remove deprecated, unsafe classes previously copied from Apache Ant. Docker Slaves plugin is incompatible with this change. (issue 66930)
- ExecutorListener may now be implemented as a static extension. (issue 66947)
- Update tooltips to be consistent across Jenkins. (pull 5763)
New in Jenkins 2.317 Weekly (Oct 19, 2021)
- Screen Resolution cookie now has the secure flag set when Jenkins is running on HTTPS. (issue 49675)
- Deprecate the -cp option in the remoting agent.jar command line. Upgrade from Remoting 4.10 to Remoting 4.11. (pull 5821, issue 64831, Remoting 4.11 changelog)
- Display ongoing build in build history (regression in 2.314). (issue 66753)
- Fix agent handshake when connecting over Websocket on Java 11. Upgrade from Remoting 4.10 to Remoting 4.11. (pull 5821, issue 61212, Remoting 4.11 changelog)
- Reduce the amount of disk writes to logs/tasks/*.log when nothing interesting is happening. (issue 66854)
New in Jenkins 2.315 Weekly (Oct 8, 2021)
- Security hardening: The "short description" of build causes is now defined as plain text instead of HTML.
New in Jenkins 2.303.2 (Oct 7, 2021)
- Security fixes. (security advisory)
- Security hardening: The "short description" of build causes is now defined as plain text instead of HTML. (related LTS upgrade guide entry, related developer documentation)
- Allow Jenkins to start when the JCasC configuration defines view-related permissions (regression in 2.302). (issue 66470)
- Use the JVM's default keystore type for the Jenkins server when terminating TLS connections within Jenkins. Used if Jenkins is started with the --httpsPort argument. Winstone 5.21: Update Jetty from 9.4.42.v20210604 to Jetty 9.4.43.v20210629. (pull 5670, issue 66379, Winstone 5.20 changelog, Winstone 5.21 changelog, Jetty 9.4.43 changelog)
- Fix wrong parameter type for Text Parameter when triggering a build via the buildWithParameters API call. (pull 5704)
- Bump bundled Ant from 1.10.10 to 1.10.11. (pull 5620)
- Upgrade from xstream 1.4.16 to 1.4.17. (pull 5498, issue 65657, XStream 1.4.17)
New in Jenkins 2.314 Weekly (Sep 28, 2021)
- Modernise the "Build History" search bar (pull 5692)
- Show new status icons in build history (issue 66659)
- Modernise the "Manage Jenkins" screen (pull 5693)
New in Jenkins 2.313 Weekly (Sep 21, 2021)
- Allow a plugin to dynamically insert a JAR file into its classpath. (issue 66563)
- Remove the --daemon argument from Jenkins command line arguments. Replace Akuma library from Jenkins core with simpler implementations using ProcessTree capabilities (pull 5561)
- Allow Jenkins to start when the JCasC configuration defines view-related permissions (regression in 2.302). (issue 66470)
- Correction of Label expression including a "implies" relationship without spaces around. (issue 66613)
- WebSocket connections now work when the Jenkins controller is running Java 11 and using self-terminated TLS. (issue 61212)
New in Jenkins 2.312 Weekly (Sep 14, 2021)
- Update executable war from 1.45 to 2.0 (pull 5706)
- Replace the old icons with the new SVG icons in the job trend page. (issue 65928)
New in Jenkins 2.311 Weekly (Sep 13, 2021)
- New:
- Fix wrong parameter type for Text Parameter when triggering a build via the buildWithParameters API call. (pull 5704)
- Graphs now scale correctly on high resolution screens. (pull 5697)
- The checkbox labeled "Enable Agent → Controller Access Control" in the form "Configure Global Security" would always start out as disabled. Submitting the form without checking it would then cause a configuration change (regression in 2.307). (pull 5694)
- Load classes from plugins in parallel for faster startup on multicore machines. (issue 23784)
- Internal: Experimental support for URLClassLoader can be enabled by setting hudson.ClassicPluginStrategy.useAntClassLoader=false. (pull 5698)
New in Jenkins 2.309 Weekly (Sep 1, 2021)
- Fix missing settings/cog icon in Plugin Manager. Fix incorrect folder icon showing in projects (regression in 2.307). (pull 5690)
- Add ABORTED threshold to ReverseBuildTrigger. (pull 5542)
- Developer: Bump Java Native Access (jnafrom 5.8.0 to 5.9.0. (pull 5682, JNA 5.9.0 changelog)
- Internal: AntClassLoader (and its subclass PluginFirstClassLoaderand MaskingClassLoader register themselves as parallel-capable. (pull 5687)
New in Jenkins 2.303.1 (Aug 26, 2021)
- Changes since 2.303:
- Fix an issue unzipping archives in a corner case when entries have the same path prefix as the target location. (issue 66094)
- Detect files in a symlink that points to a directory (regression in 2.301). Bump Commons IO to 2.11.0. (pull 5675, issue 66413, Apache Commons-IO issue 741)
- Show tooltips when users hover on the SVG icons. (issue 65923)
- Use Java 11 in Docker images instead of Java 8. (Blog post)
- Allow Java 11 administrative monitor to be disabled with a system property. (issue 66177)
- Notable changes since 2.289.3:
- Fix SSH command line interface (CLI) authentication (regression in 2.284). (issue 65273)
- Fix NoSuchMethodError when using plugins that rely on bridge methods for compatibility (regression in 2.278). (issue 65605)
- Remove Apache Commons Digester library and related code from the Jenkins core. (pull 5320, issue 65161, Announcement and upgrade guidelines)
- Jenkins redirects users to the previous page after login even if they were able to view it while not logged in (regression in 2.266). (issue 64991)
- Improve contrast for the checkbox in the login page. (pull 5536)
- Recommend running on Java 11. (issue 65577)
- Display Pipeline builds among user build history and remove incorrect warning about view build history. (issue 59412)
- Show implied plugin dependencies or a count of dependencies for plugins split from core. (pull 5472)
- Explain that some plugin updates can be unavailable even on the latest version of a given release line (i.e. LTS). (pull 5462)
- Update French terminology for controller. (issue 65398)
- Change the word 'number' to 'integer' in the error message of the number field. (pull 5538)
- The Jenkins process management functionality now supports FreeBSD. (pull 5563)
- Optimize access control checks affecting (at least) Pipeline node steps. (pull 5586)
- Remove JEP-200 compatibility workarounds for releases published before February 2018 of the following plugins: Maven Integration, Job DSL, Monitoring, Git Client, Pipeline: Supporting APIs, OWASP Dependency-Check. (pull 5454, Plugin versions with a fix, JEP-200)
- Update Stapler from 1.263 to 1563.v3da2d02f9572 to improve performance when encoding unicode characters in JSON API. (pull 5422, Stapler 1527.ve41b3ce15c05 changelog, Stapler 1532.vfcf95addcb5f changelog, pull 5549, Stapler 1539.v2f05ce93882d changelog, Stapler 1563.v3da2d02f9572 changelog)
- Stop bundling the External Monitor Job Type, LDAP, and PAM Authentication plugins. Jenkins will no longer automatically install the External Monitor Job Type, LDAP, or PAM Authentication plugins on startup if a plugin depending on Jenkins (then Hudson) 1.467 or earlier is discovered. If you use such a plugin that also relies on the functionality provided by the External Monitor Job Type, LDAP, or PAM Authentication plugin and manage plugins outside Jenkins' plugin manager, you will now need to ensure that a recent release of the External Monitor Job Type, LDAP, or PAM Authentication plugin is installed. Jenkins will attempt to load such plugins but may fail at any time during startup or afterwards with ClassNotFoundException or similar. (pull 5445, External Monitor Job Type plugin, LDAP plugin, PAM Authentication plugin)
- Winstone 5.19: Update Jetty from 9.4.41.v20210516 to Jetty 9.4.42.v20210604. (pull 5589, Winstone 5.19 changelog, Jetty 9.4.42 changelog)
- Bump spring-security-bom from 5.4.6 to 5.5.1. (pull 5505, Spring project spring-security 5.5.0 release notes, pull 5598, Spring project spring-security 5.5.1 release notes)
- Bump sshd-core from 2.5.1 to 2.7.0 in Jenkins CLI. (pull 5547)
- Add X-Frame-Options header to AJAX responses. (pull 5555)
- Remove the Bytecode Compatibility Transformer library and related code from Jenkins core. Developer: Plugins that rely on the hudson.model.Queue$Item#id or hudson.model.AbstractProject#triggers fields must be updated to call the corresponding getters. (pull 5526, Vertx plugin, Slave Prerequisites plugin)
- Stop sending HTTP response headers related to the remoting-based CLI (removed in 2.165). (pull 5452)
- Internal: Upgrade from Remoting 4.7 to Remoting 4.10 with bugfixes and dependency updates. (pull 5478, issue 40700, Remoting 4.8 changelog, pull 5539, Remoting 4.9 changelog, pull 5607, Remoting 4.10 changelog)
- Developer: Remove JTidy dependency from Jenkins core. Plugins that use JTidy functionality must be updated to explicitly declare a dependency on JTidy rather than relying on Jenkins core to provide this library. (pull 5521, NIS notification lamp plugin)
- Developer: InterceptingExecutorService and its subclasses no longer extend com.google.common.util.concurrent.ForwardingExecutorService or com.google.common.collect.ForwardingObject. (pull 5565)
- Developer: Remove jna-posix dependency from Jenkins core. Plugins that use jna-posix functionality must be migrated from jna-posix to jnr-posix. (pull 5560, Maven Repository Scheduled Cleanup plugin, SICCI for Xcode plugin, java.io.tmpdir cleaner plugin)
- Developer: The hudson.util.SubClassGenerator and experimental hudson.model.TreeView class have been removed without replacement. (pull 5566, pull 5603)
New in Jenkins 2.308 Weekly (Aug 24, 2021)
- Use SVGs over PNGs for the sidebar when possible Breadcrumb bar/logo/menu items are now correctly aligned on the left together Move old war/images folder to webapp so they can be used in frontend - the SVGs are now in the webapp/images/svgs folder (pull 5663)
- Update appearance for feed bar and description button to be modern and consistent (pull 5664)
- Entry 1: Issue, When the buildWithParameter API is called, if the requests with the same parameters in the queue are merged, the http response code of the request uses a more appropriate 303(see other) instead of 201(created) (issue 66105)
- Warn about use of master in a label expression when that's no longer in use (pull 5674)
- Entry 1: Issue, Use full URL character encoding for the generated JNLP agent launch string (pull 5636)
- Entry 1: Use the JVM's default keystore type for the Jenkins server when terminating TLS connections within Jenkins (ie Jenkins is started with the --httpsPort argument) Winstone 521 changelog: https://githubcom/jenkinsci/winstone/releases/tag/winstone-521 (issue 66379)
New in Jenkins 2.307 Weekly (Aug 18, 2021)
- Replace the term "master" with "controller" (for the main Jenkins application) or "built-in node", as appropriate. (pull 5425)
- Add migration code to only change the node name (e.g. NODE_NAME environment variable) and label of the built-in node after explicit migration by an administrator. New installations get the new node and and label immediately. (pull 5425)
- Add the system property jenkins.model.Jenkins.nodeNameAndSelfLabelOverride to specify a different node name and label for the built-in node (e.g. for Configuration as Code use cases) than the one otherwise determined. This will not affect other uses of the node name, such as the URL to the built-in node (now /computer/(built-in)/). (pull 5425)
- GDSL file in jenkins-core library no longer reports an IllegalStateException when used in IntelliJ IDEA. (pull 5662)
- Improve layout of console output header. (pull 5507)
- Use the SVG version of the Jenkins text logo instead of the PNG. (pull 5660)
- Developer: Jenkins now uses an updated version of the AntClassLoader class with fewer custom patches. (pull 5656)
- Removed: The Woodstox implementation of the StAX API has been removed from Jenkins core. Users of the Azure Artifact Manager, Azure Container Agents, Azure Storage, and Azure SDK API plugins must upgrade those plugins to the latest versions in lockstep with this core upgrade. Plugins that consume Woodstox should depend on it directly or via the Jackson 2 API plugin. (pull 5651, Woodstox implementation, StAX API, Azure Artifact Manager plugin, Azure Container Agents plugin, Azure Storage plugin, Azure SDK API plugin, Jackson 2 API plugin)
New in Jenkins 2.306 Weekly (Aug 12, 2021)
- Provide working "Help About" links for Jenkins CLI, Jenkins core, and Jenkins war. (issue 64666)
- Developer: AntClassloader will now ignore files that are part of the classpath but not zip files when scanning for resources. It used to throw an exception. (pull 5650)
New in Jenkins 2.305 Weekly (Aug 3, 2021)
- Show tooltips when users hover on the SVG icons. (issue 65923)
- Ability to disable Java 11 administrative monitor with a system property. (issue 66177)
- Developer: Make AntClassLoader multi-release JAR aware when it deals with java.util.jar.JarFile. (pull 5635)
New in Jenkins 2.289.3 (Jul 28, 2021)
- Improve build status progress animation
New in Jenkins 2.304 Weekly (Jul 27, 2021)
- Fix an issue unzipping archives in a corner case when entries have the same path prefix as the target location. (issue 66094)
- Avoid polluting the log when usage statistics can not be sent. (issue 66139)
- Bump matrix-auth from 2.6.7 to 2.6.8. (pull 5630)
- Remove support for native JNR (Java Native Runtime) chmod(2) and stat(2) implementations as opposed to NIO (Java non-blocking I/O) via the hudson.Util.useNativeChmodAndMode system property. This system property no longer has any effect. (pull 5606)
- Developer: Allow consumers of XmlFile to disable fsync(2). (pull 5599)
- Internal: Terminology cleanup to fix build time trend's distributed builds. Only show the agent column when the controller has agents defined. (pull 5625)
New in Jenkins 2.303 Weekly (Jul 22, 2021)
- Bump commons-compress from 1.20 to 1.21. (pull 5624)
- Bump spring-security-bom from 5.5.0 to 5.5.1. (pull 5598, Spring project spring-security 5.5.1 release notes)
New in Jenkins 2.302 Weekly (Jul 13, 2021)
- Optimize access control checks affecting (at least) Pipeline node steps. (pull 5586)
- Developer: The hudson.util.SubClassGenerator and experimental hudson.model.TreeView class have been removed without replacement. (pull 5566, pull 5603)
New in Jenkins 2.289.2 (Jul 6, 2021)
- Important security fixes. (security advisory):
- Winstone 5.18: Update Jetty from 9.4.39.v20210325 to 9.4.41.v20210516 for bug fixes and enhancements. (issue 65624, pull 5437, pull 5540, Winstone 5.17 changelog, Winstone 5.18 changelog, Jetty 9.4.40 changelog, Jetty 9.4.41 changelog)
- Update from xstream 1.4.16 to 1.4.17. (pull 5498, issue 65657, XStream 1.4.17)
- Prepare for form submission changes in future Firefox releases. Adapt form validation for all web browsers and form validation test automation for HtmlUnit based tests. (issue 65585, pull 5479, pull 5405)
- A race condition in class loading could result in a LinkageError. (issue 65766)
- Do not change fonts when build artifacts are as shown as a tree. (issue 65751)
- Jenkins redirects users to the previous page after login even if they were able to view it while not logged in (regression in 2.266). (issue 64991)
- Fix incorrect process termination issues when running on macOS. (issue 65195)
- Add check to prevent out of bounds memory access error on macOS. (issue 64347)
New in Jenkins 2.301 Weekly (Jul 6, 2021)
- Fix a regression in 2.298 where some plugins (including Azure Storage) could not correctly parse streaming XML output. (pull 5604)
- The Jenkins process management functionality now supports FreeBSD. (pull 5563)
- Bump jenkins from 1.64 to 1.65. (pull 5594)
- Winstone 5.19: Update Jetty from 9.4.41.v20210516 to Jetty 9.4.42.v20210604. (pull 5589, Winstone 5.19 changelog, Jetty 9.4.42 changelog)
New in Jenkins 2.299 Weekly (Jun 22, 2021)
- Update stapler from 1539.v2f05ce93882d to 1563.v3da2d02f9572. (pull 5549, Stapler 1539.v2f05ce93882d changelog, Stapler 1563.v3da2d02f9572 changelog)
- Developer: InterceptingExecutorService and its subclasses no longer extend com.google.common.util.concurrent.ForwardingExecutorService or com.google.common.collect.ForwardingObject. (pull 5565)
- Remove jna-posix dependency from Jenkins core. Plugins that use jna-posix functionality must be migrated from jna-posix to jnr-posix. (pull 5560, Maven Repository Scheduled Cleanup plugin, SICCI for Xcode plugin, java.io.tmpdir cleaner plugin)
New in Jenkins 2.298 Weekly (Jun 15, 2021)
- Document REST methods to mark an (agent) node temporarily offline and related tasks. (pull 5556)
- Add X-Frame-Options header to AJAX responses. (pull 5555)
New in Jenkins 2.297 Weekly (Jun 8, 2021)
- A race condition in class loading could result in a LinkageError. (issue 65766)
- Do not change fonts when artifacts are as shown as a tree. (issue 65751)
- Bump sshd-core from 2.5.1 to 2.7.0 in Jenkins CLI. (pull 5547)
- Developer: Remove commons-digester wrapper from core and the dependencies entries as well. (pull 5320)
New in Jenkins 2.296 Weekly (Jun 2, 2021)
- Fix regressions in forms submissions from unwanted form validation in any browser (regression in 2.289). (issue 65585)
- Recommend running on Java 11. (issue 65577)
- Change the word 'number' to 'integer' in the error message of the number field. (pull 5538)
- Show implied plugin dependencies or a count of dependencies for plugins split from core. (pull 5472)
- Bump spring-security-bom from 5.4.6 to 5.5.0. (pull 5505, Spring project spring-security 5.5.0 release notes)
- Winstone 5.18: Update Jetty from 9.4.40.v20210413 to 9.4.41.v20210516 for bug fixes and enhancements. (pull 5540, Winstone 5.18 changelog, Jetty 9.4.41 changelog)
- A specific and rarely encountered internal error now again correctly shows details about the cause (regression in 2.292). (pull 5537)
- Improve contrast for the checkbox in the login page. (pull 5536)
- Jenkins redirects users to the previous page after login even if they were able to view it while not logged in (regression in 2.266). (issue 64991)
- Developer: View is now a DescriptorByNameOwner allowing its use as AncestorInPath. (pull 5533)
- Developer: Plugins that rely on the hudson.model.Queue$Item#id or hudson.model.AbstractProject#triggers fields must be updated to call the corresponding getters. (pull 5526, Vertx plugin, Slave Prerequisites plugin)
- Developer: Remove JTidy dependency from Jenkins core. Plugins that use JTidy functionality must be updated to explicitly declare a dependency on JTidy rather than relying on Jenkins core to provide this library. (pull 5521, NIS notification lamp plugin)
- Internal: Remove partial (~6% complete) Arabic and Portuguese translations (pull 5518)
- Internal: Upgrade from Remoting 4.8 to Remoting 4.9 with bugfixes and dependency updates. (pull 5539, Remoting 4.9 changelog)
New in Jenkins 2.293 Weekly (May 12, 2021)
- Allow builds to complete when using fingerprints to track items associated with the build. Fix a regression where fingerprint facets were not removable (regression in 2.292). (issue 65611)
New in Jenkins 2.292 Weekly (May 11, 2021)
- Display Pipeline builds among user build history and remove incorrect warning about view build history.
- Stop bundling the External Monitor Job Type, LDAP, and PAM Authentication lugins. Jenkins will no longer automatically install the External Monitor Job Type, LDAP, or PAM Authentication plugins on startup if a plugin depending on Jenkins (then Hudson) 1.467 or earlier is discovered. If you use such a plugin that also relies on the functionality provided by the External Monitor Job Type, LDAP, or PAM Authentication plugin and manage plugins outside Jenkins' plugin manager, you will now need to ensure that a recent release of the External Monitor Job Type, LDAP, or PAM Authentication plugin is installed. Jenkins will attempt to load such plugins but may fail at any time during startup or afterwards with ClassNotFoundException or similar. (pull 5445, External Monitor Job Type plugin, LDAP plugin, PAM Authentication plugin)
- Improve build status progress animation
New in Jenkins 2.277.4 (May 5, 2021)
- Fix disabled dropdown items to appear disabled (regression in 2.277.1). (issue 65021)
- Fix load statistics graph links to include correct graph duration (regression in 2.277.1). (issue 65336)
- Honor the current folder when creating new views with the "New View" link. (issue 56934)
- Upgrade from xstream 1.4.15 to 1.4.16. (pull 5360, issue 65281, XStream 1.4.16)
New in Jenkins 2.291 Weekly (May 4, 2021)
- Remove JEP-200 compatibility workarounds for releases published before February 2018 of the following plugins: Maven Integration, Job DSL, Monitoring, Git Client, Pipeline: Supporting APIs, OWASP Dependency-Check. (pull 5454, Plugin versions with a fix, JEP-200)
- Improve performance for standard input of the Jenkins CLI, for example with the `install-plugin` command. (issue 64294)
- Wrap the build name in the build results list if it is too long. (issue 65190)
- Stop sending HTTP response headers related to the remoting-based CLI
New in Jenkins 2.290 Weekly (Apr 29, 2021)
- Winstone 5.17: Update Jetty from 9.4.39.v20210325 to 9.4.40.v20210413 for bug fixes and enhancements. (pull 5437, Winstone 5.17 changelog, Jetty 9.4.40 changelog)
- Fix an issue archiving files greater than 4 GiB in size when creating ZIP64 archives.
New in Jenkins 2.277.3 (Apr 21, 2021)
- Important security fix. (security advisory)
- Winstone 5.16: Update Jetty from 9.4.38.v20210224 to 9.4.39.v20210325 for bug fixes and enhancements. (pull 5380, Winstone 5.16 changelog, Jetty 9.4.39.v20210325 changelog)
New in Jenkins 2.289 Weekly (Apr 20, 2021)
- Ensure that file parameters correctly overwrite previous files (regression in 2.278). (issue 65327)
- Stop using deprecated untrusted submit events on modern browsers for compatibility with future Firefox releases. (issue 53462)
- Improve UI of slow trigger administrative monitor. (pull 5424)
- Improve performance when creating or deleting nodes by reducing queue-lock contention. (issue 65308)
- Bump spring-security-bom from 5.4.5 to 5.4.6. (pull 5413, Spring project spring-security 5.4.6 release notes)
- Update Japanese translations for login screen. (pull 5410)
New in Jenkins 2.288 Weekly (Apr 14, 2021)
- Reduce task queue lock contention when creating or deleting nodes. (issue 65308)
- Simplify icon for unstable builds (use an exclamation mark). (pull 5392)
- Fix load statistics graph links to include correct graph duration (regression in 2.264). (issue 65336)
- Honor the current folder when creating new views with the "New View" link. (issue 56934)
- Add Turkish translations for new login form. (pull 5387)
- Developer: Remove unnecessary bundled handlebars asset. There is no expected impact on plugins depending on handlebars. (pull 5385)
- Developer: Restore support for Jelly debugging with stapler.jelly.trace. (issue 65288)
- Internal: Update Stapler from 1.262.1 to 1.263 to use latest Apache commons-beanutils. Update Apache commons-beanutils from 1.9.3 to 1.9.4.
New in Jenkins 2.287 Weekly (Apr 8, 2021)
- Security fixes. (security advisory)
- Security hardening against some CSRF attacks. (related LTS upgrade guide entry)
New in Jenkins 2.277.2 (Apr 7, 2021)
- What's new:
- Security fixes. (security advisory)
- Fix help buttons in the draggable section (regression in 2.277.1). (issue 64972)
- Security hardening against some CSRF attacks. (related upgrade guide entry)
- Fix NoClassDefFoundError exception while executing ProcessTree.get(). (issue 62006)
- Prevent Jenkins queue deadlock when cancelling tasks under certain conditions. (issue 64931)
- Reduce logging of renamed API endpoint. (issue 65186)
New in Jenkins 2.284 Weekly (Mar 17, 2021)
- Gear, clipboard, and user icons are transparent again (regression in 2.283). (pull 5354)
- Stop bundling the Ant and Javadoc plugins. Jenkins will no longer automatically install the Ant and Javadoc plugins on startup if a plugin depending on Jenkins (then Hudson) 1.430 or earlier is discovered. If you use such a plugin that also relies on the functionality provided by the Ant or Javadoc plugin (e.g., the RAD Builder and manage plugins outside the Jenkins plugin manager, you will now need to ensure that a recent release of the Ant or Javadoc plugin is installed. Jenkins will attempt to load such plugins but may fail at any time during startup or afterwards with ClassNotFoundException or similar. (pull 5338, Ant plugin, Javadoc plugin, RAD Builder plugin)
- Update Jenkins CLI to SSHD Core from 1.7.0 to 2.6.0. (pull 5206)
- Add Japanese translations for Dashboard, Views, Rename. (pull 5350)
New in Jenkins 2.277.1 (Mar 11, 2021)
- Important security fix. This vulnerability does not exist in any Jenkins LTS release. It was discovered in a weekly release and fixed in a weekly release without being part of an LTS release. (security advisory, Spring Security 5.4.4 release notes, Spring Security 5.4.3 release notes)
- Show available plugin updates by reloading update center data on upgrade/downgrade. (issue 41727)
- Fix Internet Explorer 11 rendering of the Available plugins tab (regression in 2.270). (issue 64805)
- Include 'plugin-id' and 'plugin-version' data attributes in the Available plugins tab (regression in 2.270). (issue 64775)
- Fix plugin search over multiple update sites (regression in 2.270). (issue 64840)
- Restore, as deprecated, the old constructor based on acegisecurity Authentication parameter in order to keep backward compatibility. (issue 64746, pull 5216, Spring Security 5.4.2 release notes)
New in Jenkins 2.283 Weekly (Mar 9, 2021)
- Fix help buttons in the draggable section (regression in 2.264). (issue 64972)
- Prevent Jenkins queue deadlock when cancelling tasks under certain conditions. (issue 64931)
- Do not render full error responses in case of internal errors when validating fields in configuration forms. (issue 65017)
- Lower verbosity of a Queue.save() error message. (pull 5326)
- Add indicator for security-related entries in the global administrative monitors configuration. (pull 5078)
- Add Japanese translations for New Job screen. (pull 5334)
New in Jenkins 2.282 Weekly (Mar 3, 2021)
- Update Eclipse Jetty from 9.4.35.v20201120 to 9.4.38.v20210224 for bug fixes and enhancements. (pull 5317, Jetty 9.4.38 changelog, Jetty 9.4.37 changelog, Jetty 9.4.36 changelog)
- SSHD module is no longer bundled in Jenkins core. Provide SSHD as a plugin. (issue 55582, issue 64107, pull 5049, SSHD module repository)
- Do not force plugin upgrades of recently detached plugins. (pull 5311)
- Upgrade from Remoting 4.6 to Remoting 4.7 with bugfixes and dependency updates. (pull 5292, Remoting 4.7 changelog)
- Remove the hardcoded JKS key store so that other key stores can be used, like BCFKS from the FIPS version of Bouncy Castle. (pull 5266)
- Improve reconnection behavior for inbound TCP agents. (issue 64510)
- Internal: Ensure that Jenkins#setViews() updates the configuration only when all views are successfully set. (pull 5301)
New in Jenkins 2.281 Weekly (Feb 24, 2021)
- Improve button focus states. (pull 5291)
- Remove some workarounds for IE < 11. (pull 5280)
- Developer: Revert symbol-annotation bump (regression in 2.280). (pull 5293)
- Developer: Relax ParameterDefinition and subclass constructor signatures to allow optional attributes like description to be defined in setters. (pull 5275)
New in Jenkins 2.280 Weekly (Feb 16, 2021)
- Fix plugin search over multiple update sites (regression in 2.270). (issue 64840)
- Update JNA from 5.6.0 to 5.7.0. (pull 5273, JNA 5.7.0 changelog)
- Provide new translations for Polish language. (pull 5271)
New in Jenkins 2.263.4 (Feb 10, 2021)
- Improve performance in fingerprint file creation. (issue 64670)
- Use the correct freestyle font-size for descriptions. (issue 64332)
- Don't tell user's to signup when signup is not available. (issue 64426)
New in Jenkins 2.279 Weekly (Feb 10, 2021)
- Fix Internet Explorer 11 rendering of the Available plugins tab (regression in 2.270). (issue 64805)
- Include 'plugin-id' and 'plugin-version' data attributes in the Available plugins tab (regression in 2.270). (issue 64775)
New in Jenkins 2.278 Weekly (Feb 2, 2021)
- Use an updated version of the Commons FileUpload library 1.4 without custom patches. (pull 5174, issue 64650, Apache Commons FileUpload project)
- Library dependency updates: reflections, javassist, annotation-indexer, commons-compress, bridge-method-annotation, bridge-method-injector, access-modifier-annotation, jaxen. (pull 5197, pull 5204, pull 5208, pull 5209, pull 5210, pull 5228, pull 5231, pull 5232)
- Restore, as deprecated, the old constructor based on acegisecurity Authentication parameter in order to keep backward compatibility. (issue 64746)
New in Jenkins 2.277 Weekly (Jan 27, 2021)
- Community reported issues: 4×JENKINS-64555:
- Use a more accessible color palette in configuration form tabs. (pull 5176)
- Improve fingerprint save performance. (pull 5190, pull 5198, issue 64670)
- Fix drag & drop for form changes (regression in 2.264). (issue 64291)
- Fix server-side form validation that broke client-side form validation (regression in 2.270). (issue 64429)
New in Jenkins 2.263.3 (Jan 25, 2021)
- Provide a default implementation of the "all files in zip" download link. This is especially important for external storage plugin (regression in 2.263.2). (issue 64655)
- Fix the file handle leak inside DirectoryBrowserSupport (regression in 2.263.2). (pull 5188, issue 64632, SECURITY-1452)
- Include root folder in downloaded zip files (regression in 2.263.2). Resolve an additional related zip archive root folder issue. (pull 5187, issue 64621, issue 61473, SECURITY-1452)
New in Jenkins 2.276 Weekly (Jan 21, 2021)
- Provide a default implementation of the "all files in zip" download link. This is especially important for external storage plugin (regression in 2.275). (issue 64655)
- Fix the file handle leak inside DirectoryBrowserSupport. Regression in 2.275. (pull 5188, issue 64632, SECURITY-1452)
- Include root folder in downloaded zip files. Regression in 2.275. Resolve an additional related zip archive root folder issue. (pull 5187, issue 64621, issue 61473, SECURITY-1452)
- Allow job descriptions to be copied without zero-width spaces. (issue 28022)
- Update spring-security from 5.4.1 to 5.4.2. (pull 5166, Spring project spring-security 5.4.2 release notes)
- Update commons-codec from 1.14 to 1.15. (pull 5165, Apache commons-codec 1.15 release notes)
- Add a system property jenkins.agent.inboundUrl to provide an alternate URL for inbound TCP agents. (issue 63222)
- Restricted methods FilePath#zip(OutputStream, DirScanner, String, boolean) and VirtualFile#zip(OutputStream, String, String, boolean, boolean) have a new parameter String prefix. (pull 5187, issue 64621, issue 61473)
New in Jenkins 2.275 Weekly (Jan 14, 2021)
- Important security fixes. (security advisory)
- Security hardening related to XML processing using Digester2. (related LTS upgrade guide entry)
- Security hardening related to form validation responses. (related LTS upgrade guide entry)
- Security hardening restricting label names. (related upgrade guide entry)
New in Jenkins 2.263.2 (Jan 13, 2021)
- Important security fixes. (security advisory)
- Help text now expands in behaviours for GitHub organization folders (regression in 2.244). (issue 64373)
- Security hardening related to XML processing using Digester2. (related upgrade guide entry)
- Security hardening related to form validation responses. (related upgrade guide entry)
- Security hardening restricting label names. (related upgrade guide entry)
- Populate select fields with default values (regression in 2.244). (issue 64071, issue 64125, pull 5081)
- Wrong unicode codes in Spanish translation and small improvements. (issue 64330)
- Internal: Updated Node version to latest LTS (14.15.1). (pull 5087)
New in Jenkins 2.274 Weekly (Jan 6, 2021)
- Reduce lock contention around jenkins queue. (issue 58101)
- Prevent user input of 'e' or 'E' as 'positive-number', 'non-negative-number', or 'number'. (issue 64439)
- Update jnr-posix library from 3.0.45 to 3.1.4. (pull 5129, Commits from jnr-posix 3.0.45 to 3.1.4)
- Update Java native access (jna) library from 5.3.1 to 5.6.0 for most recent platform library fixes and enhancements.
New in Jenkins 2.272 Weekly (Dec 22, 2020)
- Prevent NullPointerException in Plugin Manager when using an update center without support for plugin categories (regression in 2.270). (issue 64445)
- Fix race condition on authentication filters registration. (issue 64465)
- Dropped support for deprecated system properties: hudson.model.Hudson.logStartupPerformance, hudson.model.Hudson.initLogLevel, hudson.model.Hudson.parallelLoad, hudson.model.Hudson.killAfterLoad and hudson.model.Hudson.workspaceDirName. Please use jenkins.model.Jenkins.-prefixed SystemProperties. (pull 4962)
- Remove support for queue.txt format (replaced by XML in 2009). (pull 5123)
- Update Eclipse Jetty from 9.4.33.v20201020 to 9.4.35.v20201120 for bug fixes and enhancements. (pull 5122, Winstone 5.13 changelog, Jetty 9.4.34 changelog, Jetty 9.4.35 changelog)
- Removed administrative monitor offering to migrate $JENKINS_HOME on a ZFS filesystem. (pull 5047)
- Update the bundled XStream library from 1.4.14 to 1.4.15. (pull 5115, XStream 1.4.15 changelog)
New in Jenkins 2.271 Weekly (Dec 15, 2020)
- Stop bundling CVS plugin. Jenkins will no longer automatically install CVS plugin on startup if a plugin depending on Jenkins (then Hudson) 1.340 or earlier is discovered. If you use a plugin that relies on the functionality provided by CVS plugin and manage plugins outside the Jenkins plugin manager, you will now need to ensure yourself that a recent release of CVS plugin is installed. Jenkins will attempt to load such plugins but may fail at any time during startup or afterwards with ClassNotFoundException or similar. (pull 5102)
- Don't tell users to signup if they can't. (issue 64426)
- Correct Freestyle font-size for descriptions. (issue 64332)
- FieldUtils now silently fails to set public final fields again. (issue 64390)
- The page variable divBasedFormLayout is globally available, not only within . (issue 64403)
- Remove unused jquery dependencies. (pull 5107)
New in Jenkins 2.263.1 (Dec 3, 2020)
- Fix hidden page elements from radio blocks showing up when they should not. (pull 5046, issue 64040, issue 64136)
- Fix file handle leak when viewing corrupted build logs. Upgrade Stapler from 1.260 to 1.261. (pull 5038, Stapler 1.261 changelog)
- Prevent the Build History Widget from crashing when users have Discover permissions without Read for folders. (issue 63868)
- Winstone 5.12: Update Jetty from 9.4.30.v20200611 to 9.4.33.v20201020. Introduce LowResourceMonitor from Jetty by upgrading to Winstone 5.12. (issue 64035, pull 5034, pull 4975, Winstone 5.12 changelog, Jetty 9.4.31.v20200723 changelog, Jetty 9.4.32.v20200930 changelog, Jetty 9.4.33.v20201020 changelog)
- Improve performance of authorisation strategies when the authentication realm is case insensitive. (issue 64039)
New in Jenkins 2.269 Weekly (Dec 1, 2020)
- Populate select fields with default values even when pre-populated select tags are used (regression in 2.244). (pull 5081, issue 64071, issue 64125)
- Reduce page load time by loading the administrative monitors popup on demand. Allow keyboard navigation even when there are active administrative monitors. (pull 5063)
- Improve pipeline startup performance with faster comparison method. Add equals and hashCode to ParameterDefinition implementations. Equals works strictly for the same classes to preventing issues with extended classes. (pull 5014)
- Remove an unused FileSystemProvisioner framework. (pull 5048)
- Developer: Update Node.js version to latest LTS (14.15.1). (pull 5087)
- Internal: iconset library inlined into Jenkins core, developers using this should remove the dependency. (pull 5072)
- Internal: Remove JOnAS application server support. (pull 5076)
New in Jenkins 2.268 Weekly (Nov 24, 2020)
- Fix drag and drop with environment filter (regression in 2.264). (issue 64252)
- Update the bundled XStream library from 1.4.13 to 1.4.14. (pull 5074, XStream 1.4.14 changelog)
New in Jenkins 2.267 Weekly (Nov 17, 2020)
- Add the ability to specify a reason for quieting down Jenkins ("Prepare for shutdown"). (issue 1877)
- Show security and non-security notifications in separate categories with their associated icons. (issue 63977)
New in Jenkins 2.266 Weekly (Nov 10, 2020)
- Fix hidden page elements from radio blocks appearing when they should not. (issue 64040)
- Upgrade from Remoting 4.5 to Remoting 4.6 with bugfixes and dependency updates. (pull 5043, Remoting 4.6 changelog)
- Make the Maven Configuration of Global Tools compatible with configuration as code plugin. (issue 62446)
- Minor English cleanup for resource root URL setting. (issue 41891)
- Developer: Jenkins now uses an updated version of the XStream serialization library without custom patches. (pull 4944, JEP-227, Spring and XStream updates (breaking changes!) blog post)
- Developer: Jenkins now uses Spring Security rather than its predecessor, Acegi Security. Other bundled Spring libraries are also updated. (pull 4948, JEP-228, Spring and XStream updates (breaking changes!) blog post)
- Developer: Upgrade jQuery from 2.1.4 to 3.5.1. (pull 4929, jQuery older release notes (3.1.1, 3.2.1, 3.3.0, 3.3.1, 3.4.0, 3.4.1), jQuery 3.5.0 release notes, jQuery 3.5.1 release notes)
- Developer: Remove the deprecated zeroclipboard UI component and the unused dependency on ZeroClipboard. (pull 5042)
- Developer: Remove obsolete support for live class reloading with JRebel. (issue 64037)
- Internal: Modernize the hashing function of ConsistentHash. (issue 60563)
New in Jenkins 2.249.3 (Nov 4, 2020)
- Fix extensions footer location (regression in 2.235.1). (pull 4949, pull 5001, issue 63798)
- Show display names in change list again (regression in 2.249.1). (issue 63712)
- Prevent radio buttons from moving when they are clicked. (issue 63332)
New in Jenkins 2.265 Weekly (Nov 3, 2020)
- Improve performance of authorisation strategies when the authentication realm is case insensitive. (issue 64039)
- French translation for the token paragraph in user configuration and the root breadcrumb ("Dashboard"). (pull 5009)
- Fix file handle leak when viewing corrupted build logs. (issue 62985)
- Fix redirects when renaming jobs with spaces or non-latin characters. (issue 63899)
- Developer: Deprecate UnbufferedBase64InputStream. (pull 5039)
- Developer: Added better parsing overloads to XMLUtils. (pull 5026)
- Internal: Remove inline resources for LoadStatistics. (issue 60866)
- Internal: Correct the scope of the restriction on TokenUuidAndPlainValue. (pull 5041)
New in Jenkins 2.264 Weekly (Oct 27, 2020)
- Change Jenkins configuration UI from tables to divs for layout in forms. (issue 56109)
- Winstone 5.12: Update Jetty from 9.4.30.v20200611 to 9.4.33.v20201020. (issue 64035, Winstone 5.12 changelog, Jetty 9.4.31.v20200723 changelog, Jetty 9.4.32.v20200930 changelog, Jetty 9.4.33.v20201020 changelog)
- Cleanup "esclave" references and fix terminology for jobs in the French localization. (pull 4985)
- Change the standard URL for obtaining the Inbound Agent configuration file from ${agent_url}/slave-agent.jnlp to ${agent_url}/jenkins-agent.jnlp". The old name is obsolete and will be removed at a future time. (issue 35452)
- Prevent the Build History Widget from crashing when users have Discover permissions without Read for folders. (issue 63868)
New in Jenkins 2.262 Weekly (Oct 15, 2020)
- Stop showing JavaScript in the footer (regression in 2.261). (issue 63798)
- Restore reporting of ClassNotFoundException stacktraces in AntClassLoader and ClassicPluginStrategy due to the regressions for some agent types (regression in 2.261). (issue 63937)
- Developer: Update ArtifactArchiver to no longer consult with environment variables injected by EnvironmentContributingAction added during the build, including ArtifactManager ones. (pull 4933)
New in Jenkins 2.261 Weekly (Oct 13, 2020)
- Fix docker build agent provisioning (regression in 2.259-260). (issue 63828)
- Fix extensions footer location (regression in 2.230). (issue 63798)
- Introduce LowResourceMonitor from Jetty by upgrading to Winstone 5.11. Bump jetty.version from 9.4.30.v20200611 to 9.4.32.v20200930. (pull 4975, Winstone 5.11 changelog, Jetty 9.4.31.v20200723 changelog, Jetty 9.4.32.v20200930 changelog)
- Update SSHD module from 2.6 to 2.7 which allows configuring disabled key exchange and MAC algorithms through system properties, removing deprecated algorithms by default. (pull 4951)
- Reduce memory consumption when loading classes from plugins. (pull 4957)
- Do not render parts of a serialized ConsoleNote in truncated log output. (pull 4905)
- Replace "slave" reference with "agent" in Traditional Chinese translation. (issue 62347)
- Use 'Agent to controller' to describe agent access control system rather than 'agent to master'. (issue 63905)
- Hide description panel in sidebar if historyWidget.descriptionLimit is 0. (pull 4978)
- Developer: Pluggable Artifact Storage: Make the VirtualFile API generally available to plugin developers. (pull 4974, JEP-202)
- Developer: Allow omitting ClassNotFoundException in AntClassLoader and ClassicPluginStrategy. (pull 4957)
- Internal: Update slf4j-api from 1.7.26 -> 1.7.30, (pull 4988, SLF4J changelog)
- Internal: Update parent pom. Updates various maven plugins and developer tools. (pull 4982, Parent pom 1.58 changelog)
New in Jenkins 2.249.2 (Oct 8, 2020)
- Fix migration of status filter when coming from an older version of Jenkins (regression in 2.249.1). (issue 62661)
- Make alert colors consistent with 'Manage Jenkins' alert colors. (issue 63330)
- Avoid warning on logs about Anonymous Class in hudson.FilePath. (issue 63563)
- Fix NullPointerException pollution on logs if PluginDeprecationMonitor is enabled and some conditions are met. (issue 63562)
- Developer: Make unavailable plugin background themeable. (issue 63331)
New in Jenkins 2.260 Weekly (Oct 6, 2020)
- Fix docker build agent provisioning (regression in 2.259). (issue 63828)
- Improve the scripting capacity related to the API Token system. Provide a way to configure a fixed/default API Token for admin during installation phase. (issue 57484)
- Allow users with the Jenkins.MANAGE permission to restart and safe restart Jenkins. (issue 63795)
- Disable autocomplete of username on login form. (pull 4952)
- Internal: Update bundled version of Apache Ant from 1.10.8 to 1.10.9. (pull 4958)
New in Jenkins 2.259 Weekly (Sep 30, 2020)
- Show display names in change list again (regression in 2.243). (issue 63712)
- Update the bundled version of Script Security Plugin from 1.73 to 1.75. (pull 4947)
- Update the bundled version of Display URL API plugin from 2.0 to 2.3.1. (pull 4948)
- Developer: Cloud implementations are given more context about ongoing planned nodes. Add CloudState to be passed to Cloud#provision and Cloud#canProvision methods. (pull 4922)
- Developer: Provide WebAppMain#getDefaultRingBufferSize method for use by telemetry. (issue 50669)
- Developer: Improve the combobox component to support default value and readonly mode. (pull 4939)
New in Jenkins 2.258 Weekly (Sep 22, 2020)
- Migrate the view status filter from views in previous Jenkins releases (regression in 2.240). (issue 62661)
- Improve the layout and clarity of the page displayed when jobs are not yet created. (issue 63592)
- Update the bundled Mailer plugin from 1.21 to 1.32.1. (pull 4938)
- Prevent radio buttons from moving when they are clicked. (issue 63332)
- Developer: A SimpleBuildStep or SimpleBuildWrapper can now choose not to require a workspace context (working directory and launcher). (issue 46175)
- Developer: PluginServletFilter is now final, making it impossible for plugins to mistakenly define their own. (issue 63682
New in Jenkins 2.257 Weekly (Sep 22, 2020)
- Name the first breadcrumb "Dashboard" for clarity. (issue 60972)
- Developer: Remove test environments more consistently. (issue 43889)
- Developer: New static utility method Result#combine(Result,Result) to get the worst of two (nullable) build results. (issue 43889
New in Jenkins 2.256 Weekly (Sep 22, 2020)
- Avoid warning on logs about Anonymous Class in hudson.FilePath. (issue 63563)
New in Jenkins 2.249.1 (Sep 10, 2020)
- Important security fixes from Jenkins 2.252 and 2.235.4. (security advisory)
- Stop pre-formatting agent logs to prevent deadlocks (regression in 2.231). (issue 63458)
- Fix button that copies API token to clipboard (regression in 2.238). (issue 63274)
- Restore wrapping tabs into multiple lines instead of overflowing (regression in 2.248). (issue 63180)
- Normalize widget colors to be consistent with the new color palette. (Fixes bread crumbs flash in Dark Theme)
- Empty installed plugins table text is readable again (regression in 2.249). (issue 63276)
- Show build time data in the Build Time Trend Page (regression in 2.245). (issue 63232)
- Replace text references to slave with agent in Japanese documentation and messages. (issue 63166)
- Fix backspace key sometimes did not delete text from the Script Console on a Mac (regression in 2.248). (issue 63342)
- Fix regular expression validator UI location (regression in 2.244). (issue 63308)
- Prevent concurrent build deletion. (issue 61687)
New in Jenkins 2.249 (Sep 10, 2020)
- Release 'alpha' dark theme. (issue 60924, pull 4752, issue 62515, pull 4763, pull 4772, pull 4814, pull 4842, pull 4843, Dark Theme repository, Introducing the Jenkins Dark Theme)
- Stop supporting .NET Framework 2.0 for launching Jenkins server and agents as a Windows service. .NET Framework 4.0 or above is now required. (announcement, upgrade guidelines, issue 60005, issue 61862, Windows support policy)
- Update Windows Service Wrapper (WinSW) from 2.3.0 executable for .NET Framework 2.0 to 2.9.0 for .NET Framework 4.0. Includes numerous improvements and bugfixes. Most notably, the service installer will now ask for permission elevation if the required. (changes summary, full WinSW changelog, Windows Agent Installer 2.0 changelog)
- Show in plugin manager when newer releases of plugins exist but aren't being offered due to unsatisfied requirements. Show warnings for deprecated plugins in the update manager and administrative monitors. (pull 4073, issue 59136, pull 4742, issue 62332)
- Provide a more modern look and feel for the Jenkins UI. (issue 62698, pull 4808, issue 61973, pull 4700, issue 62750, pull 4816, issue 56109, pull 4820, issue 63002, pull 4835, Configuration UI Accessibility: Tables to Divs migration, pull 4782, issue 4767, issue 62175)
- Remove page generation timestamp from the footer. (issue 61806)
- Allow users with Overall/Manage permission to configure Node Monitoring and to reload configuration from disk. (issue 62264, pull 4724, issue 61458, pull 4728)
- Add system read support for 'Node Monitoring Configuration', configuring clouds, viewing agent configuration, system information, and logs. (issue 61206)
- Support Bearer tokens in Jenkins-CLI -auth parameter. (pull 4673)
- Security hardening: Always round-trip password form control values in an encrypted form, even if not backed by an encrypted Secret field. In case of problems, this can be disabled by setting the system property hudson.util.Secret.AUTO_ENCRYPT_PASSWORD_CONTROL to false on startup. (issue 61808)
- Security hardening: Always use a placeholder value for password form control values in item related configuration forms when the user is missing Item/Configure permission, even if not backed by an encrypted Secret field. In case of problems, this can be disabled by setting the system property hudson.util.Secret.BLANK_NONSECRET_PASSWORD_FIELDS_WITHOUT_ITEM_CONFIGURE to false. (issue 61808)
- Fix the default domain name in Windows service serviceaccount configurations. (issue 12660, Windows Service Wrapper 2.7.0 changelog)
- Update Winstone from 5.9 to 5.10. Update Jetty from 9.4.27.v20200227 to 9.4.30.v20200611. Add --httpsRedirectHttp option that activates automatic HTTP request redirects to HTTPs. (pull 4811, 9.4.28.v20200408 changelog, 9.4.29.v20200521 changelog, 9.4.30.v20200611 changelog)
- Fix --httpKeepAliveTimeout option which had no effect (regression in 2.224). (issue 61823)
- Update Stapler from 1.259 to 1.260. (issue 61438, pull 4813, Stapler 1.260 changelog)
- Add the ability to filter out environment variables for Shell and Windows batch build steps. (issue 62014)
- Fix IllegalArgumentException: Method not found error caused by misbehaviour in Util.isOverridden() (regression in 2.241). (issue 62723)
- Remove the fallback Jenkins URL from the JNLP launch file so that WebSocket agents can be connected over Java Web Start. (issue 63014)
- Allow fingerprint storage engine to be selected from the configuration page. Add new external fingerprint storage API methods. (pull 4834, issue 62345, pull 4731, JEP-226, Fingerprint API Javadoc, Redis reference implementation)
- Developer: Add alert-success banner. (issue 62747)
- Developer: Add new extension points to define build step environment filters (currently in beta). (issue 62014)
- Internal: Upgrade to Remoting 4.5. This switches agent.jar and remoting.jar to a code-signing certificate owned by the CDF. (pull 4832, Remoting 4.4 changelog, Remoting 4.5 changelog)
New in Jenkins 2.255 Weekly (Sep 1, 2020)
- Developer: Ignore flaky UpdateCenter2Test.install test. (pull 4916).
New in Jenkins 2.254 Weekly (Aug 25, 2020)
- Stop pre-formatting agent logs to prevent deadlocks (regression in 2.231). (issue 63458)
- Graduate Overall/SystemRead permission to general availability (GA) status. (pull 4909, JEP-224)
- Set Cross-Origin-Opener-Policy to same-origin. (pull 4910)
- Avoid losing work in progress by using a new browser tab to open the plugin link in a configuration screen’s inline help. (issue 63429)
- Developer: Remove the unused description attribute from f:dropdownList. (issue 63220)
New in Jenkins 2.253 Weekly (Aug 18, 2020)
- Major update of the Alpine-based Jenkins Docker image. Jenkins Docker image for Alpine now uses Alpine 3.12 and AdoptOpenJDK 8u262. (LTS upgrade guide)
- Fix button that copies API token to clipboard (regression in 2.238). (issue 63274)
- Fix a deadlock in agent logging. (issue 63082)
- Fix Cmd + Enter not running the script in the Script Console on a Mac (regression in 2.248). (issue 63342)
- Fix backspace key sometimes did not delete text from the Script Console on a Mac (regression in 2.248). (issue 63342)
- Fix regular expression validator UI location. (issue 63308)
- Make alert colors consistent with 'Manage Jenkins' alert colors. (issue 63330)
- Add Japanese translations for user configuration screen. (pull 4904)
- Prevent concurrent build deletion. (issue 61687)
- Developer: Make unavailable plugin background themeable. (issue 63331)
- Developer: Expose fingerprint range set serialization methods for plugins. (pull 4888)
- Internal: Remove some text messages from Jenkins core which had already been moved to the LDAP and PAM Authentication plugins. Be sure to upgrade to LDAP 1.22 or newer and PAM Authentication 1.5 or newer. (pull 4866)
- Internal: Remove deprecated and unused ProcessTreeKiller class. (pull 4874)
- Internal: Exclude JUnit and Hamcrest libraries from the jenkins.war bundle. (issue 63269)
New in Jenkins 2.235.5 (Aug 17, 2020)
- Important security fixes. (security advisory)
- Major update of the Alpine-based Jenkins Docker image. (upgrade guide)
New in Jenkins 2.252 Weekly (Aug 17, 2020)
- Important security fixes. (security advisory)
New in Jenkins 2.235.4 (Aug 14, 2020)
- Important security fixes. (security advisory)
- Use new 64 bit Windows installer with service account checks and port validation. Supports 64 bit Java 8 and 64 bit Java 11. (Announcement, Upgrade guide)
- Allow graceful shutdown when SCM triggers are configured. (issue 62695)
- Fix IllegalArgumentException: Method not found error caused by misbehaviour in Util.isOverridden() (regression in 2.241). (issue 62723)
New in Jenkins 2.252 Weekly (Aug 12, 2020)
- Important security fixes.
New in Jenkins 2.251 Weekly (Aug 4, 2020)
- Restore wrapping tabs into multiple lines instead of overflowing (regression in 2.248). (issue 63180)
- Show build time data in the Build Time Trend Page (regression in 2.245). (issue 63232)
- Normalize widget colors to be consistent with the new color palette. (Fixes bread crumbs flash in Dark Theme)
- Empty installed plugins table text is readable again (regression in 2.249). (issue 63276)
- Replace text references to slave with agent in Japanese documentation and messages. (issue 63166)
- Prevent JavaScript error when registering validators in some cases. (issue 42228)
- Do not block rendering of Manage Jenkins while waiting for update center data. (pull 4881)
- Developer: Allow migration of fingerprints from local storage to external storage. (issue 62757)
New in Jenkins 2.250 Weekly (Jul 29, 2020)
- The Windows MSI package has not been released yet due to an unexpected release infrastructure issue. As a workaround, please download jenkins.war manually and replace it in JENKINS_HOME.
- Internal: Fix UsageStatisticsTest failure in java.vendor vs. java.vm.vendor. (pull 4879)
New in Jenkins 2.235.2 (Jul 15, 2020)
- Important security fixes.
- Fix --httpKeepAliveTimeout option which had no effect (regression in 2.235.1).
- Fix buttons that linger too long after closing modal (regression in 2.233 and 2.235.1). (issue 62560)
New in Jenkins 2.244 Weekly (Jul 7, 2020)
- Clean up more workspace related directories, e.g. @libs from Pipeline libraries. (issue 41805)
- Update Italian localization. (pull 4810)
- Internal: JavaScript refactoring in preparation for form layout modernization. (issue 56109)
- Developer: Extend the DownloadService.Downloadable API to make it easier to work with default IDs. (issue 62572)
- Developer: Introduce an API to check ParameterDefinition validity. (issue 62889)
- Developer: Make WorkspaceList.COMBINATOR accessible to plugins. (issue 41805)
New in Jenkins 2.243 Weekly (Jun 30, 2020)
- Update the styles for the links on the management page. (pull 4782)
- Restyle and improve accessibility for the RSS feed bar. (issue 62750)
- Winstone 5.10: Add --httpsRedirectHttp option that activates automatic HTTP request redirects to HTTPs. (pull 4811)
- Winstone 5.10: Update Jetty from 9.4.27.v20200227 to 9.4.30.v20200611. (pull 4811, 9.4.28.v20200408 changelog, 9.4.29.v20200521 changelog, 9.4.30.v20200611 changelog)
- Winstone 5.10: Fix --httpKeepAliveTimeout option which had no effect (regression in 2.224). (issue 61823)
- Shutdown gracefully when SCM triggers are configured. (issue 62695)
- Developer: Allow f:repeatableHeteroProperty to pick up field attribute from enclosing f:entry. (pull 4807)
- Developer: Switch to id from fullName in User.toString(). (issue 62688)
- Developer: auto-completion for labels is now available via LabelExpression.autoComplete(). Deprecate hudson.model.AbstractProject.LabelValidator in favour of jenkins.model.labels.LabelValidator. but the old version also has a new checkItem() method to allow it to validate non-Project items. Deprecate hudson.model.AbstractProject.DescriptorImpl.validateLabelExpression() in favour of LabelExpression.validate() (which takes any kind of Item object instead of only AbstractProjects). Aggregates all warnings and errors reported by LabelValidator (old and new). (issue 26097)
New in Jenkins 2.235.1 (Jun 18, 2020)
- Make plugin manager work on Internet Explorer 11 again (regression in 2.231). (issue 62163)
- Prevent telemetry warnings about missing javax.annotation classes when running with Java 11 (regression in 2.231). (issue 61920)
- Fix a deadlock involving custom loggers during agent startup (regression in 2.231). (issue 62181)
- Prevent Old Data Monitor from failing plugin loading in the case of class field unmarshalling issues
New in Jenkins 2.241 Weekly (Jun 16, 2020)
- Restore colors on the Job configuration page, help page, and other controls (regression in 2.239). (pull 4781)
- Convert arrow icons from images to CSS. (issue 62496)
- Restyle side panel widgets to have a more modern look & feel. (issue 62175)
- Developer: Plugins can now more easily add support for using build steps in pipelines with access to the appropriate environment variables (such as from tools/environment blocks or steps like withEnv). The fingerprint and archiveArtifacts pipeline steps will no longer apply any environment substitution.
New in Jenkins 2.222.4 (May 29, 2020)
- Prevent a form validation "404 Not Found" error when the resource root URL configuration points at a previously configured resource root URL (regression in 2.222.1). (issue 62133)
- Upgrade to Remoting 4.2.1 to fix an issue with large payloads over WebSockets. Requires a matching agent.jar with remoting 4.2.1 or later. (issue 61409, pull 4601, pull 4596, Remoting 4.2.1 changelog, WebSockets blog post, JEP-222)
- Update Groovy Init hooks to run after all job configurations are adapted. (issue 61694)
- Fix spacing between error messages in Setup Wizard (regression in 2.222.1). (issue 61660)
- Fix input field hints for tools like the git plugin that search the PATH for their executable (regression in 2.222.1). (issue 61711)
- Remove grey bar below the textarea form elements for read only users. (issue 61284)
- Distinguish between defined (*****) and undefined (N/A) password on read-only configuration forms for users with Overall/SystemRead or Item/ExtendedRead permissions. (issue 61812)
- Users with extended read permission now get a more read-only looking UI. (issue 61202, pull 4479, issue 61321, pull 4541)
New in Jenkins 2.238 Weekly (May 25, 2020)
- Fix a deadlock involving custom loggers during agent startup (regression in 2.231). (issue 62181)
- Support Bearer tokens in Jenkins-CLI -auth parameter. (pull 4673)
- Add system read support for 'Node Monitoring Configuration' and configuring clouds. (issue 61206)
- Add Agent/ExtendedRead support for viewing agent configuration, system information, and logs. (issue 61206)
- Fix a thread safety issue in Computer#getLogDir. (pull 4730)
- Revamp the sidebar task list with improved aesthetics and accessibility. (issue 61973)
- Allow users with Overall/Manage permissions to reload configuration from disk. (issue 61458)
- Developer: Add support for the permissions attribute to task.jelly. (issue 61206)
- Developer: Add hasAnyPermissions API to Functions to allow it to be called by views. (issue 61206)
- Developer: Add non-deprecated Jenkins core library dependencies to the BOM. (pull 4702
New in Jenkins 2.237 Weekly (May 18, 2020)
- Prevent telemetry warnings about missing javax.annotation classes when running with Java 11 (regression in 2.231). (issue 61920)
- Prevent Old Data Monitor from failing plugin loading in the case of class field unmarshalling issues. (issue 62231)
- Ensure that UserLanguages telemetry initializer always runs after extensions are augmented. (issue 60118)
- Ensure that job/folder creation routines properly check the requested name for invalid characters. (issue 61956)
- Developer: Update Apache Ant from 1.10.7 to 1.10.8. (pull 4725)
- Developer: Update the JSTL API library from 1.2.1 to 1.2.7. (pull 4656, Changelog up to 1.2.5, Diff of 1.2.3 to 1.2.7, Diff of 1.2.1 to 1.2.3)
- Developer: Deprecate jenkins.model.Configuration in the Java API. (pull 4715)
New in Jenkins 2.236 Weekly (May 11, 2020)
- Make plugin manager work on Internet Explorer 11 again (regression in 2.231). (issue 62163)
- Security hardening: Always round-trip password form control values in an encrypted form, even if not backed by an encrypted Secret field. In case of problems, this can be disabled by setting the system property hudson.util.Secret.AUTO_ENCRYPT_PASSWORD_CONTROL to false on startup. (issue 61808)
- Security hardening: Always use a placeholder value for password form control values in item related configuration forms when the user is missing Item/Configure permission, even if not backed by an encrypted Secret field. In case of problems, this can be disabled by setting the system property hudson.util.Secret.BLANK_NONSECRET_PASSWORD_FIELDS_WITHOUT_ITEM_CONFIGURE to false. (issue 61808)
- Developer: Make the SystemProperties API available to plugins so that their properties could be managed by a standard engine. (pull 4707, Javadoc System Properties, Jenkins Features Controlled with System Properties)
New in Jenkins 2.235 Weekly (May 4, 2020)
- Prevent a form validation "404 Not Found" error when the resource root URL configuration points at a previously configured resource root URL (regression in 2.205). (issue 62133)
- Make Breadcrumbs displayed after notification alerts clickable again. (issue 62065)
- Allow system read to view more admin monitors. (issue 61208)
- Limit the number of exceptions thrown by some operations such as recursive directory deletion. Previously, in rare cases, exceptions thrown when failing to delete large directories could consume significant amounts of memory. (issue 61841)
- Indicate which component provides an URL that is always available without authentication in the global security configuration. (pull 4668)
- Fix a classloading issue while executing ProcessTree.get(). (issue 62006)
- Developer: Make it possible to look up extension implementations from more than one specific extension point at a time. (issue 62056)
- Developer: Add nogrid option to layout.jelly tag to allow suppressing the bootstrap 3 grid. See bootstrap4-api-plugin for details. (issue 61326)
- Developer: Update javax.mail to jakarta.mail 1.6.5. (pull 4660)
- Internal: Remove inline resources from ReverseProxySetupMonitor view. Add a specific warning when the Jenkins Root URL does not contain the contextPath. (issue 60866)
- Internal: Remove inline resources from LogRecorder views. Align the column headers of bigtables to the left (issue 60866)
New in Jenkins 2.234 Weekly (Apr 27, 2020)
- Fix sort order in "Available" tab of the plugin manager (regression in 2.233).
- Fix a regression where the dropdown of the autocomplete widget would not be rendered correctly (regression in 2.233).
- Restyle the help icon.
- Allow users with system read permission to view the system logs
- Reword "Continue as admin" button of the plugin setup wizard.
- The default number of executors for an agent created programmatically (or as-code) is now 1 rather than 2.
- Session hijacking protection hardening.
- Distinguish between defined (*****) and undefined (N/A) password on read-only configuration forms for users with Overall/SystemRead or Item/ExtendedRead permissions.
- Developer: Removed unused deprecated HudsonExceptionNote
New in Jenkins 2.232 Weekly (Apr 25, 2020)
- Allow linking to plugin manager URLs with pre-filled filter field. Link labels in the plugin manager to pre-filtered lists. (pull 4591)
- Add system read support to admin monitors. (issue 61208)
- Allow users with system read permission to view the global tool configuration. (pull 4519)
- Sort plugins by popularity on the "Available" plugin manager tab if the update site provides popularity data. (pull 4588)
- Restyle buttons. Add support for large buttons, hyperlinks styled as buttons and icon-only buttons. (issue 61840)
- Forward Groovy view permission errors to login. Some views showed an error screen instead of forwarding to the login form when necessary permissions were missing. (issue 61905)
New in Jenkins 2.232 Weekly (Apr 16, 2020)
- Fix input field hints for tools like the git plugin that search the PATH for their executable (regression in 2.205 and 2.222.1). (issue 61711)
- Internal: Remove inline resources from Job views. (issue 60866)
- Internal: Introduce a new Jenkins core maintainer guide. (pull 4472)
New in Jenkins 2.231 Weekly (Apr 14, 2020)
- Add section headers to context menu of Manage Jenkins. (pull 4586)
- Improve the view shown when there are no jobs. (pull 4633)
- Configuration as code plugin support for configuring user timezones. (pull 4557)
- By default suppress log message about a missing optional extension. (pull 4617)
- Don't show all available plugins by default; use search field to find plugins. (pull 4580)
- Allow use of multiple space-separated filter terms in plugin manager. (pull 4580)
- Allow users with system read permission to view the Manage Plugins configuration. (issue 61203)
- Add support for serving file parameter values from the resource root URL, if set. (pull 4614)
- Set httpOnly header on cookie for iconSize storage. (pull 4609)
- Fix spacing between error messages in Setup Wizard (regression in 2.217). (issue 61660)
- Ensure that log messages are not missing numeric parameters when log entries are created on an agent. In particular, fix logs collected by the Support Core plugin. (pull 4621)
- Ensure that encoded console annotations are stripped from system logger messages. (pull 4632)
- Update crypto-util from 1.1 to 1.5 to fix the license link in Jenkins Web UI. (pull 4631)
- Developer: Switch bug detection annotations from JSR-305 to SpotBugs / net.jcp equivalents. (pull 4604)
- Developer: Upgrade commons-codec to 1.14. (pull 4636)
New in Jenkins 2.230 Weekly (Apr 6, 2020)
- Improve styling of alert banners to be more visually appealing and to better match existing user interface components. Alerts now fully cover the navigation bar while they are displayed instead of covering only a portion of the navigation bar. (issue 61478)
- Do not show disabled permissions in permission errors when checking for any of several permissions. (issue 61467)
- Allow hyperlinks to be used when displaying causes of blockage related to labels rather than individual nodes. (pull 4616)
- Add option to configure follow symlinks when archiving artifacts. (issue 5597)
- Prepare for Shutdown management link is now accessible to users with Overall/Manage permission in addition to the usual Overall/Administer. (issue 61453)
- Update footer styles. (issue 61496)
- Allow configuration-as-code plugin to disable admin monitors. (issue 56937)
- Update Groovy Init hooks to run after all job configurations are adapted. (issue 61694)
- Fix class cast exception in fingerprint cleanup thread. (issue 61479)
New in Jenkins 2.229 Weekly (Mar 30, 2020)
- Use the saved global build discarder configuration on restart. Jenkins 2.221 through 2.228 ignore the saved global build discarder configuration when they restart. (issue 61688)
- Fix proxy form validation when a password is set (regression in 2.205). (issue 61692)
- Update .NET version checks to be more correct for modern .NET versions. (pull 4554)
- About Jenkins management link is now accessible to users with Overall/Manage or Overall/SystemRead (as well as the usual Overal/Administer). (issue 61455)
- Robustness: Don't throw a NullPointerException when trying to convert null to Secret. (pull 4608)
- Upgrade to Remoting 4.3 to fix an issue with large payloads over WebSockets. Requires a matching agent.jar with remoting 4.3 or later. (pull 4601, pull 4596, issue 61409, Remoting 4.3 changelog, WebSockets blog post, JEP-222)
- Developer: Create symlinks atomically and log warning on failure. (issue 56643)
- Developer: Secret and ConfidentialKey implementations can now be used from unit tests without JenkinsRule. (pull 4603)
New in Jenkins 2.228 Weekly (Mar 26, 2020)
- Important security fixes. (security advisory)
- Security hardening related to request routing and CSRF protection. (related upgrade guide)
New in Jenkins 2.204.6 (Mar 25, 2020)
- Revamp the layout and icons of the header bar and breadcrumbs. Instances with plugins that depend on details of the Jenkins layout (e.g. Simple Theme Plugin) may experience UI/layout problems. A new experimental header color scheme can be enabled by setting the jenkins.ui.refresh system property to true. (issue 60920)
- Add globally configured build discarders that delete old builds not marked as "keep forever" even if there is no, or a less aggressive, per-project build discarder configured, executed periodically and after a build finishes. (pull 4368)
- Move cloud configuration from Configure System into its own configuration form on the Manage Nodes page. (pull 4339)
- Remove Enable Security checkbox in the Global Security configuration. (issue 40228)
- Remove the ability to disable CSRF protection. Instances upgrading from older versions of Jenkins will have CSRF protection enabled and the default issuer set if they currently have it disabled. (pull 4509)
- Redesign password fields to prevent password auto-fill except for the login form. Reduce browsers offering to update stored passwords. Revert by setting the system property hudson.Functions.hidingPasswordFields to false. (pull 3991)
- Deprecate the macOS native installer packaging. (Jenkins macOS native installer deprecation)
- Remove old, deprecated, unsupported agent protocols Inbound TCP Agent Protocol/1, Inbound TCP Agent Protocol/2, and Inbound TCP Agent Protocol/3. Update Remoting from 3.36 to 4.2 to remove unsupported protocols and add WebSocket support. (issue 60381, Remoting 3.40 release notes, Remoting 4.0 release notes, Remoting 4.0.1 release notes, Remoting 4.2 release notes)
- Add experimental WebSocket support. (JEP-222, blog post)
- Extends the current milestones so plugins can update jobs and configuration during Jenkins initialization. Adds initialization milestones: SYSTEM_CONFIG_LOADED, SYSTEM_CONFIG_ADAPTED, JOB_CONFIG_ADAPTED. (issue 51856)
- Introduce a new experimental UI that can be enabled by setting the jenkins.ui.refresh system property to true. Currently it includes a new header color scheme, more changes to be added as a part of the UI/UX revamp. (pull 4463, issue 60920, JEP-223, Jenkins UX SIG)
- Add a new experimental Overall/Manage permission which allows a user to configure parts of the global Jenkins configuration without having the Overall/Administer permission. This is an experimental feature, disabled by default, that can be enabled by setting the jenkins.security.ManagePermission system property to true. (pull 4501, issue 60266, JEP-223)
- Add a new experimental Overall/SystemRead permission, which gives (almost) full read access to the Jenkins instance. The permission is disabled by default, install the Extended Read Permission plugin to activate it. (pull 4506, issue 12548, JEP-224, Extended Read Permission plugin)
- The environment variable WORKSPACE_TMP may now be used from (non-Pipeline) builds to access a temporary directory associated with the build workspace. (issue 60634)
- Deprecate the Overall/RunScripts, Overall/UploadPlugins, and Overall/ConfigureUpdateCenter permissions. Permissions were announced as dangerous and disabled by default in major authorization plugins in 2017. Custom authorization strategy implementations that grant Overall/Administer without implying one or more of these three permissions will no longer work as expected. Configurations that grant any of these permissions to users without Overall/Administer will no longer work as expected. (pull 4365, issue 60266, JEP-223, 2017-04-10 security advisory for Matrix Authorization plugin, 2017-04-10 security advisory for Role-Based Authorization plugin)
- Fix NullPointerException when getting a list of runs with a status threshold (regression in 2.202). (issue 60884)
- User is no longer logged out when authenticating another user. (issue 59107)
- Winstone 5.9: Fix support of system logging customization (regression in 2.204.5) (pull 4452, issue 57888, Winstone 5.9 changelog, Jetty 9.4.27 changelog)
New in Jenkins 2.227 Weekly (Mar 23, 2020)
- System Information management link is now accessible to users with Overall/Manage, showing only plugins and memory usage information. (issue 61456)
- Limit max width of Manage Jenkins entries on very large screens. (pull 4582)
- Usage Statistics in Global Configuration is now configurable by users with Overall/Manage permission (as well as the usual Overal/Administer). (issue 61457)
- Make HTTP DELETE based item deletion behave more like an API, recommend it over POST /doDelete. (issue 61308)
- Increase scroll speed of context menus. (pull 4592)
- List plugins that failed to load on the Installed tab of the plugin manager. (pull 4589)
- Highlight in the plugin manager when plugins are looking for new maintainers ("Adopt this plugin"). (pull 4584)
- Developer: Add Javadoc for management link category definitions. (pull 4578)
- Internal: Permit core building using newer JDK than version 8. (issue 61105)
- Developer: Wrapped sections with <section> tags on the Manage Jenkins page and the advanced plugin manager page. (pull 4593)
New in Jenkins 2.226 Weekly (Mar 16, 2020)
- Fix drag & drop for previously saved steps in the job configuration form (regression in 2.217). (issue 61429)
- Organize entries on the Manage Jenkins page into categories and show them in a grid. (pull 4546)
- Remove the unnecessary "monitor[s]" text next to the bell for a cleaner UI. Change the colors of the notifications next to the bell to make them more noticeable. (issue 61224)
- Allow usage statistics to be configured with the configuration-as-code plugin. (issue 54662)
- Allow ssh authorized keys to be configured with the configuration-as-code plugin. (pull 4563, ssh-cli-auth 1.8 changelog)
- Use modern system fonts provided by the browser when possible. Changes font size for body copy and headings to improve consistency and legibility. (issue 60921)
- Update bundled Script Security Plugin from 1.70 to 1.71. (pull 4561, Script security plugin 1.70 changelog, SECURITY-1754 sandbox bypass vulnerability)
- Show in plugin manager table when there are security issues in a currently installed plugin. (pull 4553)
- Add French translation for 'New View'. (issue 61424)
- Fix support of the default attribute in the Jelly enum form control. (pull 4556)
- Add ManagementLink#getCategory() for entries on Manage Jenkins to be grouped into category. See the ManagementLink.Category enum for supported return values. (pull 4546)
- Developer: Make h.checkAnyPermission and <l:layout permissions="…"> work on objects that aren't AccessControlled. (issue 61465)
- Document nullability of newInstanceFromRadioList() methods and callers. (pull 4543) Internal: Remove inline resources from restart views. (issue 60866)
New in Jenkins 2.225 Weekly (Mar 10, 2020)
- Don't lose SCM configuration when saving job (regression in 2.224). (issue 61398)
New in Jenkins 2.224 Weekly (Mar 9, 2020)
- JENKINS-60409 - Winstone 5.9: Fix propagation of the maximum form content size and form content keys number (regression in Jetty 9.4.20 and Jenkins 2.205). (pull 4542, issue 60409, Winstone 5.9 changelog)
- Winstone 5.9: Fix reverse improper proxy redirects to Host due to X-Forwarded-Host and X-Forwarded-Port ordering issue (regression in Jetty 9.4.20 and 2.205). (pull 4542, issue 60199, Winstone 5.9 changelog, Jetty 9.4.27 changelog)
- Do not disable all controls on job configuration forms for some users with Job/Configure permission. (regression in 2.223). (issue 61321)
- Show plugin release date in plugin manager. (pull 4535)
- Suppress error stack traces for non-administrator users as core capability. (issue 60410)
- Indicate when security issues would be addressed by an update in plugin manager. (issue 61166)
- Show plugin categories as labels in the plugin manager instead of grouping them into different table sections. (pull 4534)
- Prevent unhandled JSONException in DescriptorList#newInstanceFromRadioList() and ExtensionDescriptorList#newInstanceFromRadioList(). (issue 61345)
- Update size of the search box properly when screen is resized. (issue 61300)
- Remove grey bar below the textarea form elements for read only users. (issue 61284)
- Prevent NullPointerException when hitting "Check Now" against a custom update center without tool installer metadata. (issue 60788)
- Fix blank page on configure clouds page if no cloud plugin installed. (issue 61285)
- Update the descriptorRadioList form elements to honor DescriptorVisibilityFilter extension points. (issue 51495)
- Update the Version Number library from 1.6 to 1.7 to remove transient dependencies on FindBugs annotations. (issue 61279)
New in Jenkins 2.204.5 (Mar 8, 2020)
- Fix propagation of the maximum form content size and form content keys number (regression in 2.204.3, Jetty 9.4.24 and Winstone 5.5). (issue 60409)
- Fix improper reverse proxy redirects to 127.0.0.1 due to X-Forwarded-Host and X-Forwarded-Port ordering issue. (issue 60199)
- Revert Winstone from 5.8 to 5.3 to resolve embedded Jetty web container regressions in later Winstone versions. High default maximum form size limit and reverse proxy redirection are restored (regressions in 2.204.3). System logging customization defect (JENKINS-57888 - system logging customization) from Jenkins 2.177...2.203.3 is reintroduced in this version as it is considered as less serious than the fixed regressions.
New in Jenkins 2.204.4 (Mar 4, 2020)
- Fix a KeyStores with multiple certificates are not supported error from Jetty when passing certain kinds of certificates, such as domain wildcards (regression in 2.204.3). (pull 4539, issue 60857, Winstone 5.8 release notes)
New in Jenkins 2.223 Weekly (Mar 2, 2020)
- Remove 'auto refresh' feature, including now obsolete auto refresh telemetry capability. (pull 4503)
- Allow users with system read permission to view the global security configuration page. (issue 61205)
- Allow users with system read permission to view the About Jenkins page. (issue 61201)
- Users with extended read permission now get a more read-only looking UI. (issue 61202)
- Prevent one occurrence of "Jenkins.instance is missing" (pull 4525, issue 55070, issue 59992, issue 60454, issue 61192)
- Reintroduce Build History description truncation by default. Allow managing/disabling the limit via the historyWidget.descriptionLimit system property. A negative value removes the limit, 0 forces empty descriptions. (pull 4529, issue 61004, issue 60299)
- Avoid a NullPointerException when starting a non-Pipeline build with a custom root directory set to a filesystem root (e.g., C:). (issue 61197)
- Allow FingerprintFacet to block the deletion of fingerprint. (issue 28379)
- Internal: Removed unused class StringConverter2. (pull 4468)
- Internal: Removed unused internal class Memoizer - use ConcurrentHashMap. (pull 4470)
- Developer: Listen on loopback interface by default in debug mode. (pull 4515)
New in Jenkins 2.204.3 (Feb 29, 2020)
- Internal: Winstone 5.7: Change the Jetty thread pool name to "Jetty (winstone)" (pull 4452, issue 60821, Winstone 5.7 release notes)
- If the Jenkins root URL has been configured by scripts prior to running the setup wizard, skip the location configuration panel even if selecting the option to skip creation of an admin user. (issue 60750)
- Prevent inaccurate warnings about missing classes on Java 11 triggered by JavaMelody when Monitoring Plugin is installed. (issue 60725)
- Include details in the system log when a build rotation fails. (issue 60716)
- Fix java version check for AdoptOpenJDK 11. (issue 60678)
- Prevent Jenkins page rendering from being blocked when the update center data parsing is in progress. (issue 60625)
- Winstone 5.7: Fix support of system logging customization (regression in 2.177). (pull 4452, issue 57888, Winstone 5.7 release notes)
- Fix null pointer exception in Agent API when the agent is offline (e.g. retrieving agent version or OS description). (issue 42658)
New in Jenkins 2.222 Weekly (Feb 24, 2020)
- Revamp the layout and icons of the header bar and breadcrumbs. Instances with plugins that depend on details of the Jenkins layout (e.g. Simple Theme Plugin) may experience UI/layout problems. A new experimental header color scheme can be enabled by setting the jenkins.ui.refresh system property to true. (issue 60920)
- Introduce a new experimental UI that can be enabled by setting the jenkins.ui.refresh system property to true. Currently it includes a new header color scheme, more changes to be added as a part of the UI/UX revamp. (pull 4463, issue 60920, JEP-223, Jenkins UX SIG)
- Add a new experimental Overall/Manage permission which allows a user to configure parts of the global Jenkins configuration without having the Overall/Administer permission. This is an experimental feature, disabled by default, that can be enabled by setting the jenkins.security.ManagePermission system property to true. (pull 4501, issue 60266, JEP-223)
- Add a new experimental Overall/SystemRead permission, which gives (almost) full read access to the Jenkins instance. The permission is disabled by default, install the Extended Read Permission plugin to activate it. (pull 4506, issue 12548, JEP-224, Extended Read Permission plugin)
- Deprecate the Overall/RunScripts, Overall/UploadPlugins, and Overall/ConfigureUpdateCenter permissions. Permissions were announced as dangerous and disabled by default in major authorization plugins in 2017. Custom authorization strategy implementations that grant Overall/Administer without implying one or more of these three permissions will no longer work as expected. Configurations that grant any of these permissions to users without Overall/Administer will no longer work as expected. (pull 4365, issue 60266, JEP-223, 2017-04-10 security advisory for Matrix Authorization plugin, 2017-04-10 security advisory for Role-Based Authorization plugin)
- Remove the ability to have CSRF protection disabled. Instances upgrading from older versions of Jenkins will have CSRF protection enabled and the default issuer set if they currently have it disabled. (pull 4509)
- Order Admin Monitors in Global Configuration page. (issue 60966)
- Add memory usage monitor to system information page. (pull 4499)
- Improve performance when loading tied jobs. (pull 4497)
- Fix issue with too many open files error when using resource domain. (issue 61121)
- Add french translation for concurrent build help. (pull 4505)
- Developer: Add new checkAnyPermission, hasAnyPermission methods that allow access if a user has one of the supplied permissions. (pull 4506, issue 12548, JEP-224)
- Developer: Add a new f:possibleReadOnlyField jelly tag, wraps fields in an if readonly check and then outputs the result as text if the authenticated user only has read access. N/A is added if the field is empty. (pull 4506, issue 12548, JEP-224)
- Developer: Add a new l:hasAdministerOrManage jelly tag, hides the body of the tag if the user doesn't have Jenkins.ADMINISTER or Jenkins.MANAGE. (pull 4506, issue 12548, JEP-224)
- Developer: Allow plugins to force an update of an UpdateSite. (issue 61046)
New in Jenkins 2.221 Weekly (Feb 20, 2020)
- Add globally configured build discarders that delete old builds not marked as "keep forever" even if there is no, or a less aggressive, per-project build discarder configured, executed periodically and after a build finishes. (pull 4368)
- Jenkins will by default execute the configured per-project build discarder periodically even if no build is currently finishing. This may delete old builds of projects that got a more aggressive build discarder configuration since the last build was run. (pull 4368)
- Dynamically loading certain plugins could result in permission errors. (issue 61071)
- Update bundled Script Security Plugin from 1.68 to 1.70 (pull 4490)
- Do not show disabled permissions in permission errors. (pull 4482)
- Developer: Use correct alert box name in Javadoc description. (pull 4493)
- Developer: Introduce filtering overload to getAllItems(), allItems() and getItems(). (pull 4469)
- Developer: Add new extension point BackgroundBuildDiscarderStrategy to allow more flexible build discarding strategies for the global build discarder configuration. (pull 4368)
- Developer: Add findsecbug plugins to spotbugs build plugin. (pull 4381)
- Internal: Remove inline resources from HudsonPrivateSecurityRealm views. (issue 60866)
- Internal: Changed exception presented when AtomicFileWriter fails to write to file. (pull 3989)
New in Jenkins 2.220 Weekly (Feb 10, 2020)
- Fix agent installation as a service on Windows (regression in 2.217). (Remoting 4.2 changelog, Agent Installer Module 1.7 changelog)
- Fix NullPointerException when getting a list of runs with a status threshold (regression in 2.202). (issue 60884)
- Remove network discovery services (UDP and DNS). (issue 60913)
- Extends the current milestones so plugins can update jobs and configuration during Jenkins initialization. Adds initialization milestones: SYSTEM_CONFIG_LOADED, SYSTEM_CONFIG_ADAPTED, JOB_CONFIG_ADAPTED. (issue 51856)
- Export the plugin compatibility flag in Update Site REST API. (pull 4385)
- Suggest Jenkins Configuration as Code plugin in the installation wizard. (pull 4410)
- Do not record the user creating an agent in some circumstances. (issue 21837)
- Avoid logging node monitoring exceptions caused by node deletion. (issue 54496)
- Improve RSS feed titles. (issue 60848)
- Display build duration as tooltip to build date/time in the job's build history (pull 4453)
- Improve performance of List Views when listing items (pull 4462)
- Improve performance of artifact archiving when using jenkins.model.StandardArtifactManager.disableTrafficCompression=true (issue 60907)
- Prevent creation of duplicated SetupWizard singleton instances on Jenkins startup. (issue 60867)
- Fix IndexOutOfBounds exception in ChoiceParameterDefinition.getDefaultParameterValue (issue 60721)
- Update Plugin manager pages to show icons while Jenkins is restarting (issue 59486)
New in Jenkins 2.219 Weekly (Jan 29, 2020)
- Important security fixes. (security advisory)
- Security hardening related to Stapler routing.
- Security hardening: Set X-Content-Type-Options to nosniff in REST API responses
New in Jenkins 2.204.2 (Jan 29, 2020)
- Important security fixes. (security advisory)
- User is no longer logged out when authenticating another user. (issue 59107)
- Security hardening related to Stapler routing.
- Security hardening: Set X-Content-Type-Options to nosniff in REST API responses.
- Disable multiple deletion attempts if hudson.Util.maxFileDeletionRetries is zero. (issue 60351)
- Prevent 'zombie' executors on master by removing one-off executors in Computer.removeExecutor. (issue 57304)
- Fix AtomicFileWriter performance issue on CephFS when creating an empty file. (issue 60167)
- Developer: ViewGroupMixIn#getPrimaryView() may return null, and needs to be checked by plugins depending on this version of weekly and beyond. It is an intermediate state until a default view is implemented. (issue 60092)
New in Jenkins 2.218 Weekly (Jan 28, 2020)
- Winstone 5.8: Fix a KeyStores with multiple certificates are not supported error from Jetty when passing certain kinds of certificates, such as domain wildcards (regression in 2.217) (issue 60857, Winstone 5.8 release notes - regression in 5.6)
- Winstone 5.7: Fix support of system logging customization (regression in 2.177) (issue 57888, Winstone 5.7 release notes)
- Add the boolean disabled flag to applicable jobs' REST API output for classic project types like Freestyle, Maven, or Multi-configuration (Matrix). (pull 4436)
- Internal: Winstone 5.7: Change the Jetty thread pool name to "Jetty (winstone)" (Winstone 5.7 release notes)
New in Jenkins 2.217 Weekly (Jan 24, 2020)
- Fix localized versions to no longer report can't parse argument number: changelog.url (regression in 2.214). (issue 60822)
- Jenkins 2.212+ failed to load certain injected fields such as used by the Bitbucket Server Integration plugin. (issue 60816)
- Add experimental WebSocket support. (JEP-222)
- Upgrade Jetty from 9.4.22.v20191022 to 9.4.25.v20191220. (Jetty 9.4.25 release notes)
- Upgrade to Remoting 4.0. (Remoting 4.0 release notes)
- Prevent inaccurate warnings about missing classes on Java 11 triggered by JavaMelody when Monitoring Plugin is installed. (issue 60725)
- Fix java version check for AdoptOpenJDK 11. (issue 60678)
- Internal: frontend toolchain upgraded to use webpack. Enabled babel to transpile certain JS modules. (issue 60734)
- Internal: Update access-modifier to allow plugins to use suppressions (pull 4441)
New in Jenkins 2.215 Weekly (Jan 20, 2020)
- If the Jenkins root URL has been configured by scripts prior to running the setup wizard, skip the location configuration panel even if selecting the option to skip creation of an admin user. (issue 60750)
- Prevent the RSS feed in Computer page from returning an error 404 (issue 60577)
- Include details in the system log when a build rotation fails. (issue 60716)
New in Jenkins 2.214 Weekly (Jan 14, 2020)
- Remove old, deprecated, unsupported agent protocols Inbound TCP Agent Protocol/1, Inbound TCP Agent Protocol/2, and Inbound TCP Agent Protocol/3. Update Remoting from 3.36 to 3.40 to remove unsupported protocols and minor maintenance improvements. (issue 60381, Remoting 3.40 release notes)
- Remove Enable Security checkbox in the Global Security configuration. (issue 40228)
- Clarify that build history does not include pipeline stages (issue 59412)
- The environment variable WORKSPACE_TMP may now be used from (non-Pipeline) builds to access a temporary directory associated with the build workspace. (issue 60634)
- Internal: Add a method in EnvVars that extends TreeMap.putAll() functionality by filtering out the null values. (issue 59220)
- Internal: Allow usage of DescriptorVisibilityFilter to filter View properties on UI. (issue 60579)
- Fix null pointer exception in Agent API when the agent is offline (e.g. retrieving agent version or OS description). (issue 42658)
- Fix JavaScript error in Plugin Manager when optional dependency metadata cannot be retrieved. Improve wording in Plugin Manager UI. (issue 56152)
- Fix minor localization issues (escaping, incomplete entries, etc.) (pull 4420)
- Fix typos & spelling in Javadoc and WebUI (pull 4418)
New in Jenkins 2.213 Weekly (Jan 7, 2020)
- Fix plugin class resource loading failures for plugins which include library JARs. At least the script-security and active-directory plugins are known to be affected. (regression in 2.112) (issue 60641, issue 60644)
New in Jenkins 2.211 Weekly (Jan 6, 2020)
- Remove unused commons-codec dependency from Jenkins CLI. (issue 60326)
New in Jenkins 2.210 Weekly (Dec 23, 2019)
- Resolve AtomicInteger and class-filter warnings in startup log. (issue 60513)
- User is no longer logged out when authenticating another user. (issue 59107)
- The text null could appear rather than blank text when rendering certain user-controlled strings. (issue 60554)
- Remove vulnerable Team Concert Plugin from setup wizard. (CSRF vulnerability, Credential enumeration vulnerability)
- Disable multiple deletion attempts if hudson.Util.maxFileDeletionRetries is zero. (issue 60351)
New in Jenkins 2.208 Weekly (Dec 10, 2019)
- Fix online example/documentation for File Access Rules. (pull 4383)
- Prevent Oops when Whitelisted Commands input is empty in 'Agent to Master Access Control'. (issue 60278)
- Prevent 'zombie' executors on master by removing one-off executors in Computer.removeExecutor. (issue 57304)
New in Jenkins 2.207 Weekly (Dec 10, 2019)
- Update bundled Script Security Plugin to 1.68. (pull 4367)
- Do not reload too early when Jenkins is behind a reverse proxy and is restarting. (issue 6798)
New in Jenkins 2.206 Weekly (Nov 26, 2019)
- Deprecate the macOS native installer packaging (Jenkins macOS native installer deprecation)
- Open plugin and license links on a separate tab from Plugin Manager (issue 60189)
- Set the HttpOnly flag for the page auto-refresh tokens (pull 4363)
- Avoid exception when views are defined using job DSL. (issue 60092)
- Fix AtomicFileWriter performance issue on CephFS when creating an empty file (issue 60167)
- Developer: ViewGroupMixIn#getPrimaryView() may return null, and needs to be checked by plugins depending on this version of weekly and beyond. It is an intermediate state until a default view is implemented (issue 60092)
- Developer: Use junit5 for CLI tests (pull 4220)
New in Jenkins 2.205 Weekly (Nov 19, 2019)
- Move cloud configuration from Configure System into its own configuration form on the Manage Nodes page (pull 4339)
- Redesign password fields to prevent password auto-fill except for the login form. Reduce browsers offering to update stored passwords. Revert by setting the system property hudson.Functions.hidingPasswordFields to false (pull 3991)
- Show agent error status on the dashboard as mouse over text (issue 6722)
- Show a tooltip with the full link name when hovering over sidebar links (issue 59508)
- Reduce logging level of run completion and update center polling events from INFO to FINEST (pull 4345)
- Try to always execute flyweight tasks, such as the main builds for Pipeline or Matrix jobs, on the master (pull 3983)
- Update Winstone from 5.3 to 5.4 to update Jetty from 9.4.18 to 9.4.22 (full Winstone 5.4 changelog, Jetty 9.4.22 changelog, Jetty 9.4.21 changelog, Jetty 9.4.20 changelog, Jetty 9.4.19 changelog)
- Internal: Make ProxyConfiguration compatible with configuration-as-code plugin. Workaround on the configuration-as-code plugin side is no longer required (issue 56553)
- Internal: Remove unused `jenkins-slave.xml` file template from core. Requires WMI Windows Agents plugin version 1.3.1 (Released Mar 14 2017) or newer (pull 4330)
- Fix `Uninstall` column sorting in the Plugin Manager Install pane (issue 59665)
- Fix build history table styling (issue 59631)
- Prevent faulty subtask contributors from leaving builds running forever (issue 59793)
- Internal: Remove unused remoting library from `jenkins-cli.jar` (pull 4350)
- Developer: Switch from maven-jenkins-dev-plugin to upstream jetty-maven-plugin (pull 4351)
- Disable HTTP TRACE to prevent security scanner complaints. The risk was significant with web browsers in 2003. Modern browsers forbid TRACE requests to prevent cross-site tracing (XST) attacks, so there is no real risk (issue 60180)
New in Jenkins 2.204 Weekly (Nov 11, 2019)
- Plugin manager descriptions always link to the plugins site instead of the Jenkins wiki. (issue 59679)
- Increase the number of datapoints recorded for multistage time series graphs such as those used for load statistics (pull 4341)
- Update Remoting from 3.35 to 3.36 to add new command line options "-help" and "-version". (Remoting release notes)
- Developer: Strengthen the queue to prevent canTake() and canRun() implementations in NodeProperty and QueueTaskDispatcher extensions from hanging the queue (issue 59886)
New in Jenkins 2.203 Weekly (Nov 5, 2019)
- Allow time zone to be set on a per-user basis. (issue 19887)
- Logging UI: Reorder sidepanel entries, add a note that "all log messages" will only include entries on level NOTE and up. (pull 4305)
- Update the Plugin Manager Updates tab with more information about incompatible dependencies. (pull 4299)
- Build status balls on the build trend page now link to the respective build's console output. (issue 17459)
- Prevent permission problems when dynamically loading a plugin by making PluginManager#start() run as SYSTEM. (issue 59775)
- Properly handle user names containing : characters in resource root URL tokens. (issue 59859)
- Prevent NullPointerException when accessing the /logout without sending cookies. (issue 59904)
- Developer: Make some methods in ResourceDomainConfiguration accessible from plugins. (pull 4335)
New in Jenkins 2.190.2 (Oct 29, 2019)
- URLs of some projects with emojis in their name were inaccessible. (issue 59406)
- Increase client-side keep-alive ping frequency on the HTTP-based CLI to prevent timeouts. (issue 59267)
- Internal: hudson.util.ProcessTree.OSProcess#getEnvironmentVariables returned null when an error occurred even though it shouldn't. (issue 59580)
New in Jenkins 2.201 Weekly (Oct 22, 2019)
- Resource URLs failed to serve files with nontrivial names due to encoding problems. (issue 59849)
- Fix presentation when localized headers span multiple lines in the setup wizard. (issue 59800)
New in Jenkins 2.200 Weekly (Oct 15, 2019)
- Add an option for a Resource Root URL through which Jenkins will serve user-generated static resources like workspace files or archived artifacts without the need for Content-Security-Policy headers. (issue 41891)
- Remove the ability to download update center metadata using the user's browser (deprecated since 2015). Jenkins will no longer inform about available updates without a connection to update sites. We recommend the use of a local mirror of our update sites, or a self-hosted update center like Juseppe in these situations. (pull 3970)
- Fix style of administrative monitors showing informational messages in the popup. (issue 59684)
- Add a missing "pressed" style for the Create Item button. (issue 34226)
- Fix labels to Atom feed links. (issue 48375)
- Developer: Add Functions#urlEncode(String) to ease encoding of URL query parameters from Jelly views. (pull 4278)
- Developer: TarOutputStream is now marked restricted so it is not used from plugins. (pull 4272)
- Internal: Various code cleanups. (issue 36720, pull 4248, pull 4258, pull 4260, pull 4256, pull 4257, pull 4261, pull 4267)
New in Jenkins 2.198 Weekly (Sep 30, 2019)
- Remove 100 character length limitation of build description in build history widget. (issue 19760, issue 31209)
- Update the minimum required Remoting client version to 3.14 to simplify the implementation. (pull 4208)
- Use different computer icon for temporary offline state. (issue 59283)
- Robustness: Do not allow users to resubmit requests using POST on URLs requiring a form submission, as that will fail anyway. (issue 59514)
- Better diagnostics in a failure message from Computer.getLogDir. (pull 4226)
- Update bundled versions of Ant, PAM Authentication, Mailer, and Script Security plugins for the rare cases they're installed from bundled versions. (pull 4230)
- Update commons-compress from 1.10 to 1.19. (pull 4221, changelog)
- Update jfreechart from 1.0.9 to 1.0.19 to pick-up recent improvements and bugfixes (pull 4229, changelog)
- The lastCompletedBuild permalink was not being cached in the …/builds/permalinks file. (issue 56809)
- Developer: Add TcpSlaveAgentListener#getAdvertisedHost(). (pull 4227)
New in Jenkins 2.176.4 (Sep 27, 2019)
- Security: Important security fixes.
New in Jenkins 2.197 Weekly (Sep 25, 2019)
- Important security fixes.
New in Jenkins 2.196 Weekly (Sep 23, 2019)
- Gzip compression when transferring artifacts being archived from agents to the master can now be disabled by setting the system property jenkins.model.StandardArtifactManager.disableTrafficCompression=true. (issue 26008, Jenkins features controlled by system properties)
- Make log rotation more robust. (issue 58779)
- Fix malformed XML in Atom and RSS 2.0 feeds. (regression in 2.194) (issue 59231)
- URLs of some projects with emojis in their name were inaccessible. (issue 59406)
New in Jenkins 2.195 Weekly (Sep 17, 2019)
- The setup wizard sometimes was removed improperly, and Jenkins would only show a blank screen. (issue 59017)
New in Jenkins 2.194 Weekly (Sep 9, 2019)
- Fix missing absolute URL in the RSS / Atom feeds. (regression in 2.190) (issue 59167)
- Update Remoting from 3.33 to 3.35 to allow inbound TCP agents to connect directly without querying Jenkins via HTTP for connection parameters first. (issue 59094, issue 53461, full changelog)
- Update Windows Service Wrapper from 2.2.0 to 2.3.0 to pick up fixes and improvements. (pull 4167, WinSW changelog, Windows Agent Installer module 1.12 changelog)
- Internal: Update dom4j library from Jenkins project fork to upstream release 2.1.1. (issue 53322)
- Internal: Replaced different base64 implementations with java.util.Base64. (pull 4169)
New in Jenkins 2.193 Weekly (Sep 2, 2019)
- Downgrade Remoting from 3.34 to 3.33 due to problems involving tunneled connections. (regression in 2.191) (issue 59094)
- Jenkins UI broke when a slow trigger administrative warning would be shown. (regression in 2.189). (issue 58938)
New in Jenkins 2.192 Weekly (Sep 2, 2019)
- Important security fixes. (security advisory)
New in Jenkins 2.176.3 (Aug 28, 2019)
- Important security fixes. (security advisory)
- The plugin manager UI no longer prevents disabling a plugin when other plugins only have optional dependencies to it. (issue 33843)
- Fix performance issue when using "Remember me". (regression in 2.160) (issue 56243)
- Do not throw exception when testing proxy configuration. (regression in 2.168) (issue 57383)
- Prevent occasional IllegalStateException on Jenkins restart and invalidate the user session. (issue 55945)
New in Jenkins 2.191 Weekly (Aug 26, 2019)
- Update Remoting from 3.33 to 3.34 to allow inbound TCP agents to connect directly without querying Jenkins via HTTP for connection parameters first. (issue 53461, full changelog)
- Multiple minor code cleanups and internal fixes. (pull 4131, pull 4162, pull 4163, issue 36720)
- Internal: Update Mockito from 2.22.0 to 3.0.0 (pull 4154)
New in Jenkins 2.190 Weekly (Aug 19, 2019)
- Add support of emojis and other non-UTF-8 characters in job names.
- RSS and Atom feeds did not contain all necessary metadata. (regression in 2.186)
- Expose real environment variables from an agent on the UI.
- Use SHA-256 instead of MD5 for generating crumbs/CSRF tokens.
- Truncate long build names on the UI to prevent alignment issues.
- Developer: AbstractItem#renameTo now checks #isNameEditable before renaming.
New in Jenkins 2.189 Weekly (Aug 8, 2019)
- A file handle leak in $JENKINS_HOME/jobs/*/builds/permalinks could prevent jobs from being deleted on Windows. (regression in 2.185) (issue 58733)
- Remove extra whitespace output from /scriptText endpoint. (regression in 2.186) (issue 58548)
- The install-plugin CLI command allowed files that aren't plugins to be installed, potentially breaking some functionality. (issue 29065)
- Add a warning when cron trigger spends a long time in its execution. (issue 54854)
- Batch up plugin installations in setup wizard to improve performance. (pull 4124)
- Stop using the name argument in the install-plugin CLI command. (pull 4123)
- Update versions of some detached plugins. These are typically installed when upgrading Jenkins from much older releases, or when implied dependencies are not specified for manually managed plugins. (pull 4125)
- Internal: Add support running JMH benchmarks for Jenkins core. (pull 4135)
- Internal: Update Jenkins Test Harness from 2.49 to 2.54 to add support for JMH benchmarks. (pull 4135, changelog)
- Internal: Omit WEB-INF/lib/jquery-detached-1.2.jar from jenkins.war. (pull 4120)
New in Jenkins 2.188 Weekly (Aug 8, 2019)
- This release failed. No artifact or Git tag exists.
New in Jenkins 2.187 Weekly (Jul 22, 2019)
- The default interval for node monitors (e.g. free disk space) can now be changed by setting the system property hudson.node_monitors.AbstractNodeMonitorDescriptor.periodMinutes. (pull 4105, Jenkins features controlled by system properties)
- Robustness: Do not fail to render views when AdministrativeMonitor#isActivated fails. (pull 4114)
- Internal: Update slf4j version from 1.7.25 to 1.7.26 (pull 4118)
New in Jenkins 2.186 Weekly (Jul 22, 2019)
- Important security fixes. (security advisory)
- Remove Trilead SSH dependencies from the Jenkins core. These dependencies caused SSH build agent connection issues in 2.185. (issue 58483)
- Upgrade SSH CLI Auth Module from 1.5 to 1.7 to remove Trilead SSH references. (pull 4111, issue 43669, changelog for 1.7, changelog for 1.6)
New in Jenkins 2.176.2 (Jul 17, 2019)
- Important security fixes. (security advisory)
- A thread pool used to wait for external processes to complete could leak class loaders. (issue 57725)
- Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed upon Jenkins startup when needed as implied dependencies of other plugins which were already present. This simplifies compatibility for specialized installation scenarios not using the update center, such as when Jenkins is run from a Docker image prepackaged with some plugins. (issue 57528)
- Update WinP from 1.27 to 1.28 to fix problems with a missing DLL and flickering console window in the Windows graceful process shutdown logic (issue 57477, full changelog)
- Replace some exception stack traces related to agent channels with simpler messages. (issue 57993)
New in Jenkins 2.185 Weekly (Jul 15, 2019)
- Jenkins no longer creates symbolic links inside project or build directories. The Build Symlink plugin may be installed to restore this functionality if desired. URLs such as /job/…/lastStableBuild/ are not affected, only tools which directly access the $JENKINS_HOME filesystem. (issue 37862)
- Remove Trilead SSH library from Jenkins core and make it available in a new detached plugin. (issue 43610)
- Do not throw exception when testing proxy configuration. (regression in 2.168) (issue 57383)
- Prevent occasional IllegalStateException on Jenkins restart and invalidate the user session. (issue 55945)
- Avoid duplicate screenResolution cookie for views. (pull 4103)
- Due to a mixture of old and new “detached” plugins, under certain circumstances it was possible to have two versions of an extension point used by the command launcher option for agents. (issue 58362)
- Add a warning to the Installed tab of the plugin manager alerting administrators to possible problems from disabling detached plugins, which became possible as of 2.181. (pull 4098)
- Remove unnecessary delay during cloud agent provisioning if the agent is available very quickly. (issue 24752)
- Update commons-codec library from 1.9 to 1.12. (pull 4052, changelog)
- Developer: Plugin Compatibility Tester did not skip bundled plugin installation even if a *.jpl file exists. (issue 58362)
New in Jenkins 2.184 Weekly (Jul 8, 2019)
- Remove obsolete session cookies when logging out, preventing errors related to headers being too large. (issue 25046)
- Add telemetry trial related to missing classes when running on Java 11. (issue 57223)
- Fix performance issue when using "Remember me" (regression in 2.160). (issue 56243)
- Developer: Clean up constructors of AbstractCloudSlave (pull 4086)
New in Jenkins 2.183 Weekly (Jul 3, 2019)
- Add support for IPv6 addresses in the Jenkins URL configuration. (issue 58041)
- Update args4j from 2.0.31 to 2.33. (issue 57959)
- Developer: Allow plugins to provide onBlur() handlers for CodeMirror textarea controls. (issue 58240)
- Developer: Make WindowsUtil available to plugins. (pull 4038)
- Internal: update maven-war-plugin from 3.0.0 to 3.2.3 (issue 47127)
New in Jenkins 2.182 Weekly (Jun 24, 2019)
- When deleting directories, remove the read-only flag on Windows. (issue 57855)
- Update Remoting from 3.29 to 3.33. (issue 57959, issue 50095, issue 57713, full changelog)
New in Jenkins 2.181 Weekly (Jun 18, 2019)
- The plugin manager UI no longer prevents disabling a plugin when other plugins only have optional dependencies to it. (issue 33843)
- A thread pool used to wait for external processes to complete could leak class loaders. (issue 57725)
- Robustness: Exceptions thrown while scheduling jobs in the queue could prevent other jobs from being scheduled. (issue 57805)
- Replace some exception stack traces related to agent channels with simpler messages. (issue 57993)
- Update JNA from 4.5.2 to 5.3.1 to fix issue with shared library loading on AIX when using OpenJDK. (issue 57515)
- Developer: Update ant dependency from 1.9.2 to 1.9.14. (pull 4053)
- Internal: Switch from FindBugs to SpotBugs for static analysis. (pull 4062)
- Internal: Mark hudson.model.UpdateSite#isDue as synchronized. (issue 57466)
New in Jenkins 2.176.1 (Jun 12, 2019)
- Restore Chinese localized resources used by the setup wizard. (issue 57412)
- Robustness: Do not put agent offline for runtime exceptions in ComputerListener#onOnline(). (issue 57111)
- Support for the Remoting mode of the CLI (-remoting option) has been removed. (pull 3838, announcement blog post)
- Remove misleading nonStoredPasswordParam symbol for password parameter definitions, since it's actually stored encrypted. (issue 56776)
- Remove built-in support for CCtray (cc.xml) files. To restore this feature, install the CCtray XML Plugin (issue 40750)
- Add stop-job CLI command which allows aborting builds. (issue 11888)
- Add support for turning off a log recorder in the logger configuration. (issue 56200)
- Add the run parameter filter value to REST API responses. (issue 56554)
- Update status icon of a build when the build is finished. (issue 16750)
- Remove misleading references to Java Web Start and JNLP from GUI surrounding inbound Jenkins agents. (pull 3998)
- Inform administrators about potentially unsafe permissions setup involving builds running as the virtual SYSTEM user. (issue 24513)
- Add a log message to build logs when builds run with the virtual SYSTEM authentication. (pull 3908)
- Re-enable Stapler request dispatching telemetry. (pull 3999)
- Migrate all Chinese localization resources into Localization: Chinese (Simplified) plugin. (pull 4008)
- Adjust stream flushing behavior for code running remotely on agents for better performance. This may lead to loss of messages for plugins which print to a build log from the agent machine but do not flush their output. Use -Dhudson.util.StreamTaskListener.AUTO_FLUSH=true to restore the previous behavior for freestyle builds. Note that Pipeline builds always expect remote flush. (pull 3961)
- Update Winstone from 5.1 to 5.2 to make HTTPS cipher exclusions configurable. (issue 56659, issue 56591, full changelog)
- Remove Mailer related localized strings from core. Make sure you use Mailer Plugin 1.23. (issue 55292)
- Do not offer a workspace lease to a new build if it is already in use by a (Pipeline) build running across an agent reconnection. (issue 50504)
- Properly flush output from the Maven console annotator. (issue 56995)
- Make Debian/Ubuntu launcher script work with Java 11. (issue 57096)
- Developer: Update Stapler from 1.256 to 1.257 to add support for loading localized webapp resources from any plugin. Add jenkins.PluginLocaleDrivenResourceProvider interface for plugins to participate in localized resource lookup. (JEP-216, full changelog)
- Developer: Update Localizer library from 1.24 to 1.26 allowing plugins to override the lookup for localized resource files. (pull 3896, JEP-216, full changelog)
- Developer: Add Jelly UI component f:secretTextarea for multi-line secrets analogous to f:password for single-line. (pull 3967, Storing Secrets in Jenkins)
- Developer: SystemProperties may now be used from agent-side code. See SystemProperties#allowOnAgent. (pull 3961)
New in Jenkins 2.180 Weekly (Jun 11, 2019)
- Remoting reverted to 3.29 because JNLP agents failed to connect cloud agents in certain situations. (regression in 2.176) (issue 57713)
- Improve Configuration-as-Code compatibility of ListView. (issue 57121)
New in Jenkins 2.179 Weekly (May 27, 2019)
- Detached plugin handling in 2.178 could cause problems for some custom `$JENKINS_HOME` packaging schemes that used improper filenames. These cases are now at least warned about, and in some cases transparently handled. (issue 55582)
- Change the presentation of boolean (checkbox) options for most options on configuration forms. (issue 55787)
- Developer: Make the XMLUtils class with utility methods related to safe XML processing available to plugins. (
New in Jenkins 2.178 Weekly (May 21, 2019)
- Update jmDNS from 3.4.0-jenkins-3 to 3.5.5 to prevent unnecessary DNS Multicast error messages. (issue 25369)
- Update WinP from 1.27 to 1.28 to fix problems with a missing DLL and flickering console window in the Windows graceful process shutdown logic (issue 57477, full changelog)
- Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed upon Jenkins startup when needed as implied dependencies of other plugins which were already present. This simplifies compatibility for specialized installation scenarios not using the update center, such as when Jenkins is run from a Docker image prepackaged with some plugins. (issue 57528)
- Bring the bundled version of the Script Security plugin up to date with recent security advisories, in the unlikely case it is indeed installed from the WAR rather than the update center. (pull 4000)
New in Jenkins 2.177 Weekly (May 13, 2019)
- Support setting excludes and case sensitivity in the fingerprint() build step in Pipeline and other job types. (documentation, pull 3915)
- Allow distinguishing between new projects, disabled projects, and those with aborted builds through differently shaded build balls. (pull 3997)
- Update Windows Agent Installer from 1.10.0 to 1.11, enabling TLS 1.2 on agent downloads when running with .NET 4.6 or newer. (issue 51577, full changelog)
- Update Winstone-Jetty from 5.2 to 5.3 to update Jetty to 9.4.18. (pull 4016, full changelog, Jetty 9.4.18 changelog, Jetty 9.4.17 changelog, Jetty 9.4.16 changelog)
- Restore Chinese localized resources used by the setup wizard. (regression in 2.176) (issue 57412)
- Robustness: Do not put agent offline for runtime exceptions in ComputerListener#onOnline(). (issue 57111)
- Do not record fingerprints for files not included in archived artifacts due to exclude filter. (issue 41696)
- Developer: Make UserSeedProperty available to plugin developers. (pull 4018)
- Developer: Add support for titleClassMethod (from symbol-hetero-list in Pipeline) to f:hetero-list. (issue 56379)
New in Jenkins 2.164.3 (May 11, 2019)
- Corrupted console notes could cause an uninformative NegativeArraySizeException to be thrown from ConsoleNote#readFrom and build log display to be broken. (issue 45661)
- The setup wizard did not properly escape passwords, resulting in errors with certain special characters. (issue 56856)
- Make form submit buttons on the Jenkins classic UI compatible with potentially upcoming Firefox bug fix. (issue 53462, Firefox bug 1370630)
- Properly flush output from the Maven console annotator. (issue 56995)
- Make Debian/Ubuntu launcher script work with Java 11. (issue 57096)
- Re-enable Stapler request dispatching telemetry. (issue 57167)
New in Jenkins 2.176 Weekly (May 6, 2019)
- Some plugins would fail in 2.175 with an error related to serialization of FilePaths. This is now downgraded to a warning. Plugin updates should still be applied to correct the underlying mistake. (issue 57244)
- Add stop-job CLI command which allows aborting builds. (issue 11888)
- Update Remoting from 3.29 to 3.30 to fix a few minor issues. (issue 51004, issue 57107, issue 46515, full changelog)
- Migrate all Chinese localization resources into Localization: Chinese (Simplified) plugin. (pull 4008)
- NodeListener#onCreated was called when Jenkins#addNode or Nodes#addNode actually replaced an existing node. (issue 57273)
New in Jenkins 2.175 Weekly (Apr 29, 2019)
- Update status icon of a build when the build is finished (issue 16750)
- The Plugin Manager now provides easier selection for applicable plugin updates with options to select "All", "Compatible" or "None". The selection of "Compatible" plugins (previously "All") has been fixed to exclude all that contain any compatibility warnings. (issue 56477)
- Remove misleading references to Java Web Start and JNLP from GUI surrounding inbound Jenkins agents. (pull 3998)
- Re-enable Stapler request dispatching telemetry. (pull 3999)
- Fix some errors seen in the Linux agent installers. (issue 57071)
- Developer: Make ${port} be honored by mvn -f war hudson-dev:run. (pull 3984)
New in Jenkins 2.174 Weekly (Apr 23, 2019)
- Renaming an agent retained old agent configuration, causing it to re-appear on restart. (issue 56403)
- Nested views are now searchable by name. (issue 43322)
New in Jenkins 2.173 Weekly (Apr 15, 2019)
- Remove built-in support for CCtray (cc.xml) files. To restore this feature, install the CCtray XML Plugin (issue 40750)
- Adjust stream flushing behavior for code running remotely on agents for better performance. This may lead to loss of messages for plugins which print to a build log from the agent machine but do not flush their output. Use -Dhudson.util.StreamTaskListener.AUTO_FLUSH=true to restore the previous behavior for freestyle builds. Note that Pipeline builds always expect remote flush. (pull 3961)
- Add a button to copy new API tokens to the clipboard. (issue 56733)
- Make form submit buttons on the Jenkins classic UI compatible with potentially upcoming Firefox bug fix. (issue 53462, Firefox bug 1370630)
- Do not offer a workspace lease to a new build if it is already in use by a (Pipeline) build running across an agent reconnection. (issue 50504)
- Remove Mailer related localized strings from core. Make sure you use Mailer Plugin 1.23. (issue 55292)
- Properly flush output from the Maven console annotator. (issue 56995)
- Developer: Update Stapler from 1.256 to 1.257 to add support for loading localized webapp resources from any plugin. Add jenkins.PluginLocaleDrivenResourceProvider interface for plugins to participate in localized resource lookup. (JEP-216, full changelog)
- Developer: SystemProperties may now be used from agent-side code. See SystemProperties#allowOnAgent. (pull 3961)
- Developer: Add LineTransformationOutputStream#Delegating for convenience. (pull 3959)
- Developer: hudson.util.ssh.SFTPClient was removed. Use com.trilead.ssh2.jenkins.SFTPClient from the Trilead SSH library instead. (issue 56166)
- Internal: Update commons-beanutils from 1.8.3 to 1.9.3. (pull 3948)
- What's new in 2.172 (2019-04-10)
New in Jenkins 2.164.2 (Apr 10, 2019)
- Security fixes. (security advisory)
- Workspace and artifacts browsing did not work on Windows Server 2016 with Microsoft Docker. (regression in 2.150.2) (issue 56114)
- Prevent NullPointerException when discarding unreadable fingerprint data. (issue 43218)
New in Jenkins 2.172 Weekly (Apr 10, 2019)
New in Jenkins 2.171 Weekly (Apr 7, 2019)
- Expose the minimum supported version of remoting to allow future releases to reject incompatible agent connections. (issue 50095)
- The setup wizard did not properly escape passwords, resulting in errors with certain special characters. (issue 56856)
- Revert accidental change to hashCode computation of jenkins.util.TreeString in 2.168. (pull 3930)
- Developer: Add Jelly UI component f:secretTextarea for multi-line secrets analogous to f:password for single-line. (pull 3967, Storing Secrets in Jenkins)
- Developer: Deprecated Run.getLogFile(), as it is not compatible with JEP-210. (pull 3963)
New in Jenkins 2.170 Weekly (Apr 1, 2019)
- Remove misleading nonStoredPasswordParam symbol for password parameter definitions, since it's actually stored encrypted. (issue 56776)
- Corrupted console notes could cause an uninformative NegativeArraySizeException to be thrown from ConsoleNote#readFrom and build log display to be broken.
New in Jenkins 2.169 Weekly (Mar 26, 2019)
- Update Winstone from 5.1 to 5.2 to make HTTPS cipher exclusions configurable. (issue 56659, issue 56591, full changelog)
- Add the run parameter filter value to REST API responses. (issue 56554)
- Fix highlighting of table entries when using checkboxes on the Legacy API Token usage page. (pull 3932)
New in Jenkins 2.164.1 (Mar 15, 2019)
- Changes since 2.164:
- No notable changes in this release.
- Notable changes since 2.150.3:
- Java 11 is now fully supported. Multiple improvements for running Jenkins on Java 11 since 2.150.x, including support for plugins declaring a minimum Java version in their metadata and refusing to load incompatible plugins, and installation of a new JAXB plugin when running on Java 11 to allow use of JAXB APIs from plugins. (announcement blog post, running on Java 11, upgrading to Java 11, issue 52012, issue 52282, issue 55076, issue 55048, issue 55980, issue 55681, issue 52285)
- The list-jobs no longer lists items recursively when listing a specific folder. (issue 48220)
- Add a new CLI command disable-plugin to disable one ore more installed plugins and optionally restart Jenkins. (issue 27177)
- Update Trilead SSH library to add support for OpenSSH keys with AES256-CTR encryption. (issue 47603, issue 47458, issue 55133, issue 53653)
- Add support for the ed25519 key algorithm in Jenkins CLI. (issue 45318)
- Reduce the performance impact of the SECURITY-904 fix when downloading artifacts or workspaces as ZIP file. (issue 55050)
- Add new category Languages to the plugin wizard, which automatically installs available localization plugins based on browser language. (pull 3626)
- Update Windows Service Wrapper from 2.1.2 to 2.2.0 and Windows Agent Installer from 1.9.3 to 1.10.0 to support disabling, renaming and archiving service logs. (pull 3854, Windows Service Wrapper changelog, Windows Agent Installer Module changelog)
- Update SSHD Module from 2.5 to 2.6 to apply a proper Apache Mina idle timeout value when a custom value was set using the org.jenkinsci.main.modules.sshd.SSHD.idle-timeout system property. (issue 55978, full changelog)
- Developer: Login and signup pages redesigned in 2.129 now can receive style contributions (footer view for SimplePageDecorator) from multiple plugins. (issue 54325)
New in Jenkins 2.168 Weekly (Mar 11, 2019)
- Mobile friendly layout of the login, loading and restart screens. (issue 56398)
- Inform administrators about potentially unsafe permissions setup involving builds running as the virtual SYSTEM user. (issue 24513)
- Workspace and artifacts browsing did not work on Windows Server 2016 with Microsoft Docker. (regression in 2.154) (issue 56114)
- Developer: StringParameterValue.getValue() now returns a String avoiding an unnecessary cast. (pull 3146)
New in Jenkins 2.167 Weekly (Mar 4, 2019)
- Actually show spinner when select tries to load an async request. (issue 42443)
- Add a log message to build logs when builds run with the virtual SYSTEM authentication. (pull 3908
New in Jenkins 2.166 (Feb 26, 2019)
- Add support for turning off a log recorder in the logger configuration. (issue 56200)
- Replace Trilead-SSH implementation of SSH key loader in CLI with Apache Mina. (issue 56167)
- Prevent NullPointerException when discarding unreadable fingerprint data. (issue 43218)
- Avoid deserialization errors with EnvVars in rare circumstances by adding a stable serialVersionUID. (issue 56161)
- Developer: Update Localizer library from 1.24 to 1.26 allowing plugins to override the lookup for localized resource files. (pull 3896, JEP-216, full changelog)
- Internal: Update Jenkins Test Harness from 2.46 to 2.47 (pull 3912)
- What's new in 2.165 (2019-02-17)
New in Jenkins 2.150.3 (Feb 26, 2019)
- Improve robustness of console annotators such as the Timestamper plugin in conjunction with certain Pipeline steps such as git on an agent with an old agent.jar. (issue 55257)
- User account creation by administrators did not show error messages when it failed. (Regression in 2.129 and 2.138.1) (issue 52869)
New in Jenkins 2.165 Weekly (Feb 18, 2019)
- Support for the Remoting mode of the CLI (-remoting option) has been removed. (pull 3838, announcement blog post)
- Developer: Some public classes and methods which were already deprecated as specific to Remoting mode of the CLI have been removed, though those likely to be used by plugins have been retained for compatibility. (pull 3838)
- Internal: Replace Trilead SSH implementation of base64 with the JDK implementation. (issue 43780)
New in Jenkins 2.163 Weekly (Feb 4, 2019)
- Support running Jenkins WARs on Java 11 without downloading JAXB JARs. A new JAXB plugin is marked as a detached one when running with Java 11 or higher. (issue 55681, pull 3711, plugin page)
- Report names of items being deleted in confirmation dialogs (issue 55848)
- Replaced text references to slave with agent in various log entries and built-in help pages (issue 51320)
- Improve diagnostics of missing Old Data Administrative Monitor (pull 3240, related issue)
- Prevent a potential startup deadlock situation in extension loading (pull 3828, issue 55361, issue 54974, issue 50663, issue 44564, issue 31622)
- Improve robustness of the partial page refresh logic when Jenkins is not available (issue 53077)
- Prevent NullPointerException in Run Parameter for jobs in rare race condition cases (issue 47530)
- Prevent NumberFormatException when a symbolic link is published as an artifact (issue 55049)
- Prevent NullPointerException when a fingerprint is loaded from a corrupted XML file without the usages section (issue 49588)
- What's new in 2.162 (2019-01-27)
New in Jenkins 2.162 Weekly (Jan 28, 2019)
- Jenkins did not use the configured proxy credentials for authentication unless they were saved since Jenkins was started. (regression in 2.152) (issue 54903)
- The list-jobs no longer lists items recursively when listing a specific folder. (issue 48220)
- Replace deprecated Warnings and Checkstyle plugins with Warnings Next Generation Plugin in installation wizard. (pull 3857)
- Do not print a warning about a changed workspace location on every startup when using the system property jenkins.model.Jenkins.workspacesDir. (issue 53284)
- Internal: Optimization in the method to read a remote file as text. (pull 3862)
- Internal: Add smoke-test JUnit category. To only run these tests, mvn -P smoke-test. (issue 53935
New in Jenkins 2.150.2 (Jan 21, 2019)
- Important security fixes. (security advisory)
- Invalidate sessions and CLI authentication caches when changing the user password in the Jenkins user database.
- Add support for killing child processes on AIX. (issue 16867)
New in Jenkins 2.150.1 (Jan 21, 2019)
- Numerous fixes and improvements to better support running Jenkins on Java 11. (issue 46523, issue 46725, issue 51805, issue 52019, issue 52024, issue 53693, issue 53710, issue 53929, Parent POM 1.49 changelog, Winstone-Jetty 5.1 changelog, Groovy 2.4.12 changelog, Jetty 9.4.12 changelog)
- Migrate most Simplified Chinese translations into Localization: Chinese (Simplified) Plugin. (pull 3667)
- Allow use of the console command with Job/Read permission. (issue 52181)
- Wait up to two minutes for process termination before killing it (typically when aborting a build). (issue 17116)
- Reduce logging level of restart and shutdown related notifications from SEVERE to INFO. (issue 53282)
- New JENKINS_USER_ID and JENKINS_API_TOKEN environment variables can be used to configure the CLI authentication. (issue 53792)
- Do not submit telemetry if there's no relevant data. (issue 54137)
- Use per-trial correlation IDs for telemetry submissions. (issue 54136)
- Update Remoting from 3.26 to 3.27 to eliminate a potential deadlock. (Full changelog, issue 53569)
- Developer: Add support for the @PostConstruct lifecycle method annotation. (issue 52818)
- Developer: Add interface PersistentDescriptor that allows implementing Descriptors to skip explicit calls to load(). (issue 52818)
- Developer: Introduce getPlatform() and setPlatform() methods in hudson.EnvVars. (issue 53721)
- Developer: Introduce new hudson.Util#fixNull(value, defaultValue) method. (pull 3656)
- Developer: Add overridable Queue.Task#getAffinityKey() to allow consistent hashing for Pipeline builds in the future. (issue 36547)
- Developer: ConsoleAnnotatorFactory mishandled its type parameter, effectively forcing all implementations to use Object or raw types. (pull 3662)
New in Jenkins 2.138.4 (Jan 21, 2019)
- Important security fixes. (security advisory)
New in Jenkins 2.160 Weekly (Jan 17, 2019)
- Important security fixes. (security advisory)
- Invalidate sessions and CLI authentication caches when changing the user password in the Jenkins user database.
New in Jenkins 2.159 Weekly (Jan 15, 2019)
- Fixed issue that prevented Jenkins from deleting files in many cases. (regression in 2.157) (issue 55448)
New in Jenkins 2.158 Weekly (Jan 14, 2019)
- Add support for plugins declaring a minimum Java version in manifest, showing warnings and refusing to load plugins with unsatisfied dependencies. Plugins should use the plugin POM 3.31 or newer to make use of this. (issue 55048)
New in Jenkins 2.157 Weekly (Jan 7, 2019)
- Update Trilead SSH library to add support for OpenSSH keys with AES256-CTR encryption. (issue 47603, issue 47458, issue 55133, issue 53653)
- Restarting and Loading pages did not get CSS resources from the correct URL when using a context path. (issue 55062)
- Internal: Update parent POM from 1.50 to 1.51. (pull 3829, changelog)
- Internal: update build-helper-maven-plugin from 1.7 to 3.0 to make Jenkins more easily importable in Eclipse IDE. (pull 3831)
New in Jenkins 2.156 Weekly (Dec 18, 2018)
- User account creation by administrators did not show error messages when it failed. (Regression in 2.129) (issue 52869)
- Fix java.lang.IllegalStateException that could occur in rare cases on Jenkins startup. (issue 55197, issue 55070)
- Attempt to prevent NoClassDefFoundError: javax/servlet/ServletException under some conditions on agents. (issue 26677)
- Update Remoting from 3.27 to 3.28 to fix some minor issues and enhance NO_PROXY options. (full changelog, issue 47977, issue 48778, issue 49987, issue 50730, issue 51108, issue 54005)
- Replace the Flash implementation of the "copy to clipboard" feature with the native JavaScript equivalent. (issue 54933)
- Login and signup pages redesigned in 2.129 now can receive style contributions (footer view for SimplePageDecorator) from multiple plugins. (issue 54325)
New in Jenkins 2.155 Weekly (Dec 10, 2018)
- When running on Java 11, Jenkins by default is now using an update center with alpha/beta plugin releases that require Java 11. (issue 55080, Experimental Update Center for Java 11 in JEP-211)
- Update SSHD Module from 2.4 to 2.5 to add support for the EdDSA signature algorithm. (issue 45318, SSHD Module changelog)
- Unix process manager and Agent Java Web Start UI now check the current Java version based on java.specification.version. (issue 55076)
- Internal: update parent POM from 1.49 to 1.50 to get the SUREFIRE-1588 workaround. (Parent POM changelog, SUREFIRE-1588)
New in Jenkins 2.154 Weekly (Dec 5, 2018)
- Important security fixes.
New in Jenkins 2.153 Weekly (Nov 27, 2018)
- Add support for the ed25519 key algorithm in Jenkins CLI. (issue 45318)
- Do not show the Launch agent from browser button (Java Web Start) if Jenkins is running on Java 11. (issue 52282)
- Do not hide newer releases of plugins from secondary update sites. (issue 45235)
- Check hudson.PluginManager.CHECK_UPDATE_ATTEMPTS system property instead of hudson.PluginManager.checkUpdateAttempts. (issue 54731, issue 54459)
New in Jenkins 2.152 Weekly (Nov 20, 2018)
- Revert compatibility fix for future releases of Firefox due to regressions it caused since 2.148. (issue 54261, issue 54333, issue 54570)
- Do not cache CSS/JS resource files for console annotations like Timestamper Plugin across Jenkins restarts. (issue 38719)
- In some cases, HTTP proxies with authentication did not work for HTTPS URL. (issue 48775)
- Improve robustness when checking for updates. Add hudson.PluginManager.sleepTimeMilis and hudson.PluginManager.retries system properties to adapt to unreliable networks. (issue 54459, Jenkins features controlled by system properties)
- Add support for killing child processes on AIX. (issue 16867)
- Only select compatible plugin updates when clicking Select All below the list. (issue 20155)
- Internal: Upgrade the Maven Jenkins Dev plugin from 9.4.5.v20170502 to 9.4.12.v20180830 to align it with the Jetty version. (issue 54599)
- Internal: Update Jenkins Test Harness from 2.36 to 2.41.1 to allow running tests with JDK11 (issue 53863, changelog)
- Internal: Introduce a new submodule for JDK8-only tests so that it is possible to run tests against codebase removed from JDK11 (issue 53716)
New in Jenkins 2.138.3 (Nov 9, 2018)
- The initial visibility of nested groups of radio buttons did not accurately reflect the current values. (issue 48516)
- Improve robustness when search items don't specify a display name. (issue 50795)
- Add telemetry trial related to Stapler request dispatching. (issue 54029)
New in Jenkins 2.149 Weekly (Oct 29, 2018)
- What's new:
- Do not submit telemetry if there's no relevant data. (issue 54137)
- Use per-trial correlation IDs for telemetry submissions. (issue 54136)
- Fix concurrency bug that caused requests to hang since 2.147. (issue 54135)
- When using elastic agents (clouds), agent JVMs could be incorrectly relaunched and never terminated. (pull 3701)
New in Jenkins 2.148 Weekly (Oct 23, 2018)
- Make form submit buttons on the Jenkins classic UI compatible with potentially upcoming Firefox bug fix. (issue 53462, Firefox bug 1370630)
New in Jenkins 2.147 Weekly (Oct 15, 2018)
- Update Winstone-Jetty from 5.0 to 5.1 to update Jetty to 9.4.12, picking up TLS 1.3 support and fixes towards Java 11. (issue 51805, issue 53929, Winstone-Jetty changelog, Jetty changelog)
- Update Stapler from 1.254.2 to 1.255 to integrate a fix related to StaplerProxy#getTarget() return value handling. (pull 3690, stapler/stapler#149)
- Print a warning when the long deprecated method Secret#toString() is being used. (pull 3668)
- Add telemetry trials related to browser languages and Stapler request dispatching. (pull 3688, pull 3687, stapler/stapler#148)
New in Jenkins 2.138.2 (Oct 11, 2018)
- Community reported issues: 1×JENKINS-420
- Important security fixes. (security advisory)
- Security hardening: Escape variables in Jelly views by default. (announcement blog post, LTS upgrade guide, list of affected plugins)
- Update Winstone-Jetty from 4.4 to 5.0 to fix HTTP/2 support and threading problems on hosts with 30+ cores. (issue 53239, issue 52804, issue 51136, issue 52358)
- Security hardening related to Stapler routing.
- Security hardening related to HTTP verb restrictions for web methods.
- Extend anonymous usage statistics with information about applied security fix escape hatches. (JEP-214)
- Fix a thread safety issue when creating multiple nodes in parallel. (issue 53401)
- Nested f:repeatable/f:repeatableProperty form elements inherited minimum when they shouldn't. (issue 37599)
New in Jenkins 2.145 Weekly (Oct 8, 2018)
- Migrate all Simplified Chinese translations into Localization: Chinese (Simplified) Plugin. Jenkins (core) now no longer contains Simplified Chinese translations. (pull 3667)
- Prevent NullPointerException on restart with an undefined update site URL. (issue 31448)
- Fix problems with update center metadata signature check on Java 11. (issue 53710)
- The initial visibility of nested groups of radio buttons did not accurately reflect the current values. (issue 48516)
- New JENKINS_USER_ID and JENKINS_API_TOKEN environment variables can be used to configure the CLI authentication. (issue 53792)
- Minor improvements to reduce minimum memory footprint for Jenkins, especially around update center & plugin metadata. (pull 3654)
- Developer: Add overridable Queue.Task#getAffinityKey() to allow consistent hashing for Pipeline builds in the future. (issue 36547)
- Developer: ConsoleAnnotatorFactory mishandled its type parameter, effectively forcing all implementations to use Object or raw types. (pull 3662)
- Internal: Update META-INF/services generator from 1.4 to 1.8 to fix compilation on JDK 10+. (issue 52024, META-INF/services generator)
- Internal: Update Parent POM to 1.49 to make the build flow compatible with Java 11. (Parent POM changelog)
New in Jenkins 2.144 Weekly (Oct 1, 2018)
- Update jnr-posix to 3.0.45 to prevent Illegal Reflective access warnings when running with Java 11. (issue 46725)
- Update Remoting from 3.26 to 3.27 to eliminate a potential deadlock. (Full changelog, issue 53569)
- Prevent process termination failure when ProcessKiller extension fails with NoClassDefFoundError. (issue 53593)
- Remove unreliable action caching in views so that plugins installed after Jenkins startup can contribute to the UI. (issue 53353)
- Update Unix process management logic to support Process Tree termination when running with Java 11. (issue 46523)
- Developer: Introduce getPlatform() and setPlatform() methods in hudson.EnvVars. (issue 53721)
- Developer: Introduce new hudson.Util#fixNull(value, defaultValue) method. (pull 3656)
New in Jenkins 2.143 Weekly (Sep 25, 2018)
- Hyperlinks in build logs for builds run using Jenkins 2.138 or older were not displayed correctly in newer versions of Jenkins. As a side effect of this fix, build logs created with Jenkins between 2.139 and 2.142 (inclusive) will lose the hyperlink metadata. (issue 53729)
- Update Groovy from 2.4.11 to 2.4.12 to pick up fixes towards Java 11 support. (issue 52019, Groovy 2.4.12 changelog)
- Add extensibility mechanism for anonymous usage statistics with initial implementation collecting information about applied security fix escape hatches. (JEP-214)
- Fix a thread safety issue when creating multiple nodes in parallel. (issue 53401)
- Developer: Add Telemetry extension point. (JEP-214)
- Developer: Update PowerMock and Mockito to versions compatible with Java 11. (issue 53693)
- Internal: Incorrect API signatures on some classes performing custom deserialization. (issue 53608)
- Internal: Update sezpoz from 1.12 to 1.13 to enable building plugins with JDK 11.
New in Jenkins 2.142 Weekly (Sep 21, 2018)
- Improve robustness when search items don't specify a display name. (issue 50795)
- Certain kinds of errors in build console display were being suppressed and ANSI escape sequences displayed instead. (pull 3612)
- Further improvements to not show scroll bar prematurely on long build display names in the sidepanel builds widget. (pull 3601)
New in Jenkins 2.138.1 (Sep 13, 2018)
- Changes since 2.138:
- A configured quiet period was interpreted as milliseconds, instead of seconds. (Regression in 2.82) (issue 48770)
- Notable changes since 2.121.3:
- Redesigned login, signup, and Jenkins is (re)starting pages. Existing page decorators like Simple Theme Plugin will no longer work with these redesigned pages. (issue 50447, announcement blog post)
- Replace single per-user API token with new system of multiple, revocable, unrecoverable API tokens with usage tracking. (issue 32442, issue 32776, blog post)
- The deprecated Jenkins CLI Protocol versions 1 and 2, and Java Web Start Agent Protocol versions 1, 2, and 3 have been disabled. If you still use these protocols (e.g. remoting-based CLI, or old slave.jars on agents), you need to re-enable these protocols after upgrade, or upgrade the clients. The same recommendations as in The 2.121.x upgrade guide for remoting changes apply here. (issue 48480)
- Check SHA-512 or SHA-256 checksums of update site and tool installer metadata and core and plugin downloads if the update site provides them. (pull 3356)
- Optional extensions are now loaded without requiring to restart Jenkins after installing an optional dependency. (issue 50336)
- Upgrade Winstone from 4.2 to 4.4 to update Jetty from 9.4.8.v20171121 to 9.4.11.v20180605, adding an option to enable JMX when running Jenkins using java -jar jenkins.war. (pull 3422, pull 3497, full changelog, Jetty 9.4.11 changelog, Jetty 9.4.10 changelog, Jetty 9.4.9 changelog, JMX Documentation for Jetty, full list of options)
- Upgrade Remoting from 3.21.1 to 3.25 to have agents check availability of the master's TCP Agent Listener port when connecting over TCP. (issue 51818, issue 52204, Remoting 3.22 changelog)
- Upgrade Bytecode Compatibility Transformer from 1.8 to 2.0-beta-2, upgrading ASM from 5.0.1 to 6.2 to improve support of Java 9+ runtimes. (issue 51837, supported Java versions)
- Update Executable WAR from 1.39 to 1.41 to allow running Jenkins with incompatible (too new) Java versions by setting the --enable-future-java flag. (issue 51155, issue 51994, issue 46622, Executable WAR 1.40 changelog, Executable WAR 1.41 changelog, supported Java versions)
- Update instance identity module from 2.1 to 2.2 to improve Java 11 compatibility. (issue 51965, full changelog)
- Update JNA from 4.2.1 to 4.5.2 to add support for s390x. (issue 52771)
- Add a new CLI command enable-plugin to enable one or more installed plugins and optionally restart Jenkins. (issue 52822)
- Add support for Zip files larger than 4 GB (Zip64). (issue 52356)
- Add modification timestamp to files in directory browser views such as archived artifacts and workspaces. (issue 20998)
- Export path to agent file system root directory in remote API. (pull 3206)
- Jenkins remote API: Export fingerprints for builds which do not derive from AbstractBuild, like Pipeline builds. (issue 51667)
- Some deserialization rejections are now logged on WARNING log level, instead of only on FINER. (issue 51666)
- Instances of some item types could not be renamed (regression in 2.110). (issue 52164)
- Don't fail to archive artifacts when attributes cannot be preserved, instead log a message and proceed without preserving attributes (regression in 2.120). (issue 52325)
- Some types of builds, like pipelines, would sometimes run concurrently even when that was disabled. (issue 41127)
- Developer: Introduce SimplePageDecorator extension point, which allows decorating the redesigned login page. (announcement blog post)
- Internal: Update parent POM. Jenkins now requires Maven 3.5.4 or newer to build. (pull 3567)
- Internal: Various improvements related to incremental Maven releases. (issue 51187, issue 51247, pull 3430, JEP-305)
New in Jenkins 2.141 Weekly (Sep 4, 2018)
- Update Winstone-Jetty from 4.4 to 5.0 to fix HTTP/2 support and threading problems on hosts with 30+ cores. (issue 53239, issue 52804, issue 51136, issue 52358)
- Update Remoting from 3.25 to 3.26 to remove some unhelpful warnings. (issue 42533, issue 52945)
- Wait up to two minutes for process termination before killing it (typically when aborting a build). (issue 17116)
- Reduce logging level of restart and shutdown related notifications from SEVERE to INFO. (issue 53282)
New in Jenkins 2.139 Weekly (Aug 27, 2018)
- Allow use of the console command with Job/Read permission. (issue 52181)
- Upgrade libpam4j from 1.8 to 1.11. (issue 53055)
- CLI command enable-plugin -restart will no longer restart Jenkins if no plugins were actually enabled. (issue 52950)
- Nested f:repeatable/f:repeatableProperty form elements inherited minimum when they shouldn't. (issue 37599)
- Build logs were not displayed correctly when they contained hyperlinks whose link text contains newline characters. (issue 53016)
- Developer: Add support for the @PostConstruct lifecycle method annotation. (issue 52818)
- Developer: Add interface PersistentDescriptor that allows implementing Descriptors to skip explicit calls to load(). (issue 52818)
New in Jenkins 2.138 Weekly (Aug 16, 2018)
- Security fixes. (security advisory)
- Security hardening related to Stapler routing.
New in Jenkins 2.121.3 (Aug 16, 2018)
- Security fixes. (security advisory)
- Security hardening related to Stapler routing.
- Robustness: Don't break queue processing when the configured queue sorter throws exceptions. (issue 52159)
- Whitelist java.time.Ser for use in XStream (XML serialization) and Remoting (agent communication). (issue 52534)
- Fix a potential deadlock between queue maintenance and asynchronous execution. (issue 46248)
- Security hardening: Prevent files in tar archives from being written to a path outside the destination directory. (issue 51777)
- Dynamically loaded plugins now have any PeriodicWork/AperiodicWork extensions scheduled. (issue 28683)
- Developer: Remove hudson.FilePath#copyFromRemotely(URL) Beta API. (issue 52417)
New in Jenkins 2.137 Weekly (Aug 13, 2018)
- Do not show scroll bar prematurely on long build display names in the sidepanel builds widget. (pull 3576)
- Developer: Downgrade errors about plugin dependency version mismatches to warnings when Maven snapshot versions are involved. Typically only relevant for developers, especially when using incrementals. (issue 52665)
- Internal: Update parent POM (pull 3567)
- What's new in 2.136 (2
New in Jenkins 2.136 Weekly (Aug 6, 2018)
- Add a new CLI command enable-plugin to enable one or more installed plugins and optionally restart Jenkins. (issue 52822)
- Update JNA from 4.2.1 to 4.5.2 to add support for s390x. (issue 52771)
- Some types of builds, like pipelines, would sometimes run concurrently even when that was disabled. (issue 41127)
- Legacy API token monitoring did not work correctly for users with id null. (issue 52441)
- Launcher.ProcStarter.stdout(TaskListener) did not properly send its argument over a Remoting channel to an agent. (issue 52729)
- Developer: Add EnvironmentVariablesNodeProperty#getEnv() for better Configuration-as-Code support. (issue 52794)
New in Jenkins 2.135 Weekly (Jul 30, 2018)
- Some deserialization rejections are now logged on WARNING log level, instead of only on FINER. (issue 51666)
- Prevent warnings about deserialization of hudson.model.ParametersDefinitionProperty$1. (issue 50457)
- Developer: Make Jenkins#getInstallState and Jenkins#setInstallState(…) available to plugins. (issue 52718)
New in Jenkins 2.134 Weekly (Jul 23, 2018)
- Instruct browsers to not send referrer headers when following links to other sites. (pull 3547, referrer policy documentation)
- Improvements to Chinese localization. (pull 3550, pull 3555)
New in Jenkins 2.121.2 (Jul 19, 2018)
- Important security fixes. (security advisory)
- Update Remoting from 3.20 to 3.21 to apply logging enhancements and better no_proxy support. (issue 51223, issue 50965, issue 51551, Remoting 3.21 changelog)
- Improve diagnostics of corrupted plugin archives during plugin dynamic loading. (issue 51608)
- Robustness: A buggy ComputerListener#onConfigurationChange implementation should not block Jenkins startup. (issue 50217)
- Diagnostics: Log stack traces in JEP-200 rejection messages when jenkins.security.ClassFilterImpl logging level is FINE or above. (issue 51355)
- Improve Jenkins root URL validation. (issue 51158)
- Do not remove workspaces for projects with builds in progress. (issue 27329)
- If using the Artifact Manager on S3 plugin with the (non-default) option to delete artifacts, they were not deleted when the entire build was deleted. (issue 51819)
- Don't monitor response time on offline agents. (issue 20272)
- Copying Run parameters did not work as expected as RunParameterDefinition#copyWithDefaultValue called the wrong constructor. (issue 51650)
- Restore implied dependency on JDK Tool Plugin from Apache HttpComponents Client 4 API Plugin to fix dependency problems. (issue 51483)
- Actions created from a TransientActionFactory that got attached to an item in the queue are no longer persisted, which could previously lead to duplicate actions shown for builds. (issue 51584)
- Prevent unhandled ClassCastException when loading fingerprints from corrupted files. (issue 51179)
- Do not duplicate caller stack trace when FilePath#act fails. (issue 51082)
- Fix behaviour of Advanced button when a section element is nested inside. (issue 14632)
- Developer: ComputerLauncher implementations can now set channels with a custom CommandTransport implementation. (issue 51541)
- Developer/Internal: Remove use of a Guava method deleted in later versions, which could cause problems for plugins running functional tests. (issue 51779)
- Developer API: StreamTaskListener#getCharset() now returns the default charset when it is not configured. (issue 51971)
- Developer API: Prevent NullPointerException in SlaveComputer#setChannel(Channel,OutputStream,Channel.Listener) with null OutputStream. (issue 51955)
New in Jenkins 2.133 Weekly (Jul 19, 2018)
- Important security fixes. (security advisory)
New in Jenkins 2.132 Weekly (Jul 16, 2018)
- Don't log warnings when SHA-256 checksums are provided (but SHA-512 are not) for plugin downloads. (pull 3546)
- Whitelist java.time.Ser for use in XStream (XML serialization) and Remoting (agent communication). (issue 52534)
- Don't fail to archive artifacts when attributes cannot be preserved, instead log a message and proceed without preserving attributes (regression in 2.120). (issue 52325)
New in Jenkins 2.131 Weekly (Jul 8, 2018)
- Add support for Zip files larger than 4 GB (Zip64). (issue 46205)
- Developer: Remove hudson.FilePath#copyFromRemotely(URL) Beta API. (issue 52417)
New in Jenkins 2.130 Weekly (Jul 2, 2018)
- Check SHA-512 or SHA-256 checksums of update site and tool installer metadata and core and plugin downloads if the update site provides them. (pull 3356)
- Improve API token metadata to be able to distinguish between API tokens created today, and whose creation date is unknown (legacy API tokens). (issue 52161)
- Update Remoting from 3.22 to 3.23 to skip TCP Agent Listener port availability check when the -tunnel option is set (regression in Remoting 3.22 and Jenkins 2.129). (issue 52204)
- Instances of some item types could not be renamed (regression in 2.110). (issue 52164)
- Robustness: Don't break queue processing when the configured queue sorter throws exceptions. (issue 52159)
- Update instance identity module from 2.1 to 2.2 to improve Java 11 compatibility. (issue 51965, full changelog)
New in Jenkins 2.129 Weekly (Jun 25, 2018)
- Replace single per-user API token with new system of multiple, revocable, unrecoverable API tokens with usage tracking. (issue 32442, issue 32776)
- Dynamically loaded plugins now have any PeriodicWork/AperiodicWork extensions scheduled. (issue 28683)
- Upgrade Bytecode Compatibility Transformer from 1.8 to 2.0-beta-2, upgrading ASM from 5.0.1 to 6.2 to improve support of Java 9+ runtimes. (issue 51837, supported Java versions)
- Upgrade Remoting from 3.21 to 3.22 to have agents check availability of the master's TCP Agent Listener port when connecting over TCP. (issue 51818, Remoting 3.22 changelog)
- Update Executable WAR from 1.40 to 1.41 to link the Jenkins Java support policy and to fix reflection warnings when running on Java 9+ (experimental support). (issue 51994, issue 46622, Executable WAR 1.41 changelog, supported Java versions)
- Developer API: Remoting 3.22 n
New in Jenkins 2.128 Weekly (Jun 18, 2018)
- Redesigned login, signup, and Jenkins is (re)starting pages. Existing page decorators like Simple Theme Plugin will no longer work with these redesigned pages. (issue 50447)
- The deprecated Jenkins CLI Protocol versions 1 and 2, and Java Web Start Agent Protocol versions 1, 2, and 3 have been disabled. If you still use these protocols (e.g. remoting-based CLI, or old slave.jars on agents), you need to re-enable these protocols after upgrade, or upgrade the clients. The same recommendations as in The 2.121.x upgrade guide for remoting changes apply here. (issue 48480)
- Upgrade Winstone from 4.3 to 4.4 to update Jetty from 9.4.8.v20171121 to 9.4.11.v20180605. (pull 3497, full changelog, Jetty 9.4.11 changelog, Jetty 9.4.10 changelog, Jetty 9.4.9 changelog)
- Jenkins remote API: Export fingerprints for builds which do not derive from AbstractBuild, like Pipeline builds. (issue 51667)
- Stop using deprecated com.google.common.io.NullOutputStream from Guava to avoid binary conflicts with plugins bundling newer Guava versions (regression in 2.127). (issue 51889)
- Developer: Introduce SimplePageDecorator extension point, which allows decorating the redesigned login page. (issue 50447)
- Developer API: Prevent NullPointerException in SlaveComputer#setChannel(Channel,OutputStream,Channel.Listener) with null OutputStream. (issue 51955)
- Developer API: StreamTaskListener#getCharset() now returns the default charset when it is not configured. (issue 51971)
New in Jenkins 2.127 Weekly (Jun 12, 2018)
- Optional extensions are now loaded without requiring to restart Jenkins after installing an optional dependency. (issue 50336)
- Update Remoting from 3.20 to 3.21 to apply logging enhancements and better no_proxy support. (issue 51223, issue 50965, issue 51551, Remoting 3.21 changelog)
- Add modification timestamp to files in directory browser views such as archived artifacts and workspaces. (issue 20998)
- Improve diagnostics of corrupted plugin archives during plugin dynamic loading. (issue 51608)
- Update Executable WAR from 1.39 to 1.40 to allow running Jenkins with incompatible (too new) Java versions by setting the --enable-future-java flag. (issue 51155, Executable WAR 1.40 changelog)
- Have the setup wizard propose a root URL ending with a slash as is necessary. (issue 51660)
- Fix a potential deadlock between queue maintenance and asynchronous execution. (issue 46248)
- Security hardening: Prevent files in tar archives from being written to a path outside the destination directory. (issue 51777)
- If using the (currently unreleased) Artifact Manager on S3 plugin with the (non-default) option to delete artifacts, they were not deleted when the entire build was deleted. (issue 51819)
- Prevent Enter resulting in a broken presentation of the setup wizard. (issue 51816)
- Developer: PermissionGroups now expose their IDs to Java API. (issue 51598)
- Developer: ComputerLauncher implementations can now set channels with a custom CommandTransport implementation. (issue 51541)
- Developer/Internal: Remove use of a Guava method deleted in later versions, which could cause problems for plugins running functional tests. (issue 51779)
New in Jenkins 2.121.1 (Jun 8, 2018)
- Faster list rendering of Plugin Manager » Available. (issue 51205)
New in Jenkins 2.126 Weekly (Jun 4, 2018)
- Robustness: A buggy ComputerListener#onConfigurationChange implementation should not block Jenkins startup. (issue 50217)
- Diagnostics: Log stack traces in JEP-200 rejection messages when jenkins.security.ClassFilterImpl logging level is FINE or above. (issue 51355)
- Copying Run parameters did not work as expected as RunParameterDefinition#copyWithDefaultValue called the wrong constructor. (issue 51650)
- Actions created from a TransientActionFactory that got attached to an item in the queue are no longer persisted, which could previously lead to duplicate actions shown for builds. (issue 51584)
- Do not attempt to disconnect offline computers for not responding. (issue 20272)
- Restore implied dependency on JDK Tool Plugin from Apache HttpComponents Client 4 API Plugin to fix dependency problems. (issue 51483)
- Fix behaviour of Advanced button when a section element is nested inside. (issue 14632)
- Do not duplicate caller stack trace when FilePath#act fails. (issue 51082)
- Developer: Make various form validation related attributes in Jelly form taglib explicitly available. (pull 3470)
New in Jenkins 2.125 Weekly (May 29, 2018)
- Export path to agent file system root directory in remote API. (pull 3206)
- Do not remove workspaces for projects with builds in progress. (issue 27329)
New in Jenkins 2.124 Weekly (May 22, 2018)
- Fix release process issue that resulted in 2.123 not being properly released.
New in Jenkins 2.122 Weekly (May 15, 2018)
- Faster list rendering of Plugin Manager » Available. (issue 51205)
- Improve Chinese translation. (pull 3423, pull 3440)
- Internal: Various improvements related to incremental Maven releases. (issue 51187, issue 51247, pull 3430, JEP-305)
New in Jenkins 2.121 Weekly (May 9, 2018)
- Important security fixes.
New in Jenkins 2.107.3 (May 9, 2018)
- Security: Important security fixes.
- RFE: Whitelist java.util.EnumMap and org.jruby.RubyNil for use in XStream (XML serialization) and Remoting (agent communication).
- RFE: Internal: Add new update center root CA certificate.
- Bug: Don't log null pointer exceptions on some forms with validation button (regression in 2.107.2).
- Bug: Allow users without Overall/Read access to use the who-am-i and logout commands.
- Bug: Fix a race condition in the Setup Wizard that could lead to it being skipped on the first startup when groovy scripts or init scripts are pre-installed.
- Bug: In rare configurations, agents tried to load unloadable classes from the master, resulting in ClassNotFoundException: javax.servlet.ServletContextListener on agents.
- Bug: Make Cancel Shutdown link in side panel work without requiring the page to be reloaded.
New in Jenkins 2.120 Weekly (May 7, 2018)
- The Job/Build permission no longer implies the Job/Cancel permission. The latter needs to be granted explicitly to users who previously got it via this relationship. (issue 14713)
- Fix issue preventing process killing vetoes being effective on agents. (issue 9104, ProcessKillingVeto extension point implementations)
- Allow additional administrative monitors to be dismissed directly from their warning messages. (pull 3416)
- Make fingerprint logs less verbose. (issue 50412)
- Be more lenient when validating the root URL (regression in 2.119). (issue 51064)
- Archiving artifacts now preserves file permissions and last modification time. (issue 13128)
- Don't extract files from plugin archives to outside their destination directory. (issue 32778)
- Internal: Add support for incremental Maven releases. (JEP-305)
- Internal: Further simplify storage of the Jenkins setup wizard’s installation state. (pull 3405)
- Developer: Extend ClassFilterImpl#isLocationWhitelisted Maven-oriented exclusions to plugin under test during Gradle builds. (issue 51062)
New in Jenkins 2.119 Weekly (May 1, 2018)
- Ensure as much as possible that the Jenkins root URL is defined by adding a new setup wizard page and an administrative monitor. (issue 31661)
- Default Crumb Issuer proxy compatibility can be enabled on first startup by setting the system property jenkins.model.Jenkins.crumbIssuerProxyCompatibility to true on startup. (issue 50767, Jenkins features controlled by system properties)
- Remove the options to define custom Build Record Root Directory and Workspace Root Directory on the Configure System form to prevent unexpected failures during runtime. Instead, these locations can now be customized using system properties on startup. (issue 50164, Jenkins features controlled by system properties)
- Whitelist java.util.EnumMap and org.jruby.RubyNil for use in XStream (XML serialization) and Remoting (agent communication). (issue 50939, issue 50616)
- Developer: Add a new overload for HttpResponses#errorJSON. (pull 3082)
New in Jenkins 2.118 Weekly (Apr 23, 2018)
- Update Remoting from 3.19 to 3.20 in order to refresh the code signing certificate. (pull 3398, full changelog)
- Update WinP from 1.25 to 1.26 to fix loading of WinP libraries on Windows inside Weblogic web container. (issue 48347, full changelog)
- Developer: JEP-202: Extend VirtualFile API to streamline external artifact storage. API additions are marked beta and may change at any time. (JEP-202, pull 3302)
New in Jenkins 2.117 Weekly (Apr 15, 2018)
- Update Winstone from 4.1.2 to 4.2 to update Jetty from 9.4.5 to 9.4.8 for various bugfixes and improvements. (full changelog, Jetty 9.4.6 changelog, Jetty 9.4.7 changelog, Jetty 9.4.8 changelog)
- Improve Chinese translation. (pull 3368, pull 3385, pull 3386, pull 3387, pull 3391)
- Don't log null pointer exceptions on some forms with validation button (regression in 2.116). (issue 50748)
- Make the logic for adding nodes atomic, so that if a newly added node fails to be persisted it will not exist in a partly-initialized state. (issue 50599)
- Internal: Add new update center root CA certificate. (INFRA-1502)
New in Jenkins 2.116 Weekly (Apr 11, 2018)
- Security fixes. (security advisory)
New in Jenkins 2.107.2 (Apr 11, 2018)
- Security: Security fixes.
- Major Bug: Display estimated remaining time again for Pipeline jobs (regression in 2.89.4).
- RFE: Update Apache Mina SSHD Core from 1.6.0 to 1.7.0 in CLI client.
- RFE: Update Executable War from 1.37 to 1.38 to show an error when an attempt is made to run Jenkins on Java 9.
- RFE: Always show the master node in the executors widget, even when it is offline.
- RFE: Periodically persist the build queue so it can be restored on abnormal process termination.
- RFE: Reduce memory footprint of jenkins.model.lazy.AbstractLazyLoadRunMap#search in descending order.
- RFE: Add ConcurrentLinkedQueue to white-listed classes for use in XStream (XML serialization) and Remoting (agent communication).
- Bug: JEP-200: Whitelist org.apache.tools.ant.Location to prevent deserialization exception when listing agent files in non-existent directory or invalid filter.
- Bug: Clean up the build.xml files of parameterized projects that contained unnecessary serialized data.
- Bug: Restore serialVersionUID of AbstractTaskListener (regression in 2.91).
- Bug: Prevent FileNotFoundException in hudson.Util#loadFile in case of race condition.
- Bug: Make proxy views work inside folders.
- Bug: Upgrade Winstone from 4.1.0 to 4.1.2 to prevent User session memory leak by setting the default idle session eviction timeout to 30 minutes.
- Bug: Fix translation of 'sign up' in Dutch, used to be 'sign in'.
- Bug: Improve robustness in case a build with parameters was stored with a null list of parameters.
- Bug: Prevent NullPointerException in AbstractProject#checkout when the agent disconnects during a build.
New in Jenkins 2.115 Weekly (Apr 10, 2018)
- Sort nodes matching labels on UI. (issue 25910)
- Internal: Run threadPoolForRemoting threads in the context of the SYSTEM user to be consistent with executor threads. (issue 50296)
- Developer: Add new overloads for HttpResponses#errorJSON
New in Jenkins 2.114 Weekly (Apr 2, 2018)
- Introduce hudson.triggers.SafeTimerTask.logsTargetDir system property to write logs usually written to $JENKINS_HOME/logs to another location. (issue 50291)
- Update Executable War from 1.38 to 1.39 to remove an irrelevant warning on Jenkins startup. (issue 50439)
- Make Cancel Shutdown link in side panel work without requiring the page to be reloaded. (issue 44402)
- Prevent f:combobox input fields from breaking customized form submission handlers. (issue 21613)
- Fix a race condition in the Setup Wizard that could lead to it being skipped on the first startup when groovy scripts or init scripts are pre-installed. (issue 49401)
- Internal: Minimize visibility of readResolve methods. (pull 2567)
New in Jenkins 2.113 Weekly (Mar 26, 2018)
- Update Remoting from 3.18 to 3.19 so that Jenkins core can always deserialize exceptions even if they're not whitelisted. To benefit from this improvement, Remoting needs to be updated on the agent side as well. (issue 50237, issue 49618, full changelog)
- JEP-200: Whitelist org.apache.tools.ant.Location to prevent deserialization exception when listing agent files in non-existent directory or invalid filter. (issue 50237)
- Prevent some cases of linkage errors relating to Servlet classes when code is run on an agent. (issue 46386)
- Allow users without Overall/Read access to use the who-am-i and logout commands. (issue 50324)
- Show more entries in the search results dropdown and search results page. (issue 47020)
New in Jenkins 2.112 Weekly (Mar 20, 2018)
- Install from java.sun.com installation method for JDK tools has been moved to a new JDK Tool Plugin. (issue 22367)
- Update Remoting from 3.17 to 3.18 in order to apply various performance and diagnosability improvements, such as logging warnings when anonymous classes are serialized over a Remoting channel. (issue 49415, issue 49472, issue 48561, issue 49994)
- Allow use of lists of options as provided by the Pipeline snippet generator for choice parameters. (issue 26143)
- Restore serialVersionUID of AbstractTaskListener (regression in 2.91). (issue 50124)
- Use case-insensitive autocompletion for item selection dialogs if the current user prefers case-insensitive search (issue 38812)
- Better autocompletion for loggers supporting multiple tokens and proposing useful parent loggers. (pull 3345)
- Internal: Move "Submit" button localization from various forms to the button control. (pull 3319)
New in Jenkins 2.107.1 (Mar 16, 2018)
- Make JEP-200 serialization whitelist more reliable on old versions of Tomcat 8. (issue 49543)
- Don't show input validation errors in optional numeric form fields (regression in 2.105). (issue 49387, issue 49520)
- Notable changes since 2.89.4:
- Switch Remoting/XStream blacklist to a whitelist. (issue 47736, upgrade guidelines for admins and plugin maintainers, list of plugins known to be impacted)
- Jenkins now creates XML 1.1 files to be more accepting of unusual contents. (issue 48463)
- Use Java NIO library instead of native code to create and detect symbolic links and Windows junctions to improve compatibility and robustness. (issue 36088, issue 39179)
- Use Java NIO to read and write Unix file permissions by default. The previous behavior can be restored by setting the Java system property hudson.Util.useNativeChmodAndMode to true. (issue 36088, Jenkins features controlled by system properties)
- Improve robustness and error handling of various file operations by switching to NIO. (issue 47324, issue 48405)
- Update Remoting from 3.14 to 3.17 to integrate multiple fixes and improvements. (full changelog, issue 37566, issue 37670, issue 38696, issue 46724, issue 47965, issue 48055, issue 48130, issue 48133, issue 48309, issue 47736, issue 48686, issue 27035, issue 49027)
- Remove support for unbounded number of SCM polling threads. Previously, the default was infinite and could be set to between 10 and 100. Existing installations with unbounded SCM polling threads will now use the default of 10, and it is no longer possible to use a value outside of this range. (pull 3258)
- Do not require CSRF crumb to be provided when the request is authenticated using API token. (issue 22474)
- Introduce new hudson.lifecycle.ExitLifecycle to exit instead of restart. (issue 47043, Jenkins features controlled by system properties)
- Upgrade Executable War from 1.36 to 1.37 to allow supplying jenkins.war command-line arguments via standard input using the --paramsFromStdIn parameter. (pull 3223, documentation)
- Update SSHD Module 2.0 to 2.4 to update Apache Mina SSHD Core from 1.6.0 to 1.7.0, and fire authentication events in SecurityListeners when a user connects using SSH. (pull 3278, pull 3111, SSHD module changelog)
- Export assignedLabels for agents and labelExpression for applicable job types in remote API. (issue 25286)
- Re-style the Manage Jenkins page, including administrative monitors. (issue 43786, blog post)
- Define a minimum required version of the Remoting library (agent communication) and print warnings when an older version is connecting. (pull 3250)
- When Jenkins fails to load plugins, show failures that users need to take action on separate from those due to other plugins failing to load. (pull 3256)
- Updating Jenkins jobs and views by XML left fields at their old value if not defined in the new XML. (issue 21017)
- Fix HTTP 404 error when clicking on New View sidebar link from another view. (issue 48447)
- Upgrade Executable War from 1.36 to 1.37 to prevent multiple copies of winstone-*.jar in the temp folder from using up disk space needlessly. (issue 22088)
- Update to task reactor version 1.5 to prevent hanging of Jenkins on startup/reload when an initialization task throws an unhandled exception. (issue 48725, full changelog)
- Developer: Jenkins#getInstance() is now deprecated as its semantics have been a source of confusion for some time. Use #get() in typical cases and Jenkins#getInstanceOrNull() in rare cases (see Javadoc). (issue 48638)
- Developer: Deprecate the ambiguous User#getUser(String) in favor of the User#getById() or the new User#getOrCreateByIdOrFullName() methods. (issue 47718)
- Developer: Capture more authentication-related events in SecurityListener. (issue 27027)
- Developer: Deprecate hudson.util.Service in favor of Java's ServiceLoader. (pull 3191)
New in Jenkins 2.111 Weekly (Mar 12, 2018)
- Pipeline builds could not be started if the Authorize Project plugin was configured to associate the build with a user to whom the authorization strategy was configured to deny Agent/Build permission on the master node. (issue 46652)
- Reduce memory footprint of jenkins.model.lazy.AbstractLazyLoadRunMap#search in descending order. (issue 50056)
- Update Executable War from 1.37 to 1.38 to show an error when an attempt is made to run Jenkins on Java 9. (issue 49737, full changelog)
- Display estimated remaining time again for Pipeline jobs (regression in 2.92). (issue 48821)
- Revert update of PrototypeJS in 2.110 due to regression. (issue 49968)
- Do not show an error message when renaming an item before changing the name. (issue 49906)
- Improve robustness in case a build with parameters was stored with a null list of parameters. (issue 39495)
- Setup wizard did not properly display form validation errors in "Create First Admin User" form. (issue 45387)
- Prevent FileNotFoundException in hudson.Util#loadFile in case of race condition. (issue 49971)
- Ignore misplaced config.xml file directly in users/ directory. (issue 32599)
- Developer: Introduce hudson.util.TextFile#linesStream for file stream processing with proper error propagation. (pull 3211, pull 3340)
- Internal: Choose more mnemonic artifactIds for modules not consumed externally. (pull 3311)
New in Jenkins 2.110 Weekly (Mar 7, 2018)
- It is no longer possible to rename jobs from their configuration page. Jobs now have a link in the side panel titled "Rename" that links to a page specifically dedicated to renaming jobs. (issue 22936)
- Show the "Add" button in lists of tool installations also on the top. (issue 43581)
- Add ConcurrentLinkedQueue to white-listed classes for use in XStream (XML serialization) and Remoting (agent communication). (issue 49788)
- Issue warnings to the system log when attempts are made to use classes with unpredictable names and serial forms (such as anonymous classes) in Remoting or XStream (de)serialization. (issue 49795)
- Make JEP-200 serialization whitelist more reliable on old versions of Tomcat 8. (issue 49543)
- Clean up the build.xml files of parameterized projects that contained unnecessary serialized data. (issue 49795)
- Upgrade Winstone from 4.1.0 to 4.1.2 to prevent User session memory leak by setting the default idle session eviction timeout to 30 minutes. (issue 49596, full changelog)
- Make proxy views work inside folders. (issue 49642)
- Prevent NullPointerException in AbstractProject#checkout when the agent disconnects during a build. (issue 29470)
- Developer: Subclasses of AbstractItem can implement AbstractItem#isNameEditable and return true to get automatic support for renames. Subclasses are also able to dynamically validate renames by implementing AbstractItem#checkRename. (issue 22936)
- Developer: Add support for also showing the "Add" button on top for lib/form/repeatable Jelly controls when the enableTopButton attribute is set to true. (pull 2926)
- Internal: Upgrade PrototypeJS 1.7.0 to 1.7.3. (issue 49319, PrototypeJS blog/changelog)
- Internal: Improve the implementation of Util#createTempDir. (pull 3226)
- Internal: Make Apply buttons localizable. (pull 3287)
New in Jenkins 2.109 Weekly (Feb 26, 2018)
- Periodically persist the build queue so it can be restored on abnormal process termination. (issue 30909)
- Add agent symbol for a permanent agent in Structs Plugin based configuration. (issue 49661)
- Match more date formats for sortable tables. (pull 3125)
- Prevent NullPointerException when saving a parameterized job without parameters defined. (issue 46638)
- Don't link to a non-existing user profile from the build log of a build started by an anonymous user. (issue 48467)
New in Jenkins 2.108 Weekly (Feb 19, 2018)
- Always show the master node in the executors widget, even when it is offline. (issue 34712)
- archiveArtifacts in a Pipeline failed to throw a normal exception when there were no matches. (issue 47142)
- Update Apache Mina SSHD Core from 1.6.0 to 1.7.0 in CLI client. (issue 49565, changelog)
- Don't show input validation errors in optional numeric form fields (regression in 2.105). (issue 49387, issue 49520)
- Fix translation of 'sign up' in Dutch, used to be 'sign in'. (issue 49498)
- Extensibility: Allow SecurityRealm and AuthorizationStrategy implementations to be hidden on Configure Global Security form using DescriptorVisibilityFilter. (issue 49044)
New in Jenkins 2.107 Weekly (Feb 15, 2018)
- Important security fixes. (security advisory)
- Security hardening to prevent problems like SECURITY-624 in the future. (2017-12-05 security advisory, Ant Plugin fix in 2018-01-22 security advisory)
- What's n
New in Jenkins 2.89.4 (Feb 14, 2018)
- Security: Important security fixes.
- RFE: Security hardening to prevent problems like SECURITY-624 in the future.
- Bug: Update Stapler from 1.253 to 1.254 to make the form that shows up when a URL requiring POST is accessed using a different HTTP verb work with CSRF protection enabled.
- Bug: Do not downgrade detached plugins when upgrading Jenkins while its previous version was not properly recorded.
- Bug: The setup wizard is now resumed upon restart if it hasn't been completed yet, instead of showing the regular login screen (regression in 2.81).
- RFE: Reduce memory usage when scheduling pipelines on big clusters.
- RFE: Improve UI performance with long list of running builds by caching the estimated duration.
New in Jenkins 2.106 Weekly (Feb 12, 2018)
- Update Remoting library from 3.16 to 3.17 to improve diagnostic logging for channel read/write events and JEP-200 related class filtering. (issue 27035, issue 49027, full changelog)
- Integrate SSHD module 2.4 which updates Apache Mina SSHD Core from 1.6.0 to 1.7.0. (pull 3278, SSHD module changelog)
- Internal/API: Add DataBoundConstructor to LegacySecurityRealm to facilitate reflective instantiation in Jenkins-related tools and frameworks. (pull 3279)
New in Jenkins 2.105 Weekly (Feb 5, 2018)
- When Jenkins fails to load plugins, show failures that users need to take action on separate from those due to other plugins failing to load. (pull 3256)
- Upgrade Executable War from 1.36 to 1.37 to allow supplying jenkins.war command-line arguments via standard input using the --paramsFromStdIn parameter. (pull 3223, documentation)
- Jenkins now creates XML 1.1 files to be more accepting of unusual contents. (issue 48463)
- Form validation for number of executors now properly shows validation errors and user-friendly message on form submission. (issue 47793)
- Ensure that threads for background tasks cannot be created with a custom classloader to prevent possible Groovy memory leaks. (issue 49206)
- Upgrade Executable War from 1.36 to 1.37 to prevent multiple copies of winstone-*.jar in the temp folder from using up disk space needlessly. (issue 22088)
- Update to task reactor version 1.5 to prevent hanging of Jenkins on startup/reload when an initialization task throws an unhandled exception. (issue 48725, full changelog)
- Developer: Introduce ACL#lambda convenience method. (pull 3260, Javadoc)
New in Jenkins 2.104 Weekly (Jan 29, 2018)
- Whitelist additional safe Java platform types for use in XStream (XML serialization) and remoting (agent communication). (pull 3251, pull 3252, pull 3253, issue 49070, issue 49071)
- Remove support for unbounded number of SCM polling threads. Previously, the default was infinite and could be set to between 10 and 100. Existing installations with unbounded SCM polling threads will now use the default of 10, and it is no longer possible to use a value outside of this range. (pull 3258)
- Define a minimum required version of the remoting library (agent communication) and print warnings when an older version is connecting. (pull 3250)
- Improve robustness in case of faulty SCM#guessBrowser implementations. (pull 3267)
- Improve error message when failing to read some files to actually mention the file name. (issue 49060, issue 49112)
- Restore Manage Jenkins submenu in the context menu accessible from the breadcrumb (regression in 2.103). (issue 49129)
- Fix MalformedInputException or UnmappableCharacterException when reading the log file after finishing a build (regression in 2.102). (issue 49112)
- Jenkins 2.102 and later could fail to start or run properly when loaded inside certain containers, including old versions of Tomcat. (issue 49147)
- Don't attempt to export information about arbitrary offline causes as part of the /computer/(name)/api output, which could result in errors. (issue 24452)
New in Jenkins 2.103 Weekly (Jan 22, 2018)
- Whitelist additional safe types for use in XStream (XML serialization) and remoting (agent communication). (issue 48946, issue 49000, issue 49025)
- Re-style the Manage Jenkins page, including administrative monitors. (issue 43786, blog post)
- Make Blue Ocean work on Wildfly by excluding its outdated Jackson implementation from the Jenkins class path. (issue 48957)
- Do not downgrade detached plugins when upgrading Jenkins while its previous version was not properly recorded. (issue 48899)
- Restore file permissions granted to group and other for file created by Jenkins (regression in 2.93). (issue 48407)
- Fix a race condition in Initializer implementations creating Items that resulted in their deletion. (issue 47406)
- A ClassCastException or NoSuchMethodException could under certain circumstances mask the actual error when loading erroneous data from an XML file. (issue 49054)
- Properly add apostrophes to several localized strings that were missing them before. (pull 3203)
- Developer: Improve detection of current plugin's or test's classes for exclusion from JEP-200 filtering. (pull 3237)
New in Jenkins 2.89.3 (Jan 18, 2018)
- Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed when upgrading Jenkins past the version at which the plugin was detached. (issue 48365)
- Make the system property hudson.consoleTailKB actually work. (issue 48593, Jenkins features controlled by system properties)
- Fix a performance regression in Jenkins 2.86 due to lock contention in ExtensionList. (issue 48505)
- Prevent setup wizard from hanging when the two provided passwords differ, instead show a validation error. (issue 48080)
- Prevent concurrent installation of Maven on the same node to prevent problems. (issue 34138)
- Prevent potential NullPointerException when migrating the default "All View" name for a "My Views" user property. (issue 48157)
- Cache permission names, allowing Jenkins to recover faster after "stop-the-world" Java GC pauses. (issue 48349)
- Improve user lookup performance, for example from Git changelog calculation. (issue 47429)
New in Jenkins 2.102 Weekly (Jan 16, 2018)
- Switch Remoting/XStream blacklist to a whitelist. (issue 47736, upgrade guidelines for admins and plugin maintainers, list of affected plugins)
- Update Jenkins Remoting from 3.15 to 3.16. (full changelog, issue 47736, issue 48686)
- Limit which section headers are added to the breadcrumb config outline. (issue 48773)
- Reduce memory consumption for concurrent jobs when retrieving cause of blockage. (pull 3227)
- Introduce new hudson.lifecycle.ExitLifecycle to exit instead of restart. (issue 47043, Jenkins features controlled by system properties)
- AtomicFileWriter was not fully atomic. Now it uses a FileChannel internally and forces a disk sync when committing. (issue 34855)
- Developer: Add a constructor to ToolDescriptor so that subclasses are not required to be an inner class of their Describable. (pull 3220)
New in Jenkins 2.101 Weekly (Jan 9, 2018)
- Log EOF exceptions on a FINE level instead of WARNING when the Jetty connection is closed by peer. (pull 3214)
- Fix HTTP 404 error when clicking on New View sidebar link from another view. (issue 48447)
- Improve Chinese and French localizations. (pull 3209, pull 3204, pull 3216, pull 3179)
New in Jenkins 2.100 Weekly (Jan 4, 2018)
- Restore binary compatibility with agents running Remoting versions older than 3.15 (regression in 2.98). (issue 48761, issue 48754, Retrospective thread in the developer mailing list)
New in Jenkins 2.99 Weekly (Jan 3, 2018)
- Updating Jenkins jobs and views by XML left fields at their old value if not defined in the new XML.
New in Jenkins 2.98 Weekly (Dec 27, 2017)
- Update Remoting from 3.14 to 3.15 to fix several issues. (full changelog, issue 37566, issue 37670, issue 38696, issue 46724, issue 47965, issue 48055, issue 48130, issue 48133, issue 48309)
- Make the system property hudson.consoleTailKB actually work. (issue 48593, Jenkins features controlled by system properties)
- Developer: Jenkins#getInstance() is now deprecated as its semantics have been a source of confusion for some time. Use #get() in typical cases and Jenkins#getInstanceOrNull() in rare cases (see Javadoc). (issue 48638)
New in Jenkins 2.97 Weekly (Dec 20, 2017)
- Fix regression in 2.96 that caused a downgrade of Script Security when upgrading Jenkins.
New in Jenkins 2.89.2 (Dec 14, 2017)
- Security: Security fixes.
New in Jenkins 2.95 Weekly (Dec 14, 2017)
New in Jenkins 2.94 Weekly (Dec 12, 2017)
- Export assignedLabels for agents and labelExpression for applicable job types in remote API. (issue 25286)
- Optimization: Don't consult the authorization strategy about whether the internal SYSTEM pseudo-user has a given permission. (issue 20474)
- Update SSHD Module 2.0 to 2.3 to fire authentication events in SecurityListeners when a user connects using SSH. (changelog)
- The setup wizard is now resumed upon restart if it hasn't been completed yet, instead of showing the regular login screen (regression in 2.81). (issue 47439)
New in Jenkins 2.89.1 (Dec 7, 2017)
- Changes since 2.89:
- Major Bug: Recover from legacy user configuration folders with $ characters that are not part of hex escape sequences. (Regression in 2.89)
- Major Bug: Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site.
- RFE: Update Remoting from 3.13 to 3.14 in order to apply various performance and stability improvements.
- RFE: Update Windows Agent Installer from 1.9.1 to 1.9.2: Do not try to update jenkins-slave.exe on Unix agents when they connect.
- Bug: Prevent caching of captcha on the login form.
- Notable changes since 2.73.3:
- Major RFE: Launch agent via execution of command on the master has been moved to a new Command Launcher plugin and integrated with the Script Security plugin.
- Major Bug: Prevent core or plugin code from mistakenly attempting to serialize jobs, builds, and users except in their intended top-level XML file positions, preventing a class of serious deserialization-related errors.
- Major Bug: Developer: Fix TimeDuration time unit handling and its incorrect usage. TimeDuration uses milliseconds as the default unit. It was supposed to parse sec or secs suffix to interpret the number as seconds, but that never worked.
- Major RFE: Upgrade Stapler library from 1.250 to 1.253.
- Major Bug: Stapler 1.252: Prevent file handle leak in LargeText#GzipAwareSession.
- Bug: Stapler 1.252: Restore ability to attach views to interfaces (regression in Jenkins 2.46).
- RFE: Stapler 1.253: Servlet 3.1 support, improved Blue Ocean performance and changes of interest to plugin developers.
- Major RFE: Update remoting to improve stability and diagnosability.
- RFE: Disable obsolete JNLP, JNLP2, and CLI protocols on new Jenkins installations during Setup Wizard.
- RFE: Restart agent communication related threads on both master and agents when encountering an unhandled exception, if possible, to improve stability.
- RFE: Default the built-in Jenkins Update Center URL to https://updates.jenkins.io instead of obsolete HTTP endpoint. This requires a JRE compatible with Let's Encrypt, e.g. Oracle JRE 8u101.
- RFE: Moved Jenkins agent runtime to agent.jar file name, and deprecate (but still support) use of legacy slave.jar. Introduce the AGENTJAR_URL environment variable as replacement for SLAVEJAR_URL.
- RFE: Improve error reporting when failing to archive artifacts.
- RFE: Enable cc.xml to export jobs in folders recursively when accessed with a query parameter named recursive.
- RFE: Add new administrative monitor warning users about disabled CSRF protection.
- RFE: Commons Codec library upgraded from 1.8 to 1.9.
- RFE: Agents JVM must be 1.8+ and a clear message is shown in connection logs if it is not.
- RFE: Add sidebar link to create new view.
New in Jenkins 2.93 Weekly (Dec 4, 2017)
- Use Java NIO to read and write Unix file permissions by default. The previous behavior can be restored by setting the Java system property hudson.Util.useNativeChmodAndMode to true. (issue 36088, Jenkins features controlled by system properties)
- Better handling of certain unreproducible XML file load/save errors. (pull 3167)
- Improve user lookup performance, for example from Git changelog calculation. (issue 47429)
- Reduce memory usage when scheduling pipelines on big clusters. (issue 48348)
- Use atomic file moves if available on the underlying file system from AtomicFileWriter. (issue 34855)
- Prevent setup wizard from hanging when the two provided passwords differ, instead show a validation error. (issue 48080)
- Developer: Add ItemGroup#allItems and similar default methods to ItemGroup. (pull 3148)
- Developer: Add default implementations of deprecated methods to BuildableItem and Item so they don't need to be implemented. (pull 3142)
- Internal: Add documentation and convenience methods for the User.CanonicalIdResolver extension point. (pull 3140)
New in Jenkins 2.91 Weekly (Nov 21, 2017)
- Use Java NIO library instead of native code to create and detect symbolic links and Windows junctions to improve compatibility and robustness. (issue 36088, issue 39179)
- Prevent concurrent installation of Maven on the same node to prevent problems. (issue 34138)
- Developer: Deprecate the ambiguous User#getUser(String) in favor of the User#getById() or the new User#getOrCreateByIdOrFullName() methods. (issue 47718)
- Developer: Implement default methods in TaskListener and BuildListener interfaces so they don't have to be implemented in subclasses. (pull 3122)
New in Jenkins 2.90 Weekly (Nov 14, 2017)
- Recover from legacy user configuration folders with $ characters that are not part of hex escape sequences. (Regression in 2.89) (issue 47909)
- Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site (again). (issue 47448)
- Update Remoting from 3.13 to 3.14 in order to apply various performance and stability improvements. (full changelog, issue 37566, issue 45294, issue 47425, issue 47901, issue 47942)
- Add option to trim specified string parameter values. (issue 47115)
- Update Windows Agent Installer from 1.9.1 to 1.9.2: Do not try to update jenkins-slave.exe on Unix agents when they connect. (full changelog, issue 47015)
- Add a note explaining that the nodes count in label selection does not take into account permissions or other plugins. (issue 47940)
- Improve Chinese localization. (pull 3127)
- Updated default workspace directory naming for new installations to use filesystem-safe variable ITEM_FULL_NAME. (issue JENKINS-12251)
- Fix icon for Manage Jenkins link in the sidebar of the Global Tool Configuration form. (pull 3139)
- Prevent caching of captcha on the login form. (issue 43852)
- Ensure that the authenticated group is not added twice to the authorities for a user. (issue 47768)
New in Jenkins 2.89 Weekly (Nov 8, 2017)
New in Jenkins 2.73.3 (Nov 8, 2017)
- Security: Security fixes.
- Major Bug: Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site.
- Bug: Fix potential HTTP 414 error in form validation of long Batch/Shell tool installer scripts.
- Bug: Properly display agent launch arguments when using nested launch methods.
- Bug: Disconnect node on ping timeout instead of leaving the channel half open.
- Bug: Avoid a possible server-side timeout on long-running CLI commands using plain HTTP mode by sending periodic pings from the client.
New in Jenkins 2.87 Weekly (Nov 6, 2017)
- Stapler library upgraded from 1.252 to 1.253 with Servlet 3.1 support, improved Blue Ocean performance and changes of interest to plugin developers. (issue 37062, Stapler changelog)
- Commons Codec library upgraded from 1.8 to 1.9. (pull 3033)
- Agents JVM must be 1.8+ and a clear message is shown in connection logs if it is not. (issue 44851)
- Major improvement to Italian localization. (pull 3075)
- Improvements to Chinese localization. (pull 3104, pull 3105)
- Retrieving the list of installed plugins now consumes much less memory. (issue 47713)
- When the Jenkins root URL was not configured, the login CLI command did not work.
- Allow users with Job/Cancel permission to abort pipeline builds from the builds history widget. (pull 3101)
- Jobs no longer disappear from NestedView lists after renaming. (issue 25276)
- Internal: Move metadata about plugins split from core into a resource file. (pull 3110)
- Developer: Add ExtensionList#lookupSingleton convenience method. (pull 3021)
New in Jenkins 2.86 Weekly (Oct 23, 2017)
- Launch agent via execution of command on the master has been moved to a new Command Launcher plugin and integrated with the Script Security plugin. (issue 47393, Command Launcher plugin site entry, related security advisory)
- Add link to recursive cc.xml output on build history page. (issue 36282)
- FiDownload from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site. (issue 47448)
- Secret threw ArrayIndexOutOfBoundsException trying to decrypt {}. (issue 47500)
- Race conditions in agents going offline could result in an exception when picking a workspace for a build. (issue 47455)
- Prevent duplicated elements with incorrect URL when using the search on Dashboard View plugin based views. (issue 35459)
- StackOverflowError thrown under some conditions when using Pipeline on 2.85. (issue 47517)
- Prevent NullPointerException updating a folder with a primary view specified in Folders plugin 6.2.0. (issue 47416)
- Developer: Add an empty default implementation for previously abstract methods of SecurityListener. (pull 3077)
- Developer: Deprecate hudson.util.Memoizer and replace its usage in core. (pull 3091)
- Developer: Slave.JnlpJar.getURL did not work in some modes when core had a snapshot dependency on remoting. (pull 3069)
New in Jenkins 2.85 Weekly (Oct 18, 2017)
- Upgrade Remoting from 3.12 to 3.13. (issue 47132, issue 38711, full changelog)
- Restart agent communication related threads on both master and agents when encountering an unhandled exception, if possible, to improve stability. (issue 38711)
- Improve performance by not querying queue dispatchers from the UI. (issue 20046)
- Use node display name when printing "built on" message in the build log. (issue 47168)
- Enable cc.xml to export jobs in folders recursively when accessed with a query parameter named recursive. (issue 36282)
- Add new administrative monitor warning users about disabled CSRF protection. (issue 47372)
- In rare configurations, agents tried to load unloadable classes from the master, resulting in ClassNotFoundException: javax.servlet.ServletContextListener on agents. (issue 46386)
- Jenkins did not correctly show parts of pipeline builds in side panel widgets if the current view is configured to filter their content. (issue 46759)
- Developer: Make Xstream2#addCriticalField available for use in plugins. (pull 3066)
New in Jenkins 2.73.2 (Oct 12, 2017)
- Security: Important security fixes.
- Major Bug: Fix random failures to use passphrase-protected ed25519 SSH private keys (regression in 2.73).
- Major Bug: Update remoting library from 3.10 to 3.10.2 to fix regression in Jenkins 2.68 when using non-writable home directories.
- Major RFE: Update remoting from 3.10 to 3.10.2 to improve stability and diagnosability.
New in Jenkins 2.84 Weekly (Oct 12, 2017)
New in Jenkins 2.83 Weekly (Oct 9, 2017)
- Fix potential HTTP 414 error in form validation of long Batch/Shell tool installer scripts. (issue 47058)
- Fix link from build cause or page header to user profile in case of unusual user names. (issue 32623)
- Properly display agent launch arguments when using nested launch methods. (issue 47056)
New in Jenkins 2.81 Weekly (Sep 28, 2017)
- Jenkins 2.80 did not initialize the setup wizard on new installations, causing various security options including authentication and authorization to be turned off by default, granting anonymous administrator access. (security advisory, notification, issue 47139)
New in Jenkins 2.80 Weekly (Sep 26, 2017)
- Improve error reporting when failing to archive artifacts. (pull 2976)
- Save the current Jenkins version whenever saving the Jenkins object, e.g. when saving the global security configuration. Plugins may rely on this information for data migration that would be triggered unnecessarily. (issue 42577)
- Prevent possible NullPointerException when removing an item from a list view due to a race condition. (issue 23411)
- Avoid a possible server-side timeout on long-running CLI commands using plain HTTP mode by sending periodic pings from the client. (issue 46659)
- Renaming or moving a folder failed to properly move build directories of its children when using custom build directory, resulting of loss of their builds. (issue 44657)
- Developer: Deprecate hudson.util.TimeUnit2 and replace with java.util.concurrent.TimeUnit. (pull 2892)
New in Jenkins 2.79 Weekly (Sep 18, 2017)
- Fix random failures to use passphrase-protected ed25519 SSH private keys (regression in 2.73). (issue 46754)
- Update remoting library from 3.11 to 3.12 to fix regression in Jenkins 2.68 when using non-writable home directories. (issue 45755, full changelog, issue description in 2.73.1 upgrade guide)
- Add description of nodes to their remote API. (issue 42854)
- Disconnect node on ping timeout instead of leaving the channel half open. (issue 46680)
- Internal: Require Java 8u101 to build Jenkins, as that's the minimum required to run it since 2.77. (pull 3015)
New in Jenkins 2.73.1 (Sep 15, 2017)
- Update Windows service wrapper from 2.1.0 to 2.1.2 and Windows Agent Installer from 1.9 to 1.9.1. (Windows service wrapper changelog, Windows agent installer changelog, pull 2987, issue 46282)
- Log name of the executor thread that died to improve diagnosability. (issue 42376)
- Prevent caching of the item categories list by the browser to prevent stale data. (issue 43848)
- Improve robustness of the reverse build trigger ("Build after other projects are built"). (issue 45909)
- Include culprits in XML and JSON API again (regression in 2.60). (issue 46082)
- Button to validate proxy configuration in Manage Plugins now works correctly with NTLM authorization. (issue 46288)
New in Jenkins 2.78 Weekly (Sep 11, 2017)
- Moved Jenkins agent runtime to agent.jar file name, and deprecate (but still support) use of legacy slave.jar. Introduce the AGENTJAR_URL environment variable as replacement for SLAVEJAR_URL. (issue 35451)
- Accept Basic authentication headers case-insensitively. (issue 44663)
- Internal: Implement DescriptorByNameOwner using Java 8 interface default method. Make Computer a DescriptorByNameOwner allowing its use as @AncestorInPath. (pull 3009)
New in Jenkins 2.76 Weekly (Aug 28, 2017)
- Update remoting from 3.10 to 3.11 to improve stability and diagnosability. (issue 37567, issue 43985, issue 45023, issue 45233, issue 45522, issue 46259, full changelog)
- Major update of the Bulgarian translation. (pull 2983)
- Internal: Allow EnvironmentContributingAction to support Run in addition to AbstractProject. (issue 29537)
- Internal: Updated parent POM; Jenkins core now requires Maven 3.3.9 or newer to build. (pull 2985)
New in Jenkins 2.75 Weekly (Aug 22, 2017)
- Update Windows service wrapper from 2.1.0 to 2.1.2 and Windows Agent Installer from 1.9 to 1.9.1. (Windows service wrapper changelog, Windows agent installer changelog, pull 2987, issue 46282)
- Disable obsolete JNLP, JNLP2, and CLI protocols on new Jenkins installations during Setup Wizard. (issue 45841, announcement blog post)
- Button to validate proxy configuration in Manage Plugins now works correctly with NTLM authorization. (issue 46288)
New in Jenkins 2.60.3 (Aug 21, 2017)
- Contributions to the PATH environment variable could result in malformed values on agents on a platform different from master's. (issue 14807)
- Robustness improvements related to agent connections. (issue 43496, issue 38527)
- JNLP for launching agents now requests Java 8. (issue 45679)
- Prevent NullPointerException in Jenkins#getRootURL() while the instance is not fully loaded yet. (issue 34914)
- The reload-configuration CLI command now waits until the reload is finished, and returns an error code if the reload failed. (issue 45256)
- Remove the "JNLP" protocol references from the TCP Agent Listener log messages. (issue 44103)
New in Jenkins 2.74 Weekly (Aug 16, 2017)
- Upgrade Stapler library from 1.250 to 1.252. (pull 2956, Stapler changelog)
- Stapler 1.252: Prevent file handle leak in LargeText#GzipAwareSession. (issue 45903)
- Prevent core or plugin code from mistakenly attempting to serialize jobs, builds, and users except in their intended top-level XML file positions, preventing a class of serious deserialization-related errors. (issue 45892)
- Stapler 1.252: Restore ability to attach views to interfaces (regression in Jenkins 2.46). (issue 43715)
- Improve Polish localization. (pull 2974)
- Log name of the executor thread that died to improve diagnosability. (issue 42376)
- Prevent caching of the item categories list by the browser to prevent stale data. (issue 43848)
- Update Agent Installer module to 1.6 for minor fixes and enhancements. (pull 2965, changelog)
- Show display name of the current view in window title. (pull 2969)
- Include culprits in XML and JSON API again (regression in 2.60). (issue 46082)
- Improve robustness of the reverse build trigger ("Build after other projects are built"). (issue 45909)
- Internal: Cleanup of Maven dependencies in Jenkins core, allowing plugins depending on this version or later to build without “upper bound” dependency warnings on recent Maven HPI Plugin releases. (pull 2956)
New in Jenkins 2.73 Weekly (Aug 8, 2017)
- Avoid unnecessary locking to improve performance related to actions. (issue 45244)
- Improve performance when reading the console text of a build. (issue 45915)
- Add Polish translations for setup wizard. (pull 2952)
- Reliably close build log file when using chained BuildListeners. (issue 45057, issue 43199)
- Modify the JNLPLauncher configuration page to work around regression in Docker Plugin (regression in 2.72). (issue 45895)
New in Jenkins 2.71 Weekly (Jul 24, 2017)
- Winstone 4.1: Add Jetty HTTP/2 connector and corresponding options for Winstone-Jetty. (issue 45438, HTTP/2 support in Winstone-Jetty)
- Don't reload user records from disk unless explicitly requested to improve performance of user record access. (issue 45737)
- Prevent NullPointerException in Jenkins#getRootURL() while the instance is not fully loaded yet. (issue 34914)
- In specific circumstances, contributions to the PATH environment variable resulted in malformed values on Windows agents. (issue 14807)
- JNLP for launching agents now requests Java 8. (issue 45679)
- Prevent NullPointerException when a previous completed build is missing for upstream culprits check. (issue 45516)
- Correctly show or suppress warnings about undefined parameters based on hudson.model.ParametersAction.keepUndefinedParameters system property. (issue 45519)
- Internal: Delete obsolete SECURITY-144-compat exclusion that can break tests. (issue 25625)
New in Jenkins 2.60.2 (Jul 20, 2017)
- Allow overriding the Jenkins session ID suffix so it doesn't change on every restart, possibly resulting in too many cookies. (how to set session ID, issue 25046, issue 44894)
- Add documentation for time zone specification for cron patterns (e.g. SCM polling). (issue 9283)
- Do not submit form when pressing Enter in the plugin manager's filter field. (issue 44523)
- Jenkins failed to perform some cleanup tasks, including saving the build queue, if stopped via REST /exit, CLI shutdown, or when restarting from Install as Windows Service. (issue 44589)
- Don't check whether disabled administrative monitors are active or not on the Manage Jenkins page. (issue 44608)
- When starting the jenkins.war directly, properly check for Java 8 as minimum instead of Java 7 before proceeding. (issue 44764)
- Prevent NullPointerException when calling restart CLI command (regression in 2.57). (issue 44769)
- Prevent possible NullPointerException when listing remote directories using the FilePath#list() and FilePath#listDirectories() APIs. (issue 44942)
New in Jenkins 2.70 Weekly (Jul 17, 2017)
- Fix version number shown in 2.0 upgrade wizard. (issue 45459)
New in Jenkins 2.69 Weekly (Jul 11, 2017)
- SSHD Module 2.0: Update from SSHD Core 0.14.0 to Apache MINA SSHD 1.6.0 in Jenkins core and Jenkins CLI. (changelog, plugin compatibility notice, issue 43668)
- SSHD Module 2.0: Enable aes192ctr and aes256ctr ciphers if JVM supports unlimited-strength encryption. (issue 39738)
New in Jenkins 2.68 Weekly (Jul 3, 2017)
- Update Remoting from 3.7 to 3.10 adding opt-in support for work directories and improving logging in Jenkins agents. (work directory documentation, logging documentation, remoting changelog, issue 39370)
- The reload-configuration CLI command now waits until the reload is finished, and returns an error code if the reload failed. (issue 45256)
- Follow HTTP redirects while initiating CLI connection. (issue 44361)
- Add documentation for time zone specification for cron patterns (e.g. SCM polling). (issue 9283)
- Robustness improvements related to agent connections. (issue 43496, issue 38527)
New in Jenkins 2.67 Weekly (Jun 26, 2017)
- Enable simpler syntax for upstream build trigger in pipelines. (issue 34464)
- Remove the "JNLP" protocol references from the TCP Agent Listener log messages. (issue 44103)
- Internal: Update Annotation Indexer to 1.12 to work around JRE bug in tests. (JDK-8182744)
New in Jenkins 2.60.1 (Jun 26, 2017)
- 2.60.1 is the first Jenkins LTS release that requires Java 8 to run. If you're using the Maven Project type, please note that it needs to use a JDK capable of running Jenkins, i.e. JDK 8 or up. If you configure an older JDK in a Maven Project, Jenkins will attempt to find a newer JDK and use that automatically. If your SSH Slaves fail to start and you have the plugin install the JRE to run them, make sure to update SSH Slaves Plugin to at least version 1.17 (1.20 recommended).
- Fix for NullPointerException while initiating some SSH connections (regression in 2.59). (issue 44120)
New in Jenkins 2.60 (Jun 26, 2017)
- Jenkins (master and agents) now requires Java 8 to run. (issue 27624, issue 42709, pull 2802, announcement blog post)
- Update Groovy to 2.4.8 to address memory leak issue. Pipeline: Groovy needs to be upgraded to 2.28 or higher to prevent regressions. (issue 33358, issue 42189)
- Upgrade the Windows Agent Installer module from 1.6 to 1.7. This change picks major updates in Windows service management logic. (full changelog, guide to upgrading old Windows service agents)
- Windows services: Upgrade the bundled Windows Service Wrapper from 1.18 to 2.0.2. (full changelog)
- Windows services: Enable Runaway Process Killer by default in new Agent and Master installations. (issue 39231)
- Windows services: Enable auto-upgrade of remoting on newly installed agents if they are connected by HTTPS. (issue 39237)
- Windows services: Add support of shared directories mapping in Windows agent services. (Shared Directory Mapper documentation)
- Windows services: Integrate various stability and performance fixes in Windows Service Wrapper from 1.18 to 2.0.2. There are many fixes around configuration options and process termination. (full changelog)
- Packaging: Do not invoke recursive chown in JENKINS_HOME during the RPM post-install step unless owned by a different user. (issue 23273)
- Use case-insensitive search by default for new and anonymous users. (issue 42645)
- Searching in the Build History widget takes into account user preferences (case sensitivity by default). (pull 2683)
- Allow searching by build parameter values in the Build History widget. (issue 40718)
- Update the Trilead SSH library to get support of new Mac, Key, and Key Exchange Algorithms. (issue 33021, issue 26379, issue 31549, issue 42959, issue 43979, issue 44046)
- When creating temporary files, use the jenkins prefix instead of the old hudson one. (pull 2778)
- Update German, French and Russian localizations. (pull 2777, pull 2787, pull 2798)
- Removed localizations with very low coverage: Albanian, Basque, Belarusian, Bengali, Esperanto, Galician, Georgian, Gujarati, Hindi, Icelandic, Indonesian, Irish, Kannada, Macedonian, Marathi, Mongolian, Occitan, Punjabi, Sinhala, Tamil, Telugu, Thai. (pull 2813)
- Internal API: Add the ability for ItemListener to veto copy operations; make Run#compareTo work across jobs; save Jenkins after calling setSecurityRealm or setAuthorizationStrategy. (issue 34691, issue 42319, pull 2762, pull 2782, pull 2790, pull 2805)
New in Jenkins 2.65 Weekly (Jun 13, 2017)
- Prevent NullPointerException when calling restart CLI command (regression in 2.57). (issue 44769)
- Packaging: Docker alpine image had a Jenkins-incompatible JDK installation (regression in 2.64). (issue 44733, corresponding Alpine Linux issue)
New in Jenkins 2.64 Weekly (Jun 5, 2017)
- Moved agent port and protocol configuration out of "security" (authentication and authorization) block in Configure Global Security. (issue 4478)
- Add section headers for Markup Formatter and CSRF Protection in Configure Global Security form to make these options more obvious. (pull 2900)
- Use one-column layout for REST API documentation (.../api URLs). (issue 44563)
- Update jnr-posix from 3.0.1 to 3.0.41 to pick up improvements and fixes in the POSIX platforms support. (pull 2904)
- Jenkins failed to perform some cleanup tasks, including saving the build queue, if stopped via REST /exit, CLI shutdown, or when restarting from Install as Windows Service. (issue 44589)
- Don't check whether disabled administrative monitors are active or not on the Manage Jenkins page. (issue 44608)
- Do not submit form when pressing Enter in the plugin manager's filter field. (issue 44523)
- Plugin Development: Jenkins now no longer publishes a war-for-test artifact. Plugins using this or a later version of Jenkins as baseline need to use plugin parent POM 2.30 or later. (issue 24064)
New in Jenkins 2.46.3 (May 26, 2017)
- If an exception is thrown while rendering an HTTP response, just log the stack trace on the server side, without trying to send an error page to the client. (issue 21695)
- Setup wizard gets into bad state when failures like network issues happen. (issue 41778)
- Catch and log RuntimeException in Computer#setNode() when updating the Computer list. (issue 42043)
- Fix AccessDeniedException in "Build after other projects are built" when user has Discover permission but not Read. (issue 42707)
- Prevent NullPointerException when a non-existent default view is specified in Configure System. (issue 42717)
- Properly handle saving system configuration when disabling all, or all but one, administrative monitors. (issue 42852)
- Remove links in stack traces to the stacktrace.jenkins-ci.org service that has been shut down. (issue 42861)
- Ensure that Cloud.PROVISION is properly initialized during the configuration loading. (issue 43279)
- Migrate legacy users only once per restart to improve performance of the user retrieval logic. (issue 43936)
- Prevent rare NullPointerException if an admin user is created in the setup wizard after first disabling CSRF protection. (issue 44010)
New in Jenkins 2.62 Weekly (May 22, 2017)
- Fixed Pipeline compatibility for a number of CLI commands (delete-builds, list-changes, console, set-build-description, and set-build-display-name), as well as some issues affecting error reporting in other commands when used with Pipeline. (issue 30785, issue 41527)
- If you have the Authorize Project plugin installed and configured, its configuration will now be treated as final with respect to the behavior of Job/Build checks from Build other projects and Build after other projects are built. Formerly, if a Per-project configurable Build Authorization was enabled globally but some projects did not specify an Authorization, the two aforementioned checks would automatically fall back to checking as anonymous (typically denying build permission). To restore the former behavior, explicitly configure a Project default Build Authorization to be Run as anonymous. Note that this will affect all build-scoped permission checks, including for example Agent/Build. (issue 22949)
- Internal API: Tasks.getAuthenticationOf now honors authentication contributed by QueueItemAuthenticatorProvider extensions. (pull 2880)
- Update WinP from 1.24 to 1.25 to improve performance and diagnostics. (full changelog)
- Fix for NullPointerException while initiating some SSH connections (regression in 2.59). (issue 44120)
- Prevent StackOverflowError in log recorder when Winstone-Jetty debug logging is enabled. (regression in 2.61) (issue 44330, corresponding Jetty issue)
New in Jenkins 2.61 Weekly (May 15, 2017)
- Upgrade Groovy from 2.4.8 to 2.4.11. (Groovy 2.4.9 changelog, Groovy 2.4.10 changelog, Groovy 2.4.11 changelog)
- Integration of Winstone 4: Upgrade bundled Jetty from 9.2.15.v20160210 to 9.4.5.v20170502. This removes support for the deprecated SPDY protocol. The --spdy parameter has been removed accordingly and Jenkins may refuse to start if it's set. (issue 43713)
- Update the Mailer plugin version installed when updating from very old Jenkins releases to include the fix for SECURITY-372, the SSH Slaves plugin for SECURITY-161, and the Script Security plugin for SECURITY-258. (SECURITY-372, SECURITY-161, SECURITY-258)
- Freestyle projects may now list Pipeline jobs as downstream and trigger them, without needing to use the Parameterized Trigger plugin or reverse triggers ("Build after other projects are built"). (issue 28113)
- Internal: Define enabling/disabling in ParameterizedJob rather than AbstractProject. (issue 27299)
- Internal: Offer default methods on ParameterizedJob to have less boilerplate code. (pull 2864)
New in Jenkins 2.60 Weekly (May 11, 2017)
- Update to Windows Service Wrapper 2.1.0 to support new features: download command with authentication, flag for startup failure on download error, Delayed Automatic Start mode. (issue 43737)
- Windows services: Add system property that allows disabling WinSW automatic upgrade on agents. (issue 43603, more information)
- Windows services: Restore compatibility of the WindowsSlaveInstaller#generateSlaveXml() method (regression in 2.50, no known external usages). (issue 42745)
- Windows services: Prevent fatal file descriptor leak when agent service installer fails to read data from the service startup.log. (issue 43930)
- Use full display name for runs in RSS feed to restore the project name there (regression in 2.59). (issue 44117)
- Internal: Generalize the changelog API to support non-AbstractBuild run types. (issue 24141)
New in Jenkins 2.59 Weekly (May 8, 2017)
- Move to latest version of Trilead to fix SSH connection issues following a previous Trilead upgrade. (issue 42959, issue 43979, issue 44046)
- Prevent Internet Explorer from caching AJAX requests using Cache-Control header. (issue 43929)
- Properly fail with error when updating view with CLI using input of a different view type. (issue 42728)
- Fix AccessDeniedException in "Build after other projects are built" when user has Discover permission but not Read. (issue 42707)
- Properly log failure due to empty archive in Pipeline. (issue 38005)
- Prevent rare NullPointerException if an admin user is created in the setup wizard after first disabling CSRF protection. (issue 44010)
New in Jenkins 2.58 Weekly (May 2, 2017)
- Use build display names in RSS feed titles. (pull 2845)
- Update the Trilead SSH library to get support of new Mac, Key, and Key Exchange Algorithms. (issue 33021, issue 26379, issue 31549)
- Migrate legacy users only once per restart to improve performance of the user retrieval logic. (issue 43936)
- Internal: Pick up the latest release of version-number library. (issue 43733)
- Internal: Refactor ProcessTree.Windows logic to propagate errors. (issue 43825)
New in Jenkins 2.46.2 (Apr 27, 2017)
- Important security fixes. (security advisory)
- Non-Remoting-based CLI. (issue 41745, pull 2795, announcement blog post)
- Disable SSH server by default. (issue 33595)
- Computer#addAction would throw an UnsupportedOperationException since Jenkins 2.30. Such a call site was released in SSH Slaves Plugin 1.15 for SECURITY-161. (issue 42969, security advisory including SECURITY-161)
- Search results page did not correctly encode query parameters. (issue 42390)
- When validating a cron expression, consider the specified time zone. (issue 43228)
- Do not display a warning when an SCM trigger has no schedules (either to disable SCM post-commit hooks, or to enable them without polling). (issue 42194)
- Fix performance issue in deduplication of lists of tool installers. (issue 42141)
New in Jenkins 2.57 Weekly (Apr 27, 2017)
- Important security fixes. (security advisory)
New in Jenkins 2.56 Weekly (Apr 24, 2017)
- Plugins did not expect InvalidPathException to be thrown in file-related methods, so wrap them in IOException to restore behavior (regression in 2.55)(issue 43531)
- Remove links in stack traces to the stacktrace.jenkins-ci.org service that has been shut down(issue 42861)
- If an exception is thrown while rendering an HTTP response, just log the stack trace on the server side, without trying to send an error page to the client(issue 21695)
- Prevent NullPointerException when a non-existent default view is specified in Configure System(issue 42717)
- Deleting jobs with running builds could result in NullPointerException (regression in 2.55)(issue 43653)
New in Jenkins 2.55 Weekly (Apr 18, 2017)
- Packaging: Debian package now requires Java 8. (causes regression since 2.54). (issue 43495)
- Added fine-grain logging of FullDuplexHttpService to diagnose issues when establishing an HTTP Duplex connection. (pull 2481)
- Update LibZFS from 0.5 to 0.8 to fix compatibility issues with ZFS filesystem and illumos distributions. (issue 41932)
- Before deleting jobs, try to abort the running builds. Error will be thrown instead of the job deletion if its builds cannot be aborted. (issue 35160)
- Ensure that Cloud.PROVISION is properly initialized during the configuration loading. (issue 37616)
- Fix log message formatting when migrating `AllView` names due to JENKINS-38606". (issue 43611)
- Setup wizard gets into bad state when failures like network issues happen. (issue 41778)
- Catch and log RuntimeException in Computer#setNode() when updating the Computer list. (issue 42043)
- SSH CLI client authenticator 1.4. Add missing SSH Public Key field validation in user configuration. (issue 16337)
- Internal API: SSH CLI client authenticator 1.3. Expose PublicKeySignatureWriter to plugins. (pull 2840)
New in Jenkins 2.54 Weekly (Apr 13, 2017)
- Jenkins now requires Java 8 to run. (issue 27624, issue 42709, pull 2802, announcement blog post)
- Non-Remoting-based CLI. (issue 41745, pull 2795)
- Disable SSH server by default. (issue 33595)
- Use case-insensitive search by default for new and anonymous users. (issue 42645)
- Introduce status indicator for skipped download job. (issue 40848)
- Properly handle saving system configuration when disabling all, or all but one, administrative monitors. (issue 42852)
- When validating a cron expression, consider the specified time zone. (issue 43228)
New in Jenkins 2.53 Weekly (Apr 4, 2017)
- Update to Windows Service Wrapper 2.0.3 and Windows Agent Installer 1.8 to prevent conversion of environment variables to lowercase in the agent executable, regression in Jenkins 2.50. (issue 42744) (WinSW Changelog, Windows Agent Installer changelog)
- GC Performance: Avoid using FileInputStream and FileOutputStream in the core codebase. (issue 42934) (JDK-8080225)
- Internal API: Add support of a new full screen mode in layout.jelly. (issue 34670)
New in Jenkins 2.46.1 (Mar 30, 2017)
- Update the SSHD module from 1.7 to 1.8. The change disables obsolete Ciphers: AES128CBC, TripleDESCBC, and BlowfishCBC.
- Enable the JNLP4 agent protocol by default. (issue 40886, upgrade notes)
- Allow defining agent ping interval and ping timeout in seconds. It can be done via the hudson.slaves.ChannelPinger.pingIntervalSeconds and hudson.slaves.ChannelPinger.pingTimeoutSeconds system properties. (issue 28245)
- Print stack traces in logical order, with the most important part on top. (pull 1485)
- Reduce size of Jenkins WAR file by not storing identical copies of remoting.jar/slave.jar there. (pull 2633)
- Do not print warnings about undefined parameters when hudson.model.ParametersAction.keepUndefinedParameters property is set to false. (pull 2687)
- Increase the JENKINS_HOME disk space threshold from 1Gb to 10Gb left. The warning will be shown only if more than 90% of the disk is utilized. (issue 40749)
- Delete obsolete pinning UI. (issue 34065)
- Use project-specific validation URL for SCM Trigger, so H is handled correctly in preview. (issue 26977)
- Failure to serialize a single Action could cause an entire REST export response to fail. Upgraded to Stapler 1.250 with a fix. (issue 40088)
- Add Usage Statistics section to the global configuration to make it easier to find. (issue 32938)
- Allow groovy CLI command via SSH CLI. (issue 41765)
New in Jenkins 2.52 Weekly (Mar 27, 2017)
- Computer#addAction would throw an UnsupportedOperationException since Jenkins 2.30. Such a call site was released in SSH Slaves Plugin 1.15 for SECURITY-161. (issue 42969, security advisory including SECURITY-161)
- Update German localization. (pull 2777)
- Removed localizations with very low coverage: Albanian, Basque, Belarusian, Bengali, Esperanto, Galician, Georgian, Gujarati, Hindi, Icelandic, Indonesian, Irish, Kannada, Macedonian, Marathi, Mongolian, Occitan, Punjabi, Sinhala, Tamil, Telugu, Thai. (pull 2813)
New in Jenkins 2.51 Weekly (Mar 21, 2017)
- SSHD 1.10: Move SSH server port configuration to security options page. (pull 2796)
- Update Russian localization. (pull 2798)
- Update French localization. (issue 42627)
- Internal: Make sure system threads run as SYSTEM. (issue 42556)
- Internal API: Add the ability for ItemListener to veto copy operations. (issue 34691)
- Internal API: Make Run#compareTo work across jobs. (pull 2762)
- Internal API: Save Jenkins after calling setSecurityRealm or setAuthorizationStrategy. (pull 2790)
- Internal API: Annotate PermissionGroup#owner @Nonnull. (pull 2805)
New in Jenkins 2.50 Weekly (Mar 14, 2017)
- Allow searching by build parameter values in the Build History widget. (issue 40718)
- Searching in the Build History widget takes into account user preferences (case sensitivity by default). (pull 2683)
- When creating temporary files, use the jenkins prefix instead of the old hudson one. (pull 2778)
- Fix relative links in the SCM polling administrative monitor. (pull 2780)
- Update Remoting from 3.5 to 3.7 in order to prevent file descriptor leaks on agents in the case of multiple connection attempts. (issue 42371) (full changelog)
- Upgrade the Windows Agent Installer module from 1.6 to 1.7. This change picks major updates in Windows service management logic. (pull 2765) (full changelog, guide to upgrading old Windows service agents)
- Windows services: Upgrade the bundled Windows Service Wrapper from 1.18 to 2.0.2. (pull 2765) (full changelog)
- Windows services: Enable Runaway Process Killer by default in new Agent and Master installations. (issue 39231)
- Windows services: Enable auto-upgrade of remoting on newly installed agents if they are connected by HTTPS. (issue 39237)
- Windows services: Add support of shared directories mapping in Windows agent services. (issue 23487) (Shared Directory Mapper documentation)
- Windows services: Change the default Agent service display name prefix to Jenkins agent %ID%. (issue 42468)
- Windows services: Prevent agent connection reset issues when WinSW gets terminated due to the system shutdown. (issue 22692)
- Windows services: Integrate various stability and performance fixes in Windows Service Wrapper from 1.18 to 2.0.2. There are many fixes around configuration options and process termination. (pull 2765) (full changelog)
- Prevent file descriptor leaks when Windows Service installer fails to read data from the service startup log. (issue 42670)
- Select controls in Jenkins Web UI now show the spinner icon while waiting for the list of possible options during AJAX. requests. (issue 42443)
- Improve plugin access performance in the default PluginManager implementation. (issue 42585)
- Internal API: Allow providing a custom task name in Run/Schedule UI via the AlternativeUiTextProvider extension. (issue 34522)
- Search results page did not correctly encode query parameters. (issue 42390)
New in Jenkins 2.49 Weekly (Mar 6, 2017)
- Do not attempt to find the next occurrence of an impossible date such as June 31st in validation of trigger schedules. (issue 41864)
- Remove invalid translations in Slovene (issue 41756)
New in Jenkins 2.32.3 (Mar 2, 2017)
- Display an informative message, rather than a Groovy exception, when View#getItems fails. (issue 41825)
- Don't try to set Agent Port when it is enforced, breaking form submission. (issue 41511)
- Don't add all group names as HTTP headers on "access denied" pages, possibly breaking reverse proxies due to very large headers. (issue 39402)
- Fix handling of the POST flag in ManagementLinks within the Manage Jenkins page. (issue 38175)
- IllegalStateException from Winstone when making certain requests with access logging enabled. (issue 37625)
- Do not fail to write a log file just because something deleted the parent directory
New in Jenkins 2.48 Weekly (Feb 27, 2017)
- Upgrade Apache Commons Collections to version 3.2.2. Note: Jenkins has been using a blacklist to prevent exploiting the serialization vulnerability in 3.2.1 since before 3.2.2 was released. (issue 31598)
- Use redirect URLs on jenkins.io instead of linking to wiki pages directly, allowing future reorganization of documentation without breaking links in Jenkins. (pull 2756)
- Fix performance issue in deduplication of lists of tool installers. (issue 42141)
- Use of the remote API to create items in views (/view/…/createItem) didn't actually add items to views since Jenkins 2.22. (issue 41128)
- Do not display a warning when an SCM trigger has no schedules (either to disable SCM post-commit hooks, or to enable them without polling). (issue 42194)
- Developer: Allow referencing radio buttons in f:validateButton validation methods. (pull 2734)
New in Jenkins 2.47 Weekly (Feb 20, 2017)
- Update Groovy to 2.4.8 to address memory leak issue (issue 33358)
- Windows service restart did not retain build queue (issue 32820)
- Exceptions during Jenkins cleanup step should not block restart (issue 42164)
- Upgrade remoting to version 3.5 (full changelog)
- Remoting 3.5: Remoting clients now accept lowercase (HTTP 2) headers sent by reverse proxies (issue 40710)
- Remoting 3.5: Add option to specify the remoting protocol to use on the client (issue 41730)
- Remoting 3.5: Stability improvements (issue 41513, issue 41852)
- Developer: Snapshot builds of plugins that had dependencies on other snapshot builds were not having their version numbers compared correctly
New in Jenkins 2.46 Weekly (Feb 13, 2017)
- Failure to serialize a single Action could cause an entire REST export response to fail. Upgraded to Stapler 1.250 with a fix. (issue 40088)
- Do not fail to write a log file just because something deleted the parent directory. (issue 16634)
- Use extensible BUILD_NOW_TEXT for parameterized jobs. (issue 41457)
- Display an informative message, rather than a Groovy exception, when View#getItems fails. (issue 41825)
- Don't consider a project to be parameterized if no parameters are defined. (issue 37590)
- Don't add all group names as HTTP headers on "access denied" pages. (issue 39402)
- Ensure that PluginManager#dynamicLoad runs as SYSTEM. (issue 41684)
- Add Usage Statistics section to the global configuration to make it easier to find. (issue 32938)
- Allow groovy CLI command via SSH CLI. (issue 41765)
New in Jenkins 2.45 Weekly (Feb 6, 2017)
New in Jenkins 2.44 Weekly (Feb 6, 2017)
- Important security fixes (security advisory)
New in Jenkins 2.43 Weekly (Feb 6, 2017)
- Print stack traces in logical order, with the most important part on top. (pull 1485)
New in Jenkins 2.42 Weekly (Feb 6, 2017)
- IllegalStateException from Winstone when making certain requests with access logging enabled. (issue 37625)
New in Jenkins 2.41 Weekly (Feb 6, 2017)
- Restore option value for setting build result to unstable when loading shell and batch build steps from disk. (issue 40894)
- Autocomplete admin-only links in search suggestions only when admin. (issue 7874)
- Improve agent protocol descriptions. (issue 40700)
- Improve description for Enable Security option and administrative monitor when security is off. (issue 40813)
- Enable the JNLP4 agent protocol by default. (issue 40886)
New in Jenkins 2.40 Weekly (Feb 6, 2017)
- Support displaying of warnings from the Update Site in the Plugin Manager and in administrative monitors. (issue 40404, announcement blog post)
- Do not print warnings about undefined parameters when hudson.model.ParametersAction.keepUndefinedParameters property is set to false. (pull 2687)
- Increase the JENKINS_HOME disk space threshold from 1Gb to 10Gb left. The warning will be shown only if more than 90% of the disk is utilized. (issue 40749)
- Plugin Manager: Redirect back to the Advanced Tab when saving the Update Site URL. (pull 2703)
- Prevent the ClassNotFoundException: javax.servlet.ServletException error when invoking shell tasks on remote agents. (issue 40863)
- Jobs were hanging during process termination on the Solaris 11 Intel platform. (issue 40470, regression in 2.20)
- Fix handling of the POST flag in ManagementLinks within the Manage Jenkins page. (issue 38175)
- Require POST in the Reload from disk management link. (pull 2692)
New in Jenkins 2.39 Weekly (Feb 6, 2017)
- Properties were not passed to Maven command by Maven build step when the Inject Build Variables flag was not set. (issue 39268)
- Update remoting to 3.4 in order to properly terminate the channel in the case Errors and Exceptions. (issue 39835)
- Improved Polish and Catalan translations. (pull 2688 and pull 2686)
New in Jenkins 2.38 Weekly (Feb 6, 2017)
- Update to Winstone 3.2 to support ad-hoc certificate generation on Java 8 (using unsupported APIs). This option is deprecated and will be removed in a future release. We strongly recommend you create self-signed certificates yourself and use --httpsKeyStore and related options instead. (issue 25333)
- The install-plugin CLI command now correctly installs plugins when multiple file arguments are specified. (issue 32358)
- Correctly state that Jenkins will refuse to load plugins whose dependencies are not satisfied in plugin manager. (issue 40666)
New in Jenkins 2.32.2 (Feb 6, 2017)
- Important security fixes (security advisory)
- Support displaying of warnings from the update site in the plugin manager and in administrative monitors. (issue 40494, announcement blog post)
- Correctly state that Jenkins will refuse to load plugins whose dependencies are not satisfied in plugin manager. (issue 40666)
- The install-plugin CLI command now correctly installs plugins when multiple file arguments are specified. (issue 32358)
- Prevent the ClassNotFoundException: javax.servlet.ServletException error when invoking shell tasks on remote agents. (issue 40863)
- Properties were not passed to Maven command by Maven build step when the Inject Build Variables flag was not set. (issue 39268)
- Job configuration submission now does not fail when there is no parameters property. (issue 39700, regression in 1.637)
- Update remoting to 3.4 in order to properly terminate the channel in the case Errors and Exceptions. (issue 39835)
- Check for Updates button in the Plugin Manager was hidden in the Updates tab when there was no plugins updates available. (issue 39971)
- SSHD Module: Handshake was failing (wrong shared secret) 1 out of 256 times due to SSHD-330. (issue 40362)
- Performance: Use bulk change when submitting Job configurations to minimize the number of sequential config.xml write operations. (issue 40435)
- Jobs were hanging during process termination on the Solaris 11 Intel platform. (issue 40470, regression in 2.20)
- Restore option value for setting build result to unstable when loading shell and batch build steps from disk. (issue 40894)
- Update to Winstone 3.2 to support ad-hoc certificate generation on Java 8 (using unsupported APIs). This option is deprecated and will be removed in a future release. We strongly recommend you create self-signed certificates yourself and use --httpsKeyStore and related options instead. (issue 25333)
New in Jenkins 2.32.1 (Feb 6, 2017)
- Changes since 2.32:
- Prevent early deallocation of process references by Garbage Collector when starting a remote process. It was sometimes causing build failures with messages like FATAL: Invalid object ID 184 iuota=187 and java.lang.Exception: Object was recently deallocated. (issue 23271)
- Redirect to login page in the case of authorisation error when checking connectivity to the Update Center. (issue 39741)
- WinP 1.24: Native class now tries loading DLLs from the temporary location. (issue 20913)
- Notable changes since 2.19.4:
- Upgrade Remoting to version 3.1 with JNLP4-connect protocol. Compatibility notes are available here. Notably, it is no longer possible to use JDK 6 for the Maven project type, as communication with the Maven process uses Remoting, and it now requires Java 7. (issue 37564, issue 36871, issue 37565)
- Show notification with popup on most pages when administrative monitors are active. (issue 38391)
- Allow disabling/enabling administrative monitors on Configure Jenkins form. (issue 38301)
- Ask for confirmation before canceling/aborting runs. (issue 30565)
- Prompt user whether to add the job to the current view. (issue 19142)
- Allow CommandInterpreter build steps to set a build result as Unstable via the return code. Shell and Batch build steps now support this feature. (issue 23786)
- Internal: Upgrade Stapler library from 1.243 to 1.246 with fixes required for the Blue Ocean project. Changes are listed here. (pull 2593)
New in Jenkins 1.643 (Dec 30, 2015)
- Fix when multiple clouds are set up and provisioning of a node is denied.
- Allow retrying core update when the first attempt failed.
- Allow specifying the default TCP slave agent listener port via system property.
New in Jenkins 1.642 (Dec 14, 2015)
- Various kinds of settings could not be saved since 1.640.
New in Jenkins 1.641 (Dec 10, 2015)
New in Jenkins 1.640 (Dec 8, 2015)
- Added support of default values in the enum.jelly form element.
- Bytecode Compatibility Transformer computes the common super class without loading classes. Fixes the ClassCircularityError exception in Ruby Runtime Plugin.
- Extended Choice parameter definitions could not be saved since 1.637.
- Display expected CRON run times even if a warning occurs.
- Rework the online-node command implementation, no functional changes.
- Fix the footer behavior in particular cases.
- API changes: Deprecate subclassing of hudson.Plugin.
New in Jenkins 1.639 (Dec 4, 2015)
- “Discard old builds” setting would be lost if resaving job configuration as of 1.637 without rechecking the box.
- “Form too large” errors from Jetty when submitting massive forms.
- Multiple workspace browser features broken on Windows masters since 1.634.
New in Jenkins 1.638 (Nov 12, 2015)
New in Jenkins 1.637 (Nov 12, 2015)
- Remove useless warnings about a JDK named null.
- New OptionalJobProperty class to simplify JobProperty creation.
New in Jenkins 1.636 (Nov 12, 2015)
- Add "lastCompletedBuild" job permalink.
New in Jenkins 1.635 (Nov 12, 2015)
- Make Node implement Saveable.
- Revert trigger optimizations made in 1.621 by PR 1617.
- Delegate CLI's delete-node command to the overridable Computer.doDoDelete() method. Fixes the issue in OpenStack and JClouds plugins.
- Prevent autocorrect of username on mobile devices in login forms.
- Describe the built-in JDK as "(System)".
- Update JNA library to 4.2.1 in order to integrate fixes for linux-ppc64 and linux-arm platforms.
New in Jenkins 1.634 (Oct 19, 2015)
- Fix order of builds in new builds history widget introduced in 1.633.
- Bytecode Compatibility Transformer would fail to transform some classes resulting in ClassNotFoundException.
- Prevent ClassCastException in AbstractBuild::reportError() if the build step is not Publisher.
- Trim job names during the rename operation (it is impossible to delete or rename jobs with trailing spaces).
- Add "graphBg" and "plothBg" background color options to plot URLs
- API changes: Add get method for causes of interruption in hudson.model.Executor
- Allow case insensitive file patterns in Artifacts Archiving.
- Prevent NullPointerException while estimating duration of Queue executable items.
- Fix the resolution of Windows symbolic links in SecretRewriter.
- Let a combobox display its drop-down when focused, so users can see candidates without entering a letter.
New in Jenkins 1.633 (Oct 13, 2015)
- Added safari pinned tab icon.
- Plugin Manager UI changes to prevent users from enabling/disabling/uninstalling plugins at the "wrong" time.
- bytecode-compatibility-transformer produces malformed bytecode.
- Properly handle RuntimeExceptions in run retention policy handler calls.
- Prevent NullPointerException in CLI if Jenkins cannot find the specified job or a job with the nearest name.
- Do not show REST API link for pages, which have no API handlers.
- JS alert preventing to leave a configuration page without changes.
- JS error triggered by collapsing build history widget.
- Build history pagination and search.
New in Jenkins 1.632 (Oct 9, 2015)
- Optimize TagCloud size calculation.
- FlyWeightTasks tied to a label will not cause node provisioning and will be blocked forever.
- Prevent NullPointerException for disabled builds in ReverseBuildTrigger.
- ConsoleLogFilter wasn't truly global
- API changes: hudson.Util.isOverridden() now supports protected methods.
- Sidepanel controls with confirmation (lib/layout/task) did not assign the proper CSS style.
New in Jenkins 1.631 (Sep 28, 2015)
- Add proper labels for plugin categories assigned to some plugins.
New in Jenkins 1.630 (Sep 22, 2015)
- Make JenkinsRule useable on systems which don't support JNA
New in Jenkins 1.629 (Sep 22, 2015)
- Old data monitor made Jenkins single-threaded for all saves.
New in Jenkins 1.628 (Sep 7, 2015)
- Replaced all non java.util.logging logging libraries with slf4j interceptors.
New in Jenkins 1.627 (Sep 7, 2015)
- Race condition in triggers could cause various NullPointerExceptions.
- Archiving of large artifacts. Tar implementation cannot handle files having a size >8GB.
- Allow plugins to augment or replace the plugin manager UI.
New in Jenkins 1.626 (Aug 24, 2015)
- RunIdMigrator fails to revert Matrix and Maven jobs.
- Fix error message "Failed to listen to incoming slave connection" after fixing port through init.groovy.d.
New in Jenkins 1.625 (Aug 21, 2015)
- Fixed a deadlock between the old data monitor and authorization strategies.
- Allow rejecting configurations with errors in critical fields via REST / CLI.
- Do not display No changes if changelog is still being computed.
New in Jenkins 1.624 (Aug 21, 2015)
- Allow more job types to use a custom "Build Now" text.
New in Jenkins 1.622 (Aug 7, 2015)
- Jenkins now support self-restart and daemonization in FreeBSD
- Node provisioner may fail to correctly indicate that provisioning was finished.
New in Jenkins 1.621 (Aug 7, 2015)
- Sort by 'Free Disk Space' is incorrect.
- Label expression help is missing in recent Jenkins versions.
- Pre-emptively break memory cycles causing excessive live-set retention in remoting layer.
- Don't run trigger for disabled/copied projects.
New in Jenkins 1.620 (Jul 29, 2015)
- Display system info even when slave is temporarily offline.
New in Jenkins 1.619 (Jul 6, 2015)
- Update auto-installer metadata for newly installed plugins.
- Allow plugins to veto process killing.
New in Jenkins 1.618 (Jun 30, 2015)
- Fix deadlock in hudson.model.Executor.
- Don't truncate /consoleText output after fixed number of lines.
- Allow delete-* CLI commands to operate on multiple arguments.
- Prevent NullPointerException in Executor/causeOfDeath page if there is no exception details.
- Fixed synchronization issue when setting JDK installations.
- Fix several loggers which are identifying as the wrong class.
- Revert fix for issue 17290 due to the regressions it caused.
- Fix deadlock between hudson.model.Queue and hudson.model.Computer.
- Fix jobs getting stuck in the Queue when there exists a cycle of upstream/downstream blocks between them.
- Always use earlier start time when merging two equivalent queue items.
New in Jenkins 1.617 (Jun 19, 2015)
- Regression in build-history causing ball to not open console
- JNLP slaves did not pick up changes to environment variables.
- NullPointerException in AbstractProject constructor if Jenkins nodes has not been loaded yet
New in Jenkins 1.616 (Jun 3, 2015)
- Job loading can be broken by NullPointerException in a build trigger
New in Jenkins 1.615 (May 26, 2015)
- Improper calculation of queue length in UnlabeledLoadStatistics causing overheads in Cloud slave provisioning
- Category titles in Available Plugins list appear wrong in reverse sort order
- CronTab API: Timezone support for scheduling
- NullPointerException when trying to reset Jenkins admin address
- Reduce the thread overhead in NodeMonitorUpdater
New in Jenkins 1.614 (May 19, 2015)
- ExtensionList even listener.
- NullPointerException computing load statistics under some conditions.
- Plugins using class loader masking did not work properly over the slave channel.
- DefaultJnlpSlaveReceiver now returns true when rejecting a takeover.
- Do not follow href after sending POST via l:task
- Build history overflows
New in Jenkins 1.613 (May 19, 2015)
- Update bundled LDAP plugin in order to restore missing help files
- hudson.model.Run.getLog() throws IndexOutOfBoundsException when called with maxLines=0
New in Jenkins 1.612 (May 4, 2015)
- Handle AbortException publisher status in the same way as deprecated false boolean status
- Ensures GlobalSettingsProvider does not swallow fatal exceptions
- add datestamp to node-offline message
- Larger minimum popup menu height.
- As promised, shipping with Java7 class files.
- Descriptor.getId fix in 1.610 introduced regressions affecting at least the Performance and NodeJS plugins.
- Under rare conditions Executor.getProgress() can throw a Division by zero exception.
- The Run from the command line option for launching a JNLP slave should display the configured JVM options.
New in Jenkins 1.611 (Apr 28, 2015)
- Descriptor.getId fix in 1.610 introduced a regression affecting at least the Copy Artifacts plugin.
- Search box did not work well inside folders.
- Revert changes in 1.610 made to resolve issue 10629.
- Advertise JNLP slave agents to the correct host name, even in the presence of a reverse proxy.
- Advertised TCP slave agent port number is made tweakable.
- Correctly identify Channel listener onClose propagated exceptions
New in Jenkins 1.610 (Apr 28, 2015)
- Since 1.598 overrides of Descriptor.getId were not correctly handled by form binding, breaking at least the CloudBees Templates plugin.
- Reverted in 1.611. Archiving of large artifacts. Tar implementation cannot handle files having a size >8GB.
- The queue state was not updated between scheduling builds.
New in Jenkins 1.609 (Apr 15, 2015)
- When concurrent builds are enabled, artifact retention policy may delete artifact being used by an actually running build.
- Documentation for $BUILD_ID did not reflect current reality
New in Jenkins 1.608 (Apr 8, 2015)
- PeepholePermalink RunListenerImpl oncompleted should be triggered before downstream builds are triggered.
- NPE when /script used on offline slave.
- Make periodic workspace cleanup configurable through system properties.
- Do not offer to restart on /restart and /safeRestart if the configuration does not support it.
- Polling was skipped while quieting down, resulting in ignored commit notifications. This behavior was changed.
- Starting this version, native packages are produced from the new repository. File issues related to installers and packages in the packaging component.
New in Jenkins 1.607 (Mar 31, 2015)
- JSONP served with the wrong MIME type and rejected by Chrome.
- Security file pattern whitelist was broken for some plugins since 1.597.
- Lock an Executor without creating a Thread
- Hide flyweight master executor when ≥1 heavyweight executors running as subtasks
- Way to mark an Executable that should not block isReadyToRestart
- Refactor the Queue and Nodes to use a consistent locking strategy
- Makes the Jenkins is loading screen not block on the extensions loading lock
- AdjunctManager: exception upon startup
- Removes race condition rendering the list of executors
- Tidy up the locks that were causing deadlocks with the once retention strategy in durable tasks
- Remove any requirement from Jenkins Core to lock on the Queue when rendering the Jenkins UI
- Prevent lazy loading operation when obtaining label information.
- Ensure that the LoadStatistics return a self-consistent result.
- Build reports to be running for 45 yr and counting.
New in Jenkins 1.606 (Mar 24, 2015)
- Jenkins CLI doesn't handle arguments with equal signs
- master/slave communication ping reacts badly if a clock jumps.
- JNLP slaves can now connect to master through HTTP proxy.
- Fixes to several security vulnerabilities.
New in Jenkins 1.605 (Mar 17, 2015)
- Integrate Stapler fix for queue item API always returning 404 Not Found since 1.601.
New in Jenkins 1.604 (Mar 16, 2015)
- Added a switch (-Dhudson.model.User.allowNonExistentUserToLogin=true) to let users login even when the record is not found in the backend security realm.
- Avoid deadlock when using build-monitor-plugin. (issue 27183)
- As security hardening, mark "remember me" cookie as HTTP only
- Show displayName in build remote API.
New in Jenkins 1.602 (Mar 9, 2015)
- Regression with environment variables in 1.600.
- Errors with concurrent matrix builds since 1.597.
- Show displayName in build remote API.
New in Jenkins 1.601 (Mar 5, 2015)
- Regression with environment variables in 1.600.
- Errors with concurrent matrix builds since 1.597.
- Errors in Dashboard View plugin since 1.597.
- Map Queue.Item.id onto Run
New in Jenkins 1.600 (Mar 2, 2015)
- Fixes to multiple security vulnerabilities. (security advisory)
- An error thrown in the wrong place in a publisher could result in a failure to release a workspace lock.
- Cache node environment to prevent unnecessary channel usage
- Build history text field wrap fails when containing markup
- Maven build step fail to launch mvn process when special chars are present in build variables.
New in Jenkins 1.599 (Feb 17, 2015)
- Errors in some Maven builds since 1.598.
- Build format change migrator in 1.597 did not work on some Windows systems.
- Remote FilePath.chmod fails with ClassNotFoundException: javax.servlet.ServletException.
- Added SimpleBuildWrapper API.
- Animated ball in job's build history widget won't open Console Output.
- Show job name in Schedule Build column tool tip.
- Allow OldDataMonitor to discard promoted-build-plugin Promotions
New in Jenkins 1.598 (Jan 26, 2015)
- Build format change migrator in 1.597 did not work on some Windows systems.
- FutureImpl does not cancel its start future.
- Flyweight tasks were under some conditions actually being run on heavyweight executors.
- Folder loading broken when child item loading throws exception.
- Plugin icon images were broken when running Jenkins from a UNC path.
- Allow admin signup from /manage as well.
- Amend JAVA_HOME check to work with JDK 9.
- CLI list-jobs command should display raw name, not display name, where they differ.
- Show queue item parameters in tool tip.
- Better support functional tests from Gradle-based plugins.
- Allow users to delete builds even if they are supposed to be kept.
- Fixed side/main panel scrolling issues.
- Improve error reporting when channel closed during build.
- Fixed CodeMirror issue with height and re-enabled syntax highlighting in shell build step.
New in Jenkins 1.597 (Jan 26, 2015)
- JENKINS_HOME layout change: builds are now keyed by build numbers and not timestamps. See Wiki for details and downgrade.
- Do not throw exception on /signup when not possible.
- Tool installer which downloads and unpacks archives should not fail the build if the tool already exists and the server returns an error code.
- Fingerprint compaction aggravated lazy-loading performance issues.
- Possible unreleased workspace lock if SCM polling fails during setup.
- Misleading description of the 'workspace' permission.
- Run parameters should show display name if set, rather than build numbers.
- Add range check for H(X-Y) syntax.
New in Jenkins 1.596 (Jan 5, 2015)
- Build page was broken in Hungarian localization while building.
- Allow breaking label and node lists.
New in Jenkins 1.595 (Dec 22, 2014)
- Spurious warnings in the log after deleting builds.
- Master labels disappear when system configuration is updated.
- Updated icon-set dependency to version 1.0.5.
New in Jenkins 1.594 (Dec 15, 2014)
- After recent Java security updates, Jenkins would not gracefully recover from a deleted secrets/master.key.
- Restrict where this project can be run regressed in 1.589 when using the ClearCase plugin.
New in Jenkins 1.593 (Dec 9, 2014)
- Dynamic Single/Multi line Build History layout.
New in Jenkins 1.592 (Dec 2, 2014)
- Performance problems on large workspaces associated with validating file include patterns.
New in Jenkins 1.591 (Nov 27, 2014)
- Always use forward slashes in path separators during in ZIP archives generated by Directory Browser
New in Jenkins 1.590 (Nov 17, 2014)
- Basic Authentication in combination with Session is broken
- Some plugins broken since 1.584 if they expected certain events to be fired under a specific user ID.
- Fixed various real or potential resource leaks discovered by Coverity Scan
- API changes: Expose AbstractProject.AbstractProjectDescriptor#validateLabelExpression for plugins.
- API method to aggregate multiple FormValidations into one.
- Always use forward slashes in path separators during in ZIP archives generated by Directory Browser
- API method to get non-null Jenkins instance with internal validation
New in Jenkins 1.589 (Nov 17, 2014)
- JNA error in WindowsInstallerLink.doDoInstall.
- Restore compatibility of label assignment for some plugins.
New in Jenkins 1.588 (Nov 10, 2014)
- JNA error in WindowsInstallerLink.doDoInstall.
- Unnecessarily slow startup time with a massive number of jobs.
- Custom workspace option did not work under some conditions.
New in Jenkins 1.587 (Nov 10, 2014)
- Queue didn't always leave a trail for cancelled items properly
- JNA update for deprecated JNA-POSIX library.
- Introduced slave-to-master security mechanism to defend a master from slaves.
New in Jenkins 1.586 (Nov 10, 2014)
- Bumping up JNA to 4.10. This is potentially a breaking change for plugins that depend on JNA 3.x
- Prevent empty file creation if file parameter is left empty.
- Servlet containers may refuse to let us set secure cookie flag. Deal with it gracefully.
- Existing FileParameters should be handled as different values to avoid merging of queued builds
New in Jenkins 1.585 (Nov 10, 2014)
- Build health computed repeatedly for a single Weather column cell.
- Missing workspace page should use 404 status code.
- Fixed memory leak occurring on pages producing incremental output with a progress bar.
- Updated SSH Slaves plugin to 1.8.
- Due to the reaction, default umask in debian package is set back to 022
- Greater-than characters are not escaped in HTML outputs like e-mails
- Thread starvation from OldDataMonitor.
- Integer overflow in quiet-down timeout calculation
- Don't put session IDs in URLs even when cookies are disabled.
- Show keep build log reason in tool tips
- Do not disable projects, which do not support such operation (like Matrix configurations)
- Improved the scalability of SSH slaves plugin caused by global lock in SecureRandom
- Incorporated a fix for "Poodle" (CVE-2014-3566) vulnerability in the HTTPS connector of "java -jar jenkins.war"
New in Jenkins 1.584 (Oct 14, 2014)
- Diagnostic thread names are now available while requests are still in filters
- When killing Windows processes, check its critical flag to avoid BSoD
- When a user could not see a view, but could delete/move/rename jobs contained in it, the view was not properly updated.
New in Jenkins 1.583 (Oct 2, 2014)
- Fixes to multiple security vulnerabilities. (security advisory)
New in Jenkins 1.582 (Sep 29, 2014)
- Channel reader thread can end up consuming 100% CPU.
- CancelledKeyException can cause all JNLP slaves to disconnect (and the problem remains until restart).
- Consider dynamic label assignments for label load statistics.
- Use Windows line endings for batch file build steps.
- Reduced the logging clutter about the lack of @ExportedBean.
- Character encoding problem in form submission when file parameters are present.
- Improved error handling and "in-progress" UI feedback in JNLP slave to service installation.
- Winstone 2.4: reverse proxy support in the logging, request header size limit control, and different private key password from keystore password.
- umask setting on Debian did not work.
- handle job move when buildDir is configured to a custom location.
New in Jenkins 1.581 (Sep 23, 2014)
- Use slightly larger Jenkins head icon.
- Allow setting a system property to disable X-Frame-Options header.
- Explicitly set background color of various UI elements to white.
- Wrong Hebrew localization resulted in broken console output since 1.539.
New in Jenkins 1.580 (Sep 15, 2014)
- Health reports saved to disk before 1.576 showed no weather icon since that version.
- Renaming jobs fails if parent dir of custom build records directory does not exist.
- Add editable descriptions for label atoms.
New in Jenkins 1.579 (Sep 8, 2014)
- ConcurrentModificationException in RunListProgressiveRendering.
- StackOverflowError for some old SCMListeners.
- Job status page shows "Build has been executing for null on master" for flyweight tasks.
- File locking issue when running functional tests on Windows.
- Tolerate ?auto_refresh in reverse proxy check on /manage page.
- Debian package now sets umask to 027 by default for better default privacy.
New in Jenkins 1.578 (Sep 8, 2014)
- Added 'no-store' to the 'Cache-Control' header to avoid accidental information leak through local cache backup
- Deadlock in OldDataMonitor.
- Use absolute links for computer sidepanel items so they don't break as easily.
New in Jenkins 1.577 (Aug 25, 2014)
- Failure to migrate legacy user records in 1.576 properly broke Jenkins, resulted in NullPointerExceptions. (issue 24317)
- Jenkins did not correctly display icons contributed by plugins in 1.576. (issue 24316)
- Moved JUnit reporting functionality to a plugin. (issue 23263)
- Fixed ClassCastException on org.dom4j.DocumentFactory (issue 13709)
- Allow BuildStep to work with non-AbstractProject (issue 23713)
- Improved class loading performance when using Groovy. (issue 24309)
- Prevent NullPointerException from Executor.run. (issue 24110)
- Make the lifetime of queue items cache configurable. (issue 19691)
- Support --username/--password authentication for CLIMethod based CLI commands. (issue 23988)
- Don't link to /safeRestart after update if Jenkins cannot restart itself. (issue 24032)
- Properly consider busy executors when reducing a node's executor count. (issue 24095)
New in Jenkins 1.576 (Aug 19, 2014)
- Worked around "incompatible InnerClasses attribute" bug in IBM J9 VM (issue 22525)
- Fixed a file descriptor leak with CLI connections. (issue 23248)
- Fixed a regression that removed all users with uppercase letters in the user name since 1.566. (issue 23872)
- Improving security of set-build-parameter and set-build-result CLI commands. (issue 24080)
- Startup can be broken by deeply recursive causes in build records. (issue 24161)
- Displaying unabridged test result trend on project index page defeated lazy loading. (issue 23945)
- Added support for host:port format in X-Forwarded-Host header. (commit 19d8b80)
- API to launch processes without printing the command line. (issue 23027)
- Added option to increase impact of test failures on the weather report. (issue 24006)
- Modernized sidebar s and making them work better with new layout. (issue 23810, issue 23829)
- Add option to CLI to skip key authentication (e.g. when there's a password on the default key). (issue 23970)
- Modernize tabBar and bigtable. Makes the project view look better. Same for Plugin Manager. (issue 24030)
New in Jenkins 1.575 (Aug 11, 2014)
- Move option to fingerprint artifacts to Archive the Artifacts, Advanced options. (commit f43a450)
- Move option to keep dependencies (builds) from Fingerprint to Advanced Project Options. (commit a8756c6)
- Improved validation of Build Record Root Directory setting. (issue 14538)
- Indicate which node the workspace being viewed is on. (issue 23636)
- Show full project name for projects in folders. (issue 22971)
- UI redesign: Shrink the top bar, change logo, changed links in top bar. (pull 1327, (pull 1328)
- Killing processes started by builds on Unix was broken as of 1.553. (issue 22641)
- Should not stop a build from finishing just to compute JUnit result difference to a prior build which is still running. (issue 10234)
- Do not show link to System Information page for offline slaves, make page more robust when offline. (issue 23041)
- Fix link to SCM polling log from downstream job cause. (issue 18048)
- Autocomplete logger names. (issue 23994)
- UI redesign: Fix links in header bar when logged in.
- Do not show changes for the build at the lower bound of the changes list. (issue 18902)
- Restrict access to SCM trigger status page to administrators. (pull 1282)
New in Jenkins 1.574 (Jul 28, 2014)
- UI redesign: Use Helvetica as default font
- Synchronization issue during tool installation
- Use native encoding for filenames in downloaded ZIPs.
New in Jenkins 1.573 (Jul 21, 2014)
- UI redesign: Changed element alignment, removed sidebar link underlines
- Word-break links in build logs to preserve page width
- Log rotation fails with "...looks to have already been deleted"
- Fixed unnecessary eager loading of build records in certain code path.
New in Jenkins 1.572 (Jul 14, 2014)
- UI redesign: Changed header, made layout -based and responsive
- Improved handling of X-Forwarded-* headers
- Do not offer automatic upgrade if war parent directory is not writable
New in Jenkins 1.571 (Jul 8, 2014)
- IllegalArgumentException from AbstractProject.getEnvironment when trying to get environment variables from an offline slave. (issue 23517)
- Overall.READ is sufficient to access /administrativeMonitor/hudsonHomeIsFull/ (SECURITY-134)
- Master computer is not notified using ComputerListener (issue 23481)
New in Jenkins 1.570 (Jun 30, 2014)
- Add CLI commands to add jobs to and remove jobs from views (add-job-to-view, remove-job-from-view). (issue 23361)
- UI improvements / refreshing. (issue 23492)
- Failed to correctly resave a project configuration containing both a forward and a reverse build trigger. (issue 23191)
- Long log output resulted in missing Console link in popup. (issue 14264)
- HTTP error 405 when trying to restart ssh host. (issue 23094)
- Move 'None' Source Code Management option to top position. (issue 23434)
- Fixed NullPointerException when ArctifactArchiver is called for a build with the undefined status. (issue 23526)
- Allow disabling use of default exclude patterns in ArctifactArchiver (.git, .svn, etc.). (issue 20086)
- Fixed NullPointerException when "properties" element is missing in a job's configuration submission by JSON (issue 23437)
New in Jenkins 1.569 (Jun 23, 2014)
- Jenkins can now kill Win32 processes from Win64 JVMs.
- Allow custom security realm plugins to fire events to SecurityListeners.
- Recover gracefully if a build permalink has a non-numeric value.
- Fix form submission via the Enter key for Internet Explorer version 9.
- When Jenkins had a lot of jobs, submitting a view configuration change could overload the web server, even if few of the jobs were selected.
New in Jenkins 1.568 (Jun 23, 2014)
- Fixed JNLP connection handling problem
- Fixed NullPointerException caused by the uninitialized ProcessStarter environment in build wrappers
- Support the range notation for pagination in API
- Incorrect redirect after deleting a folder.
- Incorrect links from Build History page inside a folder.
- API changes allowing new job types to use SCM plugins.
- API changes allowing to create nested launchers (DecoratedLauncher)
New in Jenkins 1.567 (Jun 10, 2014)
- Fixed a reference counting bug in the remoting layer. (commit)
- Avoid repeatedly reading symlinks from disk to resolve build permalinks. (issue 22822)
- Show custom build display name in executors widget. (issue 10477)
- CodeMirror support for shell steps broke initial configuration. (issue 23151)
- Jenkins on Linux can not restart after plugin update when started without full path to java executable (issue 22818)
- Fixed NullPointerException when a build triggering returns null cause (issue 20499)
- Fixed NullPointerException on plugin installations when invalid update center is set (issue 20031)
- Use DISABLED_ANIME icon while building a disabled project (issue 8358)
- Process the items hierarchy when displaying the Show Poll Thread Count option (issue 22934)
- Compressed output was turned on even before Access Denied errors were shown for disallowed Remote API requests, yielding a confusing error. (issue 17374) (issue 18116)
- Properly close input streams in FileParameterValue (issue 22693)
- Incorrect failure age in the JUnit test results (issue 18626)
- Fixed deletion links for JVM Crash error logs (issue 22617)
- Distinguish "nodes for label offline" from "no nodes for label" (issue 17114)
- Add causes to queue item tool tip (issue 19250)
- RPM: added JENKINS_HTTPS_KEYSTORE and JENKINS_HTTPS_KEYSTORE_PASSWORD options to Jenkins sysconfig file (issue 11673)
- RPM: Do not install jenkins.repo file (issue 22690)
- Don't advertise POSTing config.xml on master (issue 16264)
- Handle null parameter values to avoid massive executor deaths (issue 15094)
- Added an option to archive artifacts only when the build is successful (issue 22699)
New in Jenkins 1.566 (Jun 3, 2014)
- Configurable case sensitivity mode for user IDs. (issue 22247)
- Extension point for project naming strategies did not work from actual plugins. (issue 23127)
- Introduce directly modifiable views (issue 22967)
- Jenkins cannot restart Windows service (issue 22685)
New in Jenkins 1.565 (May 27, 2014)
- Misleading error message trying to dynamically update a plugin (which is impossible) on an NFS filesystem. (issue 12753)
- Updated component used by the swap space monitor to better support Debian and AIX.
- SSH slave connections die after the slave outputs 4MB of stderr, usually during findbugs analysis (issue 22938)
- Polling no longer triggers builds (regression 1.560) (issue 22750)
New in Jenkins 1.564 (May 21, 2014)
- Improve list view performance on large instances with folders. (issue 22720)
- Add indicator when build queue is filtered. (issue 22698)
- Fixed localization of build environment variable help. (issue 22867)
- Allow markup formatter to be selected without enabling security. (issue 22028)
- Update bundled Matrix project plugin to 1.2 fixing issues introduced in 1.561. (issue 22879, issue 22798)
- Polling no longer triggers builds (regression 1.560) (issue 22750)
New in Jenkins 1.563 (May 13, 2014)
- Memory exhaustion in remoting channel since 1.560. (issue 22734)
- Configurable size for log buffer. (issue 22840)
- Gesture to clear log buffer. (issue 22839)
- Prevent up to two-minute delay before scheduling jobs from a cron trigger. (pull request 1216)
- Occasional attempts to delete a build during log rotation which had already been deleted. (issue 22395)
- Again show proper display names for build parameters. (issue 22755)
New in Jenkins 1.562 (May 5, 2014)
- Next build link was not reliably available from a previous build after starting a new one. (issue 20662)
- Debian postinst: check for present user/group before adding them. (issue 22715)
- Add distance between time tick labels on load statistics. (issue 22686)
- Correctly show load statistics for master node. (issue 22689)
- Make load statistics graph font configurable, use sans serif font by default. (issue 22688)
- Add links to nodes on thread dump page for easier navigation. (issue 22672)
New in Jenkins 1.561 (Apr 29, 2014)
- Fixed a corner case handling of tool installation. (issue 16846)
- Enabled log rotation on the OSX package (issue 15178)
- When measuring the length of the queue, jobs that consist of multiple subtasks should count as more than 1. (pull request 742)
- Close drop-down button menu when clicking outside (issue 17050)
- RunParameter with filtering enabled incorrectly includes builds which have not yet completed (issue 20974)
- Fixed NPE if RunParameterValue points to a stable build. (issue 20857)
- Fixed a JavaScript problem in sortable table with IE8. (issue 21729)
- More efficient deletion of old builds (specified by date). (issue 22607)
- The matrix project type was moved into its own plugin.
- Linkage errors in notifiers could leak workspace leases. (issue 21622)
- Better correction of the anomalous condition that several builds of a job specify the same number. (issue 22631)
- Under certain conditions, a running build could mistakenly be shown as completed (and failed), while still producing output. (issue 22681)
- Fix a bug which only showed the first detail part for radio buttons. (issue 22583)
- Update version of bundled Mailer plugin to 1.8 to avoid issues with older versions
- Show larger load statistics graphs. (issue 22674)
- Linebreak project names less aggressively. (issue 22670)
- Added a new extension point for more pluggable JNLP slave handling
- Don't ask for confirmation when it doesn't make any sense. (issue 21720)
- Jenkins asks for confirmation before leaving form even though user is not authorized to make changes. (issue 20597)
- Make the computers monitor status row look different from regular node rows. (pull request 1095)
- Do not offer "Install without restart" for plugin updates. (pull request 1125)
- Require POST on more actions. (pull request 877)
- Optimize image sizes. (pull request 648)
- Properly close resources in case of exceptions. (pull request 737)
- Fix warning on JBoss AS7 due to unnecessary xpp3_min dependency. (pull request 733)
- Return queue item location when triggering buildWithParameters. (issue 13546)
New in Jenkins 1.560 (Apr 23, 2014)
- Enforcing build trigger authentication at runtime by checking authentication associated with a build, rather than at configuration time. For compatibility, enforcement is skipped by default; you must install the Authorize Project plugin or similar for this to take effect. The “upstream pseudo trigger” was also removed in favor of a true trigger configured on the downstream project; you may use either the post-build action or the trigger according to where you want this configuration stored, and who is authorized to change it. (issue 16956)
- Fixed NPE from view new job name autocompletion since 1.553. (issue 22142)
- Deadlocks in concurrent builds under some conditions since 1.556. (issue 22560)
- JNLP slaves are now handled through NIO-based remoting channels for better scalability.
- Integrated codemirror v2.38. (issue 22582)
- Listing plugins shortly after installation throws ConcurrentModificationException. (issue 22553)
- Fixed NoSuchMethodException when destroying processes using JDK1.8. (issue 21341)
- Avoid irrelevant job queing while node is offline. (issue 21394)
- Debian package now creates 'jenkins' group
- Suppress fingerprint link if fingerprint record isn't available. (issue 21818)
- Job hangs if one of multiple triggered builds was aborted (issue 21932)
New in Jenkins 1.557 (Apr 1, 2014)
- Fixed ArrayIndexOutOfBoundsException in XStream with Oracle JDK8 release version (issue 18537)
- Corrected permission checks for copy-job and create-job CLI commands. (issue 22262)
- identity.key, used to secure some communications with Jenkins, now stored encrypted with the master key.
- When dynamically loading a plugin which another loaded plugin already had an optional dependency on, class loading errors could result before restart. (issue 19976)
- Memory leaks in the old data monitor. (issue 19544)
- Ability for custom view types to disable automatic refresh. (issue 21190) (issue 21191)
- Option to download metadata directly from Jenkins rather than going through the browser. (issue 19081)
- Allow JDK8 (and other versions) to be downloaded by JDKInstaller correctly. (issue 22347)
New in Jenkins 1.556 (Mar 27, 2014)
- Access through API token and SSH key login now fully retains group memberships. (issue 20064)
- API changes allowing more flexibility in unusual job types. (issue 22131)
- Job can be reloaded individually from disk with "job/FOO/reload" URL or "reload-job" CLI command
New in Jenkins 1.555 (Mar 20, 2014)
- Jenkins should recover gracefully from a failure to process "remember me" cookie (issue 11643)
- Fixed Up link in matrix projects (issue 21773)
New in Jenkins 1.554 (Mar 10, 2014)
- Archiving of symlinks as artifacts did not work in some cases. (issue 21958)
- Slow rendering of directories with many entries in remote workspaces. (issue 21780)
New in Jenkins 1.553 (Mar 4, 2014)
- Build history widget only showed the last day of builds. (Due to JENKINS-20892, even with this fix at most 20 builds are shown.) (issue 21159)
- Random class loading error mostly known to affect static analysis plugins. (issue 12124)
- After restarting Jenkins, users known only from changelogs could be shown as First Last [email protected]_, breaking mail delivery. (issue 16332)
- CLI build -s -v command caused 100% CPU usage on the master. (issue 20965)
- Slave started from Java Web Start can now install itself as a systemd service.
- Split the “raw HTML” markup formatter out of core into a bundled plugin.
New in Jenkins 1.552 (Feb 26, 2014)
- Fixed handling of default JENKINS_HOME when storing CLI credentials (issue 21772)
- Fixed broken action links on Label page (issue 21778)
- Allow Actions to contribute to Labels' main page (issue 21777)
- Expensive symlink-related calls on Windows can be simplified. (issue 20534)
- Slow rendering of directories with many entries in remote workspaces. (issue 21780)
New in Jenkins 1.551 (Feb 15, 2014)
- Regression in Windows slaves since 1.547. (issue 21373)
- Using java -jar jenkins-core.jar folder/external-monitor-job cmd … did not work. (issue 21525)
- Jenkins crash on startup after upgrade from 1.546 to 1.548. (issue 21474)
- f:combobox is narrow. (issue 21612)
- The workspace cleanup thread failed to handle the modern workspace location on master, and mishandled folders. (issue 21023)
- Fixed missing help items on "Configure Global Security" page (issue 19832)
- Sort groups on user index page alphabetically. (issue 21673)
- Should not be able to create a job named . (period). (issue 21639)
- Plugins implementing "AsyncPeriodicWork" can overwrite default logging level (pull request #1115)
- Wrong log message for out-of-order build record repair. (issue 20730)
- Existing Fingerprint Action is reused and not added a second time. (issue 19832)
- TestObject doesn't replace '%' character (issue 21707)
- "java -jar jenkins.war" should use unique session cookie for users who run multiple Jenkins on the same host.
- Security fixes:
- In some places, Jenkins XML API uses XStream to deserialize arbitrary content, which is affected by CVE-2013-7285 reported against XStream. This allows malicious users of Jenkins with a limited set of permissions to execute arbitrary code inside Jenkins master.
- Restrictions of HTML tags for user-editable contents are too lax. This allows malicious users of Jenkins to trick other unsuspecting users into providing sensitive information.
- Plugging a hole in the earlier fix to SECURITY-55. Under some circimstances, a malicious user of Jenkins can configure job X to trigger another job Y that the user has no access to.
- CLI job creation had a directory traversal vulnerability. This allows a malicious user of Jenkins with a limited set of permissions to overwrite files in the Jenkins master and escalate privileges.
- The embedded Winstone servlet container is susceptive to session hijacking attack.
- The password input control in the password parameter definition in the Jenkins UI was serving the actual value of the password in HTML, not an encrypted one. If a sensitive value is set as the default value of such a parameter definition, it can be exposed to unintended audience.
- Deleting the user was not invalidating the API token, allowing users to access Jenkins when they shouldn't be allowed to do so.
- Jenkins UI was vulnerable to click jacking attacks.
- "Jenkins' own user database" was revealing the presence/absence of users when login attempts fail.
- Jenkins had a cross-site scripting vulnerability in one of its cookies. If Jenkins is deployed in an environment that allows an attacker to override Jenkins cookies in victim's browser, this vulnerability can be exploited.
- Jenkins was vulnerable to session fixation attack. If Jenkins is deployed in an environment that allows an attacker to override Jenkins cookies in victim's browser, this vulnerability can be exploited.
- Stored XSS vulnerability. A malicious user of Jenkins with a certain set of permissions can cause Jenkins to store arbitrary HTML fragment.
- Some of the system diagnostic functionalities were checking a lesser permission than it should have. In a very limited circumstances, this can cause an attacker to gain information that he shouldn't have access to.
New in Jenkins 1.550 (Feb 10, 2014)
- Report number of all jobs as part of usage statistics (issue 21448)
- Replace description in error dialog instead of appending (issue 21457)
New in Jenkins 1.549 (Jan 27, 2014)
- Removing the "keep this build forever" lock on a build should require the DELETE permission. (issue 16417)
- Files added to zip archive are closed properly. (issue 20345)
- Broken CSS when reloading Jenkins after a time of inactivity (issue 17526)
- Replace description in error dialog instead of appending (issue 21457)
New in Jenkins 1.548 (Jan 21, 2014)
- API for adding actions to a wide class of model objects at once. (issue 18224)
- Added infrastructure for moving items into or out of folders. (issue 20008) (issue 18028) (issue 18680)
- Apply buttons did not work in Internet Explorer in compatibility mode. (issue 19826)
- Builds can seem to disappear from a job in a folder if that folder is renamed. (issue 18694)
- /login offers link to /opensearch.xml which anonymous users cannot retrieve. (issue 21254)
- Added API class SecurityListener to receive login events and similar. (issue 20999)
- Option to hold lazy-loaded build references strongly, weakly, and more. (issue 19400)
New in Jenkins 1.547 (Jan 14, 2014)
- NPE since 1.545 when using aggregated test result publisher without specifying downstream jobs explicitly. (issue 18410)
- Fixed Trend Graph NPE when there isn't any builds (issue 21239)
New in Jenkins 1.546 (Jan 7, 2014)
- Builds disappear after renaming a job. (issue 18678)
- When clicking Apply to rename a job, tell the user that Save must be used instead. (issue 17401)
- Exception from XStream running Maven builds on strange Java versions. (issue 21183)
- When clicking Apply results in an exception (error page), show it, rather than creating an empty dialog. (issue 20772)
New in Jenkins 1.545 (Jan 3, 2014)
- CannotResolveClassException breaks loading of entire containing folder, not just one job. (issue 20951)
- Better robustness against XML deserialization errors. (issue 21024)
- Minimizing disk I/O while loading the names of build records during Jenkins startup. (issue 21078)
- Avoiding serializing the owning build as part of a test result action, as this can lead to errors later. (issue 18410)
New in Jenkins 1.544 (Dec 16, 2013)
- RingBufferLogHandler throws ArrayIndexOutOfBoundsException after int-overflow. (issue 9120)
- Hudson shows 0GB free space when space available drops below 1GB. (issue 7776)
- Added filter field for installed plugins tab. (issue 20219)
- groovysh command did not work in authenticated Jenkins instances. (issue 17929)
- Avoid eagerly loading all builds when displaying lists of them (Build History and Build Time Trend UIs). (issue 20892)
- Error page should be visible even if the anonymous user does not have overall/read access. (issue 20866)
- JavaScript errors when navigating away from a page with a build timeline widget while the timeline is loading. (pull request 1041)
New in Jenkins 1.543 (Dec 11, 2013)
- Fixed a possible dead lock problem in deleting projects. (issue 19446)
- HTML metacharacters not escaped in log messages. (issue 20800)
New in Jenkins 1.542 (Dec 4, 2013)
- Improved error diagnosis for jzlib deflate problem. (issue 20618)
- Improved error diagnosis for CLI stream corruption. (issue 18058)
- Don't hold off building until saved for jobs copied from CLI. (issue 20744)
- Allow build queue and executor status panes to be collapsed. (issue 5622)
- Jenkins 1.540 just doesn't boot on Windows at all. (issue 20630)
New in Jenkins 1.539 (Nov 12, 2013)
- Core started relying on Java6 API, completing Java5 -> Java6 migration.
- Adding a batch of contributed localization from the community.
New in Jenkins 1.538 (Nov 4, 2013)
- Disabled, aborted, and not-build status now has different image names to allow themes to use different icons. (issue 19438)
- Ask for confirmation if an user tries to leave an edited configuration page. (issue 19835)
- Test failure summary appearance is improved. (issue 19884)
- Added CLI commands that manipulate views (issue 19996)
- Improved the /cli help screen. (issue 20023)
- Polling-triggered jobs get scheduled en-mass on start-up if slaves aren't online yet. (issue 8408)
- Fixed the handling of nested variable expansion. (issue 20280)
- NPE thrown from CLI build command under some circumstances. (pull request 979)
- Fixed a bug in the compatibility transformer (since 1.527) that causes VerifyError in Ivy plugin and possibly others. (issue 19383)
- Pass full list of all possible jobs to ViewJobFilter when recurse option is set (issue 20143)
- get-job and update-job CLI commands can now work with folders, or indeed any AbstractItem. (issue 20236)
- Added API allowing plugins to hide entries from the context menu even while they appear in the sidepanel. (issue 19173)
New in Jenkins 1.537 (Oct 28, 2013)
- Upgrade bundled plugin versions: ssh-slaves to 1.5, and credentials to 1.9.1 (issue 20071)
- Build button column was broken in 1.535 for parameterized builds. (issue 20080)
- Miscalculation of environment variables caused some binaries (such as ssh) to not be found. (issue 19926)
- Extension point for secure users of REST APIs (permitting JSONP and primitive XPath). (issue 16936)
- “Run a build” link in page shown when no workspace existed for a job was not functional; unlinking.
- Integer overflow could cause JavaScript functions to break in long-running Jenkins processes. (issue 20085)
- Reverted the JENKINS-18629 fix in 1.536 as it causes various regressions in plugins. (issue 20262)
New in Jenkins 1.536 (Oct 22, 2013)
- Fixed two file descriptor leaks. (issue 14336)
- RuntimeException if you try to save a config with a choice parameter that has no choices. (issue 18434)
- 1.534 made ZIP downloads of artifacts work again, but missing a base directory inside the ZIP. (issue 19947)
- Stapler error saving certain kinds of configuration. (issue 18629)
- Upgrade Trilead SSH client library to version that does not cause connection loss when there is a lot of logging on the build slave and the performance improvements in ssh-slaves 0.27+ are enabled ( issue 18836, issue 18879, issue 19619)
- Upgrade bundled iplugin versions: ssh-slaves to 1.4, ssh-credentials to 1.5.3 and credentials to 1.8.3 (issue 19945)
New in Jenkins 1.535 (Oct 16, 2013)
- Windows JDK installer failed in a path with spaces. (issue 19447)
- Windows JDK installer should not install a public JRE. (issue 8957)
- After deleting last build, next build of last build is zombie. (issue 19920)
- Split matrix authorization strategies into an independent plugin.
- UI Samples plugin fully separated from core. To view samples during plugin development or at any other time, just install from the update center.
- View description should be clearly separated from the Jenkins system message. (issue 18633)
- SCM polling sometimes broken since 1.527 due to a change in how environment variables are calculated. (issue 19307)
- Breadcrumb bar moves away from header when scrolling past end of page on OS X. (issue 19803)
- "java -jar jenkins.war" now runs on Jetty8. Command line options are still compatible. (issue 18366)
- "java -jar jenkins.war" gets the "--spdy" option to enable SPDY.
- Expand all/Collapse all functionality for artifact tree view. (pull request 616)
- Visualize queued jobs in view. (pull request 531)
New in Jenkins 1.534 (Oct 8, 2013)
- Default crumb issuer configurations saved in older releases did not load as of Jenkins 1.531. (issue 19613)
- As of 1.532 download of artifact ZIPs was broken. (issue 19752)
- Old copies of maven3-agent.jar on slaves were not being reliably updated, leading to errors. (issue 19251)
- Add option to disable "Remember me on this computer" checkbox in login screen. (issue 15757)
- Added postCheckout method for SCMs (issue 19740)
New in Jenkins 1.533 (Sep 30, 2013)
- Offer alternate error message for pattern-based project naming strategy.
New in Jenkins 1.532 (Sep 25, 2013)
- Working around a GZip compression bug in jzlib affecting transfer of certain large, repetitive artifacts. (issue 19473)
- Lazy-loading bug: builds go missing. (issue 19418)
- (re)create build number->id symlink if missing when updating permalink. (issue 19034)
- Display the full display name in title for jobs and views. (pull request 884)
- Added a new extension point to control where archived artifacts get stored. (issue 17236)
- Use fine-grained permissions for node manipulation via REST API & CLI (issue 18485)
- Make the link to the aggregated test result from the project page work. (issue 9637)
New in Jenkins 1.531 (Sep 17, 2013)
- Deleting an external run did not immediately remove it from build list, leading to errors from log rotation. (issue 19377)
- When copying a directory from master to slave fails due to an error on the slave, properly report it. (issue 9540)
- Identify user agent for Internet Explorer 11. (issue 19171)
- Since 1.518, fingerprint serialization broke when job or file names contained XML special characters like ampersands. (issue 18337)
- Robustness against truncated fingerprint files. (issue 19515)
- JavaScript error in the checkUrl computation shouldn't break the job configuration page. (issue 19457)
- Annotate the Advanced section if some fields are already customized. (issue 3107)
- No events fired when project is enable/disable or the description is changed (issue 17108)
New in Jenkins 1.530 (Sep 10, 2013)
- Send Maven agent JARs to slaves on demand, not unconditionally upon connection. (issue 16261)
- Occasional race condition during startup. (issue 18775)
- Robustness against startup error for users of Global Build Stats plugin. (issue 17248)
- 404s from Javadoc and HTML Publisher plugins. (issue 19168)
- Build number symlinks and permalinks not updated for Maven module builds. (issue 18846)
New in Jenkins 1.529 (Aug 27, 2013)
- With Apache Maven 3.1 build, logging configuration from the Apache Maven distribution is not used.
- Avoid log duplication with Apache Maven 3.1 builds
- Ungraceful handling of empty matrix project axes. (issue 19135)
- Updated Groovy to 1.8.9 to avoid GROOVY-4292.
- CLI login command broken on Windows since 1.518. (issue 19192)
- A malformed JUnit result file should mark that test suite as a failure, but not interrupt archiving of other tests. (issue 19186)
- Build for $username now shows also build scheduled by user (issue 16178)
New in Jenkins 1.528 (Aug 19, 2013)
- Command line now supports "--sessionTimeout" option for controlling session timeout
- Form validation methods weren't getting triggered when one of its dependency controls change. (issue 19124)
- When POST is required for some HTTP operation but GET was used, the response should have status code 405. (issue 16918)
- Correct help text of Label field in automatic installation of tools in global configuration. (issue 19091)
- Use Guice from Google rather than a fork
- Jenkins does not invoke ProcessKillers for Windows (issue 19156)
New in Jenkins 1.527 (Aug 14, 2013)
- Fixed NoSuchFieldError: triggers with older Maven plugin (issue 18677)
- Added bytecode transformation driven compatibility ensurance mechanism (discussion)
- Improve search to locate items inside folders. (pull request 848) (pull request 893)
- Windows path separators not correctly escaped in Maven properties configuration. (issue 10539)
- Improved EnvironmentContributor to support project-level insertion. (issue 19042)
New in Jenkins 1.526 (Aug 6, 2013)
- Improved EnvironmentContributor to support project-level insertion. (issue 19042)
- Report an user friendly error page if a deletion of a build fails. (pull request 827)
- Maven build failure wasn't describing errors like Maven CLI does. (issue 15025)
- MavenModuleSetBuild.getResult is expensive. (issue 18895)
- Revisited fix to be compatible for plugins. (issue 18119)
- Ensuring /log/all shows only INFO and above messages, even if custom loggers display FINE or below. (issue 18959)
- Added a new monitor that detects and fixse out-of-order builds records. (issue 18289)
New in Jenkins 1.525 (Jul 30, 2013)
- Can't build using maven 3.1.0 (issue 15935)
- Fixed Winstone+mod_proxy_ajp+SSL combo issue. (issue 5753)
- JENKINS_DEBUG_LEVEL misinterpreted by Winstone, causing excessive logging. (issue 18701)
- Since 1.520, Jenkins requires Java 6 or later, breaking Maven builds set to use JDK 5. Now falls back to JVM of slave agent but sets compile/test flags to use defined JDK. (issue 18403)
- Since 1.517, Maven projects using Maven 2 could not build projects using extensions depending on Apache Commons Codec. (issue 18178)
- Test harness was packing copies of Maven into plugin archives under some conditions. (issue 18918)
- Provided maven settings.xml in maven builder is lost. (issue 15976)
- Exception when running polling with a Maven installation not defined on master. (issue 18898)
- Since 1.477 GET on /view/…/config.xml included a spurious wrapper element. (issue 17302)
- Clearer display of log messages: chronological order, and coloration of repeated vs. fresh metadata (date, log level, log source).
- Fixed a regression that broke some plugins' form validation (issue 18776)
- People View does Not Populate if JQuery plugin enabled. (issue 18641)
New in Jenkins 1.524 (Jul 26, 2013)
- Clock Difference broken on Manage Nodes page (issue 18671)
- Fixed another possible cause of an NPE from MatrixConfiguration.newBuild. (issue 17728)
- NPE in MavenFingerprinter.getArtifactRepositoryMaven21. (issue 18441)
- More reliability improvement in remote slave reconnection.
New in Jenkins 1.523 (Jul 16, 2013)
- Fixed: claiming of tests doesn't work in Maven jobs (claim-plugin) (issue 14585)
New in Jenkins 1.522 (Jul 8, 2013)
- Fixed a regression in the config form with some plugins (issue 18585)
- Fixed a dead lock in the Project class and improved the signature of the persisted XML form a bit. (issue 18589)
- Improved memory efficiency in parsing test reports with large stdio output files. (issue 15382)
- Node monitoring now happens concurrently across all the slaves, so it'll be affected less by problematic slaves. (issue 18438)
- Deadlock during Maven builds Parsing POM step (issue 15846)
- If every node is restricted to tied jobs only, Matrix build jobs can never start.
New in Jenkins 1.521 (Jul 3, 2013)
- Build with parameters returns empty web page (issue 18425)
- Access denied error results in ERR_CONTENT_DECODING_FAILED on most browsers, masking the root cause. (issue 15437)
- Fixed the master/slave handshake problem when a slave runs on non-ASCII compatible encoding (such as EBCDIC.)
- Added a diagnosis for StreamCorruptedException problem (issue 8856)
- Matrix project's parent can be now tied to labels/slaves. (issue 7825)
- Clean up fingerprint records that correspond to the deleted build recods (issue 18417)
- Fixed "Comparison method violates its general contract" error in BuildTrigger.execute (issue 17247)
- Edited description wasn't reflected when pressing the "Apply" button. (issue 18436)
- Fixed a regression in remoting since 1.519 that caused FindBugs plugins to break. (issue 18349, issue 18405)
- Revisited the extension point added in 1.519 that adds custom plexus components.
New in Jenkins 1.520 (Jun 29, 2013)
- Slave launch thread should have the background activity credential. (issue 15578)
- “Build Now” link did not work for multijobs. (issue 16974)
- Unix vs. Windows mode not correctly retained for command launchers under some conditions. (issue 18368)
- Edit views with non-ASCII names did not work since 1.500. (issue 18373)
- Fixed API incompatibility since 1.489. (issue 18356)
- “Projects tied to slave” shows unrelated Maven module jobs. (issue 17451)
- Fixed file descriptor leak in fingerprint computation. (issue 18351)
- Test history was not shown if suite name was part of the test name. (issue 15380)
- Added a new extension point to monitor the flow of stuff in the queue.
- Added a new extension point to monitor the provisioning of nodes from clouds. (pull request 819)
- Possible to create a custom AbstractDiskSpaceMonitor.
- Executors running the builds can be now a subject of access control. (issue 18285)
- Core started relying on Java 1.6 as per the agreement in the dev list. If you have a serious objection against it, please let us know before we really start relying on 1.6 features.
- Some actions confirmed by dialog were not working when CSRF crumbs were enabled. (issue 17977) (issue 18032)
- CLI list-jobs command should list all nested jobs. (pull request 793)
- Provide a mechanism to differentiate between node properties that are applicable to the master node only and node properties that can be applied to all nodes (issue 18381)
- Maven module links in the module list page are broken. (issue 17713)
- 100% CPU pegging in Deflator.deflateBytes (issue 14362)
New in Jenkins 1.519 (Jun 19, 2013)
- Log cluttered with irrelevant warnings about build timestamps when running on Windows on Java 6.
- Fingerprint action deserialization problem fixed.
- Updating the master computer's configuration from the slave list UI had no immediate effect.
- Improved the tracking of queued jobs and their eventual builds in the REST API.
- Configured log recorders can now pick up messages logged from slaves.
- Added a new extension point to contribute custom plexus components into Maven for the maven project type.
- Remoting classloader performance improvement upon reconnection to the same slave.
New in Jenkins 1.518 (Jun 19, 2013)
- NPE in DefaultMatrixExecutionStrategyImpl.waitForCompletion.
- Optimizations in fingerprint recording.
- Using JNR-POSIX rather than JNA-POSIX for better platform support.
- Errors searching build records when builds were misordered.
- Finding the last failed build for a job (e.g. from a view column) broke lazy loading.
- Do not fail startup in case ListView.includeRegex was syntactically malformed.
- CSS stylesheets misrendered in Chrome due to caching.
- User icon in People broken if Jenkins root URL unconfigured.
- Maven module links in the module list page are broken.
- Progress bar sometimes broken in People.
- 100% CPU pegging in Deflator.deflateBytes
New in Jenkins 1.517 (Jun 7, 2013)
- Enable word breaking in potentially long strings like job names
- Allow filtering of the Run parameter build list by result
- Add support for scalatest-maven-plugin
- When copying a folder, the display names of contained jobs were gratuitously cleared
- “Recurse in subfolders” option for list views produced exceptions when used with native Maven projects
- Using proper directory separator character for permalinks on Windows
New in Jenkins 1.516 (May 28, 2013)
- NPE from Run.getDynamic. (issue 17935)
- Should be able to collect all log records at a given level using a blank logger name. (issue 17983)
- Reworked Upload Plugin gesture to work more like installation from an update center, and in particular to support dynamic load. (issue 16652)
- Errors in init.groovy halted startup; changed to just log a warning. (issue 17933)
New in Jenkins 1.515 (May 20, 2013)
- Windows services now auto-restart in case of abnormal process termination.
- does not allow defaulting to specifig instance (issue 17858)
- mark maven settings / global settings as default for new jobs (issue 17723)
- Display Name is not shown. (issue 17715)
- Symlink handling problem with build permalinks on Windows. (issue 17681)
- List views missing a required field were unloadable. (issue 15309)
- Maven module artifacts were not being deleted by the log rotator. (issue 17508)
- Properly find parent POMs when fingerprinting a Maven project. (issue 17775)
- Allow the combination filter to accept parameter values. (issue 7285)
New in Jenkins 1.514 (May 2, 2013)
- Added a new set-build-parameter command that can update a build variable from within a build.
- Can use -Dhudson.udp=-1 to disable UDP broadcast without showing an ugly exception.
- Third-party license display for core was broken since 1.506. (issue 17724)
- Mitigation of exception from fingerprinting in a Maven project when a parent POM could not be located. (issue 17775)
- NPE from MatrixConfiguration.newBuild. (issue 17728)
- NPE configuring Copy Artifact with Maven jobs. (issue 17402)
- /about now links to license information for plugins as well.
- Updated bundled plugins.
New in Jenkins 1.513 (Apr 29, 2013)
- Slave status monitor page shows when the data is last obtained
- Delete button to highlight what it is going to delete.
- StringIndexOutOfBoundsException in PackageResult.findCorrespondingResult. (issue 17721)
- Breadcrumb is reworked to show descendants to provide additional navigational shortcuts. (discussion)
New in Jenkins 1.512 (Apr 22, 2013)
- Views can now include jobs located within folders. (pull 757)
- Added confirmation dialog before reloading configuration from disk. (issue 15340)
- Switched confirmation before deleting jobs or wiping out workspace to a dialog.
- Different text than “Build Now” for parameterized jobs. (issue 10738)
- Check the view name with ajax.
- “Build Now” context menu item broken for parameterized jobs. (issue 17110)
- Incorrect redirection after delete of job in folder in view. (issue 17575)
- ”My Views" links leads to 404 Not Found. (issue 17317)
- Quoting Issue with JDK Installer with Windows Installer. (issue 5408)
- Restored compatibility in ArtifactArchiver signature; broken in 1.509 and could affect plugins. (issue 17637)
- Fixed a bug in the logic that hides context menu anchor 'v'
New in Jenkins 1.511 (Apr 16, 2013)
- JUnit result archiver should only fail builds if there are really no results - i.e. also no skipped tests. (issue 7970)
- NullPointerException related to lazy loading when loading some builds using fingerprinting. (issue 16845)
- Better display of parameters in queue items. (issue 17454)
- sort order of plugin list is not working by default. (issue 17039)
New in Jenkins 1.510 (Apr 8, 2013)
- UnsatisfiedLinkError on CreateSymbolicLinkw on Windows XP. (issue 17343)
- Flyweight tasks should execute on the master if there's no static executors available. (issue 7291)
- Download tool installations directly from the slave when possible, since this is much faster than going through the master. (issue 17330)
- Improved UI for implicitly locked builds. (issue 10197)
- Promote the use of 'H' in cron. (issue 17311)
- Context menu no longer automatically pops up (issue 13995)
New in Jenkins 1.509 (Apr 2, 2013)
- Heavy thread congestion saving fingerprints. (issue 13154)
- Option to make the build not fail if there is nothing to archive. (issue 10502)
- Better report file deletion failures. (issue 17271)
- "Local to the workspace" repository locator does not work when building one module in isolation. (issue 17331)
- Master node mode not correctly displayed in /computer/(master)/configure. (issue 17263)
- Performance improvement in master/slave communication throughput (issue 7813)
- Quoted label expression can result into dead executors (throwing exception) (issue 17128)
- ChangeLog should produce some output even if some (plugin) annotator fails (issue 17084)
- View name should not allow "..". (issue 16608)
New in Jenkins 1.508 (Mar 26, 2013)
- Fixing a regression in 1.507 that causes a failure to load matrix jobs. (issue 17337)
New in Jenkins 1.507 (Mar 25, 2013)
- Show the reason for a skipped test if the test result contains one (issue 8713)
- an in-progress build was dropped from JSON API when lazy-loading was introduced. (issue 15583)
- In-progress builds now survive the "reload from disk" administrator action. (issue 3265)
- If artifact archiving failed with an I/O error, the build nonetheless was considered to be a success. (issue 2058)
- Fixed a bad interaction between Windows symlinks and build record lazy loading. (issue 15587)
- Remember the lastStable/Failed/Successful/etc builds to avoid eager loading builds. (issue 16089)
- Wrong build result in post build steps after failed pre build step in maven projects. (issue 17177)
New in Jenkins 1.506 (Mar 18, 2013)
- Saving Global Jenkins Global Config wipes out the crumb issuer settings in the Global Security Config. (issue 17087)
- Made --httpKeepAliveTimeout option work (that was supposed to have been introduced in 1.503). (issue 16474)
- Preview function for textareas using Jenkins markup did not work when CSRF protection was enabled. (issue 17085)
- Permalinks created in the wrong place when using external build directories. (issue 17137)
- External build directories not updated by job rename/delete. (issue 17138)
- JNA-related error from Windows slave monitoring thrown repeatedly. (issue 15796)
- Improved the request handling performance (where the file lookup is expensive, such as on NFS). (issue 16606)
- Windows symbolic support on Java5/6.
- Improved the duration browsers cache static resources.
New in Jenkins 1.505 (Mar 11, 2013)
- Exception in flyweight tasks when checking if an executor is interrupted. (issue 17025)
- JNA-related linkage errors on Windows not handled gracefully. (issue 15466)
- Added run display name as an environment variable when RunParameter is used (pull 720)
- Fixed "Manage" sub-contextmenu for non-standalone deployments (pull 721)
- Absolute URLs in console output (issue 16368)
- Revert ampersand encoding which can cause backward incompatibility issue (pull 683)
- Fix dependency graph computation when upstream build trigger is involved (issue 13502)
- Disabled Authenticode verification for Windows services. (issue 15596)
New in Jenkins 1.504 (Mar 4, 2013)
- Fixed a regression in the "discard old builds" in 1.503. (issue 16979)
- Maven 3.0.5 upgrade. (issue 16965)
- Not all log messages were being captured at /log/all. (issue 16952)
- Incorrect or missing XML encoding declaration on some REST API pages. (issue 16881)
- Fixed: Human readable file size method returns ",00" for files with byte length 0 (issue 16630)
- “Build” from job context menu produced a confusing warning page. (issue 16844)
- Maven2 builds with non-standard test plugins failed. (issue 16928)
- Started bundling XStream 1.4.4 (issue 12542)
- Significant improvement in Traditional Chinese localizations. (pull 716)
New in Jenkins 1.503 (Feb 27, 2013)
- ${ITEM_FULLNAME} variable was not working for Maven projects on Windows, so introduced ${ITEM_FULL_NAME} instead. (issue 12251)
- Lock contention issue in build history view. (issue 16831)
- Fixed the HTTP request thread saturation problem with Winstone. (issue 16474)
- Script evaluation script error on IE. (issue 16561)
- surefire-reports not detected for android-maven-plugin (issue 16776)
- maven-failsafe-plugin tests not recognized anymore (issue 16696)
- UI waiting on a queue lock to display cause of queue blockage. (issue 16833)
- UpdateCenter REST API chokes if there was a plugin installation failure. (issue 16836)
- Missing build title in /rssAll when build has no test result. (issue 16770)
- Changed the way matrix axis values are exposed as env variables (issue 11577)
- Maven 3 builds ignored quiet (-q) and debug (-X) options (issue 16843)
- JNLP slave installers can now work transparently with secured Jenkins. (SECURITY-54 / despite the ticket marker, this is not a security vulnerability)
- "Discard old build records" behavior is now pluggable, allowing plugins to define custom logic.
New in Jenkins 1.502 (Feb 27, 2013)
- Miscellaneous security vulnerability fixes. See the advisory for more details. (SECURITY-13,16,46,47,54,55,59,60,61)
- Builds disappear from build history after completion. (issue 15156)
- Plugin Manager’s Filter field did not work. Regression in 1.500. (issue 16651)
- DISCOVER-able jobs break the build queue widget (issue 16682)
- Extension point to provide access to workspace even when node is offline (issue 16454)
- Extension point to listen BuildStep execution
New in Jenkins 1.501 (Feb 12, 2013)
- Reverted change in 1.500 causing serious regression in HTTPS reverse proxy setups. (issue 16368)
- Getting test results from custom test mojos failed build. (issue 16573)
- Restored Java 5 compatibility. (issue 16554)
- Bogus “Build Record Root Directory” inadequately diagnosed. (issue 16457)
- Plugin icons in the sidebar were not being properly cached. (issue 16530)
- Broadly as well as deeply nested build causes overwhelmed the UI after 1.482. (issue 15747)
- API typo DependecyDeclarer corrected.
- Avoid eagerly loading builds in Changes in dependency or culprit list. (pull 689)
- Run parameters do not support folders. (issue 16462)
- Fixed RememberMe cookie signature generation. (issue 16278)
- Fixed NullPointerException when copying from existing Maven job (issue 16499)
New in Jenkins 1.500 (Jan 27, 2013)
- Since 1.494, when signing up as a new user in the private security realm the email address was left unconfigured and a stack trace printed.
- Enable transparent log decompression support. (issue 13655)
- Display authorities at /user/* for convenience. (pull 577)
- Slow rendering of view pages in large installations due to eager check whether the “People” link would show anything. (issue 16244)
- Reduced size of memory leak in render-on-demand functionality used e.g. in configuration pages. (issue 16341)
- Improving responsiveness of People page. (issue 16342) (issue 16397)
- Exception printed to log while adding Build other projects post-build step. (issue 16444)
- BindException when using --daemon with JMX. (issue 14529)
- Improved logging and error output from SSHD in Jenkins.
- Linking to the /threadDump page from /systemInfo so it is discoverable.
- Rekeying operation (from SECURITY-49 fix in 1.498) failed on Windows. (issue 16319)
- JNLP slave index page failed to explain how to pass -jnlpCredentials. (issue 16273)
- Links should preserve used protocol (issue 16368)
- Don't report the same plugin twice in the update center if the filtering is in effect.
- Accept any plugin with a 'test' goal as a test plugin in Maven jobs (issue 8334)
- Avoid unnecessary downloads if automatically installed tools are up-to-date (issue 16215)
New in Jenkins 1.499 (Jan 15, 2013)
- Fixed NoClassDefFoundError: Base64 with the -jnlpCredentials option. (issue 9679)
New in Jenkins 1.498 (Jan 8, 2013)
- The master key that was protecting all the sensitive data in $JENKINS_HOME was vulnerable. (SECURITY-49)
New in Jenkins 1.497 (Jan 7, 2013)
- Delete the oldest build but it still come up on HistoryWidget (issue 16194)
- The master key that was protecting all the sensitive data in $JENKINS_HOME was vulnerable. (SECURITY-49)
New in Jenkins 1.496 (Dec 31, 2012)
- Aborting download of workspace files make Jenkins unstable
- Unstable main build of maven projects leads to post steps being executed even if configured not to
- Channel is already closed exception during threadDump
New in Jenkins 1.495 (Dec 27, 2012)
- Fixed java.lang.NoSuchMethodError: hudson.model.RunMap.put(Lhudson/model/Run;)Lhudson/model/Run;
- Saving the update center list after the metadata has been fetched results in the metadata being persisted twice
- When using container-managed security, display unprotected root actions in the configuration screen for convenience.
- Display class loading statistics in /computer/name/systemInfo.
- Added list-plugins CLI command.
- Added console CLI command that dumps console output from a build.
New in Jenkins 1.494 (Dec 17, 2012)
- Using file parameters could cause build records to not load.
- Possible race condition in RemoteClassLoader renders slave unusable.
- If the CLI client is aborted during "build -s", abort the build.
- WARNING: Caught exception evaluating: descriptor.getHelpFile(attrs.field). Reason: java.lang.NullPointerException.
- Allows to disable triggering of downstream jobs (for a maven job)
- E-mail delivery feature was split off to a separate plugin for better modularity.
- Context menu and tooltip of the queue items were colliding with each other
- Fix combobox ui component
New in Jenkins 1.493 (Dec 10, 2012)
- Slave's Name should be trimmed of spaces at the beginning and end of the Name on Save.
- Added new switch to ignore post-commit hooks in SCM polling triggers. This requires that the SCM plugin supports this feature, too!
New in Jenkins 1.492 (Dec 3, 2012)
- XStream form of projects excessively strict about null fields.
- Build records were broken if timezone was changed while running.
- Symlink detection refinement on Java 7.
- Displaying massive test suite results could bring down Jenkins.
- Jenkins kicks off the wrong downstream builds for Maven.
- Rotation of slave agent launch logs is broken for Windows masters.
- Failure to initialize the SSH daemon shouldn't fail the boot.
- Added new GUI-based slave installer for upstart
- Duplicated / multiple "Jenkins CLI" entries under "Manage Jenkins".
- Maven2 job fails when using maven-failsafe-plugin
- "Disable Project" button breaks Free style project pages.
New in Jenkins 1.490 (Nov 13, 2012)
- Fixed the redirect handling in IPv6 literal address.
- Update logging levels in LogRotator - hudson.tasks.LogRotator perform
- Jobs in folders not displayed when showing tied jobs for a computer or label.
- When installing plugins with overlapping dependencies, Jenkins downloads the duplicate plugins multiple times.
- Disable Nagle's algorithm for TCP/IP slave connection
New in Jenkins 1.489 (Nov 5, 2012)
- JENKINS_HOME can be now on UNC path (like \\server\mount\dir)
- Deleting deeply nested directories could fail on Windows in Java 6.
- Improved the auto-completion of job names to support hierarchy better.
New in Jenkins 1.488 (Oct 29, 2012)
- Harmless but noisy exception running builds on some Windows systems in non-English locale.
New in Jenkins 1.487 (Oct 24, 2012)
- Using the bottom-sticking "OK" button in more places
- Slave logs are put into sub-directories to avoid cluttering $JENKINS_HOME
- /computer/*/doDelete should try harder to remove even “zombie” Computers. (issue 15369)
- NPE from PluginManager. (issue 15511)
- Uncaught TypeError: Cannot read property 'firstChild' of null breaks certain forms at least on Chrome. (issue 15494)
- Added "manage old data" permanently to the "manage Jenkins" page.
- Plugin manager now supports uninstallation. (issue 3070)
New in Jenkins 1.486 (Oct 15, 2012)
- NullPointerException in various parts of the core due to RunList returning null. (issue 15465)
- Jenkins build records lazy-loading failed to load some of my jobs. (issue 15439)
- Build queue displayed as empty even when it is not. (Regression in 1.483.) (issue 15335)
- Restoring /people page as a redirect for compatibility, and fixing links to it. (issue 15206 continued)
- Memory exhaustion parsing large test stdio from Surefire. (issue 15382)
- In celebration of the release number '486', background image will be 80486 for a week.
New in Jenkins 1.485 (Oct 9, 2012)
- NPE deleting a slave. (issue 15369)
- Deadlock involving views. (issue 15368)
- Can't configure Maven Installations on Jenkins ver. 1.483, 1.484 (issue 15293)
- Memory footprint improvement, especially under large HTTP request threads.
- Build records are now lazy loaded, resulting in a reduced startup time
New in Jenkins 1.484 (Oct 1, 2012)
- Check view permissions before showing config page (issue 15277)
- Displaying /people can consume huge resources. (issue 15206)
- Log recorders do not work reliably. (issue 15226)
- NPE in MatrixProject.onLoad. (issue 15271)
- FilePath.validateAntFileMask too slow for /configure. (issue 7214)
- Mac OS X installer now sends log to /var/log/jenkins/jenkins.log (issue 15178)
New in Jenkins 1.483 (Sep 26, 2012)
- Invalid warning message when the config-file-provider plugin is not installed (issue 15207)
- JDK installation failed on some slaves with InvalidClassException: hudson.tools.JDKInstaller$Platform$1; local class incompatible: … (issue 14667)
- Provide symlink support on all possible platforms when using Java 7+, including newer versions of Windows. (issue 13202)
- NPE at hudson.maven.MavenModuleSet.getMaven (issue 14510)
- Invalid JSON gets produced with duplicate keys (seen on change sets) (issue 13336)
- Command line options to control the HTTP request handling thread behavior weren't working.
- Default max # of concurrent HTTP request handling threads were brought down to a sane number (from 1000(!) to 20)
- Display non-default update site URLs in the Advanced tab of Plugin Manager. (Currently not configurable from this UI.)
- Fixed the lock contention problem on Queue.getItems()
- Put slave back online automatically, if there's enough disk space again (pull 514)
- Track and verify plugins used in configuration XML (issue 15003)
New in Jenkins 1.478 (Aug 21, 2012)
- "Monitor External Job" broken since 1.468. (issue 14107)
- Matrix configuration axes are no longer automatically re-ordered to alphanumeric order on reload. (issue 14696)
New in Jenkins 1.477 (Aug 9, 2012)
- Annotation processor bugs in Stapler affecting plugin compilation. (issue 11739)
- Regressions in add/delete buttons starting in 1.474. (issue 14434 and issue 14495)
- Collapse nonempty tool installation sections by default in /configure. (issue 14538)
- Custom workspace in matrix projects should be able to use axis as variables.
- New SCMCheckoutStrategy extension wasn't workin for matrix projects. (pull 519)
- Fixed a problem in the concurrent matrix build. (issue 13972)
- Single invalid e-mail address shouldn't cause the entire e-mail delivery to fail. (pull 526)
- Dynamically recomputing matrix axes wasn't working. (pull 523)
- "Text" build parameter should use for configuration (issue 13916)
- Make the draggable component more obvious by providing a border.
- Added REST API for view manipulation
- OS X installer now has an Uninstall tool (in /Library/Application Support/Jenkins).
- Added "manage Jenkins" as a sub-menu to the Jenkins context menu.
- Executor is exposed to the remote API (pull 520)
- Changed defaults for the Mac installer to make iOS codesigning easier.
- Notify user when search result is truncated and provide link to get more results (issue 10747)
- Add a setter for node label string. (issue 14327)
- Option to set java executable path for managed windows slaves
- Added new extension point for transient user actions, and displays user properties if they are also Actions.
New in Jenkins 1.476 (Aug 9, 2012)
- NullPointerException from JUnitParser.parse. (issue 14507)
New in Jenkins 1.475 (Jul 27, 2012)
- Enable/disable GUI for jobs either did not appear, or threw exceptions, for jobs inside folders (issue 14325)
- NullPointerException from UnlabeldLoadStatistics [sic] (issue 14330)
- Incorrect display of list items in project changes for SCMs such as Mercurial. (issue 14365)
New in Jenkins 1.449 (Jan 25, 2012)
- Build fails on "Deploy artifacts to Maven repository" due to trying to upload parent POM twice for release artifacts. (issue 11248)
- Fixed an occasional "URI must start with a slash" error when the anonymous user doesn't have the read access.
- OS X installer can optionally create a new user "jenkins" and use it. This user has a writable home directory, making it possible to set up ssh for Jenkins.
- No workspace available message includes wiped out workspace as a potential cause. (issue 10432)
- Stop users being created in memory if they failed to provide all the required registration information correctly. (issue 7096)
- java -jar jenkins.war finally detects invalid command line options and report that as an error.
- When run in terminal, warning/error messages are colored.
New in Jenkins 1.423 (Jul 27, 2011)
- Fixed a boot problem in 1.422.