Jenkins LTS Changelog

Jenkins 2.541.2

Wed, 18 Feb 2026 00:00:00 +0000

Security: Important security fixes.
Major Bug: Submitting a form would in rare cases, lead to an error (Got type array but no lister class found for type...)
Bug: Fix temporary offline state of computer is lost on config submit

Jenkins 2.541.1

Wed, 21 Jan 2026 00:00:00 +0000

Changes since 2.541:

RFE: Add telemetry for Java properties.
Bug: Use rootURL in Cloud sidepanel so links in actions work properly.
Bug: Fix console log copy button for freestyle projects that have finished (regression in 2.493).
RFE: Update Winstone to version 8.1026.v31def012a_f48 to increase the default maximum HTTP response header size to 32KB to account for very complex Content Security Policy headers.
RFE: Allow entirely disabling CSP headers to work around unusual Jenkins configurations resulting in excessive HTTP response header lengths.
Bug: Allow large forms to be submitted (regression in 2.531).
RFE: Add telemetry for Content Security Policy enforcement.
RFE: Add Windows Server 2022 for Windows controller and agent containers.
RFE: Add Java 25 container images for the Jenkins controller and agents.

Notable changes since 2.528.3:

Major RFE: Support Java 25.
Major RFE: Allow configuring Content-Security-Policy protection for the Jenkins UI. Introduce an API for plugins to relax (or further tighten) the rules around various resources. If you have the Content Security Policy Plugin (csp) installed, update it to version 2.x.
Major RFE: Red Hat and openSUSE packages are unified into the same RPM packaging with a brand new URL: https://pkg.jenkins.io/rpm-stable/. We kept the former LTS packages (versions 2.528.3 and below) in https://pkg.jenkins.io/redhat-stable-legacy/. Red Hat and openSUSE users are redirected from older endpoints (/redhat-stable and /opensuse-stable) to "https://pkg.jenkins.io/rpm-stable/" but are strongly advised to update their "jenkins.repo" repository configurations. System V initialization scripts are removed for openSUSE installations
RFE: Move the user time zone configuration to the user preferences page.
RFE: Remove duplicate built-in executor configuration from System configuration page. It now configures it on the built-in executor under Nodes instead.
RFE: Add ability to set default value for experimental flags via system property.
Bug: Eliminate spurious CPU utilization in browser when idle.
Bug: Fix toggle collapse in Chrome to prevent 404 errors.
Bug: Fix MyViewsProperty condition.
RFE: Redesign the reorderable list component.
RFE: Log a thread dump when a /health check exceeds the 10 second default timeout to help diagnose stuck requests. This timeout is configurable via the jenkins.health.HealthCheckAction.thresholdTimeout system property.
RFE: Use the same styling for title bar mouseover effect.
Bug: Set the default enter delay for tooltips to 250ms.
Bug: Restore file fingerprint and project relationship actions to views.
Bug: Fix API token rendering.
RFE: Add rest API to create an agent from XML.
RFE: Add experimental pages for Manage Jenkins, jobs, builds, dashboard, run details, and parameter details.

Jenkins 2.528.3

Wed, 10 Dec 2025 00:00:00 +0000

Security: Important security fixes.
Bug: Restore Check File Fingerprint and Project Relationship actions to views.

Jenkins 2.528.2

Wed, 12 Nov 2025 00:00:00 +0000

RFE: Update versionLT and Compare-VersionLessThan to account for Jenkins versioning formatting in `jenkins-support` scripts.
RFE: Update JDK21 from 21.0.8+9 to 21.0.9+10.
RFE: Update JDK17 from 17.0.16+8 to 17.0.17+10.
RFE: Update Debian Trixie base image version from 20251020 to 20251103.

Jenkins 2.528.1

Wed, 15 Oct 2025 00:00:00 +0000

Changes since 2.528:

Bug: Remove Eclipse modifier class to ensure code compiles as expected.
Bug: Fix All/None/Suggested buttons visibility in plugin setup wizard.
Bug: Fix number comparison in min/max form validator.

Notable changes since 2.516.3:

Major RFE: Update Debian container images to Debian 13 (Trixie).
Major RFE: Updates to various UI elements. Refine the header, app bar, and side panel. Refine colors, borders, and buttons. Use secondary text color for dropdowns.
Major RFE: Breadcrumbs now have a visual indicator and are compatible with accessibility guidelines.
RFE: Improve performance with additional caching of Java classes.
RFE: Apply the current theme color palette to shutdown and safe-restart messages.
RFE: Remove the /extensionList/ HTTP endpoint and related telemetry. Users of the Timestamper plugin should update to version 1.29 or newer.
RFE: Use a new name format for subdirectories of $JENKINS_HOME/users/. Stop creating redundant $JENKINS_HOME/users/users.xml.
RFE: Minor performance optimization for administrative monitors badge display.
RFE: Refine User page UI.
RFE: Refine the Console URL Provider UI.
RFE: Show parameters of a run in read-only mode.
RFE: Reduce agent launch log stack trace noise for ClosedChannelExceptions.
RFE: SSH cli now uses EdDSA natively provided by Apache Mina via Bouncycastle.
RFE: Add Polish localization. Adjust Bulgarian localization spacing. Add German localization for Global Build Discarder.
Bug: Fix a race condition in WebSocket agent connection initialization.
Bug: Create friendlier HTTP response for an attempt to buildWithParameters a disabled or nonparameterized job.
Bug: Fix incorrect parameter name in quietDown API online help.
Bug: Correct word-wrap and word-break CSS properties to use supported values.
Bug: Stop printing an incorrect log message when retrieving agent labels.
Bug: Enable the chevron button in job tables by removing pointerevents:none from its CSS styling.
Bug: Avoid queue items being lost if the node disconnects at a bad time during allocation.

Jenkins 2.516.3

Wed, 17 Sep 2025 00:00:00 +0000

Security: Important security fixes.
Major Bug: Remove link styling in a menu when the corresponding menu is closed.
Major Bug: Fix a memory leak in Java class loading for the GStringTemplateEngine class.
RFE: Reduce plugin ClassLoader memory consumption.
RFE: Upgrade to Winstone 8.13 and Jetty 12.0.25. Jetty upgrade includes multiple bug fixes and most recent release of Eclipse Jetty 12.
Bug: Position the Save and Apply buttons for views under the header instead of over it.

Jenkins 2.516.2

Wed, 20 Aug 2025 00:00:00 +0000

Bug: Restore breadcrumb navigation for the System configuration page.
Bug: Fix anchor links in Jenkins Taglib documentation.

Jenkins 2.516.1

Wed, 23 Jul 2025 00:00:00 +0000

Changes since 2.516:

Bug: Improve UI of secondary actions in the header.
Bug: Add window listener computeOverflow to trigger a new compute of the breadcrumbs.
Bug: Prevent multiple dropdowns appearing in breadcrumbs.
Bug: Display a badge in the hamburger for Actions with active alerts.
Bug: Make script console layout configurable.

Notable changes since 2.504.3:

Major RFE: Redesign the header and navigation.
Major RFE: Display plugin health score in the Plugin Manager.
RFE: Updates to various UI elements. Refine the appearance of dialogs and Command Palette. Standardize Manage Jenkins page size. Use Jenkins color palette for test results and CodeMirror.
RFE: Refresh user API Token UI.
RFE: Remove support for loading user data from releases older than Jenkins 1.283.
RFE: Remove support for loading proxy configuration from releases older than Jenkins 1.415.
RFE: Add "No plugins" notice to Appearance configuration page.
RFE: Update to a dropdown menu display for the user Default View.
RFE: Improve UI of Secret and Password entry.
RFE: A new /health endpoint is available to determine whether Jenkins is healthy.
RFE: New jobs no longer create an empty legacyIds marker file in the builds directory. Existing legacyIds files are deleted upon upgrade to reduce inode usage.
RFE: Jenkins' own user database no longer accepts new passwords longer than supported by bcrypt (72 bytes). Users with longer passwords are advised to change their password.
RFE: Remove jbcrypt library. If you use the Active Directory plugin, you must update it to version 2.40 at the same time Jenkins is updated to 2.516.1.
RFE: Remove deprecated hudson.util.IOException2.
RFE: Remove support for ?path and ?pattern query parameters for directory listings of user content, such as workspaces and archived artifacts. The filter text box now uses JavaScript instead of a form submission to navigate to the expected URL. Programmatic users are advised to replace ?path or ?pattern in their requests with the resulting redirect URL, whose behavior did not change from before.
RFE: Remove PAM Authentication plugin from suggested plugins.
RFE: Add Powershell script to Windows installer to update registry information after WAR update.
RFE: Add a "copy to clipboard" button to the Jenkins error page.
RFE: Complete the Japanese translation for the keepDependencies help file.
RFE: When running in Jetty (when using the default java -jar jenkins.war), set the SameSite attribute for cookies to provide additional protection from some CSRF vulnerabilities. By default this sets the attribute to Lax. This can be changed by setting the Java system property jenkins.security.JettySameSiteCookieSetup.sameSiteDefault. Users of Microsoft Entra ID (previously Azure AD) Plugin are advised to update the plugin to version 580.v2f665882b_a_71 or newer at the same time.
RFE: Allow the Views tab bar to be configured per user.
Bug: Only update affected computers when adding/updating/removing nodes instead of reviewing every computer and checking their retention strategy, which can cause performance issues at scale.
Bug: Fix limitation of Summary widget on the build page.
Bug: Fix search result URLs when using the old search implementation.
Bug: Add value attribute to button element in submit.jelly.
Bug: Ensure computer configuration is updated correctly after updating a node.
Bug: Ensure number of executors of the built-in node is synced with the number of executors defined in Jenkins after a configuration reload.
Bug: Allow icons in tables to be updated even when there is more than one table displayed on the page.
Bug: Fix "No builds" state remaining in Build History widget after first build.
Bug: Fix state of labels removed from nodes.
Bug: When completing a build, look for older builds to rotate asynchronously, in case this process is expensive.
Bug: Fix the display of icons in the header by only applying the jenkinsavatar class to user icons, not the other header icons.
Bug: Reduce heap usage of various HTTP endpoints serving large build logs.
Bug: Restore the children context menu for breadcrumbs.
Bug: Remove overlapping text from the Thread Dump page.
Bug: Defer rendering a build's artifact list to a background request to avoid expensive computations.
Bug: Catch ConnectionRefusalException when thrown by a websocket agent connection attempt.
Bug: Do not close the dropdown menu when hovering over the submenu of the dropdown menu.
Bug: Fix URLs in search result list when running at `root` context.
Bug: Restore side panel actions for views.
Bug: Replace Loading overlay with skeleton outline on Manage Jenkins pages.
Bug: Place secondary actions in the collapsing menu instead of displaying them based on screen width.
Bug: Any RootAction that used custom rendering (action.jelly) is once again visible in the header and behaves appropriately. Any RootAction that uses jelly to show/hide is correctly hidden in the header. Any RootAction with sub tasks now shows the subtasks as a dropdown when in the correct context.

Jenkins 2.504.3

Wed, 25 Jun 2025 00:00:00 +0000

RFE: Upgrade to Winstone 8.10 and Jetty 12.0.22. Jetty upgrade includes multiple bug fixes and most recent release of Eclipse Jetty 12.

Jenkins 2.504.2

Wed, 28 May 2025 00:00:00 +0000

RFE: Add telemetry to determine whether a specific URL (/extensionList/) is in use by plugins or can safely be removed in future releases of Jenkins.

Jenkins 2.504.1

Wed, 30 Apr 2025 00:00:00 +0000

Changes since 2.504:

Major Bug: Only update affected computers when adding/updating/removing nodes instead of reviewing every computer and checking their retention strategy, which can cause performance issues at scale. Ensure number of executors of the built-in node is synced with the number of executors defined in Jenkins after a configuration reload. Ensure computer configuration is updated correctly after updating a node.
RFE: Upgrade to Winstone 8.7 and Jetty 12.0.19.

Notable changes since 2.492.3:

Major RFE: Remove the Yahoo! User Interface library.
Major RFE: Add experimental Details widget for builds.
RFE: Disable the copy button in insecure contexts.
RFE: Update the Copy button animation.
RFE: Remove Commons Discovery from the Jenkins WAR.
RFE: Add the option to display the Console Output on the build page behind an experimental flag.
RFE: Wrap app bars on smaller screens.
RFE: Remove the ability to install as a Windows service from a running Jenkins install. Users wanting this functionality should instead download and install the MSI package.
RFE: Refresh the interface of Jenkins CLI page.
RFE: Define Jenkins UI colors in a more perceptually uniform way using OKLCH.
RFE: Improve the appearance of user avatars in Jenkins. Custom avatars are also available through the Avatar plugin.
RFE: Improve accessibility and clean up various components.
RFE: Allow the master key to be stored in a separate location.
RFE: Add space between the Add/Edit description button and Views bar.
RFE: Add grouping to Command Palette search results.
RFE: Add empty state to the Manage Old Data page.
RFE: Add Cancel button to the Edit description form.
RFE: Update interrupted build action summary icon.
Bug: Use the correct date in the History widget when a user has configured a dedicated time zone.
Bug: Form validation for cron schedules included seconds based on the current time, when in fact the trigger fires at minute-granularity slots.
Bug: Fix occasional failures to write files to Jenkins home directory on Windows servers due to virus scanners.
Bug: Fix task notification for the rebuild plugin and others.
Bug: Fix tooltip and console link in the progress bar of jobs in the executors widget.
Bug: Clarify the displayed message while the build history widget initializes.
Bug: Fix border radius overlap when multiple lines of view names are displayed.
Bug: Sort deprecated plugins alphabetically.
Bug: Prevent dynamic plugin installation from registering the same extension twice in some cases.
Bug: Fix Manage Jenkins nested context menu to stay open when parent menu closes.
Bug: Fix enableTopButton to insert entry at the top in an f:repeatable.
Bug: Prevent Java null pointer exception when adapting a keyboard shortcut based on the User-Agent header.

Jenkins 2.492.3

Wed, 2 Apr 2025 00:00:00 +0000

Security: Security fixes.
Bug: Clarify the displayed message while the build history widget initializes.
Bug: Upgrade to Jetty 12.0.17 to fix User pages for users with a \ in their username.

Jenkins 2.492.2

Wed, 5 Mar 2025 00:00:00 +0000

Security: Security fixes.
Bug: Use correct date in the History widget when a user has configured a dedicated time zone.
Bug: Fix notification for `l:task` (regression in 2.481).
Bug: Fix tooltip and console link in progress bar of jobs in the executors widget (regression in 2.480).
Bug: Fix occasional failures to write files to the Jenkins home directory on Windows servers due to virus scanners (regression in 2.491).

Jenkins 2.492.1

Wed, 5 Feb 2025 00:00:00 +0000

Changes since 2.492:

RFE: Disable the JnlpSlaveRestarterInstallerTest on ci.jenkins Windows agents.

Notable changes since 2.479.3:

Major RFE: Disable the Yahoo! User Interface library by default.
Major RFE: Add Command Palette as a replacement for the search bar.
Major RFE: Refine and modernize the appearance of several pages.
RFE: Add icons to Command Palette.
RFE: Add Turkish translations for node list and RSS links.
RFE: Modernize ComboBox component.
RFE: Show a notification when scheduling a build fails.
RFE: Clearer error message for the CLI in the default webSocket mode when a 403 error results from a reverse proxy misconfiguration.
RFE: The agents online/offline status and icon can now be influenced by the offline cause, giving better information to users. Clarifies some use cases when an agent was offline by design and not because of a configuration or technical error.
RFE: Retain user-generated offline reason when agent connects or disconnects for technical reasons.
RFE: Allow all immutable List subclasses from Java 11 over remoting.
RFE: Avoid printing the same stack trace multiple times when file persistence fails. Temporary file names used by the AtomicFileWriter are now derived from the target file name.
RFE: Added password validation to ensure that existing users cannot create a password of less than 14 characters in length when in FIPS mode.
RFE: Stop allowing configuration of the agent protocols list.
RFE: Upgrade Winstone to 8.2 in order to update Jetty from 12.0.13 to 12.0.14.
Bug: Use refined build status icons in multibranch projects.
Bug: Form validation that depends on radio buttons now finds the selected one and not the previous one.
Bug: Since 2.489, JavaScript errors could be seen in some Jenkins pages, such as the setup wizard, omitting the usual header bar.
Bug: Fix scrolling with keyboard.
Bug: Reduce spacing in help files.
Bug: Remove trailing space from Windows agent secret file instructions.
Bug: Revert update of hotkeys-js dependency introduced in 2.490. The hotkeys-js bump caused a regression with Jenkins plugin BOM tests.
Bug: Restore the original behavior of FileBoolean(Class, String).
Bug: Fix a rare race condition rendering pages soon after startup.
Bug: Fix end of life operating system monitor that shows 2099-12-31 on the first day a warning should be displayed.
Bug: Ignore values with incorrect types when deserializing collections and maps in XML files.

Jenkins 2.479.3

Wed, 8 Jan 2025 00:00:00 +0000

RFE: Upgrade Apache MINA core from 2.0.26 to 2.0.27.
Bug: Remove Upgrade Automatically from users with `SystemRead` permissions.
Bug: Fix double-zipped .tgz files so they are no longer mismatched.
Bug: Allow non-HTTP(S) URLs in zip-based tool installer configuration.
Bug: Fix exception error message about hudson.model.UpdateSite$Warning on Manage Jenkins that may be shown when plugins with known security issues are installed.
Bug: Fix double-escaped tooltips in "Help for feature" (regression in 2.380).

Jenkins 2.479.2

Wed, 27 Nov 2024 00:00:00 +0000

Security: Important security fix.
RFE: Upgrade Script Security plugin to 1368.vb_b_402e3547e7. Script Security 1368.vb_b_402e3547e7 includes a fix for SECURITY-3447.
Bug: Upgrade XStream to 1.4.21. XStream 1.4.21 includes a fix for CVE-2024-47072.
Bug: Do not add jobs created via the REST API to the default view (regression in 2.475).
Bug: Allow context classloaders to be defined without making explicit reference to the calling class.

Jenkins 2.479.1

Wed, 30 Oct 2024 00:00:00 +0000

Changes since 2.479:

Major Bug: Migrate from http://updates.jenkins-ci.org to https://updates.jenkins.io if the initial installation version was 2.76 or older.
Bug: Restore compatibility with plugins calling Jenkins#doSafeRestart(StaplerRequest, String).
Bug: Restore compatibility with plugins contributing new views with custom XML, such as the Nested Views plugin.
Bug: Wrap long lines in the build history.
Bug: Prevent an old version of ASM from appearing as a managed dependency in plugin builds.
Bug: Update ASM to 9.7.1 to match the most recent release of the ASM API and Jenkins ASM API plugin.
Bug: Do not allow builds to be deleted while they are still building. Ensure build discarders only process builds which have fully completed.
Bug: Allow null to be passed as the first argument to doSafeRestart.
Bug: Wait for ongoing Pipeline builds to fully complete before allowing their parent job to be deleted.

Notable changes since 2.462.3:

Major RFE: Require Java 17 or newer.
Major RFE: Upgrade Spring Framework from 5.3.39 to 6.1.14, upgrade Spring Security from 5.8.14 to 6.3.4, and upgrade Java EE from 8 to 9. Users of the LDAP plugin must upgrade to version 733.vd3700c27b_043 in combination with upgrading Jenkins core. Users of the Reverse Proxy Auth plugin must upgrade to version 1.8.0 in combination with upgrading Jenkins core and must also upgrade the Mailer plugin to version 489.vd4b_25144138f. Users of the CAS plugin must upgrade to version 1.7.0 in combination with upgrading Jenkins core. Users of the Windows Negotiate SSO plugin must upgrade to version 136.vda_2b_6a_744b_d8 in combination with upgrading Jenkins core. Users of third-party servlet containers must upgrade their servlet container to an EE 9 version in accordance with the Jenkins Servlet Container Support Policy.
Major RFE: Upgrade Jetty from 10.0.24 to 12.0.12.
Major RFE: Allow all builds to be removed by the build discarder.
Major RFE: Remove Windows path traversal vulnerability escape hatch that was provided with the SECURITY-2481 fix..
Major Bug: Fix download of .tar.gz artifacts in Firefox.
RFE: Enhancements and refinements for the appearance of several pages in Jenkins.
RFE: Refinements and modernizations to sections of the Jenkins UI.
RFE: User properties are now categorized in different pages.
RFE: Update the design of the build history widget.
RFE: Use Notice component for views lacking jobs.
RFE: Do not edit unrelated checkboxes in rowSelectionController.
RFE: Improve display of HTTP handshake errors (such as authentication issues) from the CLI in -webSocket mode.
RFE: Use webSocket in the inbound agent command line sample.
RFE: Allow plugins to customize the maximum number of suggestions in autocomplete text fields.
RFE: Remove obsolete RekeySecretAdminMonitor.
RFE: Use makeButton to create a jenkins-button on the fly instead of using YUI.
RFE: Clarify that the plugin incompatibility message applies to the current plugin.
RFE: Add end of life dates for Alpine 3.20, Ubuntu 24.04, and Fedora 40. Correct several end of life dates, including CentOS 8.
RFE: Avoid unnecessary download of bundled plugins during the setup wizard.
RFE: Scroll fields from the added hetero-list entry into the viewport.
RFE: Modernize the build time trend page with a "time since" column and a link to the console, and allow the table to be resized. Remove the agent column for the Pipeline build trend.
RFE: When using ExitLifecycle, exit the process immediately upon a boot failure. Also allow custom lifecycles to exit immediately.
RFE: Display the source URL in logs when installing a plugin.
RFE: Allow some administrative monitors to be displayed for users with Overall/MANAGE permission.
RFE: Increase the minimum required Remoting version from 4.13 to 3107.v665000b_51092.
RFE: Update Stapler from 1880.vb_6d94a_3b_05db_ to 1881.vd39f3ee5c629 and Winstone-Jetty from 6.19 to 6.20 to let Jetty handle HTTP response compression. A new command-line option --compression can be used to disable compression if desired.
RFE: Remove idle executors from the Build Executor widget.
RFE: The latency for bringing up offline agents can be improved using a new global config option Computer Retention Check Interval and setting an In demand delay of zero on the agents.
Bug: Several bug fixes for the Jenkins UI.
Bug: Restore compatibility with plugins contributing new objects with context menus, such as the Nested Views plugin.
Bug: Make deserialization of Map fields in XML files more robust.
Bug: Restore compatibility with the OpenId Connect Authentication and Reverse Proxy Authentication plugins.
Bug: Validate display name only against items in the same ItemGroup.
Bug: Correct the styling for plugins that can't be disabled in plugin manager when user has system read permission.
Bug: Refresh the build history widget in all cases, including on background tabs or hidden tabs.
Bug: Fix IndexOutOfBoundsException in cloud management pages when the controller has no executors.
Bug: Fix the hudson.slaves.SlaveComputer.allowUnsupportedRemotingVersions escape hatch, which was previously not working with inbound agents.

Jenkins 2.462.3

Wed, 2 Oct 2024 00:00:00 +0000

Security: Security fixes.
Major Bug: No longer printing verbose and uninformative messages to $JENKINS_HOME/logs/tasks/Periodic background build discarder.log.
RFE: Upgrade Winstone from 6.18 to 6.22. Upgrade Jetty from 10.0.20 to 10.0.24.
Bug: Fix the appearance of the Plugin Manager actions dropdown.
Bug: Add escape hatch for Authenticated user access to Resource URL.
RFE: Developer: Add ExtendedReadRedaction extension point to allow plugins to redact content from config.xml files served via API or CLI to users with Extended Read permission.

Jenkins 2.462.2

Wed, 4 Sep 2024 00:00:00 +0000

RFE: Form validation now works for SecretTextArea fields.
RFE: Upgrade Spring Framework from 5.3.37 to 5.3.39. Spring Framework 5.3.38 and 5.3.39 include 8 fixes and improvements.
RFE: Upgrade Spring Security from 5.8.13 to 5.8.14. Spring Security 5.8.14 includes 2 fixes and several dependency updates.
RFE: Upgrade JUnit plugin to 1296.vb_f538b_c88630.
Bug: Change icon size in table when resizing the table.
Bug: Fix New Item page layout if no icon is defined for an item (regression in 2.453).

Jenkins 2.462.1

Wed, 7 Aug 2024 00:00:00 +0000

Changes since 2.462:

Security: Important security fixes.
RFE: Upgrade Spring Security from 5.8.12 to 5.8.13. Spring Security 5.8.13 includes 19 fixes and improvements.
RFE: Upgrade Spring Framework from 5.3.36 to 5.3.37. Spring Framework 5.3.37 includes 5 fixes and improvements.
RFE: Upgrade bundled plugins.

Notable changes since 2.452.4:

RFE: Upgrade Commons FileUpload from 1.5 to 2.0.0-M2. Users of the SAML Single Sign On (SSO) (miniorange-saml-sp) plugin should upgrade to a compatible version in lockstep with upgrading Jenkins core. Users of the OpenText Application Automation Tools (hp-application-automation-tools-plugin) plugin should wait for a compatible version before upgrading Jenkins core.
RFE: Refresh the 'New item' page.
RFE: Move Add description to app bar.
RFE: Add download option to Console output, move View as plain text and Copy buttons to app bar.
RFE: Remove Disable project button from project view.
RFE: Refresh the style of alerts.
RFE: Improve the edit build information page.
RFE: Avoid jumping layout due to tooltips.
RFE: Refine button appearances in sidebars, menus, pages and breadcrumbs.
RFE: Adjust heading weights and sizes.
RFE: Display how many users there are on the Users page.
RFE: Improve the performance of JSON parsing.
RFE: Improve the performance of file compression and decompression.
RFE: Improve startup performance when jobs have been created via REST API or command line interface.
RFE: Remove ASM dependencies from core.
RFE: The webappsDir argument to run Winstone with a directory full of WAR files has been removed without replacement.
RFE: Allow pipeline jobs to run when built-in node is offline.
Bug: Adjust side panel sizes for certain screens like iPad Pro.
Bug: Installed plugin view no longer jumps during first load.
Bug: Fix status icon animation display on Safari.
Bug: Remove tooltip when a widget is refreshed.
Bug: Honor readonly mode when displaying enumerations on pages.
Bug: After reconfiguring a static inbound agent in the GUI using fields such as WebSocket, deprecated in 2.440.x, the suggested launch instructions would incorrectly include tunnel (with no argument) even if that field had been left blank.
Bug: Fix the WorkspaceCleanupThread to consider workspaces with suffixes even if the original is nonexistent. Reduce the number of remoting calls made by WorkspaceCleanupThread.
Bug: Work around an upstream issue that could cause a hang in rare cases when two users load a configuration screen of the same type at the same time.
Bug: Handle svg cleanup via an xml document to avoid broken symbols.
Bug: Treat lines of text (mainly in build logs) as completed by a single carriage return in addition to a newline or carriage return plus newline, avoiding an out of memory error if a large number of such lines are printed in sequence.
Bug: Add new CSS classes to avoid conflicts with CSS classes from bootstrap.

Jenkins 2.452.4

Wed, 7 Aug 2024 00:00:00 +0000

Security: Important security fixes.

Jenkins 2.452.3

Wed, 10 Jul 2024 00:00:00 +0000

Major Bug: Show help text in the correct locale even if user has an alternate language option defined in their browser (regression in 2.444).
Major Bug: Correctly highlight alerts (regression in 2.452.2).
Bug: Show correct build history panel even when a '$' character is included in a tooltip of the build history data. Quote replacement string in symbol tooltips.
Bug: Update bundled structs plugin to 338.v848422169819.

Jenkins 2.452.2

Wed, 12 Jun 2024 00:00:00 +0000

Major Bug: Rename CloudSet query parameter type to cloudDescriptorName to avoid conflicts in cloud plugin implementations.
RFE: Update bundled Script Security plugin from 1335.vf07d9ce377a_e to 1336.vf33a_a_9863911.
RFE: Update bouncycastle API plugin from 2.30.1.77-225.v26ea_c9455fd9 to 2.30.1.78.1-233.vfdcdeb_0a_08a_a_.
Bug: Add new CSS classes to avoid conflicts with CSS classes from bootstrap.
Bug: Fix width of weather icons in Safari when zoomed.
Bug: Consistently notify job listeners when the job definition is updated from the REST API or command line interface.

Jenkins 2.452.1

Wed, 15 May 2024 00:00:00 +0000

Changes since 2.452:

Major Bug: After reconfiguring a static inbound agent in the GUI using fields such as WebSocket (deprecated in 2.440.x), the suggested launch instructions would incorrectly include -tunnel (with no argument), even if that field had been left blank.
Bug: If the variant plugin is installed at the same time as a plugin that has an OptionalExtension, these extensions would not be correctly discovered until the next scan for new Extensions.
RFE: Upgrade Spring Framework BOM from 5.3.33 to 5.3.34.

Notable changes since 2.440.3:

Major RFE: Remove the People view. Administrators can install the new People View plugin to restore this functionality.
Major RFE: Add specific temporary files to the Debian package for better support of Unix domain sockets. Require Debian 10 and Ubuntu 20.04 as the minimum supported versions for Debian packages.
Major RFE: Allow recursive remote file copy even if the local and remote nodes have incompatible character sets at binary level such as ISO-8859-1 and CP-1047.
RFE: Modernize progress bar UI in various locations.
RFE: Add components for dropdown items. Refer to the new Design Library Dropdowns page for implementation details.
RFE: Use the symbol for parameters in the build history of pending jobs.
RFE: Add a "copy to clipboard" button to the build console output.
RFE: Enable readonly mode for dropdown menus when using the Extended Read Permission plugin.
RFE: Remove the extra margin when viewing in read only mode.
RFE: Add a computer icon legend and a new icon for agents that are not accepting tasks.
RFE: Remove unused material icons.
RFE: Localize the Appearance link and plain text Markup Formatter for Turkish.
RFE: Make the Agent/Provision permission available in the global Security configuration when using matrix-based authorization strategies.
RFE: Do not configure an authenticator during proxy configuration via the GUI if the proxy username is blank.
RFE: Add ability for custom update centers to override the suggested plugin list.
RFE: Create an index page for heap dump creation.
RFE: Non-Pipeline builds interrupted by a controller restart will now be marked as aborted rather than failed.
RFE: Prevent authenticated access to Resource Root URL.
RFE: Update operating system end of life data for Amazon Linux, Alpine Linux, and Fedora Linux.
RFE: Use jlink to reduce Java size on Windows as we've done previously for Java on Linux.
RFE: Support Session ID for External Job Monitor to avoid HTTP 503 response.
Bug: Do not attempt to self-restart on operating systems where this is not supported.
Bug: Fix a crash when restarting Jenkins on macOS.
Bug: Set the correct owner for Jenkins.clouds after Jenkins.load().
Bug: Improve locale parsing for loading of localised help files.
Bug: Support noCertificateCheck with webSocket on the CLI.
Bug: Show an error message in progressive logs on 4xx status codes.
Bug: Avoid a stack trace from ArtifactArchiver when no artifacts are found.
Bug: Restore performance displaying build artifacts when using remote artifact managers such as in S3. A security fix in 2.394 caused a substantial slowdown that is now resolved.
Bug: Adjust heap dump file name for compatibility with OpenJDK file suffix requirements.
Bug: Fix build button rendering for Dashboard View plugin.
Bug: Change focus in the new item page only if from has a valid job name.

Jenkins 2.440.3

Wed, 17 Apr 2024 00:00:00 +0000

Security: Security fix.
Bug: Ensure threads in the Computer.threadPoolForRemoting executor service always have the Jenkins webapp ClassLoader set as the context ClassLoader to prevent random class loading issues when code is running in this ExecutorService.
Bug: Customization of agent log files did not work for inbound agents.
RFE: Update Spring Security to 5.8.11. Update Spring Framework to 5.3.33.
RFE: Update bundled Trilead API Plugin to 2.84.86.vf9c960e9b_458.
RFE: Update Apache Mina in the CLI from 2.11.0 to 2.12.1.
RFE: Upgrade bundled plugins.

Jenkins 2.440.2

Wed, 20 Mar 2024 00:00:00 +0000

Security: Important security fix.
RFE: Upgrade Winstone from 6.16 to 6.18. Upgrade Jetty from 10.0.18 to 10.0.20.
RFE: Do not show empty tooltips.
Bug: Restore progress animation in build history and build time trend views (regression in 2.434).

Jenkins 2.440.1

Wed, 21 Feb 2024 00:00:00 +0000

Changes since 2.440:

Security: Important security fixes.
Major Bug: Fix missing folder icons.
Bug: Update the bundled Matrix Project Plugin from 818.v7eb_e657db_924 to 822.824.v14451b_c0fd42.
Bug: Find selected radio option when validating instead of the last one used.

Notable changes since 2.426.3:

Major RFE: Add an Appearance category to the setup wizard.
Major RFE: Add missing *_fr.properties in win32errors and hudson, lib, and Jenkins resources. Translate hudson/Messages.properties, hudson/model/Messages.properties, and jenkins/model/Messages.properties into French.
Major RFE: Update to various UI elements. Style widget panes to match Jenkins. Modernize icons, controls, and fonts.
RFE: Add telemetry for basic Java system properties describing the environment.
RFE: Turkish localization fixes for build, login, and user management pages.
RFE: Fix a minor memory leak in a Remoting log statement. Add forward proxy support for WebSocket. Support custom certificate options for WebSocket.
RFE: Remove build timeline widget from the build history pages of views, jobs, and agents.
RFE: More consistently report errors launching outbound agents.
RFE: Stop recommending JNLP URL in agent launch instructions.
RFE: Deprecate all configurable options in Launch agent by connecting it to the controller (inbound in JCasC), as these are only useful in conjunction with the deprecated jnlpUrl mode.
RFE: The jnlpUrl ${JENKINS_URL}/computer/${AGENT_NAME}/jenkinsagent.jnlp argument to the agent JAR has been deprecated. Use url ${JENKINS_URL} and name ${AGENT_NAME} instead, potentially also passing in webSocket, tunnel, and/or work directory options as needed.
RFE: Removed deprecated and unused class UserProperties.
RFE: Deactivate the administrative monitor when all previously offline agents are again online.
RFE: Prepare node monitors to work with configuration as code.
RFE: Rework node monitor configuration.
RFE: Allow configuration of disk thresholds globally and for each agent. Improve the warning when disk space is too low. Ensure agents are taken offline when disk space is low.
RFE: Fail fast when attempting to load a broken plugin that contains the Jenkins test harness in production.
RFE: Add packaging support for Unix domain sockets.
RFE: Accept all 2xx and 3xx status codes to validate proxy in HTTP Proxy Configuration.
RFE: Ensure uptime is independent of system clock.
RFE: Show monitoring data on agent page.
RFE: Use a notification and Jenkins modal for 'Apply' button failures.
RFE: BootFailure subclasses can now override the Jenkins startup failure page.
RFE: Reduce the window of time during which a crash may lead to an inconsistent state on Linux.
Bug: Restore printing output from println and similar methods for the groovy CLI command (regression in 2.427).
Bug: Refer to the correct option in the security configuration help text.
Bug: Restore security configuration help text and remove obsolete help text.
Bug: Some agent-related objects could be kept in memory after being disconnected and removed from the computer list.
Bug: Avoid incorrect styling when deleting the first of two shell steps in a job definition.
Bug: Prevent a deadlock that can occur when loading PermalinkProjectAction.Permalink.
Bug: Display strings consistently in the requested language when running Jenkins in a JVM with a non-english locale.
Bug: Fix nested job link in mobile view.
Bug: Do not show option to copy items when there are no items visible.
Bug: Display correct time zone in build history.
Bug: The tunnel property on an inbound agent was inadvertently broken for JCasC usage in 2.437. It remains deprecated and usages should be deleted (regression in 2.437).
Bug: Fix SimpleScheduledRetentionStrategy on inbound agents. Allow suspended inbound agents to again accept tasks when they are reconnected and the configured scheduling policy is enabled.
Bug: Remove code that may have caused an agent-side hang under a rare race condition.
Bug: Reduce the likelihood of thread creation errors on agents.

Jenkins 2.426.3

Wed, 24 Jan 2024 00:00:00 +0000

Security: Important security fixes.
Bug: Avoid repeated tool downloads from misconfigured HTTP servers.
Bug: Fix redirect when renaming a cloud.

Jenkins 2.426.2

Wed, 13 Dec 2023 00:00:00 +0000

RFE: Warn users at 12 months prior to end of Java support and again at 3 months prior to end of Java support.
Bug: Add support for Unix Domain Sockets. Upgrade Winstone from 6.14 to 6.16. Upgrade Jetty from 10.0.17 to 10.0.18.

Jenkins 2.426.1

Wed, 15 Nov 2023 00:00:00 +0000

Changes since 2.426:

Major Bug: Show form validation results for form elements that are initially hidden. Remove previous form validation errors when the form validation is updated with new content (regression in 2.355).
Major Bug: Fix multibranch Pipeline Add source and other uses that mix inputs and buttons (regression in 2.422).
Major Bug: Add sleep call when -noReconnect is not specified for Kubernetes agents.
Major Bug: Add proxy support for Remoting.
Major Bug: Fix agent allocation due to label issue detected by vSphere Cloud plugin (regression in 2.421).
Major Bug: Fix drag and drop handle for existing repeatables (regression in 2.335).
RFE: Add telemetry for Jenkins uptime.
Bug: Show the description of boolean build parameter values on the Parameters view (regression in 2.179).
Bug: Allow clouds to be reordered. This was previously possible, but disappeared when the cloud management was moved to a separate page (regression in 2.403).
Bug: Update SnakeYAML plugin to 2.2 to silence security scanners.

Notable changes since 2.414.3:

Major RFE: Support Java 21 in addition to Java 11 and Java 17.
Major RFE: Remove outdated Prototype.js library.
Major RFE: Stop delivering CentOS 7 container images as part of the end of support for Red Hat Enterprise Linux 7 and its derivatives.
Major RFE: Replace browser confirm with modal dialogs in many places. Add API for alert, confirm, prompt, modal and form dialogs.
Major RFE: Updates to various UI elements. Modernize buttons, menus, link design, and content blocks.
Major RFE: Add Appearance system configuration page to customize Jenkins' look and feel.
Major RFE: Various performance optimizations. Optimizations for loading, label parsing, and project deletion.
Major Bug: Prevent incorrect readResolve implementations from breaking agent label parsing.
RFE: Automate the display of an administrative monitor when approaching Java end of life (EOL) dates.
RFE: Remove System V initialization scripts from RPM based installers. The System V initialization scripts were replaced in March 2022 with systemd initialization. RPM users with a custom log directory no longer have a logrotate(8) configuration out-of-the-box.
RFE: Add a nicer 404 error page.
RFE: The minimum required Remoting version has been increased from 4.7 to 4.13.
RFE: List plugins in deterministic order to improve diagnosability of plugin linkage errors.
RFE: Display a notice when plugin updates are available or when there are no plugins installed.
RFE: Remove the treeview option for artifactList.
RFE: Log agent usage by job.
RFE: Make tab panes accessible via keyboard.
RFE: Add allow-same-origin to the sandbox ContentSecurityPolicy directive of workspace and artifact browsers if the Resource Root URL feature is not used. Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests.
RFE: Updates to Turkish localization for jobs.
RFE: Remove the rebuild plugin from the setup wizard plugin selection.
RFE: Stop shipping net.sf.kxml:kxml2 because Jenkins no longer depends on it.
Bug: Prevent log spam when using the Jenkins security database and users signup.
Bug: Show a confirmation popup when triggering a task action from a context menu.
Bug: Hide the delete button from the only repeatable element in configuration forms when at least one element is expected.
Bug: Symbols display in breadcrumbs now.
Bug: Message no longer appears twice when the agentLog option is used.
Bug: Hide administrative monitors icons/popup in the header of Manage Jenkins, as they're shown directly on the page.
Bug: Fix link to job in the message informing administrators of trigger computations that run for an unusually long time.
Bug: Use standard size node icon even with long node names.
Bug: Add the X-Content-Type-Options HTTP header to the response from the agent listener. Silence security scanners that incorrectly report an issue when the HTTP header is missing.
Bug: Estimate project duration accurately in more cases.

Jenkins 2.414.3

Wed, 18 Oct 2023 00:00:00 +0000

Security: Important security fix.
Major RFE: Use Java 17 as the default Java version in container images that do not specify a Java version in the container label.
Major RFE: Update commons-compress from 1.23.0 to 1.24.0.
Major Bug: Do not create a large number of threads when making numerous HTTP requests.
Major Bug: Reduce high memory usage from XStream2.AssociatedConverterImpl (regression in 2.405).
RFE: Add telemetry collecting basic information about the security configuration.
RFE: Upgrade Winstone from 6.12 to 6.14. This includes the upgrade of Jetty from 10.0.15 to 10.0.17. The Jetty upgrade includes fixes for several CVEs.
Bug: Restore context menus of model links in build history views and administrative monitors (regression in 2.402).

Jenkins 2.414.2

Wed, 20 Sep 2023 00:00:00 +0000

Security: Important security fixes.
Major RFE: Add allow-same-origin to the sandbox Content-Security-Policy directive of workspace and artifact browsers if the Resource Root URL feature is not used. Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests.
Major Bug: The plain text console log will still be printed even if some console annotations are corrupt.
Bug: New login page breaks login-theme-plugin (regression in 2.404).
Bug: Fix invalid CSS which caused some buttons to become invisible on hover (regression in 2.402).

Jenkins 2.414.1

Wed, 23 Aug 2023 00:00:00 +0000

Changes since 2.414:

Security: Important security fix.
Major RFE: Update Debian images to version 12.0 (bookworm).
RFE: Add last build status to job page.
Bug: Remove rebuilder plugin from the setup wizard plugin selection.
Bug: Only disable the plugin manager "install" button if no plugins are selected (regression in 2.414).

Notable changes since 2.401.3:

Major RFE: Update to various UI elements. Update appearance and framework for dropdown links. Modernize forms and pages.
Major RFE: Update UI and function of Log Recorder. Display a notice when there are no logs available.
Major RFE: Allow cancelling the quiet down mode of a safe restart with an optional custom message for safe restarts (with new default message). Use a less dangerous color for the safeRestart banner. Allow setting the full prepareShutdown message instead of only the reason. Show a hint on the "Jenkins Unavailable" page about safe restarts.
Major Bug: Prefix the name of input elements of ListView to prevent form submission issues when an Item (job) is named elements.
RFE: Use dialogs to delete computers, views, clouds, users and log recorders instead of dedicated pages.
RFE: Improve Content Security Policy compatibility.
RFE: Upgrade Winstone from 6.10 to 6.12. This includes the upgrade of Jetty from 10.0.13 to 10.0.15. Add or update MIME types for JavaScript files, JavaScript module files, AV1 Image File (AVIF) files, Web Open Font Format (WOFF) files, and WebAssembly files.
RFE: Update to sign-in page on desktop and mobile. Remove animations and modernize page.
RFE: Update to Builds widget UI.
RFE: Rework clouds management into multiple pages to better scale to large numbers of clouds. Users of EC2 Plugin should update it to version 2.0.7 or newer for compatibility.
RFE: Add Japanese translation of Apply.
RFE: Switch the double-launch checker to a regular administrative monitor.
RFE: Add support for jakarta.inject annotations.
RFE: Reduce the circumstances under which recent old builds will be loaded when starting new builds.
RFE: Refinements to class loading behavior looking up special formatters for XML configuration files.
RFE: Add a user experimental flag to run Jenkins without Prototype.js. Plugin authors should enable this flag and fix any issues that result from the removal of Prototype.js. In the future Prototype.js will be removed from Jenkins core.
RFE: Make "Skip to content" link visible through keyboard navigation.
Bug: Fix update center proxy configuration hyperlink in error messages.
Bug: Fix support of clouds without a config.jelly file.

Jenkins 2.401.3

Wed, 26 Jul 2023 00:00:00 +0000

Security: Important security fix.
Bug: Remove incorrect text from JENKINS_HOME help.

Jenkins 2.401.2

Wed, 28 Jun 2023 00:00:00 +0000

Major RFE: Warn administrators when their Linux operating system is approaching end of life.
RFE: Upgrade from Guice 5 to 6.

Jenkins 2.401.1

Wed, 31 May 2023 00:00:00 +0000

Changes since 2.401:

Security: Important security fix.
Bug: Fix the writing of emojis to XML (regression in 2.403).
Bug: Do not write NUL values to XML files. A technically illegal #x0 (NUL) could be written to Jenkins XML files but could no longer be read. Now the write will fail as well (regression in 2.398).
Bug: Remove "undefined" trailing text from system dropdown menu.
Bug: Fix the warning icon in the workspaces temporary directory message.
Bug: Show full width filter field for builds on pages less than 970 pixels wide.

Notable changes since 2.387.3:

RFE: Simplify the names of the settings in Manage Jenkins.
RFE: Use a card layout instead of a table for the dashboard on mobile.
RFE: Refresh the Build with Parameters interface.
RFE: Revamp icon legend as a modal.
RFE: Refresh the design of the About Jenkins page.
RFE: Running pipeline build logs can now be displayed across controller restarts without reloading in some environments.
RFE: Introduce user experimental flags.
RFE: Add a copy button for the code snippets that start agents and for the Jenkins home directory. Warn user that copy button requires HTTPS.
RFE: The default connection mode for the Java CLI client is now webSocket. You can specify http to continue to use the former default (for example because you are running Jenkins in a servlet container other than the recommended builtin Jetty, or because you are running an unusual reverse proxy which does not support WebSocket). You can also continue to specify ssh to use SSH transport (for example because you prefer to authenticate with a private key rather than an API token), or use a native SSH client.
RFE: Simplify loading of JavaScript and CSS. Users of OWASP DependencyTrack must upgrade to 4.3.1 or later, and users of ServiceNow CI/CD must upgrade to 2.1 or later.
Bug: Fix null pointer exception on the "Manage Jenkins" page when HTTP/2 is enabled.
Bug: Hide the Restart Jenkins checkbox in the update center if the controller doesn't support it.
Bug: Move set node temporarily offline/online buttons to appbar.
RFE: Upgrade Spring Framework from 5.3.26 to 5.3.27.
RFE: Upgrade bundled Winstone from 6.7 to 6.10. Add the excludeProtocols option. Improve logging during shutdown.

Jenkins 2.387.3

Wed, 3 May 2023 00:00:00 +0000

Bug: Restore New Node button in computer overview for users with node creation permission.
Bug: Fix Delete Build button text overflow.
Bug: Hide Restart Jenkins checkbox in the update center if the controller doesn't support it.
Bug: Support emojis in Job DSL scripts.

Jenkins 2.387.2

Wed, 5 Apr 2023 00:00:00 +0000

Major Bug: Adjust WebSocket idle timeout to 60 seconds by default, to avoid "WebSocketTimeoutException: Connection Idle Timeout" issues.
Bug: Restore the redirect destination of the pluginManager/installNecessaryPlugins API endpoint.
Bug: Update bundled plugins to include fixes announced in 2023-01-24 and 2023-02-15 Jenkins security advisories.
RFE: Sign WAR file and Windows installer with new code signing certificate.

Jenkins 2.387.1

Wed, 8 Mar 2023 00:00:00 +0000

Changes since 2.387:

Security: Important security fixes.
Major Bug: Move 'set node temporarily offline/online' buttons to app-bar to make them clickable again (regression in 2.385).
Major Bug: Allow WebSocket agent connections to time out after 5m if a write never succeeds.
Major Bug: Fix the TcpSlaveAgentListenerRescheduler functionality. TcpSlaveAgentListener is automatically restarted on failure.
Bug: Add script-security update to LTS baseline.
Bug: Do not submit empty telemetry data if an error occurred during data collection.
Bug: Update bundled Apache Mina SSHD API plugins from 2.9.1-44.v476733c11f82 to 2.9.2-50.va_0e1f42659a_a.
RFE: Limit the maximum number of search results.

Notable changes since 2.375.3:

Major RFE: Update to various UI elements. Modernize table display, page layout, and buttons.
Major RFE: Add missing breadcrumb items in various locations.
Major RFE: Update ANTLR2 grammars and code to ANTLR4.
Major RFE: Update Spring Security from 5.7.4 to 5.8.0. This update includes several fixes and improvements.
Major RFE: Set default file size rotation of AsyncPeriodicWork / AsyncAperiodicWork task logs to 10MB.
Major RFE: Update appearance of tooltips and replace old library with Tippy.js.
Major Bug: Several fixes and improvements for Websocket agents.
RFE: The minimum required Remoting version has been increased to 4.7 (released on February 16, 2021).
RFE: Add telemetry related to distributed builds.
RFE: Add telemetry for activation of permissions that are not enabled by default.
RFE: Remove the notice in the plugin manager Updates tab about newer plugin versions not compatible with your current core version. Limit the display of updates to plugin versions actually being offered by the update center for your core version.
RFE: Show recommended actions, such as "update affected plugins", in security warnings popup.
RFE: Jenkins no longer bundles a patched version of the deprecated Commons HttpClient 3.x library for use by plugins. Plugins should be migrated to the native Java 11 HTTP client or updated to depend on the legacy Commons HttpClient 3.x API plugin.
RFE: Remove the deprecated Multijob plugin from the setup wizard.
RFE: Remove the deprecated WMI Windows Agents plugin from the setup wizard.
RFE: Do not report implied dependencies for WMI Windows Agents plugin.
RFE: Avoid unnecessary configuration save when reloading configuration from disk.
RFE: Robustness improvement regarding build number collisions.
RFE: Remove support for log rotation via SIGALRM. The command-line argument --daemon has been removed.
Bug: Improve tooltip performance.
Bug: Fix the update of disabled plugins.
Bug: Close connection on the agent if the agent's liveness ping receives no response.
Bug: Delay initialization of cryptography needed for TCP inbound agents unless and until such an agent is connected.
Bug: Delete .disabled files when uninstalling a plugin.
Bug: Fix a race condition affecting the launch of inbound agents.
RFE: Upgrade XStream from 1.4.19 to 1.4.20. This maintenance release addresses the security vulnerabilities CVE-2022-40151 and CVE-2022-41966, causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types.
RFE: Upgrade Guice from 5.0.1 to 5.1.0. Guice 5.1.0 contains eight fixes and improvements.
RFE: Upgrade Spring Framework from 5.3.23 to 5.3.24.

Jenkins 2.375.4

Wed, 8 Mar 2023 00:00:00 +0000

Security: Important security fixes.
RFE: Limit the maximum number of search results.

Jenkins 2.375.3

Wed, 8 Feb 2023 00:00:00 +0000

Bug: Resolve implied dependencies on WMI Windows Agent plugin.
Bug: Prevent Angry Jenkins when checking a non http(s) based update center URL.
Bug: Remove negative letter-spacing to improve legibility in some languages and fonts (regression in 2.340 + 2.350).
Bug: Restore link to last breadcrumb in Console view.

Jenkins 2.375.2

Wed, 11 Jan 2023 00:00:00 +0000

RFE: Add telemetry related to distributed builds.
Major Bug: Wait for 10 seconds before attempting to reconnect a WebSocket agent, regardless of whether or not the controller is responding.
Major Bug: Memory leak when repeatedly connecting WebSocket agents.
Bug: Updated bundled Script Security plugin from 1189.vb_a_b_7c8fd5fde to 1190.v65867a_a_47126. Updated JUnit plugin from 1156.vcf492e95a_a_b_0 to 1160.vf1f01a_a_ea_b_7f.
Bug: Fix console-view bouncing when new entries appear.

Jenkins 2.375.1

Wed, 30 Nov 2022 00:00:00 +0000

Changes since 2.375:

Major Bug: Prevent potential deadlocks on websocket agents.
Major Bug: Fix Gravatar error on profile page (regression in 2.335).
RFE: Add telemetry for activation of permissions that are not enabled by default.

Notable changes since 2.361.4:

Major RFE: Update to various UI elements. Modernize icons, navigation, and buttons.
Major RFE: Improve breadcrumb bar accessibility.
Major RFE: Update the design of notifications.
Major RFE: Update the weather and status icons.
Major Bug: Prevent a stack overflow when loading a queue (regression in 2.361).
RFE: Winstone 6.6: Upgrade Jetty from 10.0.11 to 10.0.12. Remove support for OpenSSL-style PEM-encoded RSA private keys when running Jenkins with the embedded Jetty (Winstone) container and TLS. The flags --httpsPrivateKey and --httpsCertificate have been removed. The flags --ajp13Port and --ajp13ListenAddress have been removed. The flags --handlerCountMax and --handlerCountMaxIdle have been removed. The flags --toolsJar and --useJasper have been removed. Support HTTP/2 without the use of a custom --extraLibFolder option.
RFE: Add sidebar to plugin manager, increase search bar size.
RFE: Add support for Apple's touch bar icons.
RFE: Removed: The signed jenkins-parent-${JENKINS_VERSION}-src.zip source archives have been removed from Artifactory for future releases. Users who wish to download source archives for offline consumption are encouraged to do so via GitHub.
RFE: Display email form validation errors near the data entry field in the setup form.
RFE: Show recommended actions (e.g., to update affected plugins) in security warnings popup.
RFE: Clarify safe restart won't wait for Pipeline jobs.
RFE: Allow form checker to check more than one thing at a time.
RFE: Add documentation for the --paramsFromStdIn and --version command-line options.
Bug: Fix sorting of British currency in tables.
Bug: Improve build progress animation when refreshing parts of the history/executors widget.
Bug: Fix the resize behavior of Execute Shell build steps.
Bug: Fix searchBar is null issue in setup wizard and when using custom Jenkins headers.
Bug: Ensure that temporary network partitions do not cancel the WebSocket ping thread (regression in 2.363).

Jenkins 2.361.4

Sun, 13 Nov 2022 00:00:00 +0000

Major Bug: Prevent a stack overflow when loading a queue (regression in 2.361).

Jenkins 2.361.3

Wed, 2 Nov 2022 00:00:00 +0000

Major Bug: Fix a race condition that causes file descriptor leaks when cloud agents are created (regression in 2.294).
Bug: Model link chevron is not in center in user build cause on console log.
Bug: Table columns get wider or smaller depending on the sort selection.

Jenkins 2.361.2

Wed, 5 Oct 2022 00:00:00 +0000

Major Bug: Fix thread safety in websockets handling.
Bug: Fix the resize behavior of Execute Shell build steps (regression in 2.321 or 2.357).
Bug: Fix a potential FileAlreadyExistsException error on startup on systems with slow I/O.
Bug: Fix Plugin Manager selection buttons appearance.
Bug: Fix Java version check in /etc/init.d/jenkins.
Bug: Properly reset attributes of cached symbols.

Jenkins 2.361.1

Wed, 7 Sep 2022 00:00:00 +0000

Changes since 2.361:

Security: Important security fix.
Major RFE: Winstone 6.1: Upgrade Jetty from 9.4.46.v20220331 to 10.0.11. Remove support for OpenSSL-style PEM-encoded RSA private keys when running Jenkins with the embedded Jetty container and TLS.
Major RFE: Update to various UI elements. Modernize tables, forms, and progress bars.
Major Bug: Fix an error when rebuilding jobs triggered by polling (regression in 2.358).
Major Bug: Update Jenkins pom from 1.83 to 1.84. Ensure jar files and javadoc are up to date for 2.361.1.
Bug: Upgrade Remoting from 3025.vf64a_a_3da_6b_55 to 3044.vb_940a_a_e4f72e to improve performance of previous fix for java.lang.OutOfMemoryError: unable to create new native thread on agents.
Bug: Use correct icon lookup, even when plugin ID includes multiple occurrences of "plugin".
Bug: Fix sorting list of installed plugins by timestamp in plugin manager (regression in 2.274).
Bug: Build number cut off on Safari (regression in 2.344).
Bug: Script console input box is not sizeable, yet the box looks like it is (regression in 2.321).
Bug: Developer: Temporarily restore compatibility with PowerMock-based tests (regression in 2.361.1 RC 1). PowerMock will be completely removed on or after June 1, 2023.

Notable changes since 2.346.3:

Major RFE: Require Java 11 or newer.
Major RFE: New design for project configuration page. Navigation links available on left side of screen.
Major RFE: Update to various UI elements. Modernize tables, forms, and progress bars.
RFE: The instance-identity module has been converted to a detached plugin.
RFE: Update the minimum required Remoting version to 4.2.1.
RFE: Keyboard shortcut added to focus global search bar (⌘ + K/CTRL + K).
RFE: Blocked upstream projects in the queue block downstream projects when the option "Block build when upstream project is building" is enabled for the downstream project. Similarly, blocked downstream projects in the queue block upstream projects when the option "Block build when downstream project is building" is enabled for the upstream project.
RFE: Add breadcrumbs to "Manage Jenkins" and children of it. Developers should ensure they use relative links for navigating between pages if they are a child of "Manage Jenkins".
RFE: Use native Java Platform functionality rather than Ant to load classes. The old behavior can be restored by setting -Dhudson.ClassicPluginStrategy.useAntClassLoader=true.
RFE: Remove Java Web Start support for launching inbound agents, along with the GUI mode, the platform-specific agent installers, and the JAR signature.
Bug: Connect breadcrumb context menus to items in subfolders.
Bug: Fix websocket reconnection in edge cases. Upgrade from Remoting 4.13 to 3044.vb_940a_a_e4f72e.
Bug: Revert prior attempts to make log records collectible by limiting discarded messages.

Jenkins 2.346.3

Wed, 10 Aug 2022 00:00:00 +0000

RFE: Upgrade Spring Framework from 5.3.19 to 5.3.20.
Bug: Revert prior attempts to make log records collectible by limiting discarded messages.
Bug: Connect breadcrumb context menus to items in subfolders.
Bug: Improve progress bar visibility in shaded rows.
Bug: Update Remoting from 4.13.2 to 4.13.3 to improve performance of previous fix for java.lang.OutOfMemoryError: unable to create new native thread on agents.

Jenkins 2.346.2

Wed, 13 Jul 2022 00:00:00 +0000

RFE: Remove deprecated Docker plugin installation script install-plugins.sh. Use plugin installation manager tool through the jenkins-plugin-cli script in the Docker image.
Bug: Ignore duplicate log recorders keyed by same name.
Bug: Display job icons correctly on the Jenkins dashboard, even when a non-empty context path alters the URL (regression in 2.346.1).
Bug: Show all log messages when an inbound agent fails to connect (regression in 2.310).
Bug: Plugins selected for update cannot be unselected once the update has started.
Bug: Fix offset of radio buttons when selected.
Bug: Make previous boot attempt timestamps available to boot-failure.groovy startup hooks (regression in 2.308).

Jenkins 2.346.1

Wed, 22 Jun 2022 00:00:00 +0000

Changes since 2.346:

Security: Important security fixes.
RFE: Remove SSH Plugin from setup wizard plugin selection.
RFE: Allow running on Java 17 without --enable-future-java.
RFE: Show remote class loader statistics of agents with new table layout.
Bug: Fix indistinguishable build scheduling icon when the job is already in-queue (regression in 2.321).
Bug: Fix the position of the help button when it is not directly attached to an object (regression in 2.320).
Bug: Restore actions icon size lookup (regression in 2.341).
Bug: Fix a runtime error when viewing the build time trend on Java 17.
Bug: Provide supporting infrastructure to enable Pipeline: Groovy to work around a metaspace memory leak for users running Pipeline jobs on Java 11.
Bug: Restore the frame color of the build progress bar of the executor widget.
Bug: Keep the Save and Apply buttons in front of menus (regression in 2.337).
Bug: Fix WebSocket reconnection in edge cases. Upgrade from Remoting 4.13 to 4.13.2.
Bug: Fix class attribute for Jenkins Symbols using <l:icon … />.
RFE: Update bundled Script Security Plugin from 1.75 to v35f6a_0b_8207e Update bundled WMI Windows Agents Plugin from 1.0 to 1.8.1

Notable changes since 2.332.4:

Major RFE: Modernise form components and Jenkins UI.
Major Bug: Update Remoting from 4.11.2 to 4.13 to allow Java Web Start agents to connect (regression in 2.318). Allow agent reconnects on Java 11 and WebSocket. Prevent infinite loop in case of a closed SSL connection.
RFE: Reject connections from agents with unsupported Remoting versions.
RFE: Update site warnings can now be configured with Configuration as Code. Allow setting a user's primary view via Configuration as Code.
RFE: Remove support for RoleChecker#check(RoleSensitive) calls which were added again in Jenkins 2.319. All remoting Callable implementations need to perform an actual role check as documented.
RFE: Remove the Java Native Runtime (JNR) library from Jenkins core.
RFE: Remove unused glibc package from Alpine-based Docker images.
RFE: Remove unnecessary packages from Debian-based Docker images.
RFE: Winstone 5.24 - Add an option to write the listening port to a file. Remove automatic self-signed certificate if TLS is specified but no keystore
Bug: Render the question mark on the new help button only once so that it is not shown twice, even while using different themes.
Bug: Wait for the computation to finish when triggering a new build while the build graph is being recomputed. This guarantees that recently updated build triggers are executed.
RFE: Add slim Debian-based JDK 17 Docker image.
RFE: Add Alpine-based JDK 17 Docker image.

Jenkins 2.332.4

Wed, 22 Jun 2022 00:00:00 +0000

Security: Important security fixes.
RFE: Remove SSH Plugin from setup wizard plugin selection.

Jenkins 2.332.3

Wed, 4 May 2022 00:00:00 +0000

Major Bug: Avoid a deadlock between agent class loading and logging.
RFE: Replace the computer-flash GIF icon with the hourglass icon.
RFE: Make "View build information" pages readonly for users who don't have permission.
RFE: Upgrade bundled Jackson 2 API plugin from 2.12.0 to 2.13.2.20220328-273.v11d70a_b_a_1a_52.
Bug: Allow filtering updates in plugin manager by plugin ID (regression in 2.320).
Bug: Display log entries with missing logger names in the log viewer.
Bug: Preserve load statistics data for label expressions.
Bug: Fix bad encoding of security warnings in French showing special characters.

Jenkins 2.332.2

Wed, 6 Apr 2022 00:00:00 +0000

RFE: Show warning dialog if Java 8 is selected in Windows installer.
Bug: Prefer --httpPort from JENKINS_ARGS over HTTP_PORT when the two differ.
Bug: Remove unnecessary log spam when starting Jenkins under systemd on Debian 11 (regression in 2.333 and 2.332.1).
Bug: Don't show build status on jobs that are not yet built (regression in 2.321).
Bug: Ensure inbound agent restart logic is applied.
Bug: Recover gracefully after incorrect merge of /etc/sysconfig/jenkins on Red Hat-based systems.

Jenkins 2.332.1

Wed, 9 Mar 2022 00:00:00 +0000

Changes since 2.332:

RFE: Switch Linux installers from System V init to systemd.
RFE: Update the bundled Matrix Project plugin from 1.18 to 1.20.
RFE: Update bundled Display URL API plugin to prevent issues starting the mailer plugin for offline installations.
Bug: Keep the same height when dragging and dropping a component (regression in 2.277).
Bug: Correctly render expandable text boxes into multiple lines (regression in 2.197 and 2.176.4).
Bug: Show correct feature name in tooltips of help links (regression in 2.179).
Bug: Launch only one agent to satisfy cloud agent requests that use label expressions.
Bug: Truncate long build names again (regression in 2.332).
Bug: Overwrite grey balls icon with the modern "not built" status.
Bug: Render the question mark on the new help button only once so that it is not shown twice, even while using different themes.
Bug: Update remoting from 4.11 to 4.12 to allow Java web start agents to connect (regression in 2.318).
Bug: Restart systemd service when the controller exits unexpectedly.
Bug: Restart the Jenkins service after plugin updates on Debian 11 (bullseye).

Notable changes since 2.319.3:

Major RFE: Always enable the agent-to-controller security subsystem. Remove the admin-customizable allowlists for callables and file paths. Remove the ability to access some files on the controller from agents. Use the Plugin Manager to upgrade incompatible plugins.
Major RFE: Upgrade the Guava library from 11.0.1 (released on January 9, 2012) to 31.0.1 (released on September 27, 2021). Plugins have already been prepared to support the new version of Guava. Use the Plugin Manager to upgrade all plugins before and after upgrading Jenkins.
RFE: Modernise the table design. Add support for Ionicons. Improve the usability and layout of the 'Plugin Manager' page with better controls and a 'Report an issue' link for each plugin. Update the 'New view', 'New node', 'About', 'System Info', and 'Log Recorder' pages.
RFE: Allow the plugin manager to upload by URL in addition to upload by file name.
RFE: Improve visualization of the 'Environment Variables' page.
RFE: Improve artifact list readability in dark theme.
RFE: Use CSS animation for console progress.
RFE: Remove support for plugins written in JRuby or Jython. JRuby support has been removed from the Stapler web framework used in Jenkins core. Plugins written in JRuby and Jython have not been distributed by update center since January 22, 2022.
RFE: Remove support for setting the Jenkins home directory via Java Naming and Directory Interface (JNDI).
RFE: Developer: Provide a stable version of ObjectWebASM (currently 9.1) on the classpath.
RFE: Developer: Use the upstream version of AntClassLoader without custom patches.

Jenkins 2.319.3

Wed, 9 Feb 2022 00:00:00 +0000

Security: Security fix.
Bug: Fix ClassNotFoundException: io.jenkins.cli.shaded.org.w3c.dom.Node when using JAXB.
RFE: Upgrade the XStream library from 1.4.18 to 1.4.19. Addresses the CVE-2021-43859 security vulnerability when unmarshalling highly recursive collections or maps causing a Denial of Service.
Bug: Launch only one agent to satisfy cloud agent requests that use label expressions.

Jenkins 2.319.2

Wed, 12 Jan 2022 00:00:00 +0000

Security: Security fix.
RFE: Only apply trimLabels operation to affected nodes when adding or removing them.
RFE: Improve FilePath telemetry collection and its description.

Jenkins 2.319.1

Wed, 1 Dec 2021 00:00:00 +0000

Changes since 2.319:

Bug: Do not attempt to canonicalize tar entries when untaring, as the result may be unexpected for symlinks.
Bug: Fix form submission for file access rules of agent to controller security subsystem (regression in 2.111).
Bug: Fix missing hyperlink in build history (regression in 2.314).
Bug: An exception thrown by a RestartListener no longer leaves Jenkins in a zombie-like state.
Bug: Prevent LinkageError during class loading (regression in 2.309).
Bug: Show ongoing first build in build history (regression in 2.314).
Bug: Jenkins startup could hang due to a deadlock in class loading.
Bug: Display the "Configure System" icon in the drop down menu.

Notable changes since 2.303.3:

Major RFE: Replace the term "master" for the main Jenkins application with "controller" or "built-in node" in user interface strings and documentation. New installations get the new node and label immediately. Existing installations do not change the node name (e.g. NODE_NAME environment variable) or label of the built-in node until an administrator explicitly performs the migration. If a job definition, Pipeline definition, or tool installer reference must be tied to the built-in node, it should use the label "built-in".
RFE: Modernise the "Manage Jenkins" screen.
RFE: Modernise the "Build History" search bar.
RFE: Update appearance for feed bar and description button to be modern and consistent.
RFE: Improve layout of console output header.
RFE: Show new status icons in build history.
RFE: Update tooltips to be consistent across Jenkins.
RFE: Use SVGs over PNGs for the sidebar when possible. Breadcrumb bar/logo/menu items are now correctly aligned on the left together. Move old war/images folder to webapp so they can be used in frontend - the SVGs are now in the webapp/images/svgs folder.
RFE: Replace the old icons with the new SVG icons in the job trend page.
RFE: Graphs now scale correctly on high resolution screens.
RFE: Screen resolution cookie now has the secure flag set when Jenkins is running on HTTPS.
RFE: Deprecate the -cp option in the remoting agent.jar command line. Upgrade from Remoting 4.10 to Remoting 4.11.
RFE: When the buildWithParameter API is called, if the requests with the same parameters in the queue are merged, the http response code of the request uses a more appropriate 303(see other) instead of 201(created).
Bug: Fix wrong parameter type for Text Parameter when triggering a build via the buildWithParameters API call.
Bug: Use the JVM's default keystore type for the Jenkins server when terminating TLS connections within Jenkins. Used if Jenkins is started with the --httpsPort argument. Winstone 5.21: Update Jetty from 9.4.42.v20210604 to Jetty 9.4.43.v20210629.
Bug: Correction of label expression including a "implies" relationship without spaces around.
Bug: Fix agent handshake when connecting over Websocket on Java 11. Upgrade from Remoting 4.10 to Remoting 4.11.
RFE: Remove deprecated, unsafe classes previously copied from Apache Ant. Docker Slaves plugin is incompatible with this change.
RFE: Load classes from plugins in parallel for faster startup on multicore machines.
RFE: Remove the Woodstox implementation of the StAX API from Jenkins core. Users of the Azure Artifact Manager, Azure Container Agents, Azure Storage, and Azure SDK API plugins must upgrade those plugins to the latest versions in lockstep with this core upgrade. Plugins that consume Woodstox should depend on it directly or via the Jackson 2 API plugin.
RFE: Internal: Experimental support for URLClassLoader can be enabled by setting hudson.ClassicPluginStrategy.useAntClassLoader=false.

Jenkins 2.303.3

Thu, 4 Nov 2021 00:00:00 +0000

Security: Important security fixes.
Major RFE: Security hardening: Require role check for remoting callables.
RFE: Always allow configuring agent-to-controller security subsystem.
Bug: Correction of Label expression including a "implies" relationship without spaces around.

Jenkins 2.303.2

Wed, 6 Oct 2021 00:00:00 +0000

Security: Security fixes.
RFE: Security hardening: The "short description" of build causes is now defined as plain text instead of HTML.
Bug: Allow Jenkins to start when the JCasC configuration defines view-related permissions (regression in 2.302).
Bug: Use the JVM's default keystore type for the Jenkins server when terminating TLS connections within Jenkins. Used if Jenkins is started with the --httpsPort argument. Winstone 5.21: Update Jetty from 9.4.42.v20210604 to Jetty 9.4.43.v20210629.
Bug: Fix wrong parameter type for Text Parameter when triggering a build via the buildWithParameters API call.
RFE: Bump bundled Ant from 1.10.10 to 1.10.11.
RFE: Upgrade from xstream 1.4.17 to 1.4.18.

Jenkins 2.303.1

Wed, 25 Aug 2021 00:00:00 +0000

Changes since 2.303:

Bug: Fix an issue unzipping archives in a corner case when entries have the same path prefix as the target location.
Bug: Detect files in a symlink that points to a directory (regression in 2.301). Bump Commons IO to 2.11.0.
Bug: Show tooltips when users hover on the SVG icons.
RFE: Use Java 11 in Docker images instead of Java 8.
RFE: Allow Java 11 administrative monitor to be disabled with a system property.

Notable changes since 2.289.3:

Major Bug: Fix SSH command line interface (CLI) authentication (regression in 2.284).
Major Bug: Fix NoSuchMethodError when using plugins that rely on bridge methods for compatibility (regression in 2.278).
Major RFE: Remove Apache Commons Digester library and related code from the Jenkins core.
Bug: Jenkins redirects users to the previous page after login even if they were able to view it while not logged in (regression in 2.266).
Bug: Improve contrast for the checkbox in the login page.
RFE: Recommend running on Java 11.
RFE: Display Pipeline builds among user build history and remove incorrect warning about view build history.
RFE: Show implied plugin dependencies or a count of dependencies for plugins split from core.
RFE: Explain that some plugin updates can be unavailable even on the latest version of a given release line (i.e. LTS).
RFE: Update French terminology for controller.
RFE: Change the word 'number' to 'integer' in the error message of the number field.
RFE: The Jenkins process management functionality now supports FreeBSD.
RFE: Optimize access control checks affecting (at least) Pipeline node steps.
RFE: Remove JEP-200 compatibility workarounds for releases published before February 2018 of the following plugins: Maven Integration, Job DSL, Monitoring, Git Client, Pipeline: Supporting APIs, OWASP Dependency-Check.
RFE: Update Stapler from 1.263 to 1563.v3da2d02f9572 to improve performance when encoding unicode characters in JSON API.
RFE: Stop bundling the External Monitor Job Type, LDAP, and PAM Authentication plugins. Jenkins will no longer automatically install the External Monitor Job Type, LDAP, or PAM Authentication plugins on startup if a plugin depending on Jenkins 1.467 or earlier is discovered. If you use such a plugin that also relies on the functionality provided by the External Monitor Job Type, LDAP, or PAM Authentication plugin and manage plugins outside Jenkins' plugin manager, you will now need to ensure that a recent release of the External Monitor Job Type, LDAP, or PAM Authentication plugin is installed. Jenkins will attempt to load such plugins but may fail at any time during startup or afterwards with ClassNotFoundException or similar.
RFE: Winstone 5.19: Update Jetty from 9.4.41.v20210516 to Jetty 9.4.42.v20210604.
RFE: Bump spring-security-bom from 5.4.6 to 5.5.1.
RFE: Bump sshd-core from 2.5.1 to 2.7.0 in Jenkins CLI.
RFE: Add X-Frame-Options header to AJAX responses.
RFE: Remove the Bytecode Compatibility Transformer library and related code from Jenkins core. Developer: Plugins that rely on the hudson.model.Queue$Item#id or hudson.model.AbstractProject#triggers fields must be updated to call the corresponding getters.
RFE: Stop sending HTTP response headers related to the remoting-based CLI (removed in 2.165).
RFE: Internal: Upgrade from Remoting 4.7 to Remoting 4.10 with bugfixes and dependency updates.
RFE: Developer: Remove JTidy dependency from Jenkins core. Plugins that use JTidy functionality must be updated to explicitly declare a dependency on JTidy rather than relying on Jenkins core to provide this library.
RFE: Developer: InterceptingExecutorService and its subclasses no longer extend com.google.common.util.concurrent.ForwardingExecutorService or com.google.common.collect.ForwardingObject.
RFE: Developer: Remove jna-posix dependency from Jenkins core. Plugins that use jna-posix functionality must be migrated from jna-posix to jnr-posix.
RFE: Developer: The hudson.util.SubClassGenerator and experimental hudson.model.TreeView class have been removed without replacement.

Jenkins 2.289.3

Wed, 28 Jul 2021 00:00:00 +0000

Bug: Improve build status progress animation.

Jenkins 2.289.2

Wed, 30 Jun 2021 00:00:00 +0000

Security: Important security fixes.
RFE: Winstone 5.18: Update Jetty from 9.4.39.v20210325 to 9.4.41.v20210516 for bug fixes and enhancements.
RFE: Update from xstream 1.4.16 to 1.4.17.
Bug: Prepare for form submission changes in future Firefox releases. Adapt form validation for all web browsers and form validation test automation for HtmlUnit based tests.
Bug: A race condition in class loading could result in a LinkageError.
Bug: Do not change fonts when build artifacts are as shown as a tree.
Bug: Jenkins redirects users to the previous page after login even if they were able to view it while not logged in (regression in 2.266).
Bug: Fix incorrect process termination issues when running on macOS.
Bug: Add check to prevent out of bounds memory access error on macOS.

Jenkins 2.289.1

Wed, 2 Jun 2021 00:00:00 +0000

Changes since 2.289:

Major Bug: Fix NoSuchMethodError when using plugins that rely on bridge methods for compatibility (regression in 2.278).
Bug: Fix form submission for some specific form validation cases (regression in 2.289).
Bug: Wrap the build name in the build results list if it is too long.
Bug: Improve performance for standard input of the Jenkins CLI, for example with the `install-plugin` command.
Bug: Fix an issue archiving files greater than 4 GiB in size when creating ZIP64 archives.

Notable changes since 2.277.4:

Major RFE: SSHD module is no longer bundled in Jenkins core. Provide SSHD as a plugin.
Major RFE: Add modern icons: build status and weather.
RFE: Add administrative monitors recommending no executors are configured on the controller.
RFE: Add indicator for security-related entries in the global administrative monitors configuration.
RFE: Improve UI of slow trigger administrative monitor.
RFE: Support 'min' and 'max' values in field definitions of forms.
RFE: Improve button focus states.
RFE: Do not force plugin upgrades of recently detached plugins.
RFE: Stop bundling the Ant and Javadoc plugins. Jenkins will no longer automatically install the Ant and Javadoc plugins on startup if a plugin depending on Jenkins 1.430 or earlier is discovered. If you use such a plugin that also relies on the functionality provided by the Ant or Javadoc plugin (e.g., the RAD Builder and manage plugins outside the Jenkins plugin manager, you will now need to ensure that a recent release of the Ant or Javadoc plugin is installed. Jenkins will attempt to load such plugins but may fail at any time during startup or afterwards with ClassNotFoundException or similar.
RFE: Improve performance when creating or deleting nodes by reducing queue-lock contention.
RFE: Improve support for update site-defined setup wizard suggestions.
RFE: Switch to sending POST requests by default for form validation URLs.
RFE: Add a Jenkins User-Agent header to outgoing HTTP requests by default. Use jenkins.UserAgentURLConnectionDecorator.disabled to disable it if needed.
Bug: Sort available plugins by name when popularity is equal.
Bug: Honor the current folder when creating new views with the "New View" link.
Bug: Do not render full error responses in case of internal errors when validating fields in configuration forms.
Bug: Accept negative numbers in number input controls (regression in 2.274).
Bug: Improve reconnection behavior for inbound TCP agents.
RFE: Remove the hardcoded JKS key store so that other key stores can be used, like BCFKS from the FIPS version of Bouncy Castle.
RFE: Upgrade from Remoting 4.6 to Remoting 4.7 with bugfixes and dependency updates.
RFE: Upgrade bouncycastle-api plugin from 2.16.0 to 2.20. Upgrade Bouncy Castle library to 1.64.
RFE: Bump spring-security-bom from 5.4.5 to 5.4.6.
RFE: Internal: Update Stapler from 1.262.1 to 1.263 to use latest Apache commons-beanutils. Update Apache commons-beanutils from 1.9.3 to 1.9.4.
Major RFE: Developer: Add support for plugins to use external SVG sprites in their icons.

Jenkins 2.277.4

Wed, 5 May 2021 00:00:00 +0000

Bug: Fix disabled dropdown items to appear disabled (regression in 2.277.1).
Bug: Fix load statistics graph links to include correct graph duration (regression in 2.277.1).
Bug: Honor the current folder when creating new views with the "New View" link.
RFE: Upgrade from xstream 1.4.15 to 1.4.16.

Jenkins 2.277.3

Tue, 20 Apr 2021 00:00:00 +0000

Security: Important security fix.
RFE: Winstone 5.16: Update Jetty from 9.4.38.v20210224 to 9.4.39.v20210325 for bug fixes and enhancements.

Jenkins 2.277.2

Wed, 7 Apr 2021 00:00:00 +0000

Security: Security fixes.
Major Bug: Fix help buttons in the draggable section (regression in 2.277.1).
RFE: Security hardening against some CSRF attacks.
Bug: Fix NoClassDefFoundError exception while executing ProcessTree.get().
Bug: Prevent Jenkins queue deadlock when cancelling tasks under certain conditions.
Bug: Reduce logging of renamed API endpoint.

Jenkins 2.277.1

Wed, 10 Mar 2021 00:00:00 +0000

Changes since 2.277:

Security: Important security fix. This vulnerability does not exist in any Jenkins LTS release. It was discovered in a weekly release and fixed in a weekly release without being part of an LTS release.
Major Bug: Show available plugin updates by reloading update center data on upgrade/downgrade.
Major Bug: Fix Internet Explorer 11 rendering of the Available plugins tab (regression in 2.270).
Major Bug: Include 'plugin-id' and 'plugin-version' data attributes in the Available plugins tab (regression in 2.270).
Major Bug: Fix plugin search over multiple update sites (regression in 2.270).
Bug: Restore, as deprecated, the old constructor based on acegisecurity Authentication parameter in order to keep backward compatibility.

Notable changes since 2.263.4:

Major RFE: Change Jenkins configuration UI from tables to divs for layout in forms.
Major RFE: Massive performance enhancement to available plugins page of Plugin Manager. Exact matches of plugin name are moved to the top.
Bug: Fix incorrect striping of rows on available page of Plugin Manager.
Bug: Prevent user input of 'e' or 'E' as 'positive-number', 'non-negative-number', or 'number'.
Bug: Change the standard URL for obtaining the inbound agent configuration file from ${agent_url}/slave-agent.jnlp to ${agent_url}/jenkins-agent.jnlp. The old name is obsolete and will be removed at a future time.
RFE: Improve performance of authorisation strategies when the authentication realm is case insensitive.
RFE: Add the ability to specify a reason for quieting down Jenkins ("Prepare for shutdown").
RFE: Dropped support for deprecated system properties: hudson.model.Hudson.logStartupPerformance, hudson.model.Hudson.initLogLevel, hudson.model.Hudson.parallelLoad, hudson.model.Hudson.killAfterLoad and hudson.model.Hudson.workspaceDirName. Please use jenkins.model.Jenkins.-prefixed SystemProperties.
RFE: Remove administrative monitor offering to migrate $JENKINS_HOME on a ZFS filesystem.
RFE: Show security and non-security notifications in separate categories with their associated icons.
RFE: Reduce page load time by loading the administrative monitors popup on demand. Allow keyboard navigation even when there are active administrative monitors.
RFE: Use a more accessible color palette in configuration form tabs.
RFE: Improve fingerprint save performance.
RFE: Add a system property jenkins.agent.inboundUrl to provide an alternate URL for inbound TCP agents.
RFE: Drop support for deprecated system properties: hudson.model.Hudson.logStartupPerformance, hudson.model.Hudson.initLogLevel, hudson.model.Hudson.parallelLoad, hudson.model.Hudson.killAfterLoad and hudson.model.Hudson.workspaceDirName. Please use jenkins.model.Jenkins.-prefixed SystemProperties.
RFE: Reduce lock contention around Jenkins queue.
RFE: Stop bundling CVS plugin. Jenkins will no longer automatically install CVS plugin on startup if a plugin depending on Jenkins (then Hudson) 1.340 or earlier is discovered. If you use a plugin that relies on the functionality provided by CVS plugin and manage plugins outside the Jenkins plugin manager, you will now need to ensure yourself that a recent release of CVS plugin is installed. Jenkins will attempt to load such plugins but may fail at any time during startup or afterwards with ClassNotFoundException or similar.
RFE: Winstone 5.15: Update Jetty from 9.4.30.v20200611 to 9.4.38.v20210224 for bug fixes and enhancements.
RFE: Upgrade from Remoting 4.5 to Remoting 4.6 with bugfixes and dependency updates.
RFE: Update stapler to 1.262 to fix a number of IllegalReflectiveAccessWarnings when running on Java 11.
RFE: Update jnr-posix library from 3.0.45 to 3.1.4.
RFE: Update Java native access (jna) library from 5.3.1 to 5.6.0 for more recent platform library fixes and enhancements.
Major RFE: Developer: Use an updated version of the XStream serialization library without custom patches.
Major RFE: Developer: Use Spring Security rather than its predecessor, Acegi Security. Other bundled Spring libraries are also updated.
Major RFE: Developer: Upgrade jQuery from 2.1.4 to 3.5.1.

Jenkins 2.263.4

Wed, 10 Feb 2021 00:00:00 +0000

RFE: Improve performance in fingerprint file creation.
Bug: Use the correct freestyle font-size for descriptions.
Bug: Don't tell user's to signup when signup is not available.

Jenkins 2.263.3

Mon, 25 Jan 2021 00:00:00 +0000

Security: Security fix.
Major Bug: Provide a default implementation of the "all files in zip" download link. This is especially important for external storage plugin (regression in 2.263.2).
Major Bug: Fix the file handle leak inside DirectoryBrowserSupport (regression in 2.263.2).
Major Bug: Include root folder in downloaded zip files (regression in 2.263.2). Resolve an additional related zip archive root folder issue.

Jenkins 2.263.2

Wed, 13 Jan 2021 00:00:00 +0000

Security: Important security fixes.
Major Bug: Help text now expands in behaviours for GitHub organization folders (regression in 2.244).
RFE: Security hardening related to XML processing using Digester2.
RFE: Security hardening related to form validation responses.
RFE: Security hardening restricting label names.
Bug: Populate select fields with default values (regression in 2.244).
Bug: Wrong unicode codes in Spanish translation and small improvements.
RFE: Internal: Updated Node version to latest LTS (14.15.1).

Jenkins 2.263.1

Thu, 3 Dec 2020 00:00:00 +0000

Changes since 2.263:

Major Bug: Fix hidden page elements from radio blocks showing up when they should not.
Bug: Fix file handle leak when viewing corrupted build logs. Upgrade Stapler from 1.260 to 1.261.
Bug: Prevent the Build History Widget from crashing when users have Discover permissions without Read for folders.
RFE: Winstone 5.12: Update Jetty from 9.4.30.v20200611 to 9.4.33.v20201020. Introduce LowResourceMonitor from Jetty by upgrading to Winstone 5.12.
RFE: Improve performance of authorisation strategies when the authentication realm is case insensitive.

Notable changes since 2.249.3:

Major Bug: Fix Debian / Ubuntu Java version check for Java 11.0.9.1.
Major RFE: Graduate Overall/SystemRead permission to general availability (GA) status.
Major RFE: SSHD module 2.7: Remove deprecated key exchange and MAC algorithms.
RFE: SSHD module 2.7: Allow configuring disabled key exchange and MAC algorithms through system properties.
RFE: Improve the layout and clarity of the page displayed when jobs are not yet created.
RFE: Allow users with the Jenkins/MANAGE permission to restart and safe restart Jenkins.
RFE: Set Cross-Origin-Opener-Policy to same-origin.
RFE: Improve the scripting capacity related to the API Token system. Provide a way to configure a fixed/default API Token for admin during installation phase.
Bug: Hide description panel in sidebar if historyWidget.descriptionLimit is 0.
Bug: Prevent JavaScript error when registering validators in some cases.
Bug: Prevent resource leak in the File Fingerprint Storage implementation.
RFE: Developer: Improve the combobox component to support default value and readonly mode.
RFE: Developer: Allow migration of fingerprints from local storage to external storage.
RFE: Developer: Expose fingerprint range set serialization methods for plugins.
RFE: Developer: Pluggable Artifact Storage: Make the VirtualFile API generally available to plugin developers.
RFE: Developer: A SimpleBuildStep or SimpleBuildWrapper can now choose not to require a workspace context (working directory and launcher).
RFE: Developer: Cloud implementations are given more context about ongoing planned nodes. Add CloudState to be passed to Cloud#provision and Cloud#canProvision methods.

Jenkins 2.249.3

Wed, 4 Nov 2020 00:00:00 +0000

Major Bug: Fix extensions footer location (regression in 2.235.1).
Major Bug: Show display names in change list again (regression in 2.249.1).
Bug: Prevent radio buttons from moving when they are clicked.

Jenkins 2.249.2

Wed, 7 Oct 2020 00:00:00 +0000

Major Bug: Fix migration of status filter when coming from an older version of Jenkins (regression in 2.249.1).
Bug: Make alert colors consistent with 'Manage Jenkins' alert colors.
Bug: Avoid warning on logs about Anonymous Class in hudson.FilePath.
Bug: Fix NullPointerException pollution on logs if PluginDeprecationMonitor is enabled and some conditions are met.
Bug: Developer: Make unavailable plugin background themeable.

Jenkins 2.249.1

Wed, 9 Sep 2020 00:00:00 +0000

Changes since 2.249:

Security: Important security fixes from Jenkins 2.252 and 2.235.4.
Major Bug: Stop pre-formatting agent logs to prevent deadlocks (regression in 2.231).
Major Bug: Fix button that copies API token to clipboard (regression in 2.238).
Major Bug: Restore wrapping tabs into multiple lines instead of overflowing (regression in 2.248).
Bug: Normalize widget colors to be consistent with the new color palette.
Bug: Empty installed plugins table text is readable again (regression in 2.249).
Bug: Show build time data in the Build Time Trend Page (regression in 2.245).
Bug: Replace text references to slave with agent in Japanese documentation and messages.
Bug: Fix backspace key sometimes did not delete text from the Script Console on a Mac (regression in 2.248).
Bug: Fix regular expression validator UI location (regression in 2.244).
RFE: Prevent concurrent build deletion.

Notable changes since 2.235.5:

Major RFE: Release 'alpha' dark theme.
Major RFE: Stop supporting .NET Framework 2.0 for launching Jenkins server and agents as a Windows service. .NET Framework 4.0 or above is now required.
Major RFE: Update Windows Service Wrapper (WinSW) from 2.3.0 executable for .NET Framework 2.0 to 2.9.0 for .NET Framework 4.0. Includes numerous improvements and bugfixes. Most notably, the service installer will now ask for permission elevation if the required.
RFE: Show in plugin manager when newer releases of plugins exist but aren't being offered due to unsatisfied requirements. Show warnings for deprecated plugins in the update manager and administrative monitors.
RFE: Provide a more modern look and feel for the Jenkins UI.
RFE: Remove page generation timestamp from the footer.
RFE: Allow users with Overall/Manage permission to configure Node Monitoring and to reload configuration from disk.
RFE: Add system read support for 'Node Monitoring Configuration', configuring clouds, viewing agent configuration, system information, and logs.
RFE: Support Bearer tokens in Jenkins-CLI -auth parameter.
RFE: Security hardening: Always round-trip password form control values in an encrypted form, even if not backed by an encrypted Secret field. In case of problems, this can be disabled by setting the system property hudson.util.Secret.AUTO_ENCRYPT_PASSWORD_CONTROL to false on startup.
RFE: Security hardening: Always use a placeholder value for password form control values in item related configuration forms when the user is missing Item/Configure permission, even if not backed by an encrypted Secret field. In case of problems, this can be disabled by setting the system property hudson.util.Secret.BLANK_NONSECRET_PASSWORD_FIELDS_WITHOUT_ITEM_CONFIGURE to false.
Bug: Fix the default domain name in Windows service serviceaccount configurations.
RFE: Update Winstone from 5.9 to 5.10. Update Jetty from 9.4.27.v20200227 to 9.4.30.v20200611. Add --httpsRedirectHttp option that activates automatic HTTP request redirects to HTTPs.
Bug: Fix --httpKeepAliveTimeout option which had no effect (regression in 2.224).
Bug: Update Stapler from 1.259 to 1.260.
RFE: Add the ability to filter out environment variables for Shell and Windows batch build steps.
Bug: Fix IllegalArgumentException: Method not found error caused by misbehaviour in Util.isOverridden() (regression in 2.241).
Bug: Remove the fallback Jenkins URL from the JNLP launch file so that WebSocket agents can be connected over Java Web Start.
RFE: Allow fingerprint storage engine to be selected from the configuration page. Add new external fingerprint storage API methods.
RFE: Developer: Add alert-success banner.
RFE: Developer: Add new extension points to define build step environment filters (currently in beta).
RFE: Internal: Upgrade to Remoting 4.5. This switches agent.jar and remoting.jar to a code-signing certificate owned by the CDF.

Jenkins 2.235.5

Mon, 17 Aug 2020 00:00:00 +0000

Security: Important security fixes.
Major RFE: Major update of the Alpine-based Jenkins Docker image. Jenkins Docker image for Alpine now uses Alpine 3.12 and AdoptOpenJDK 8u262.

Jenkins 2.235.4

Wed, 12 Aug 2020 00:00:00 +0000

Security: Important security fixes.
Major RFE: Use new 64 bit Windows installer with service account checks and port validation. Supports 64 bit Java 8 and 64 bit Java 11.
Bug: Allow graceful shutdown when SCM triggers are configured.
Bug: Fix IllegalArgumentException: Method not found error caused by misbehaviour in Util.isOverridden() (regression in 2.241).

Jenkins 2.235.3

Mon, 27 Jul 2020 00:00:00 +0000

Major RFE: Update Debian and Red Hat repository signing keys for the Jenkins long term support repositories.

Jenkins 2.235.2

Wed, 15 Jul 2020 00:00:00 +0000

Security: Important security fixes.
Bug: Fix --httpKeepAliveTimeout option which had no effect (regression in 2.235.1).
Bug: Fix buttons that linger too long after closing modal (regression in 2.233 and 2.235.1).

Jenkins 2.235.1

Wed, 17 Jun 2020 00:00:00 +0000

Changes since 2.235:

Major Bug: Make plugin manager work on Internet Explorer 11 again (regression in 2.231).
Major Bug: Prevent telemetry warnings about missing javax.annotation classes when running with Java 11 (regression in 2.231).
Major Bug: Fix a deadlock involving custom loggers during agent startup (regression in 2.231).
Bug: Prevent Old Data Monitor from failing plugin loading in the case of class field unmarshalling issues.

Notable changes since 2.222.4:

Major RFE: Various improvements to the plugin manager, including: It no longer shows all available plugins by default; use search field to find plugins. They are now sorted by popularity by default. Additionally, categories are no longer used to group plugins, instead they're shown as labels.
Major RFE: Organize entries on the Manage Jenkins page into categories and show them in a grid.
Major RFE: Remove 'auto refresh' feature, including now obsolete auto refresh telemetry capability.
Major RFE: Users with extended read permission now get a more read-only looking UI.
Major RFE: Allow users with Overall/SystemRead permission to view About Jenkins, Manage Plugins, Global Security Configuration, and System Log.
Bug: Distinguish between defined (*****) and undefined (N/A) password on read-only configuration forms for users with Overall/SystemRead or Item/ExtendedRead permissions.
Major RFE: Allow users with Overall/Manage permission to access the System Information, Prepare for Shutdown, and About Jenkins management links. Usage Statistics in Global Configuration is now also configurable by users with that permission.
RFE: Use modern system fonts provided by the browser when possible. Changes font size for body copy and headings to improve consistency and legibility.
RFE: Restyle buttons. Add support for large buttons, hyperlinks styled as buttons and icon-only buttons.
RFE: Restyle the help icon.
RFE: Improve styling of alert banners to be more visually appealing and to better match existing user interface components. Alerts now fully cover the navigation bar while they are displayed instead of covering only a portion of the navigation bar.
RFE: Suppress error stack traces for non-administrator users as core capability.

Jenkins 2.222.4

Sun, 24 May 2020 00:00:00 +0000

Major Bug: Prevent a form validation "404 Not Found" error when the resource root URL configuration points at a previously configured resource root URL (regression in 2.222.1).
Bug: Upgrade to Remoting 4.2.1 to fix an issue with large payloads over WebSockets. Requires a matching agent.jar with remoting 4.2.1 or later.
Bug: Update Groovy Init hooks to run after all job configurations are adapted.
Bug: Fix spacing between error messages in Setup Wizard (regression in 2.222.1).
Bug: Fix input field hints for tools like the git plugin that search the PATH for their executable (regression in 2.222.1).
Bug: Remove grey bar below the textarea form elements for read only users.
Bug: Distinguish between defined (*****) and undefined (N/A) password on read-only configuration forms for users with Overall/SystemRead or Item/ExtendedRead permissions.
RFE: Users with extended read permission now get a more read-only looking UI.

Jenkins 2.222.3

Fri, 24 Apr 2020 00:00:00 +0000

Major Bug: Use the saved global build discarder configuration on restart.
Major Bug: Fix proxy form validation when a password is set (regression in 2.222.1).
Bug: Prevent NullPointerException when hitting Check Now against a custom update center without tool installer metadata.
Bug: Prevent one occurrence of "Jenkins.instance is missing" during Jenkins restart.
RFE: Developer: Make h.checkAnyPermission and <l:layout permissions="..."> work on objects that aren't AccessControlled.
RFE: Developer: Prevent spurious deprecation messages by removing the deprecated findbugs-annotation.

Jenkins 2.222.2

Wed, 22 Apr 2020 00:00:00 +0000

Bug: Jenkins 2.222.2 was not placed in the artifact repository or on the download site.

Jenkins 2.222.1

Wed, 25 Mar 2020 00:00:00 +0000

Changes since 2.222:

Security: Important security fixes.
Major Bug: Fix drag & drop for previously saved steps in the job configuration form (regression in 2.217).
Major Bug: Winstone 5.9: Fix propagation of the maximum form content size and form content keys number (regression in Jetty 9.4.20 and Jenkins 2.205).
Major Bug: Winstone 5.9: Fix improper reverse proxy redirects to host due to X-Forwarded-Host and X-Forwarded-Port ordering issue (regression in Jetty 9.4.20 and Jenkins 2.205).
RFE: Security hardening related to request routing and CSRF protection.
RFE: Developer: Listen on loopback interface by default in debug mode.

Notable changes since 2.204.6:

Major RFE: Revamp the layout and icons of the header bar and breadcrumbs. Instances with plugins that depend on details of the Jenkins layout (e.g. Simple Theme Plugin) may experience UI/layout problems. A new experimental header color scheme can be enabled by setting the jenkins.ui.refresh system property to true.
Major RFE: Add globally configured build discarders that delete old builds not marked as "keep forever" even if there is no, or a less aggressive, per-project build discarder configured, executed periodically and after a build finishes.
Major RFE: Move cloud configuration from Configure System into its own configuration form on the Manage Nodes page.
Major RFE: Remove Enable Security checkbox in the Global Security configuration.
Major RFE: Remove the ability to disable CSRF protection. Instances upgrading from older versions of Jenkins will have CSRF protection enabled and the default issuer set if they currently have it disabled.
Major RFE: Redesign password fields to prevent password auto-fill except for the login form. Reduce browsers offering to update stored passwords. Revert by setting the system property hudson.Functions.hidingPasswordFields to false.
Major RFE: Deprecate the macOS native installer packaging.
Major RFE: Remove old, deprecated, unsupported agent protocols Inbound TCP Agent Protocol/1, Inbound TCP Agent Protocol/2, and Inbound TCP Agent Protocol/3. Update Remoting from 3.36 to 4.2 to remove unsupported protocols and add WebSocket support.
Major RFE: Add experimental WebSocket support.
Major RFE: Extends the current milestones so plugins can update jobs and configuration during Jenkins initialization. Adds initialization milestones: SYSTEM_CONFIG_LOADED, SYSTEM_CONFIG_ADAPTED, JOB_CONFIG_ADAPTED.
Major RFE: Introduce a new experimental UI that can be enabled by setting the jenkins.ui.refresh system property to true. Currently it includes a new header color scheme, more changes to be added as a part of the UI/UX revamp.
Major RFE: Add a new experimental Overall/Manage permission which allows a user to configure parts of the global Jenkins configuration without having the Overall/Administer permission. This is an experimental feature, disabled by default, that can be enabled by setting the jenkins.security.ManagePermission system property to true.
Major RFE: Add a new experimental Overall/SystemRead permission, which gives (almost) full read access to the Jenkins instance. The permission is disabled by default, install the Extended Read Permission plugin to activate it.
RFE: The environment variable WORKSPACE_TMP may now be used from (non-Pipeline) builds to access a temporary directory associated with the build workspace.
RFE: Deprecate the Overall/RunScripts, Overall/UploadPlugins, and Overall/ConfigureUpdateCenter permissions. Permissions were announced as dangerous and disabled by default in major authorization plugins in 2017. Custom authorization strategy implementations that grant Overall/Administer without implying one or more of these three permissions will no longer work as expected. Configurations that grant any of these permissions to users without Overall/Administer will no longer work as expected.
Major Bug: Fix NullPointerException when getting a list of runs with a status threshold (regression in 2.202).
Major Bug: User is no longer logged out when authenticating another user.
Bug: Winstone 5.9: Fix support of system logging customization (regression in 2.204.5)

Jenkins 2.204.6

Wed, 25 Mar 2020 00:00:00 +0000

Security: Important security fixes.
RFE: Security hardening related to request routing and CSRF protection.

Jenkins 2.204.5

Sat, 7 Mar 2020 00:00:00 +0000

Major Bug: Fix propagation of the maximum form content size and form content keys number (regression in Jetty 9.4.20 and Jenkins 2.204.3).
Major Bug: Fix improper reverse proxy redirects to 127.0.0.1 due to X-Forwarded-Host and X-Forwarded-Port ordering issue (regression in Jetty 9.4.20 and Jenkins 2.204.3).
Bug: Revert Winstone from 5.8 to 5.3 to resolve embedded Jetty web container regressions in later Winstone versions. High default maximum form size limit and reverse proxy redirection are restored (regressions in 2.204.3).

Jenkins 2.204.4

Tue, 3 Mar 2020 00:00:00 +0000

Major Bug: Fix a KeyStores with multiple certificates are not supported error from Jetty when passing certain kinds of certificates, such as domain wildcards (regression in 2.204.3).

Jenkins 2.204.3

Fri, 28 Feb 2020 00:00:00 +0000

RFE: Internal: Winstone 5.7: Change the Jetty thread pool name to "Jetty (winstone)"
Bug: If the Jenkins root URL has been configured by scripts prior to running the setup wizard, skip the location configuration panel even if selecting the option to skip creation of an admin user.
Bug: Prevent inaccurate warnings about missing classes on Java 11 triggered by JavaMelody when Monitoring Plugin is installed.
Bug: Include details in the system log when a build rotation fails.
Bug: Fix java version check for AdoptOpenJDK 11.
Bug: Prevent Jenkins page rendering from being blocked when the update center data parsing is in progress.
Bug: Winstone 5.7: Fix support of system logging customization (regression in 2.177).
Bug: Fix null pointer exception in Agent API when the agent is offline (e.g. retrieving agent version or OS description).

Jenkins 2.204.2

Wed, 29 Jan 2020 00:00:00 +0000

Security: Important security fixes.
Major Bug: User is no longer logged out when authenticating another user.
RFE: Security hardening related to Stapler routing.
RFE: Security hardening: Set X-Content-Type-Options to nosniff in REST API responses.
Bug: Disable multiple deletion attempts if hudson.Util.maxFileDeletionRetries is zero.
Bug: Prevent 'zombie' executors on built-in node by removing one-off executors in Computer.removeExecutor.
Bug: Fix AtomicFileWriter performance issue on CephFS when creating an empty file.
Bug: Developer: ViewGroupMixIn#getPrimaryView() may return null, and needs to be checked by plugins depending on this version of weekly and beyond. It is an intermediate state until a default view is implemented.

Jenkins 2.204.1

Wed, 18 Dec 2019 00:00:00 +0000

Changes since 2.204:

RFE: Show a tooltip with the full link name when hovering over sidebar links.
Bug: Prevent faulty subtask contributors from leaving builds running forever.
Bug: Fix Uninstall column sorting in the Plugin Manager Install pane.

Notable changes since 2.190.3:

Major RFE: Prevent calls to Jenkins#save persisting data before we have finished loading the in-memory model. This prevents possible corruption of the main Jenkins configuration.
Major RFE: Remove the ability to download update center metadata using the user's browser (deprecated since 2015). Jenkins will no longer inform about available updates without a connection to update sites. We recommend the use of a local mirror of our update sites, or a self-hosted update center like Juseppe in these situations.
Major RFE: Allow time zone to be set on a per-user basis.
Major RFE: Add an option for a Resource Root URL through which Jenkins will serve user-generated static resources like workspace files or archived artifacts without the need for Content-Security-Policy headers.
RFE: Stop bundling Maven Plugin, Subversion Plugin, and several other plugins inside the Jenkins war file. In very rare cases, this could result in problems when attempting to install plugins compatible with Jenkins before 1.310. The Jenkins project is currently not publishing any such plugins.
RFE: Deprecate the macOS native installer in favor of Homebrew.
Bug: Revert changes in forms submission in Jenkins classic UI with Firefox have caused a regression on forms with "file" inputs. These were made to anticipate a bugfix in Firefox which has been backed out since. (regression in 2.173)
RFE: Remove 100 character length limitation of build description in build history widget.
RFE: Update Remoting from 3.33 to 3.36. Adds a new connection mode for inbound TCP agents. Update minimum required remoting version to 3.14. Adds command line options "-help" and "-version".

Jenkins 2.190.3

Wed, 20 Nov 2019 00:00:00 +0000

Bug: Robustness: Do not allow users to resubmit requests using POST on URLs requiring a form submission, as that will fail anyway.
Bug: The lastCompletedBuild permalink was not being cached in the …/builds/permalinks file.
Bug: Fix labels to Atom feed links.
Bug: Revert changes in forms submission in Jenkins classic UI with Firefox. Changes caused a regression on forms with "file" inputs. These were made to anticipate a bugfix in Firefox which has been backed out since. (regression in 2.164.3)

Jenkins 2.190.2

Mon, 28 Oct 2019 00:00:00 +0000

Bug: URLs of some projects with emojis in their name were inaccessible.
Bug: Increase client-side keep-alive ping frequency on the HTTP-based CLI to prevent timeouts.
Bug: Internal: hudson.util.ProcessTree.OSProcess#getEnvironmentVariables returned null when an error occurred even though it shouldn't.

Jenkins 2.190.1

Wed, 25 Sep 2019 00:00:00 +0000

Changes since 2.190:

Security: Important security fixes.
Bug: Fix missing absolute URL in the RSS / Atom feeds. (regression in 2.190)
Major Bug: Jenkins UI broke when a slow trigger administrative warning would be shown. (regression in 2.189)

Notable changes since 2.176.4:

Major RFE: Jenkins no longer creates symbolic links inside project or build directories. The Build Symlink plugin may be installed to restore this functionality if desired. URLs such as /job/…/lastStableBuild/ are not affected, only tools which directly access the $JENKINS_HOME filesystem.
Major RFE: Remove Trilead SSH library from Jenkins core and make it available in a new detached plugin.
Bug: Add support of emojis and other non-UTF-8 characters in job names. 🎉
RFE: Update Windows Agent Installer from 1.10.0 to 1.11, enabling TLS 1.2 on agent downloads when running with .NET 4.6 or newer.
RFE: Update Winstone-Jetty from 5.2 to 5.3 to update Jetty to 9.4.18.
RFE: Update JNA from 4.5.2 to 5.3.1 to fix issue with shared library loading on AIX when using OpenJDK.
RFE: Update Remoting to 3.33.
RFE: Support setting excludes and case sensitivity in the fingerprint() build step in Pipeline and other job types.
RFE: Improve Configuration-as-Code compatibility of ListView.
RFE: Stop using the name argument in the install-plugin CLI command.
RFE: Remove obsolete session cookies when logging out, preventing errors related to headers being too large.
RFE: Add support for IPv6 addresses in the Jenkins URL configuration.
RFE: Allow distinguishing between new projects, disabled projects, and those with aborted builds through differently shaded build balls.
RFE: Add a warning when cron trigger spends a long time in its execution.
RFE: Batch up plugin installations in setup wizard to improve performance.
RFE: The default interval for node monitors (e.g. free disk space) can now be changed by setting the system property hudson.node_monitors.AbstractNodeMonitorDescriptor.periodMinutes.

Jenkins 2.176.4

Wed, 25 Sep 2019 00:00:00 +0000

Security: Security fixes.

Jenkins 2.176.3

Wed, 28 Aug 2019 00:00:00 +0000

Security: Important security fixes.
Bug: The plugin manager UI no longer prevents disabling a plugin when other plugins only have optional dependencies to it.
Bug: Fix performance issue when using "Remember me". (regression in 2.160)
Bug: Do not throw exception when testing proxy configuration. (regression in 2.168)
Bug: Prevent occasional IllegalStateException on Jenkins restart and invalidate the user session.

Jenkins 2.176.2

Wed, 17 Jul 2019 00:00:00 +0000

Security: Important security fixes.
Bug: A thread pool used to wait for external processes to complete could leak class loaders.
Bug: Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed upon Jenkins startup when needed as implied dependencies of other plugins which were already present. This simplifies compatibility for specialized installation scenarios not using the update center, such as when Jenkins is run from a Docker image prepackaged with some plugins.
Bug: Update WinP from 1.27 to 1.28 to fix problems with a missing DLL and flickering console window in the Windows graceful process shutdown logic.
RFE: Replace some exception stack traces related to agent channels with simpler messages.

Jenkins 2.176.1

Mon, 10 Jun 2019 00:00:00 +0000

Changes since 2.176:

Bug: Restore Chinese localized resources used by the setup wizard.
Bug: Robustness: Do not put agent offline for runtime exceptions in ComputerListener#onOnline().

Notable changes since 2.164.3:

Major RFE: Support for the Remoting mode of the CLI (-remoting option) has been removed.
Major RFE: Remove misleading nonStoredPasswordParam symbol for password parameter definitions, since it's actually stored encrypted.
Major RFE: Remove built-in support for CCtray (cc.xml) files. To restore this feature, install the CCtray XML Plugin.
RFE: Add stop-job CLI command which allows aborting builds.
RFE: Add support for turning off a log recorder in the logger configuration.
RFE: Add the run parameter filter value to REST API responses.
RFE: Update status icon of a build when the build is finished.
RFE: Remove misleading references to Java Web Start and JNLP from GUI surrounding inbound Jenkins agents.
RFE: Inform administrators about potentially unsafe permissions setup involving builds running as the virtual SYSTEM user.
RFE: Add a log message to build logs when builds run with the virtual SYSTEM authentication.
RFE: Migrate all Chinese localization resources into Localization: Chinese (Simplified) plugin.
RFE: Adjust stream flushing behavior for code running remotely on agents for better performance. This may lead to loss of messages for plugins which print to a build log from the agent machine but do not flush their output. Use -Dhudson.util.StreamTaskListener.AUTO_FLUSH=true to restore the previous behavior for freestyle builds. Note that Pipeline builds always expect remote flush.
RFE: Update Winstone from 5.1 to 5.2 to make HTTPS cipher exclusions configurable.
Bug: Remove Mailer related localized strings from core. Make sure you use Mailer Plugin 1.23.
Bug: Do not offer a workspace lease to a new build if it is already in use by a (Pipeline) build running across an agent reconnection.
RFE: Developer: Update Stapler from 1.256 to 1.257 to add support for loading localized webapp resources from any plugin. Add jenkins.PluginLocaleDrivenResourceProvider interface for plugins to participate in localized resource lookup.
RFE: Developer: Update Localizer library from 1.24 to 1.26 allowing plugins to override the lookup for localized resource files.
RFE: Developer: Add Jelly UI component f:secretTextarea for multi-line secrets analogous to f:password for single-line.
RFE: Developer: SystemProperties may now be used from agent-side code. See SystemProperties#allowOnAgent.

Jenkins 2.164.3

Thu, 9 May 2019 00:00:00 +0000

Bug: Corrupted console notes could cause an uninformative NegativeArraySizeException to be thrown from ConsoleNote#readFrom and build log display to be broken.
Bug: The setup wizard did not properly escape passwords, resulting in errors with certain special characters.
Bug: Make form submit buttons on the Jenkins classic UI compatible with potentially upcoming Firefox bug fix.
Bug: Properly flush output from the Maven console annotator.
Bug: Make Debian/Ubuntu launcher script work with Java 11.
RFE: Re-enable Stapler request dispatching telemetry.

Jenkins 2.164.2

Wed, 10 Apr 2019 00:00:00 +0000

Security: Security fixes.
Bug: Workspace and artifacts browsing did not work on Windows Server 2016 with Microsoft Docker. (regression in 2.150.2)
Bug: Prevent NullPointerException when discarding unreadable fingerprint data.

Jenkins 2.164.1

Wed, 13 Mar 2019 00:00:00 +0000

Changes since 2.164:

Notable changes since 2.150.3:

Major RFE: Java 11 is now fully supported. Multiple improvements for running Jenkins on Java 11 since 2.150.x, including support for plugins declaring a minimum Java version in their metadata and refusing to load incompatible plugins, and installation of a new JAXB plugin when running on Java 11 to allow use of JAXB APIs from plugins.
RFE: The list-jobs no longer lists items recursively when listing a specific folder.
RFE: Add a new CLI command disable-plugin to disable one ore more installed plugins and optionally restart Jenkins.
RFE: Update Trilead SSH library to add support for OpenSSH keys with AES256-CTR encryption.
RFE: Add support for the ed25519 key algorithm in Jenkins CLI.
RFE: Reduce the performance impact of the SECURITY-904 fix when downloading artifacts or workspaces as ZIP file.
RFE: Add new category Languages to the plugin wizard, which automatically installs available localization plugins based on browser language.
RFE: Update Windows Service Wrapper from 2.1.2 to 2.2.0 and Windows Agent Installer from 1.9.3 to 1.10.0 to support disabling, renaming and archiving service logs.
Bug: Update SSHD Module from 2.5 to 2.6 to apply a proper Apache Mina idle timeout value when a custom value was set using the org.jenkinsci.main.modules.sshd.SSHD.idle-timeout system property.
RFE: Developer: Login and signup pages redesigned in 2.129 now can receive style contributions (footer view for SimplePageDecorator) from multiple plugins.

Jenkins 2.150.3

Wed, 13 Feb 2019 00:00:00 +0000

Bug: Improve robustness of console annotators such as the Timestamper plugin in conjunction with certain Pipeline steps such as git on an agent with an old agent.jar.
Bug: User account creation by administrators did not show error messages when it failed. (regression in 2.129 and 2.138.1)

Jenkins 2.150.2

Wed, 16 Jan 2019 00:00:00 +0000

Security: Important security fixes.
RFE: Invalidate sessions and CLI authentication caches when changing the user password in the Jenkins user database.
RFE: Add support for killing child processes on AIX.

Jenkins 2.150.1

Wed, 5 Dec 2018 00:00:00 +0000

Changes since 2.150:

Security: Important security fixes.
Bug: Revert compatibility fix for future releases of Firefox due to regressions it caused since 2.148.
Bug: Prevent Stream is closed error in case a CLI command finishes before the input is entirely read.
Bug: Avoid Premature EOF error when using the shutdown CLI command.
Bug: Do not cache CSS/JS resource files for console annotations like Timestamper Plugin across Jenkins restarts.

Notable changes since 2.138.4:

Major RFE: Numerous fixes and improvements to better support running Jenkins on Java 11.
Major RFE: Migrate most Simplified Chinese translations into Localization: Chinese (Simplified) Plugin.
RFE: Allow use of the console command with Job/Read permission.
RFE: Wait up to two minutes for process termination before killing it (typically when aborting a build).
RFE: Reduce logging level of restart and shutdown related notifications from SEVERE to INFO.
RFE: New JENKINS_USER_ID and JENKINS_API_TOKEN environment variables can be used to configure the CLI authentication.
RFE: Do not submit telemetry if there's no relevant data.
RFE: Use per-trial correlation IDs for telemetry submissions.
Bug: Update Remoting from 3.26 to 3.27 to eliminate a potential deadlock.
RFE: Developer: Add support for the @PostConstruct lifecycle method annotation.
RFE: Developer: Add interface PersistentDescriptor that allows implementing Descriptors to skip explicit calls to load().
RFE: Developer: Introduce getPlatform() and setPlatform() methods in hudson.EnvVars.
RFE: Developer: Introduce new hudson.Util#fixNull(value, defaultValue) method.
RFE: Developer: Add overridable Queue.Task#getAffinityKey() to allow consistent hashing for Pipeline builds in the future.
Bug: Developer: ConsoleAnnotatorFactory mishandled its type parameter, effectively forcing all implementations to use Object or raw types.

Jenkins 2.138.4

Wed, 5 Dec 2018 00:00:00 +0000

Security: Important security fixes.

Jenkins 2.138.3

Thu, 8 Nov 2018 00:00:00 +0000

Bug: The initial visibility of nested groups of radio buttons did not accurately reflect the current values.
Bug: Improve robustness when search items don't specify a display name.
RFE: Update Stapler from 1.254.2 to 1.255 to integrate a fix related to StaplerProxy#getTarget() return value handling.
RFE: Add telemetry trial related to Stapler request dispatching.

Jenkins 2.138.2

Wed, 10 Oct 2018 00:00:00 +0000

Security: Important security fixes.
Major RFE: Security hardening: Escape variables in Jelly views by default.
Major Bug: Update Winstone-Jetty from 4.4 to 5.0 to fix HTTP/2 support and threading problems on hosts with 30+ cores.
RFE: Security hardening related to Stapler routing.
RFE: Security hardening related to HTTP verb restrictions for web methods.
RFE: Extend anonymous usage statistics with information about applied security fix escape hatches.
Bug: Fix a thread safety issue when creating multiple nodes in parallel.
Bug: Nested f:repeatable/f:repeatableProperty form elements inherited minimum when they shouldn't.

Jenkins 2.138.1

Wed, 12 Sep 2018 00:00:00 +0000

Changes since 2.138:

Bug: A configured quiet period was interpreted as milliseconds, instead of seconds. (regression in 2.82)

Notable changes since 2.121.3:

Major RFE: Redesigned login, signup, and Jenkins is (re)starting pages. Existing page decorators like Simple Theme Plugin will no longer work with these redesigned pages.
Major RFE: Replace single per-user API token with new system of multiple, revocable, unrecoverable API tokens with usage tracking.
Major RFE: The deprecated Jenkins CLI Protocol versions 1 and 2, and Java Web Start Agent Protocol versions 1, 2, and 3 have been disabled. If you still use these protocols (e.g. remoting-based CLI, or old slave.jars on agents), you need to re-enable these protocols after upgrade, or upgrade the clients. The same recommendations as in The 2.121.x upgrade guide for remoting changes apply here.
Major RFE: Check SHA-512 or SHA-256 checksums of update site and tool installer metadata and core and plugin downloads if the update site provides them.
Major RFE: Optional extensions are now loaded without requiring to restart Jenkins after installing an optional dependency.
RFE: Upgrade Winstone from 4.2 to 4.4 to update Jetty from 9.4.8.v20171121 to 9.4.11.v20180605, adding an option to enable JMX when running Jenkins using java -jar jenkins.war.
RFE: Upgrade Remoting from 3.21.1 to 3.25 to have agents check availability of the controller's TCP Agent Listener port when connecting over TCP.
RFE: Upgrade Bytecode Compatibility Transformer from 1.8 to 2.0-beta-2, upgrading ASM from 5.0.1 to 6.2 to improve support of Java 9+ runtimes.
RFE: Update Executable WAR from 1.39 to 1.41 to allow running Jenkins with incompatible (too new) Java versions by setting the --enable-future-java flag.
RFE: Update instance identity module from 2.1 to 2.2 to improve Java 11 compatibility.
RFE: Update JNA from 4.2.1 to 4.5.2 to add support for s390x, update GNU C minimal requirement to 2.7 on Unix platforms.
RFE: Add a new CLI command enable-plugin to enable one or more installed plugins and optionally restart Jenkins.
RFE: Add support for Zip files larger than 4 GB (Zip64).
RFE: Add modification timestamp to files in directory browser views such as archived artifacts and workspaces.
RFE: Export path to agent file system root directory in remote API.
RFE: Jenkins remote API: Export fingerprints for builds which do not derive from AbstractBuild, like Pipeline builds.
RFE: Some deserialization rejections are now logged on WARNING log level, instead of only on FINER.
Bug: Instances of some item types could not be renamed. (regression in 2.110)
Bug: Don't fail to archive artifacts when attributes cannot be preserved, instead log a message and proceed without preserving attributes. (regression in 2.120)
Bug: Some types of builds, like pipelines, would sometimes run concurrently even when that was disabled.
RFE: Developer: Introduce SimplePageDecorator extension point, which allows decorating the redesigned login page.
RFE: Internal: Update parent POM. Jenkins now requires Maven 3.5.4 or newer to build.
RFE: Internal: Various improvements related to incremental Maven releases.

Jenkins 2.121.3

Wed, 15 Aug 2018 00:00:00 +0000

Security: Security fixes.
RFE: Security hardening related to Stapler routing.
RFE: Robustness: Don't break queue processing when the configured queue sorter throws exceptions.
RFE: Allow java.time.Ser for use in XStream (XML serialization) and Remoting (agent communication).
Bug: Fix a potential deadlock between queue maintenance and asynchronous execution.
Bug: Security hardening: Prevent files in tar archives from being written to a path outside the destination directory.
Bug: Dynamically loaded plugins now have any PeriodicWork/AperiodicWork extensions scheduled.
RFE: Developer: Remove hudson.FilePath#copyFromRemotely(URL) Beta API.

Jenkins 2.121.2

Wed, 18 Jul 2018 00:00:00 +0000

Security: Important security fixes.
RFE: Update Remoting from 3.20 to 3.21 to apply logging enhancements and better no_proxy support.
RFE: Improve diagnostics of corrupted plugin archives during plugin dynamic loading.
RFE: Robustness: A buggy ComputerListener#onConfigurationChange implementation should not block Jenkins startup.
RFE: Diagnostics: Log stack traces in JEP-200 rejection messages when jenkins.security.ClassFilterImpl logging level is FINE or above.
RFE: Improve Jenkins root URL validation.
RFE: Do not remove workspaces for projects with builds in progress.
Bug: If using the Artifact Manager on S3 plugin with the (non-default) option to delete artifacts, they were not deleted when the entire build was deleted.
Bug: Don't monitor response time on offline agents.
Bug: Copying Run parameters did not work as expected as RunParameterDefinition#copyWithDefaultValue called the wrong constructor.
Bug: Restore implied dependency on JDK Tool Plugin from Apache HttpComponents Client 4 API Plugin to fix dependency problems.
Bug: Actions created from a TransientActionFactory that got attached to an item in the queue are no longer persisted, which could previously lead to duplicate actions shown for builds.
Bug: Prevent unhandled ClassCastException when loading fingerprints from corrupted files.
Bug: Do not duplicate caller stack trace when FilePath#act fails.
Bug: Fix behaviour of Advanced button when a section element is nested inside.
RFE: Developer: ComputerLauncher implementations can now set channels with a custom CommandTransport implementation.
RFE: Developer/Internal: Remove use of a Guava method deleted in later versions, which could cause problems for plugins running functional tests.
Bug: Developer API: StreamTaskListener#getCharset() now returns the default charset when it is not configured.
Bug: Developer API: Prevent NullPointerException in SlaveComputer#setChannel(Channel,OutputStream,Channel.Listener) with null OutputStream.

Jenkins 2.121.1

Thu, 7 Jun 2018 00:00:00 +0000

Changes since 2.121:

RFE: Faster list rendering of Plugin Manager » Available.

Notable changes since 2.107.3:

Major RFE: Install from java.sun.com installation method for JDK tools has been moved to a new JDK Tool Plugin.
Major RFE: It is no longer possible to rename jobs from their configuration page. Jobs now have a link in the side panel titled "Rename" that links to a page specifically dedicated to renaming jobs.
Major RFE: The Job/Build permission no longer implies the Job/Cancel permission. The latter needs to be granted explicitly to users who previously got it via this relationship.
Major RFE: Update Remoting from 3.17 to 3.20 in order to apply various performance and diagnosability improvements, such as logging warnings when anonymous classes are serialized over a Remoting channel, and allowing Jenkins core to always deserialize exceptions even if they're not allowed. To benefit from the latter improvement, Remoting needs to be updated on the agent side as well.
Major Bug: Fix issue preventing process killing vetoes being effective on agents.
RFE: Pipeline builds could not be started if the Authorize Project plugin was configured to associate the build with a user to whom the authorization strategy was configured to deny Agent/Build permission on the built-in node.
RFE: archiveArtifacts in a Pipeline failed to throw a normal exception when there were no matches.
RFE: Allow use of lists of options as provided by the Pipeline snippet generator for choice parameters.
RFE: Default Crumb Issuer proxy compatibility can be enabled on first startup by setting the system property jenkins.model.Jenkins.crumbIssuerProxyCompatibility to true on startup.
RFE: Introduce hudson.triggers.SafeTimerTask.logsTargetDir system property to write logs usually written to $JENKINS_HOME/logs to another location.
RFE: Remove the options to define custom Build Record Root Directory and Workspace Root Directory on the Configure System form to prevent unexpected failures during runtime. Instead, these locations can now be customized using system properties on startup.
RFE: Use case-insensitive autocompletion for item selection dialogs if the current user prefers case-insensitive search.
RFE: Better autocompletion for loggers supporting multiple tokens and proposing useful parent loggers.
RFE: Show more entries in the search results dropdown and search results page.
RFE: Ensure as much as possible that the Jenkins root URL is defined by adding a new setup wizard page and an administrative monitor.
RFE: Add agent symbol for a permanent agent in Structs Plugin based configuration.
RFE: Issue warnings to the system log when attempts are made to use classes with unpredictable names and serial forms (such as anonymous classes) in Remoting or XStream (de)serialization.
RFE: Update Winstone from 4.1.2 to 4.2 to update Jetty from 9.4.5 to 9.4.8 for various bugfixes and improvements.
Bug: Archiving artifacts now preserves file permissions and last modification time.
Bug: Prevent some cases of linkage errors relating to Servlet classes when code is run on an agent.
Bug: Make the logic for adding nodes atomic, so that if a newly added node fails to be persisted it will not exist in a partly-initialized state.
Bug: Update WinP from 1.25 to 1.26 to fix loading of WinP libraries on Windows inside Weblogic web container.
Major RFE: Developer: JEP-202: Extend VirtualFile API to streamline external artifact storage. API additions are marked beta and may change at any time.
Major RFE: Developer: Subclasses of AbstractItem can implement AbstractItem#isNameEditable and return true to get automatic support for renames. Subclasses are also able to dynamically validate renames by implementing AbstractItem#checkRename.
RFE: Internal: Choose more mnemonic artifactIds for modules not consumed externally.

Jenkins 2.107.3

Wed, 9 May 2018 00:00:00 +0000

Security: Important security fixes.
RFE: Allow java.util.EnumMap and org.jruby.RubyNil for use in XStream (XML serialization) and Remoting (agent communication).
RFE: Internal: Add new update center root CA certificate.
Bug: Don't log null pointer exceptions on some forms with validation button. (regression in 2.107.2)
Bug: Allow users without Overall/Read access to use the who-am-i and logout commands.
Bug: Fix a race condition in the Setup Wizard that could lead to it being skipped on the first startup when groovy scripts or init scripts are pre-installed.
Bug: In rare configurations, agents tried to load unloadable classes from the controller, resulting in ClassNotFoundException: javax.servlet.ServletContextListener on agents.
Bug: Make Cancel Shutdown link in side panel work without requiring the page to be reloaded.

Jenkins 2.107.2

Wed, 11 Apr 2018 00:00:00 +0000

Security: Security fixes.
Major Bug: Display estimated remaining time again for Pipeline jobs. (regression in 2.89.4)
RFE: Update Apache Mina SSHD Core from 1.6.0 to 1.7.0 in CLI client.
RFE: Update Executable War from 1.37 to 1.38 to show an error when an attempt is made to run Jenkins on Java 9.
RFE: Always show the built-in node in the executors widget, even when it is offline.
RFE: Periodically persist the build queue so it can be restored on abnormal process termination.
RFE: Reduce memory footprint of jenkins.model.lazy.AbstractLazyLoadRunMap#search in descending order.
RFE: Add ConcurrentLinkedQueue to white-listed classes for use in XStream (XML serialization) and Remoting (agent communication).
Bug: JEP-200: Allow org.apache.tools.ant.Location deserialization to prevent exception when listing agent files in non-existent directory or invalid filter.
Bug: Clean up the build.xml files of parameterized projects that contained unnecessary serialized data.
Bug: Restore serialVersionUID of AbstractTaskListener. (regression in 2.91)
Bug: Prevent FileNotFoundException in hudson.Util#loadFile in case of race condition.
Bug: Make proxy views work inside folders.
Bug: Upgrade Winstone from 4.1.0 to 4.1.2 to prevent User session memory leak by setting the default idle session eviction timeout to 30 minutes.
Bug: Fix translation of 'sign up' in Dutch, used to be 'sign in'.
Bug: Improve robustness in case a build with parameters was stored with a null list of parameters.
Bug: Prevent NullPointerException in AbstractProject#checkout when the agent disconnects during a build.

Jenkins 2.107.1

Wed, 14 Mar 2018 00:00:00 +0000

Changes since 2.107:

Bug: Make JEP-200 serialization allowlist more reliable on old versions of Tomcat 8.
Bug: Don't show input validation errors in optional numeric form fields. (regression in 2.105)

Notable changes since 2.89.4:

Major RFE: Switch Remoting/XStream denylist to an allowlist.
RFE: Jenkins now creates XML 1.1 files to be more accepting of unusual contents.
Major RFE: Use Java NIO library instead of native code to create and detect symbolic links and Windows junctions to improve compatibility and robustness.
RFE: Use Java NIO to read and write Unix file permissions by default. The previous behavior can be restored by setting the Java system property hudson.Util.useNativeChmodAndMode to true.
RFE: Improve robustness and error handling of various file operations by switching to NIO.
Major RFE: Update Remoting from 3.14 to 3.17 to integrate multiple fixes and improvements.
RFE: Remove support for unbounded number of SCM polling threads. Previously, the default was infinite and could be set to between 10 and 100. Existing installations with unbounded SCM polling threads will now use the default of 10, and it is no longer possible to use a value outside of this range.
RFE: Do not require CSRF crumb to be provided when the request is authenticated using API token.
RFE: Introduce new hudson.lifecycle.ExitLifecycle to exit instead of restart.
RFE: Upgrade Executable War from 1.36 to 1.37 to allow supplying jenkins.war command-line arguments via standard input using the --paramsFromStdIn parameter.
RFE: Update SSHD Module 2.0 to 2.4 to update Apache Mina SSHD Core from 1.6.0 to 1.7.0, and fire authentication events in SecurityListeners when a user connects using SSH.
RFE: Export assignedLabels for agents and labelExpression for applicable job types in remote API.
RFE: Re-style the Manage Jenkins page, including administrative monitors.
RFE: Define a minimum required version of the Remoting library (agent communication) and print warnings when an older version is connecting.
RFE: When Jenkins fails to load plugins, show failures that users need to take action on separate from those due to other plugins failing to load.
Major Bug: Updating Jenkins jobs and views by XML left fields at their old value if not defined in the new XML.
Bug: Fix HTTP 404 error when clicking on New View sidebar link from another view.
Bug: Upgrade Executable War from 1.36 to 1.37 to prevent multiple copies of winstone-*.jar in the temp folder from using up disk space needlessly.
Bug: Update to task reactor version 1.5 to prevent hanging of Jenkins on startup/reload when an initialization task throws an unhandled exception.
RFE: Developer: Jenkins#getInstance() is now deprecated as its semantics have been a source of confusion for some time. Use #get() in typical cases and Jenkins#getInstanceOrNull() in rare cases (see Javadoc).
RFE: Developer: Deprecate the ambiguous User#getUser(String) in favor of the User#getById() or the new User#getOrCreateByIdOrFullName() methods.
RFE: Developer: Capture more authentication-related events in SecurityListener.
RFE: Developer: Deprecate hudson.util.Service in favor of Java's ServiceLoader.

Jenkins 2.89.4

Wed, 14 Feb 2018 00:00:00 +0000

Security: Important security fixes.
RFE: Security hardening to prevent problems like SECURITY-624 in the future.
Bug: Update Stapler from 1.253 to 1.254 to make the form that shows up when a URL requiring POST is accessed using a different HTTP verb work with CSRF protection enabled.
Bug: Do not downgrade detached plugins when upgrading Jenkins while its previous version was not properly recorded.
Bug: The setup wizard is now resumed upon restart if it hasn't been completed yet, instead of showing the regular login screen. (regression in 2.81)
RFE: Reduce memory usage when scheduling pipelines on big clusters.
RFE: Improve UI performance with long list of running builds by caching the estimated duration.

Jenkins 2.89.3

Thu, 18 Jan 2018 00:00:00 +0000

Major Bug: Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed when upgrading Jenkins past the version at which the plugin was detached.
Bug: Make the system property hudson.consoleTailKB actually work.
Bug: Fix a performance regression in Jenkins 2.86 due to lock contention in ExtensionList.
Bug: Prevent setup wizard from hanging when the two provided passwords differ, instead show a validation error.
Bug: Prevent concurrent installation of Maven on the same node to prevent problems.
Bug: Prevent potential NullPointerException when migrating the default "All View" name for a "My Views" user property.
RFE: Cache permission names, allowing Jenkins to recover faster after "stop-the-world" Java GC pauses.
RFE: Improve user lookup performance, for example from Git changelog calculation.

Jenkins 2.89.2

Thu, 14 Dec 2017 00:00:00 +0000

Security: Security fixes.

Jenkins 2.89.1

Wed, 6 Dec 2017 00:00:00 +0000

Changes since 2.89:

Major Bug: Recover from legacy user configuration folders with $ characters that are not part of hex escape sequences. (regression in 2.89)
Major Bug: Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site.
RFE: Update Remoting from 3.13 to 3.14 in order to apply various performance and stability improvements.
RFE: Update Windows Agent Installer from 1.9.1 to 1.9.2: Do not try to update jenkins-slave.exe on Unix agents when they connect.
Bug: Prevent caching of captcha on the login form.

Notable changes since 2.73.3:

Major RFE: Launch agent via execution of command on the master has been moved to a new Command Launcher plugin and integrated with the Script Security plugin.
Major Bug: Prevent core or plugin code from mistakenly attempting to serialize jobs, builds, and users except in their intended top-level XML file positions, preventing a class of serious deserialization-related errors.
Major Bug: Developer: Fix TimeDuration time unit handling and its incorrect usage. TimeDuration uses milliseconds as the default unit. It was supposed to parse sec or secs suffix to interpret the number as seconds, but that never worked.
Major RFE: Upgrade Stapler library from 1.250 to 1.253.
Major Bug: Stapler 1.252: Prevent file handle leak in LargeText#GzipAwareSession.
Bug: Stapler 1.252: Restore ability to attach views to interfaces. (regression in 2.46)
RFE: Stapler 1.253: Servlet 3.1 support, improved Blue Ocean performance and changes of interest to plugin developers.
Major RFE: Update Remoting to improve stability and diagnosability.
RFE: Disable obsolete JNLP, JNLP2, and CLI protocols on new Jenkins installations during Setup Wizard.
RFE: Restart agent communication related threads on both controller and agents when encountering an unhandled exception, if possible, to improve stability.
RFE: Default the built-in Jenkins Update Center URL to https://updates.jenkins.io instead of obsolete HTTP endpoint. This requires a JRE compatible with Let's Encrypt, e.g. Oracle JRE 8u101.
RFE: Moved Jenkins agent runtime to agent.jar file name, and deprecate (but still support) use of legacy slave.jar. Introduce the AGENTJAR_URL environment variable as replacement for SLAVEJAR_URL.
RFE: Improve error reporting when failing to archive artifacts.
RFE: Enable cc.xml to export jobs in folders recursively when accessed with a query parameter named recursive.
RFE: Add new administrative monitor warning users about disabled CSRF protection.
RFE: Commons Codec library upgraded from 1.8 to 1.9.
RFE: Agents JVM must be 1.8+ and a clear message is shown in connection logs if it is not.
RFE: Add sidebar link to create new view.

Jenkins 2.73.3

Wed, 8 Nov 2017 00:00:00 +0000

Security: Security fixes.
Major Bug: Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site.
Bug: Fix potential HTTP 414 error in form validation of long Batch/Shell tool installer scripts.
Bug: Properly display agent launch arguments when using nested launch methods.
Bug: Disconnect node on ping timeout instead of leaving the channel half open.
Bug: Avoid a possible server-side timeout on long-running CLI commands using plain HTTP mode by sending periodic pings from the client.

Jenkins 2.73.2

Wed, 11 Oct 2017 00:00:00 +0000

Security: Important security fixes.
Major Bug: Fix random failures to use passphrase-protected ed25519 SSH private keys. (regression in 2.73)
Major Bug: Update Remoting library from 3.10 to 3.10.2 to fix regression in Jenkins 2.68 when using non-writable home directories.
Major RFE: Update Remoting from 3.10 to 3.10.2 to improve stability and diagnosability.

Jenkins 2.73.1

Wed, 13 Sep 2017 00:00:00 +0000

Changes since 2.73:

RFE: Update Windows service wrapper from 2.1.0 to 2.1.2 and Windows Agent Installer from 1.9 to 1.9.1.
RFE: Log name of the executor thread that died to improve diagnosability.
Bug: Prevent caching of the item categories list by the browser to prevent stale data.
Bug: Improve robustness of the reverse build trigger ("Build after other projects are built").
Bug: Include culprits in XML and JSON API again. (regression in 2.60)
Bug: Button to validate proxy configuration in Manage Plugins now works correctly with NTLM authorization.

Notable changes since 2.60.3:

Major RFE: Upgrade Groovy from 2.4.8 to 2.4.11.
Major RFE: Integration of Winstone 4: Upgrade bundled Jetty from 9.2.15.v20160210 to 9.4.5.v20170502. This removes support for the deprecated SPDY protocol. The --spdy parameter has been removed accordingly and Jenkins may refuse to start if it's set.
Bug: Jetty 9.4.5: Prevent the 400 Bad Host header error for HttpChannelOverHttp when operating behind reverse proxy.
RFE: Winstone 4.1: Add Jetty HTTP/2 connector and corresponding options for Winstone-Jetty.
Major RFE: Update Remoting from 3.7 to 3.10 adding opt-in support for work directories and improving logging in Jenkins agents.
RFE: Enable Remoting work directories by default for newly created agents launched via JNLP (Java Web Start Launcher).
Major RFE: SSHD Module 2.0: Update from SSHD Core 0.14.0 to Apache MINA SSHD 1.6.0 in Jenkins core and Jenkins CLI.
RFE: SSHD Module 2.0: Enable aes192ctr and aes256ctr ciphers if JVM supports unlimited-strength encryption.
RFE: Update WinP from 1.24 to 1.25 to improve performance and diagnostics of issues like JENKINS-30782.
Bug: Update jnr-posix from 3.0.1 to 3.0.41 to pick up improvements and fixes in the POSIX platforms support.
RFE: Freestyle projects may now list Pipeline jobs as downstream and trigger them, without needing to use the Parameterized Trigger plugin or reverse triggers ("Build after other projects are built").
RFE: Internal: Define enabling/disabling in ParameterizedJob rather than AbstractProject.
RFE: Fixed Pipeline compatibility for a number of CLI commands (delete-builds, list-changes, console, set-build-description, and set-build-display-name), as well as some issues affecting error reporting in other commands when used with Pipeline.
RFE: Enable simpler syntax for upstream build trigger in pipelines.
RFE: Minor optimization to queue maintenance routines and printing of console notes, mainly for the benefit of Pipeline node blocks.
RFE: If you have the Authorize Project plugin installed and configured, its configuration will now be treated as final with respect to the behavior of Job/Build checks from Build other projects and Build after other projects are built. Formerly, if a Per-project configurable Build Authorization was enabled globally but some projects did not specify an Authorization, the two aforementioned checks would automatically fall back to checking as anonymous (typically denying build permission). To restore the former behavior, explicitly configure a Project default Build Authorization to be Run as anonymous. Note that this will affect all build-scoped permission checks, including for example Agent/Build.
RFE: Internal API: Tasks.getAuthenticationOf now honors authentication contributed by QueueItemAuthenticatorProvider extensions.
RFE: Moved agent port and protocol configuration out of "security" (authentication and authorization) block in Configure Global Security.
RFE: Don't reload user records from disk unless explicitly requested to improve performance of user record access.
RFE: Plugin Development: Jenkins now no longer publishes a war-for-test artifact. Plugins using 2.64 or a later version of Jenkins (including 2.73.1) as baseline need to use plugin parent POM 2.30 or later.

Jenkins 2.60.3

Thu, 17 Aug 2017 00:00:00 +0000

Bug: Contributions to the PATH environment variable could result in malformed values on agents on a platform different from controller's.
Bug: Robustness improvements related to agent connections.
Bug: JNLP for launching agents now requests Java 8.
Bug: Prevent NullPointerException in Jenkins#getRootURL() while the instance is not fully loaded yet.
Bug: Fix NullPointerException when calculating culprits.
RFE: The reload-configuration CLI command now waits until the reload is finished, and returns an error code if the reload failed.
RFE: Remove the "JNLP" protocol references from the TCP Agent Listener log messages.

Jenkins 2.60.2

Wed, 19 Jul 2017 00:00:00 +0000

RFE: Allow overriding the Jenkins session ID suffix so it doesn't change on every restart, possibly resulting in too many cookies.
Bug: Add documentation for time zone specification for cron patterns (e.g. SCM polling).
Bug: Do not submit form when pressing Enter in the plugin manager's filter field.
Bug: Jenkins failed to perform some cleanup tasks, including saving the build queue, if stopped via REST /exit, CLI shutdown, or when restarting from Install as Windows Service.
Bug: Don't check whether disabled administrative monitors are active or not on the Manage Jenkins page.
Bug: When starting the jenkins.war directly, properly check for Java 8 as minimum instead of Java 7 before proceeding.
Bug: Prevent NullPointerException when calling restart CLI command. (regression in 2.57)
Bug: Prevent possible NullPointerException when listing remote directories using the FilePath#list() and FilePath#listDirectories() APIs.

Jenkins 2.60.1

Wed, 21 Jun 2017 00:00:00 +0000

Changes since 2.60:

Bug: Fix for NullPointerException while initiating some SSH connections. (regression in 2.59)

Notable changes since 2.46.3:

Major RFE: Jenkins (controller and agents) now requires Java 8 to run.
Bug: Update Groovy to 2.4.8 to address memory leak issue. Pipeline: Groovy needs to be upgraded to 2.28 or higher to prevent regressions.
Major RFE: Upgrade the Windows Agent Installer module from 1.6 to 1.7. This change picks major updates in Windows service management logic.
Major RFE: Windows services: Upgrade the bundled Windows Service Wrapper from 1.18 to 2.0.2.
RFE: Windows services: Enable Runaway Process Killer by default in new agent and controller installations.
RFE: Windows services: Enable auto-upgrade of Remoting on newly installed agents if they are connected by HTTPS.
RFE: Windows services: Add support of shared directories mapping in Windows agent services.
Bug: Windows services: Integrate various stability and performance fixes in Windows Service Wrapper from 1.18 to 2.0.2. There are many fixes around configuration options and process termination.
Bug: Packaging: Do not invoke recursive chown in JENKINS_HOME during the RPM post-install step unless owned by a different user.
RFE: Use case-insensitive search by default for new and anonymous users.
RFE: Searching in the Build History widget takes into account user preferences (case sensitivity by default).
RFE: Allow searching by build parameter values in the Build History widget.
RFE: Update the Trilead SSH library to get support of new Mac, Key, and Key Exchange Algorithms.
RFE: When creating temporary files, use the jenkins prefix instead of the old hudson one.
RFE: Update German, French and Russian localizations.
RFE: Removed localizations with very low coverage: Albanian, Basque, Belarusian, Bengali, Esperanto, Galician, Georgian, Gujarati, Hindi, Icelandic, Indonesian, Irish, Kannada, Macedonian, Marathi, Mongolian, Occitan, Punjabi, Sinhala, Tamil, Telugu, Thai.
RFE: Internal API: Add the ability for ItemListener to veto copy operations; make Run#compareTo work across jobs; save Jenkins after calling setSecurityRealm or setAuthorizationStrategy.

Jenkins 2.46.3

Thu, 25 May 2017 00:00:00 +0000

Bug: If an exception is thrown while rendering an HTTP response, just log the stack trace on the server side, without trying to send an error page to the client.
Bug: Setup wizard gets into bad state when failures like network issues happen.
Bug: Catch and log RuntimeException in Computer#setNode() when updating the Computer list.
Bug: Fix AccessDeniedException in "Build after other projects are built" when user has Discover permission but not Read.
Bug: Prevent NullPointerException when a non-existent default view is specified in Configure System.
Bug: Properly handle saving system configuration when disabling all, or all but one, administrative monitors.
Bug: Remove links in stack traces to the stacktrace.jenkins-ci.org service that has been shut down.
Bug: Ensure that Cloud.PROVISION is properly initialized during the configuration loading.
RFE: Migrate legacy users only once per restart to improve performance of the user retrieval logic.
Bug: Prevent rare NullPointerException if an admin user is created in the setup wizard after first disabling CSRF protection.

Jenkins 2.46.2

Wed, 26 Apr 2017 00:00:00 +0000

Security: Important security fixes.
Major RFE: Non-Remoting-based CLI.
RFE: Disable SSH server by default.
Bug: Computer#addAction would throw an UnsupportedOperationException since Jenkins 2.30. Such a call site was released in SSH Build Agents Plugin 1.15 for SECURITY-161.
Bug: Search results page did not correctly encode query parameters.
Bug: When validating a cron expression, consider the specified time zone.
Bug: Do not display a warning when an SCM trigger has no schedules (either to disable SCM post-commit hooks, or to enable them without polling).
Bug: Fix performance issue in deduplication of lists of tool installers.

Jenkins 2.46.1

Wed, 29 Mar 2017 00:00:00 +0000

Changes since 2.46:

Bug: Prevent file descriptor leaks when Windows Service installer fails to read data from the service startup log.
Bug: Update Remoting from 3.5 to 3.7 in order to prevent file descriptor leaks on agents in the case of multiple connection attempts.
Bug: Exceptions during Jenkins cleanup step should not block restart.
Bug: Cryptic error message when loading JnlpSlaveAgentProtocol4.
Bug: Developer: Snapshot builds of plugins that had dependencies on other snapshot builds were not having their version numbers compared correctly.
Bug: Do not attempt to find the next occurrence of an impossible date such as June 31st in validation of trigger schedules.
Bug: Remoting 3.5: Stability improvements.
Bug: Remove invalid translations in Slovene.
RFE: Remoting 3.5: Add option to specify the Remoting protocol to use on the client.
Bug: Use of the remote API to create items in views (/view/…/createItem) didn't actually add items to views since Jenkins 2.22.
Bug: Remoting 3.5: Remoting clients now accept lowercase (HTTP 2) headers sent by reverse proxies.
Bug: Windows service restart did not retain build queue.

Notable changes since 2.32.3:

RFE: Update the SSHD module from 1.7 to 1.8. The change disables obsolete Ciphers: AES128CBC, TripleDESCBC, and BlowfishCBC.
RFE: Enable the JNLP4 agent protocol by default.
RFE: Allow defining agent ping interval and ping timeout in seconds. It can be done via the hudson.slaves.ChannelPinger.pingIntervalSeconds and hudson.slaves.ChannelPinger.pingTimeoutSeconds system properties.
RFE: Print stack traces in logical order, with the most important part on top.
RFE: Reduce size of Jenkins WAR file by not storing identical copies of remoting.jar/slave.jar there.
RFE: Do not print warnings about undefined parameters when hudson.model.ParametersAction.keepUndefinedParameters property is set to false.
RFE: Increase the JENKINS_HOME disk space threshold from 1 GB to 10 GB left. The warning will be shown only if more than 90% of the disk is utilized.
Bug: Delete obsolete pinning UI.
Bug: Use project-specific validation URL for SCM Trigger, so H is handled correctly in preview.
Bug: Failure to serialize a single Action could cause an entire REST export response to fail. Upgraded to Stapler 1.250 with a fix.
Bug: Add Usage Statistics section to the global configuration to make it easier to find.
Bug: Allow groovy CLI command via SSH CLI.

Jenkins 2.32.3

Wed, 1 Mar 2017 00:00:00 +0000

Bug: Display an informative message, rather than a Groovy exception, when View#getItems fails.
Bug: Don't try to set Agent Port when it is enforced, breaking form submission.
Bug: Don't add all group names as HTTP headers on "access denied" pages, possibly breaking reverse proxies due to very large headers.
Bug: Fix handling of the POST flag in ManagementLinks within the Manage Jenkins page.
Bug: IllegalStateException from Winstone when making certain requests with access logging enabled.
Bug: Do not fail to write a log file just because something deleted the parent directory.

Jenkins 2.32.2

Wed, 1 Feb 2017 00:00:00 +0000

Security: Important security fixes.
Major RFE: Support displaying of warnings from the update site in the plugin manager and in administrative monitors.
Bug: Correctly state that Jenkins will refuse to load plugins whose dependencies are not satisfied in plugin manager.
Bug: The install-plugin CLI command now correctly installs plugins when multiple file arguments are specified.
Bug: Prevent the ClassNotFoundException: javax.servlet.ServletException error when invoking shell tasks on remote agents.
Bug: Properties were not passed to Maven command by Maven build step when the Inject Build Variables flag was not set.
Bug: Job configuration submission now does not fail when there is no parameters property.
Bug: Update Remoting to 3.4 in order to properly terminate the channel in the case Errors and Exceptions.
Bug: Check for Updates button in the Plugin Manager was hidden in the Updates tab when there was no plugins updates available.
Bug: SSHD Module: Handshake was failing (wrong shared secret) 1 out of 256 times due to SSHD-330.
Bug: Performance: Use bulk change when submitting Job configurations to minimize the number of sequential config.xml write operations.
Bug: Jobs were hanging during process termination on the Solaris 11 Intel platform, regression in 2.20.
Bug: Restore option value for setting build result to unstable when loading shell and batch build steps from disk.
RFE: Update to Winstone 3.2 to support ad-hoc certificate generation on Java 8 (using unsupported APIs). This option is deprecated and will be removed in a future release. We strongly recommend you create self-signed certificates yourself and use --httpsKeyStore and related options instead.

Jenkins 2.32.1

Sat, 24 Dec 2016 00:00:00 +0000

Changes since 2.32:

Major Bug: Prevent early deallocation of process references by Garbage Collector when starting a remote process. It was sometimes causing build failures with messages like FATAL: Invalid object ID 184 iuota=187 and java.lang.Exception: Object was recently deallocated.
Bug: Redirect to login page in the case of authorisation error when checking connectivity to the Update Center.
Bug: WinP 1.24: Native class now tries loading DLLs from the temporary location.
Bug: WinP 1.24: WinP sometimes kills wrong processes when using killRecursive(). It was likely impacting process termination on Windows agents and sometimes leading to BSoD.

Notable changes since 2.19.4:

Major RFE: Upgrade Remoting to version 3.1 with JNLP4-connect protocol. Compatibility notes are available here. Notably, it is no longer possible to use JDK 6 for the Maven project type, as communication with the Maven process uses Remoting, and it now requires Java 7.
Major RFE: Show notification with popup on most pages when administrative monitors are active.
RFE: Allow disabling/enabling administrative monitors on Configure Jenkins form.
RFE: Ask for confirmation before canceling/aborting runs.
RFE: Prompt user whether to add the job to the current view.
RFE: Allow CommandInterpreter build steps to set a build result as Unstable via the return code. Shell and Batch build steps now support this feature.
RFE: Internal: Upgrade Stapler library from 1.243 to 1.246 with fixes required for the Blue Ocean project. Changes are listed here.