LTS Changelog

2.479.2

November 27, 2024
Security
Enhancement
Bug fix
  • Upgrade XStream to 1.4.21. XStream 1.4.21 includes a fix for CVE-2024-47072. JENKINS-74826
  • Do not add jobs created via the REST API to the default view (regression in 2.475). JENKINS-74795
  • Allow context classloaders to be defined without making explicit reference to the calling class. JENKINS-74814

2.479.1

October 30, 2024
Changes since 2.479
Major bug fix
Bug fix
  • Restore compatibility with plugins calling Jenkins#doSafeRestart(StaplerRequest, String). JENKINS-73838
  • Restore compatibility with plugins contributing new views with custom XML, such as the Nested Views plugin. JENKINS-73801
  • Wrap long lines in the build history. JENKINS-73437
  • Prevent an old version of ASM from appearing as a managed dependency in plugin builds. JENKINS-73867
  • Update ASM to 9.7.1 to match the most recent release of the ASM API and Jenkins ASM API plugin. JENKINS-73917
  • Do not allow builds to be deleted while they are still building. Ensure build discarders only process builds which have fully completed. JENKINS-73835
  • Allow null to be passed as the first argument to doSafeRestart. pull 9882
Notable changes since 2.462.3
Major enhancement
Major bug fix
Enhancement
  • Enhancements and refinements for the appearance of several pages in Jenkins. pull 9521pull 9707pull 9461pull 9411pull 9393pull 9381
  • Refinements and modernizations to sections of the Jenkins UI. pull 9453pull 9380pull 9365pull 9395pull 9641
  • User properties are now categorized in different pages. JENKINS-69869
  • Update the design of the build history widget. pull 9148
  • Use Notice component for views lacking jobs. pull 9724
  • Do not edit unrelated checkboxes in rowSelectionController. JENKINS-73669
  • Improve display of HTTP handshake errors (such as authentication issues) from the CLI in -webSocket mode. pull 9591
  • Use webSocket in the inbound agent command line sample. pull 9665
  • Allow plugins to customize the maximum number of suggestions in autocomplete text fields. pull 9616
  • Remove obsolete RekeySecretAdminMonitor. JENKINS-73597
  • Use makeButton to create a jenkins-button on the fly instead of using YUI. JENKINS-73563
  • Clarify that the plugin incompatibility message applies to the current plugin. JENKINS-73495
  • Add end of life dates for Alpine 3.20, Ubuntu 24.04, and Fedora 40. Correct several end of life dates, including CentOS 8. pull 9501
  • Avoid unnecessary download of bundled plugins during the setup wizard. pull 9476
  • Scroll fields from the added hetero-list entry into the viewport. pull 9488
  • Modernize the build time trend page with a "time since" column and a link to the console, and allow the table to be resized. Remove the agent column for the Pipeline build trend. pull 9465
  • When using ExitLifecycle, exit the process immediately upon a boot failure. Also allow custom lifecycles to exit immediately. pull 9483
  • Display the source URL in logs when installing a plugin. pull 9449
  • Allow some administrative monitors to be displayed for users with Overall/MANAGE permission. pull 9437
  • Increase the minimum required Remoting version from 4.13 to 3107.v665000b_51092. pull 9440
  • Update Stapler from 1880.vb_6d94a_3b_05db_ to 1881.vd39f3ee5c629 and Winstone-Jetty from 6.19 to 6.20 to let Jetty handle HTTP response compression. A new command-line option --compression can be used to disable compression if desired. pull 9379Stapler 1881.vd39f3ee5c629 release notesWinstone-Jetty 6.20 release notes
  • Remove idle executors from the Build Executor widget. pull 9177
  • The latency for bringing up offline agents can be improved using a new global config option Computer Retention Check Interval and setting an In demand delay of zero on the agents. JENKINS-14789
Bug fix
  • Several bug fixes for the Jenkins UI. pull 9695JENKINS-73695pull 9667pull 9654JENKINS-73330pull 9649pull 9625pull 9658JENKINS-73302
  • Restore compatibility with plugins contributing new objects with context menus, such as the Nested Views plugin. JENKINS-73785
  • Make deserialization of Map fields in XML files more robust. JENKINS-73687
  • Restore compatibility with the OpenId Connect Authentication and Reverse Proxy Authentication plugins. pull 9696
  • Validate display name only against items in the same ItemGroup. JENKINS-72988
  • Correct the styling for plugins that can't be disabled in plugin manager when user has system read permission. pull 9463
  • Refresh the build history widget in all cases, including on background tabs or hidden tabs. JENKINS-73613
  • Fix IndexOutOfBoundsException in cloud management pages when the controller has no executors. pull 9519JENKINS-73554
  • Fix the hudson.slaves.SlaveComputer.allowUnsupportedRemotingVersions escape hatch, which was previously not working with inbound agents. JENKINS-73467

2.462.3

October 2, 2024
This is the last Jenkins LTS release to support Java 11. Future Jenkins LTS releases will require Java 17 or Java 21. More information is available in the Java support policy and the 2 + 2 + 2 Java support plan blog post
Security
Major bug fix
  • No longer printing verbose and uninformative messages to $JENKINS_HOME/logs/tasks/Periodic background build discarder.log. JENKINS-73692
Enhancement
Bug fix
  • Fix the appearance of the Plugin Manager actions dropdown. JENKINS-73668
  • Add escape hatch for Authenticated user access to Resource URL. JENKINS-73422

2.462.2

September 4, 2024
Enhancement
Bug fix
  • Change icon size in table when resizing the table. JENKINS-73453
  • Fix New Item page layout if no icon is defined for an item (regression in 2.453). JENKINS-73586

2.462.1

August 7, 2024
Changes since 2.462
Security
Enhancement
Notable changes since 2.452.4
Enhancement
  • Upgrade Commons FileUpload from 1.5 to 2.0.0-M2. Users of the SAML Single Sign On (SSO) (miniorange-saml-sp) plugin should upgrade to a compatible version in lockstep with upgrading Jenkins core. Users of the OpenText Application Automation Tools (hp-application-automation-tools-plugin) plugin should wait for a compatible version before upgrading Jenkins core. Apache Commons 2.0.0-M2 release notes
  • Refresh the 'New item' page. pull 9111
  • Move Add description to app bar. pull 9271
  • Add download option to Console output, move View as plain text and Copy buttons to app bar. pull 9169
  • Remove Disable project button from project view. pull 9287
  • Refresh the style of alerts. pull 9115
  • Improve the edit build information page. pull 9132
  • Avoid jumping layout due to tooltips. JENKINS-73158
  • Refine button appearances in sidebars, menus, pages and breadcrumbs. pull 9367
  • Adjust heading weights and sizes. pull 9366
  • Display how many users there are on the Users page. pull 9221
  • Improve the performance of JSON parsing. json-lib PR 30
  • Improve the performance of file compression and decompression. pull 9312
  • Improve startup performance when jobs have been created via REST API or command line interface. JENKINS-64356
  • Remove ASM dependencies from core. JENKINS-73046
  • The webappsDir argument to run Winstone with a directory full of WAR files has been removed without replacement. Winstone 6.19 changelog
  • Allow pipeline jobs to run when built-in node is offline. JENKINS-53958
Bug fix
  • Adjust side panel sizes for certain screens like iPad Pro. JENKINS-70246
  • Installed plugin view no longer jumps during first load. JENKINS-69588
  • Fix status icon animation display on Safari. JENKINS-72845
  • Remove tooltip when a widget is refreshed. JENKINS-72744
  • Honor readonly mode when displaying enumerations on pages. JENKINS-72854
  • After reconfiguring a static inbound agent in the GUI using fields such as WebSocket, deprecated in 2.440.x, the suggested launch instructions would incorrectly include tunnel (with no argument) even if that field had been left blank. JENKINS-73011
  • Fix the WorkspaceCleanupThread to consider workspaces with suffixes even if the original is nonexistent. Reduce the number of remoting calls made by WorkspaceCleanupThread. JENKINS-65829
  • Work around an upstream issue that could cause a hang in rare cases when two users load a configuration screen of the same type at the same time. JENKINS-60997
  • Handle svg cleanup via an xml document to avoid broken symbols. JENKINS-73156
  • Treat lines of text (mainly in build logs) as completed by a single carriage return in addition to a newline or carriage return plus newline, avoiding an out of memory error if a large number of such lines are printed in sequence. JENKINS-73090
  • Add new CSS classes to avoid conflicts with CSS classes from bootstrap. JENKINS-73114

2.452.4

August 7, 2024
Security

2.452.3

July 10, 2024
Major bug fix
  • Show help text in the correct locale even if user has an alternate language option defined in their browser (regression in 2.444). JENKINS-73246
  • Correctly highlight alerts (regression in 2.452.2). JENKINS-73301
Bug fix

2.452.2

June 12, 2024
Major bug fix
  • Rename CloudSet query parameter type to cloudDescriptorName to avoid conflicts in cloud plugin implementations. JENKINS-72622
Enhancement
Bug fix
  • Add new CSS classes to avoid conflicts with CSS classes from bootstrap. JENKINS-73114
  • Fix width of weather icons in Safari when zoomed. JENKINS-73047
  • Consistently notify job listeners when the job definition is updated from the REST API or command line interface. JENKINS-64553

2.452.1

May 15, 2024
Changes since 2.452
Major bug fix
  • After reconfiguring a static inbound agent in the GUI using fields such as WebSocket (deprecated in 2.440.x), the suggested launch instructions would incorrectly include -tunnel (with no argument), even if that field had been left blank. JENKINS-73011
Bug fix
  • If the variant plugin is installed at the same time as a plugin that has an OptionalExtension, these extensions would not be correctly discovered until the next scan for new Extensions. JENKINS-72998
Enhancement
Notable changes since 2.440.3
Major enhancement
  • Remove the People view. Administrators can install the new People View plugin to restore this functionality. JENKINS-18884pull 9060People View plugin
  • Add specific temporary files to the Debian package for better support of Unix domain sockets. Require Debian 10 and Ubuntu 20.04 as the minimum supported versions for Debian packages. pull 456 (packaging)Packaging issue 455
  • Allow recursive remote file copy even if the local and remote nodes have incompatible character sets at binary level such as ISO-8859-1 and CP-1047. JENKINS-72540
Enhancement
  • Modernize progress bar UI in various locations. JENKINS-69113
  • Add components for dropdown items. Refer to the new Design Library Dropdowns page for implementation details. pull 8827
  • Use the symbol for parameters in the build history of pending jobs. pull 8977
  • Add a "copy to clipboard" button to the build console output. pull 8960
  • Enable readonly mode for dropdown menus when using the Extended Read Permission plugin. pull 8955
  • Remove the extra margin when viewing in read only mode. pull 8938
  • Add a computer icon legend and a new icon for agents that are not accepting tasks. JENKINS-69191
  • Remove unused material icons. pull 8831
  • Localize the Appearance link and plain text Markup Formatter for Turkish. pull 9067pull 9062
  • Make the Agent/Provision permission available in the global Security configuration when using matrix-based authorization strategies. JENKINS-72637
  • Do not configure an authenticator during proxy configuration via the GUI if the proxy username is blank. pull 8990
  • Add ability for custom update centers to override the suggested plugin list. pull 8951
  • Create an index page for heap dump creation. pull 8929
  • Non-Pipeline builds interrupted by a controller restart will now be marked as aborted rather than failed. pull 8986
  • Prevent authenticated access to Resource Root URL. JENKINS-72636
  • Update operating system end of life data for Amazon Linux, Alpine Linux, and Fedora Linux. pull 8864
  • Use jlink to reduce Java size on Windows as we've done previously for Java on Linux. pull 1848 (Docker)
  • Support Session ID for External Job Monitor to avoid HTTP 503 response. pull 8825
Bug fix
  • Do not attempt to self-restart on operating systems where this is not supported. JENKINS-72833
  • Fix a crash when restarting Jenkins on macOS. JENKINS-65911
  • Set the correct owner for Jenkins.clouds after Jenkins.load(). pull 8976
  • Improve locale parsing for loading of localised help files. JENKINS-72627
  • Support noCertificateCheck with webSocket on the CLI. JENKINS-72532
  • Show an error message in progressive logs on 4xx status codes. JENKINS-72509
  • Avoid a stack trace from ArtifactArchiver when no artifacts are found. JENKINS-71700
  • Restore performance displaying build artifacts when using remote artifact managers such as in S3. A security fix in 2.394 caused a substantial slowdown that is now resolved. pull 8874
  • Adjust heap dump file name for compatibility with OpenJDK file suffix requirements. JENKINS-72579
  • Fix build button rendering for Dashboard View plugin. pull 8854
  • Change focus in the new item page only if from has a valid job name. JENKINS-66530

2.440.3

April 17, 2024
Security
Bug fix
  • Ensure threads in the Computer.threadPoolForRemoting executor service always have the Jenkins webapp ClassLoader set as the context ClassLoader to prevent random class loading issues when code is running in this ExecutorService. JENKINS-72796
  • Customization of agent log files did not work for inbound agents. JENKINS-72799
Enhancement

2.440.2

March 20, 2024
Security
Enhancement
Bug fix
  • Restore progress animation in build history and build time trend views (regression in 2.434). JENKINS-72711

2.440.1

February 21, 2024
Changes since 2.440
Security
Major bug fix
Bug fix
  • Update the bundled Matrix Project Plugin from 818.v7eb_e657db_924 to 822.824.v14451b_c0fd42. JENKINS-72603
  • Find selected radio option when validating instead of the last one used. JENKINS-72505
Notable changes since 2.426.3
Major enhancement
Enhancement
  • Add telemetry for basic Java system properties describing the environment. pull 8787
  • Turkish localization fixes for build, login, and user management pages. pull 8631
  • Fix a minor memory leak in a Remoting log statement. Add forward proxy support for WebSocket. Support custom certificate options for WebSocket. pull 8643
  • Remove build timeline widget from the build history pages of views, jobs, and agents. JENKINS-60866
  • More consistently report errors launching outbound agents. pull 8675
  • Stop recommending JNLP URL in agent launch instructions. pull 8639
  • Deprecate all configurable options in Launch agent by connecting it to the controller (inbound in JCasC), as these are only useful in conjunction with the deprecated jnlpUrl mode. pull 8762
  • The jnlpUrl ${JENKINS_URL}/computer/${AGENT_NAME}/jenkinsagent.jnlp argument to the agent JAR has been deprecated. Use url ${JENKINS_URL} and name ${AGENT_NAME} instead, potentially also passing in webSocket, tunnel, and/or work directory options as needed. pull 8773
  • Removed deprecated and unused class UserProperties. pull 8679
  • Deactivate the administrative monitor when all previously offline agents are again online. JENKINS-72159
  • Prepare node monitors to work with configuration as code. JENKINS-64816
  • Rework node monitor configuration. JENKINS-72371
  • Allow configuration of disk thresholds globally and for each agent. Improve the warning when disk space is too low. Ensure agents are taken offline when disk space is low. JENKINS-72009
  • Fail fast when attempting to load a broken plugin that contains the Jenkins test harness in production. pull 8714
  • Add packaging support for Unix domain sockets. pull 442 (packaging)
  • Accept all 2xx and 3xx status codes to validate proxy in HTTP Proxy Configuration. JENKINS-72343
  • Ensure uptime is independent of system clock. JENKINS-72157
  • Show monitoring data on agent page. pull 8725
  • Use a notification and Jenkins modal for 'Apply' button failures. pull 8394
  • BootFailure subclasses can now override the Jenkins startup failure page. pull 8442
  • Reduce the window of time during which a crash may lead to an inconsistent state on Linux. pull 8815
Bug fix
  • Restore printing output from println and similar methods for the groovy CLI command (regression in 2.427). JENKINS-72181
  • Refer to the correct option in the security configuration help text. JENKINS-72222
  • Restore security configuration help text and remove obsolete help text. pull 8630
  • Some agent-related objects could be kept in memory after being disconnected and removed from the computer list. pull 8640
  • Avoid incorrect styling when deleting the first of two shell steps in a job definition. JENKINS-72196
  • Prevent a deadlock that can occur when loading PermalinkProjectAction.Permalink. pull 8736
  • Display strings consistently in the requested language when running Jenkins in a JVM with a non-english locale. JENKINS-72449
  • Fix nested job link in mobile view. JENKINS-72288
  • Do not show option to copy items when there are no items visible. JENKINS-72443
  • Display correct time zone in build history. JENKINS-71965
  • The tunnel property on an inbound agent was inadvertently broken for JCasC usage in 2.437. It remains deprecated and usages should be deleted (regression in 2.437). pull 8793
  • Fix SimpleScheduledRetentionStrategy on inbound agents. Allow suspended inbound agents to again accept tasks when they are reconnected and the configured scheduling policy is enabled. JENKINS-72370
  • Remove code that may have caused an agent-side hang under a rare race condition. Remoting PR 713
  • Reduce the likelihood of thread creation errors on agents. Remoting PR 717

2.426.3

January 24, 2024
Security
Bug fix

2.426.2

December 13, 2023
Enhancement
  • Warn users at 12 months prior to end of Java support and again at 3 months prior to end of Java support. pull 8661
Bug fix

2.426.1

November 15, 2023
Short container image tags (without "jdk" in them) such as jenkins/jenkins:2.426.1 are now using Java 17. If you need to continue using Java 11, use tags like jenkins/jenkins:2.426.1-jdk11. The Windows container images of this release switch from a windowsservercore-1809 Temurin base image to a windowsservercore-ltsc2019 Microsoft base image. Note also that a proper set of tags is now published for these Windows images and they include "ltsc2019" instead of only "2019".
Changes since 2.426
Major bug fix
  • Show form validation results for form elements that are initially hidden. Remove previous form validation errors when the form validation is updated with new content (regression in 2.355). JENKINS-71252JENKINS-70793
  • Fix multibranch Pipeline Add source and other uses that mix inputs and buttons (regression in 2.422). JENKINS-72170
  • Add sleep call when -noReconnect is not specified for Kubernetes agents. Remoting PR 675
  • Add proxy support for Remoting. JENKINS-65368
  • Fix agent allocation due to label issue detected by vSphere Cloud plugin (regression in 2.421). JENKINS-71937
  • Fix drag and drop handle for existing repeatables (regression in 2.335). JENKINS-72189
Enhancement
Bug fix
  • Show the description of boolean build parameter values on the Parameters view (regression in 2.179). JENKINS-72179
  • Allow clouds to be reordered. This was previously possible, but disappeared when the cloud management was moved to a separate page (regression in 2.403). JENKINS-72020
  • Update SnakeYAML plugin to 2.2 to silence security scanners. JENKINS-70994
Notable changes since 2.414.3
Major enhancement
Major bug fix
  • Prevent incorrect readResolve implementations from breaking agent label parsing. pull 8448
Enhancement
  • Automate the display of an administrative monitor when approaching Java end of life (EOL) dates. pull 8526
  • Remove System V initialization scripts from RPM based installers. The System V initialization scripts were replaced in March 2022 with systemd initialization. RPM users with a custom log directory no longer have a logrotate(8) configuration out-of-the-box. pull 409 (packaging)Linux install packages migrated from System V init to systemd
  • Add a nicer 404 error page. JENKINS-71087
  • The minimum required Remoting version has been increased from 4.7 to 4.13. pull 8503
  • List plugins in deterministic order to improve diagnosability of plugin linkage errors. JENKINS-71950
  • Display a notice when plugin updates are available or when there are no plugins installed. pull 8208
  • Remove the treeview option for artifactList. JENKINS-71054
  • Log agent usage by job. pull 8283
  • Make tab panes accessible via keyboard. JENKINS-71496
  • Add allow-same-origin to the sandbox ContentSecurityPolicy directive of workspace and artifact browsers if the Resource Root URL feature is not used. Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests. JENKINS-71366
  • Updates to Turkish localization for jobs. pull 8368
  • Remove the rebuild plugin from the setup wizard plugin selection. pull 8258
  • Stop shipping net.sf.kxml:kxml2 because Jenkins no longer depends on it. pull 8503
Bug fix
  • Prevent log spam when using the Jenkins security database and users signup. pull 8474
  • Show a confirmation popup when triggering a task action from a context menu. JENKINS-71880
  • Hide the delete button from the only repeatable element in configuration forms when at least one element is expected. JENKINS-72018
  • Symbols display in breadcrumbs now. JENKINS-71983
  • Message no longer appears twice when the agentLog option is used. JENKINS-38520
  • Hide administrative monitors icons/popup in the header of Manage Jenkins, as they're shown directly on the page. JENKINS-71848
  • Fix link to job in the message informing administrators of trigger computations that run for an unusually long time. JENKINS-71833
  • Use standard size node icon even with long node names. pull 8089
  • Add the X-Content-Type-Options HTTP header to the response from the agent listener. Silence security scanners that incorrectly report an issue when the HTTP header is missing. JENKINS-71186
  • Estimate project duration accurately in more cases. pull 8233

2.414.3

October 18, 2023
Short tags (without "jdk" in them) such as jenkins/jenkins:2.414.3-alpine are using Java 17 and not Java 11 like previously. If you need to keep using Java 11, use tags like jenkins/jenkins:2.414.3-jdk11. Also note that two new tags (2.414.3-alpine-jdk17 & 2.414.3-slim-jdk17) have been published without any content change a week later than the original ones.
Security
Major enhancement
Major bug fix
  • Do not create a large number of threads when making numerous HTTP requests. JENKINS-72016
  • Reduce high memory usage from XStream2.AssociatedConverterImpl (regression in 2.405). JENKINS-72076
Enhancement
Bug fix
  • Restore context menus of model links in build history views and administrative monitors (regression in 2.402). JENKINS-71890

2.414.2

September 20, 2023
Security
Major enhancement
  • Add allow-same-origin to the sandbox Content-Security-Policy directive of workspace and artifact browsers if the Resource Root URL feature is not used. Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests. JENKINS-71366
Major bug fix
  • The plain text console log will still be printed even if some console annotations are corrupt. JENKINS-61452
Bug fix
  • New login page breaks login-theme-plugin (regression in 2.404). JENKINS-71238
  • Fix invalid CSS which caused some buttons to become invisible on hover (regression in 2.402). JENKINS-71238

2.414.1

August 23, 2023
Changes since 2.414
Security
Major enhancement
Enhancement
  • Add last build status to job page. pull 8129
Bug fix
  • Remove rebuilder plugin from the setup wizard plugin selection. JENKINS-71630
  • Only disable the plugin manager "install" button if no plugins are selected (regression in 2.414). JENKINS-71698
Notable changes since 2.401.3
Major enhancement
Major bug fix
  • Prefix the name of input elements of ListView to prevent form submission issues when an Item (job) is named elements. JENKINS-71200
Enhancement
Bug fix
  • Fix update center proxy configuration hyperlink in error messages. JENKINS-71244
  • Fix support of clouds without a config.jelly file. pull 7972

2.401.3

July 26, 2023
Security
Bug fix
  • Remove incorrect text from JENKINS_HOME help. pull 8161

2.401.2

June 28, 2023
Major enhancement
Enhancement

2.401.1

May 31, 2023
Changes since 2.401
Security
Bug fix
  • Fix the writing of emojis to XML (regression in 2.403). JENKINS-71182
  • Do not write NUL values to XML files. A technically illegal #x0 (NUL) could be written to Jenkins XML files but could no longer be read. Now the write will fail as well (regression in 2.398). JENKINS-71139
  • Remove "undefined" trailing text from system dropdown menu. JENKINS-71345
  • Fix the warning icon in the workspaces temporary directory message. JENKINS-71160
  • Show full width filter field for builds on pages less than 970 pixels wide. JENKINS-71115
Notable changes since 2.387.3
Enhancement
  • Simplify the names of the settings in Manage Jenkins. pull 7661
  • Use a card layout instead of a table for the dashboard on mobile. pull 7581
  • Refresh the Build with Parameters interface. pull 7748
  • Revamp icon legend as a modal. pull 7718
  • Refresh the design of the About Jenkins page. pull 7712
  • Running pipeline build logs can now be displayed across controller restarts without reloading in some environments. pull 7614
  • Introduce user experimental flags. JENKINS-69853
  • Add a copy button for the code snippets that start agents and for the Jenkins home directory. Warn user that copy button requires HTTPS. pull 7625pull 7678pull 7665JENKINS-21052
  • The default connection mode for the Java CLI client is now webSocket. You can specify http to continue to use the former default (for example because you are running Jenkins in a servlet container other than the recommended builtin Jetty, or because you are running an unusual reverse proxy which does not support WebSocket). You can also continue to specify ssh to use SSH transport (for example because you prefer to authenticate with a private key rather than an API token), or use a native SSH client. pull 7605
  • Simplify loading of JavaScript and CSS. Users of OWASP DependencyTrack must upgrade to 4.3.1 or later, and users of ServiceNow CI/CD must upgrade to 2.1 or later. pull 7827
  • Upgrade Spring Framework from 5.3.26 to 5.3.27. Spring Framework 5.3.27 release notes
  • Upgrade bundled Winstone from 6.7 to 6.10. Add the excludeProtocols option. Improve logging during shutdown. pull 7632Winstone 6.10 changelogWinstone 6.9 changelogWinstone 6.8 changelog
Bug fix
  • Fix null pointer exception on the "Manage Jenkins" page when HTTP/2 is enabled. JENKINS-70630
  • Hide the Restart Jenkins checkbox in the update center if the controller doesn't support it. JENKINS-69489
  • Move set node temporarily offline/online buttons to appbar. JENKINS-70394

2.387.3

May 3, 2023
Bug fix
  • Restore New Node button in computer overview for users with node creation permission. JENKINS-70820
  • Fix Delete Build button text overflow. JENKINS-70809
  • Hide Restart Jenkins checkbox in the update center if the controller doesn't support it. JENKINS-69489
  • Support emojis in Job DSL scripts. JENKINS-69129

2.387.2

April 5, 2023
A new GPG signing key is used for the Jenkins long term support package repositories. Follow the instructions in the upgrade guide to install the new public key on your computer.
Major bug fix
  • Adjust WebSocket idle timeout to 60 seconds by default, to avoid "WebSocketTimeoutException: Connection Idle Timeout" issues. JENKINS-69955
Bug fix
Enhancement
  • Sign WAR file and Windows installer with new code signing certificate. pull 358

2.387.1

March 8, 2023
Changes since 2.387
Security
Major bug fix
  • Move 'set node temporarily offline/online' buttons to app-bar to make them clickable again (regression in 2.385). JENKINS-70394
  • Allow WebSocket agent connections to time out after 5m if a write never succeeds. JENKINS-70531
  • Fix the TcpSlaveAgentListenerRescheduler functionality. TcpSlaveAgentListener is automatically restarted on failure. JENKINS-70334
Bug fix
  • Add script-security update to LTS baseline. JENKINS-70487
  • Do not submit empty telemetry data if an error occurred during data collection. JENKINS-70533
  • Update bundled Apache Mina SSHD API plugins from 2.9.1-44.v476733c11f82 to 2.9.2-50.va_0e1f42659a_a. CVE-2022-45047
Enhancement
  • Limit the maximum number of search results.
Notable changes since 2.375.3
Major enhancement
Major bug fix
Enhancement
  • The minimum required Remoting version has been increased to 4.7 (released on February 16, 2021). pull 7340
  • Add telemetry related to distributed builds. JENKINS-70199
  • Add telemetry for activation of permissions that are not enabled by default. JENKINS-70044
  • Remove the notice in the plugin manager Updates tab about newer plugin versions not compatible with your current core version. Limit the display of updates to plugin versions actually being offered by the update center for your core version. JENKINS-62332
  • Show recommended actions, such as "update affected plugins", in security warnings popup. pull 7046
  • Jenkins no longer bundles a patched version of the deprecated Commons HttpClient 3.x library for use by plugins. Plugins should be migrated to the native Java 11 HTTP client or updated to depend on the legacy Commons HttpClient 3.x API plugin. Commons HTTP ClientApache HTTP Client
  • Remove the deprecated Multijob plugin from the setup wizard. pull 7413
  • Remove the deprecated WMI Windows Agents plugin from the setup wizard. pull 7414
  • Do not report implied dependencies for WMI Windows Agents plugin. JENKINS-70301
  • Avoid unnecessary configuration save when reloading configuration from disk. pull 7305
  • Robustness improvement regarding build number collisions. JENKINS-23152
  • Remove support for log rotation via SIGALRM. The command-line argument --daemon has been removed. pull 7256
  • Upgrade XStream from 1.4.19 to 1.4.20. This maintenance release addresses the security vulnerabilities CVE-2022-40151 and CVE-2022-41966, causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types. XStream 1.4.20 release notesCVE-2022-40151CVE-2022-41966
  • Upgrade Guice from 5.0.1 to 5.1.0. Guice 5.1.0 contains eight fixes and improvements. Guice 5.1.0 release notes
  • Upgrade Spring Framework from 5.3.23 to 5.3.24. Spring Framework 5.3.24 release notes
Bug fix
  • Improve tooltip performance. JENKINS-70178
  • Fix the update of disabled plugins. JENKINS-69183
  • Close connection on the agent if the agent's liveness ping receives no response. JENKINS-70414
  • Delay initialization of cryptography needed for TCP inbound agents unless and until such an agent is connected. pull 7514
  • Delete .disabled files when uninstalling a plugin. JENKINS-68194
  • Fix a race condition affecting the launch of inbound agents. pull 7378

2.375.4

March 8, 2023
Security
Enhancement
  • Limit the maximum number of search results.

2.375.3

February 8, 2023
Bug fix
  • Resolve implied dependencies on WMI Windows Agent plugin. JENKINS-70301
  • Prevent Angry Jenkins when checking a non http(s) based update center URL. JENKINS-70240
  • Remove negative letter-spacing to improve legibility in some languages and fonts (regression in 2.340 + 2.350). JENKINS-70209
  • Restore link to last breadcrumb in Console view. JENKINS-70169

2.375.2

January 11, 2023
Enhancement
Major bug fix
  • Wait for 10 seconds before attempting to reconnect a WebSocket agent, regardless of whether or not the controller is responding. Slow down websocket re-connect
  • Memory leak when repeatedly connecting WebSocket agents. JENKINS-70103
Bug fix
  • Updated bundled Script Security plugin from 1189.vb_a_b_7c8fd5fde to 1190.v65867a_a_47126. Updated JUnit plugin from 1156.vcf492e95a_a_b_0 to 1160.vf1f01a_a_ea_b_7f. Jenkins Security Advisory 2022-11-15
  • Fix console-view bouncing when new entries appear. JENKINS-69587

2.375.1

November 30, 2022
Changes since 2.375
Major bug fix
  • Prevent potential deadlocks on websocket agents. JENKINS-69890
  • Fix Gravatar error on profile page (regression in 2.335). JENKINS-70023
Enhancement
  • Add telemetry for activation of permissions that are not enabled by default. JENKINS-70044
Notable changes since 2.361.4
Major enhancement
Major bug fix
  • Prevent a stack overflow when loading a queue (regression in 2.361). JENKINS-69850
Enhancement
Bug fix
  • Fix sorting of British currency in tables. pull 7250
  • Improve build progress animation when refreshing parts of the history/executors widget. JENKINS-68627
  • Fix the resize behavior of Execute Shell build steps. JENKINS-69320
  • Fix searchBar is null issue in setup wizard and when using custom Jenkins headers. JENKINS-69250
  • Ensure that temporary network partitions do not cancel the WebSocket ping thread (regression in 2.363). pull 7195

2.361.4

November 13, 2022
Major bug fix
  • Prevent a stack overflow when loading a queue (regression in 2.361). JENKINS-69850

2.361.3

November 2, 2022
Major bug fix
  • Fix a race condition that causes file descriptor leaks when cloud agents are created (regression in 2.294). JENKINS-69534
Bug fix
  • Model link chevron is not in center in user build cause on console log. JENKINS-69257
  • Table columns get wider or smaller depending on the sort selection. JENKINS-67864

2.361.2

October 5, 2022
Major bug fix
Bug fix
  • Fix the resize behavior of Execute Shell build steps (regression in 2.321 or 2.357). JENKINS-69320
  • Fix a potential FileAlreadyExistsException error on startup on systems with slow I/O. JENKINS-67624
  • Fix Plugin Manager selection buttons appearance. JENKINS-69467
  • Fix Java version check in /etc/init.d/jenkins. JENKINS-69570
  • Properly reset attributes of cached symbols. JENKINS-68805

2.361.1

September 7, 2022
Changes since 2.361
Security
Major enhancement
Major bug fix
  • Fix an error when rebuilding jobs triggered by polling (regression in 2.358). JENKINS-69210
  • Update Jenkins pom from 1.83 to 1.84. Ensure jar files and javadoc are up to date for 2.361.1. JENKINS-69198
Bug fix
Notable changes since 2.346.3
Major enhancement
Enhancement
  • The instance-identity module has been converted to a detached plugin. JENKINS-55582
  • Update the minimum required Remoting version to 4.2.1. pull 6671
  • Keyboard shortcut added to focus global search bar (⌘ + K/CTRL + K). pull 6893
  • Blocked upstream projects in the queue block downstream projects when the option "Block build when upstream project is building" is enabled for the downstream project. Similarly, blocked downstream projects in the queue block upstream projects when the option "Block build when downstream project is building" is enabled for the upstream project. JENKINS-68780
  • Add breadcrumbs to "Manage Jenkins" and children of it. Developers should ensure they use relative links for navigating between pages if they are a child of "Manage Jenkins". pull 6126
  • Use native Java Platform functionality rather than Ant to load classes. The old behavior can be restored by setting -Dhudson.ClassicPluginStrategy.useAntClassLoader=true. pull 6571
  • Remove Java Web Start support for launching inbound agents, along with the GUI mode, the platform-specific agent installers, and the JAR signature. pull 6543Java Web Start
Bug fix

2.346.3

August 10, 2022
Enhancement
Bug fix
  • Revert prior attempts to make log records collectible by limiting discarded messages. JENKINS-68417
  • Connect breadcrumb context menus to items in subfolders. JENKINS-68906
  • Improve progress bar visibility in shaded rows. JENKINS-68672
  • Update Remoting from 4.13.2 to 4.13.3 to improve performance of previous fix for java.lang.OutOfMemoryError: unable to create new native thread on agents. JENKINS-65873

2.346.2

July 13, 2022
Enhancement
Bug fix
  • Ignore duplicate log recorders keyed by same name. JENKINS-68752
  • Display job icons correctly on the Jenkins dashboard, even when a non-empty context path alters the URL (regression in 2.346.1). JENKINS-68639
  • Show all log messages when an inbound agent fails to connect (regression in 2.310). JENKINS-68785
  • Plugins selected for update cannot be unselected once the update has started. JENKINS-68730
  • Fix offset of radio buttons when selected. JENKINS-68799
  • Make previous boot attempt timestamps available to boot-failure.groovy startup hooks (regression in 2.308). JENKINS-68848

2.346.1

June 22, 2022
Changes since 2.346
Security
Enhancement
  • Remove SSH Plugin from setup wizard plugin selection. JENKINS-68556
  • Allow running on Java 17 without --enable-future-java. pull 6602
  • Show remote class loader statistics of agents with new table layout. JENKINS-68591
  • Update bundled Script Security Plugin from 1.75 to v35f6a_0b_8207e Update bundled WMI Windows Agents Plugin from 1.0 to 1.8.1 pull 65822022-05-17 security advisory
Bug fix
  • Fix indistinguishable build scheduling icon when the job is already in-queue (regression in 2.321). JENKINS-68303
  • Fix the position of the help button when it is not directly attached to an object (regression in 2.320). JENKINS-68042
  • Restore actions icon size lookup (regression in 2.341). JENKINS-68296
  • Fix a runtime error when viewing the build time trend on Java 17. JENKINS-68215
  • Provide supporting infrastructure to enable Pipeline: Groovy to work around a metaspace memory leak for users running Pipeline jobs on Java 11. pull 6597JENKINS-63766JDK-8231454 metaspace leak
  • Restore the frame color of the build progress bar of the executor widget. pull 6607
  • Keep the Save and Apply buttons in front of menus (regression in 2.337). JENKINS-68640
  • Fix WebSocket reconnection in edge cases. Upgrade from Remoting 4.13 to 4.13.2. pull 6576JENKINS-68542Remoting 4.13.2 changelog
  • Fix class attribute for Jenkins Symbols using <l:icon … />. JENKINS-68630
Notable changes since 2.332.4
Major enhancement
Major bug fix
Enhancement
Bug fix
  • Render the question mark on the new help button only once so that it is not shown twice, even while using different themes. pull 6233
  • Wait for the computation to finish when triggering a new build while the build graph is being recomputed. This guarantees that recently updated build triggers are executed. JENKINS-67237

2.332.4

June 22, 2022
Security
Enhancement
  • Remove SSH Plugin from setup wizard plugin selection. JENKINS-68556

2.332.3

May 4, 2022
Major bug fix
  • Avoid a deadlock between agent class loading and logging. JENKINS-68122
Enhancement
Bug fix
  • Allow filtering updates in plugin manager by plugin ID (regression in 2.320). JENKINS-68260
  • Display log entries with missing logger names in the log viewer. pull 6310
  • Preserve load statistics data for label expressions. JENKINS-68055
  • Fix bad encoding of security warnings in French showing special characters. pull 6382

2.332.2

April 6, 2022
Enhancement
Bug fix

2.332.1

March 9, 2022
Changes since 2.332
Enhancement
Bug fix
  • Keep the same height when dragging and dropping a component (regression in 2.277). JENKINS-67496
  • Correctly render expandable text boxes into multiple lines (regression in 2.197 and 2.176.4). JENKINS-67627
  • Show correct feature name in tooltips of help links (regression in 2.179). JENKINS-67662
  • Launch only one agent to satisfy cloud agent requests that use label expressions. JENKINS-67635
  • Truncate long build names again (regression in 2.332). JENKINS-67689
  • Overwrite grey balls icon with the modern "not built" status. JENKINS-67753
  • Render the question mark on the new help button only once so that it is not shown twice, even while using different themes. pull 6233
  • Update remoting from 4.11 to 4.12 to allow Java web start agents to connect (regression in 2.318). pull 5983JENKINS-67000Remoting 4.11.2 changelogRemoting 4.12 changelog
  • Restart systemd service when the controller exits unexpectedly. JENKINS-56219
  • Restart the Jenkins service after plugin updates on Debian 11 (bullseye). JENKINS-65809
Notable changes since 2.319.3
Major enhancement
  • Always enable the agent-to-controller security subsystem. Remove the admin-customizable allowlists for callables and file paths. Remove the ability to access some files on the controller from agents. Use the Plugin Manager to upgrade incompatible plugins. pull 5885JENKINS-67173the issue tracker
  • Upgrade the Guava library from 11.0.1 (released on January 9, 2012) to 31.0.1 (released on September 27, 2021). Plugins have already been prepared to support the new version of Guava. Use the Plugin Manager to upgrade all plugins before and after upgrading Jenkins. pull 5707JENKINS-36779JEP-233Guava web siteGuava 31.0.1 changelog
Enhancement

2.319.3

February 9, 2022
Security
Bug fix
  • Fix ClassNotFoundException: io.jenkins.cli.shaded.org.w3c.dom.Node when using JAXB. JENKINS-67470
  • Launch only one agent to satisfy cloud agent requests that use label expressions. JENKINS-67635
Enhancement

2.319.2

January 12, 2022
Security
Enhancement

2.319.1

December 1, 2021
Changes since 2.319
Bug fix
Notable changes since 2.303.3
Major enhancement
  • Replace the term "master" for the main Jenkins application with "controller" or "built-in node" in user interface strings and documentation. New installations get the new node and label immediately. Existing installations do not change the node name (e.g. NODE_NAME environment variable) or label of the built-in node until an administrator explicitly performs the migration. If a job definition, Pipeline definition, or tool installer reference must be tied to the built-in node, it should use the label "built-in". Upgrade guide - Built-In Node Name and Label Migration
Enhancement
  • Modernise the "Manage Jenkins" screen. pull 5693
  • Modernise the "Build History" search bar. pull 5692
  • Update appearance for feed bar and description button to be modern and consistent. pull 5664
  • Improve layout of console output header. pull 5507
  • Show new status icons in build history. JENKINS-66659
  • Update tooltips to be consistent across Jenkins. pull 5763
  • Use SVGs over PNGs for the sidebar when possible. Breadcrumb bar/logo/menu items are now correctly aligned on the left together. Move old war/images folder to webapp so they can be used in frontend - the SVGs are now in the webapp/images/svgs folder. pull 5663
  • Replace the old icons with the new SVG icons in the job trend page. JENKINS-65928
  • Graphs now scale correctly on high resolution screens. pull 5697
  • Screen resolution cookie now has the secure flag set when Jenkins is running on HTTPS. JENKINS-49675
  • Deprecate the -cp option in the remoting agent.jar command line. Upgrade from Remoting 4.10 to Remoting 4.11. pull 5821JENKINS-64831Remoting 4.11 changelog
  • When the buildWithParameter API is called, if the requests with the same parameters in the queue are merged, the http response code of the request uses a more appropriate 303(see other) instead of 201(created). JENKINS-66105
  • Remove deprecated, unsafe classes previously copied from Apache Ant. Docker Slaves plugin is incompatible with this change. JENKINS-66930
  • Load classes from plugins in parallel for faster startup on multicore machines. JENKINS-23784
  • Remove the Woodstox implementation of the StAX API from Jenkins core. Users of the Azure Artifact Manager, Azure Container Agents, Azure Storage, and Azure SDK API plugins must upgrade those plugins to the latest versions in lockstep with this core upgrade. Plugins that consume Woodstox should depend on it directly or via the Jackson 2 API plugin. pull 5651Woodstox implementationStAX APIAzure Artifact Manager pluginAzure Container Agents pluginAzure Storage pluginAzure SDK API pluginJackson 2 API plugin
  • Internal: Experimental support for URLClassLoader can be enabled by setting hudson.ClassicPluginStrategy.useAntClassLoader=false. pull 5698
Bug fix

2.303.3

November 4, 2021
Security
Major enhancement
Enhancement
  • Always allow configuring agent-to-controller security subsystem.
Bug fix
  • Correction of Label expression including a "implies" relationship without spaces around. JENKINS-66613

2.303.2

October 6, 2021
Security
Enhancement
Bug fix
  • Allow Jenkins to start when the JCasC configuration defines view-related permissions (regression in 2.302). JENKINS-66470
  • Use the JVM's default keystore type for the Jenkins server when terminating TLS connections within Jenkins. Used if Jenkins is started with the --httpsPort argument. Winstone 5.21: Update Jetty from 9.4.42.v20210604 to Jetty 9.4.43.v20210629. pull 5670JENKINS-66379Winstone 5.20 changelogWinstone 5.21 changelogJetty 9.4.43 changelog
  • Fix wrong parameter type for Text Parameter when triggering a build via the buildWithParameters API call. pull 5704

2.303.1

August 25, 2021
Changes since 2.303
Bug fix
Enhancement
  • Use Java 11 in Docker images instead of Java 8. Blog post
  • Allow Java 11 administrative monitor to be disabled with a system property. JENKINS-66177
Notable changes since 2.289.3
Major bug fix
  • Fix SSH command line interface (CLI) authentication (regression in 2.284). JENKINS-65273
  • Fix NoSuchMethodError when using plugins that rely on bridge methods for compatibility (regression in 2.278). JENKINS-65605
Major enhancement
Bug fix
  • Jenkins redirects users to the previous page after login even if they were able to view it while not logged in (regression in 2.266). JENKINS-64991
  • Improve contrast for the checkbox in the login page. pull 5536
Enhancement

2.289.3

July 28, 2021
Bug fix

2.289.2

June 30, 2021
Security
Enhancement
Bug fix
  • Prepare for form submission changes in future Firefox releases. Adapt form validation for all web browsers and form validation test automation for HtmlUnit based tests. JENKINS-65585pull 5479pull 5405
  • A race condition in class loading could result in a LinkageError. JENKINS-65766
  • Do not change fonts when build artifacts are as shown as a tree. JENKINS-65751
  • Jenkins redirects users to the previous page after login even if they were able to view it while not logged in (regression in 2.266). JENKINS-64991
  • Fix incorrect process termination issues when running on macOS. JENKINS-65195
  • Add check to prevent out of bounds memory access error on macOS. JENKINS-64347

2.289.1

June 2, 2021
Changes since 2.289
Major bug fix
  • Fix NoSuchMethodError when using plugins that rely on bridge methods for compatibility (regression in 2.278). JENKINS-65605
Bug fix
  • Fix form submission for some specific form validation cases (regression in 2.289). JENKINS-65585
  • Wrap the build name in the build results list if it is too long. JENKINS-65190
  • Improve performance for standard input of the Jenkins CLI, for example with the `install-plugin` command. JENKINS-64294
  • Fix an issue archiving files greater than 4 GiB in size when creating ZIP64 archives. JENKINS-52356
Notable changes since 2.277.4
Major enhancement
Enhancement
Bug fix
  • Sort available plugins by name when popularity is equal. pull 5359
  • Honor the current folder when creating new views with the "New View" link. JENKINS-56934
  • Do not render full error responses in case of internal errors when validating fields in configuration forms. JENKINS-65017
  • Accept negative numbers in number input controls (regression in 2.274). pull 5341
  • Improve reconnection behavior for inbound TCP agents. JENKINS-64510

2.277.4

May 5, 2021
Bug fix
  • Fix disabled dropdown items to appear disabled (regression in 2.277.1). JENKINS-65021
  • Fix load statistics graph links to include correct graph duration (regression in 2.277.1). JENKINS-65336
  • Honor the current folder when creating new views with the "New View" link. JENKINS-56934
Enhancement

2.277.3

April 20, 2021
Security
Enhancement

2.277.2

April 7, 2021
Security
Major bug fix
  • Fix help buttons in the draggable section (regression in 2.277.1). JENKINS-64972
Enhancement
Bug fix
  • Fix NoClassDefFoundError exception while executing ProcessTree.get(). JENKINS-62006
  • Prevent Jenkins queue deadlock when cancelling tasks under certain conditions. JENKINS-64931
  • Reduce logging of renamed API endpoint. JENKINS-65186

2.277.1

March 10, 2021
As described in the Major changes in the weekly release line blog post, this release improves key user interface components. Configuration user interfaces now use html div markup to present a better layout than the previous html table layout. Configuration pages are now easier to read, easier to understand, and work better on a wide range of screens. See the Jenkins issue tracker for a list of plugins known to have issues with the change.

 

As described in the Spring and XStream updates (breaking changes!) blog post, this release updates and replaces outdated internal components. The Acegi security library used for authentication has been replaced by Spring Security (JEP-227). See the Spring Security compatibility table for the latest plugin compatibility status. A fork of the XStream library used to read and write XML files has been replaced by the upstream version of XStream (JEP-228). See the XStream compatibility table for the latest plugin compatibility status.

 

Known IssuesIf your Jenkins instance was created before Jenkins 2.4 or 2.7.1 LTS, a Setup Wizard may appear on the startup after the upgrade. In such a case, a Jenkins admin may need to skip the plugin installation. See the upgrade guide for the detailed guidelines.
Changes since 2.277
Security
Major bug fix
  • Show available plugin updates by reloading update center data on upgrade/downgrade. JENKINS-41727
  • Fix Internet Explorer 11 rendering of the Available plugins tab (regression in 2.270). JENKINS-64805
  • Include 'plugin-id' and 'plugin-version' data attributes in the Available plugins tab (regression in 2.270). JENKINS-64775
  • Fix plugin search over multiple update sites (regression in 2.270). JENKINS-64840
Bug fix
Notable changes since 2.263.4
Major enhancement
Bug fix
  • Fix incorrect striping of rows on available page of Plugin Manager. JENKINS-63684
  • Prevent user input of 'e' or 'E' as 'positive-number', 'non-negative-number', or 'number'. JENKINS-64439
  • Change the standard URL for obtaining the inbound agent configuration file from ${agent_url}/slave-agent.jnlp to ${agent_url}/jenkins-agent.jnlp. The old name is obsolete and will be removed at a future time. JENKINS-35452
Enhancement

2.263.4

February 10, 2021
Enhancement
  • Improve performance in fingerprint file creation. JENKINS-64670
Bug fix
  • Use the correct freestyle font-size for descriptions. JENKINS-64332
  • Don't tell user's to signup when signup is not available. JENKINS-64426

2.263.3

January 25, 2021
Security
Major bug fix
  • Provide a default implementation of the "all files in zip" download link. This is especially important for external storage plugin (regression in 2.263.2). JENKINS-64655
  • Fix the file handle leak inside DirectoryBrowserSupport (regression in 2.263.2). pull 5188JENKINS-64632SECURITY-1452
  • Include root folder in downloaded zip files (regression in 2.263.2). Resolve an additional related zip archive root folder issue. pull 5187JENKINS-64621JENKINS-61473SECURITY-1452

2.263.2

January 13, 2021
Security
Major bug fix
  • Help text now expands in behaviours for GitHub organization folders (regression in 2.244). JENKINS-64373
Enhancement
Bug fix

2.263.1

December 3, 2020
Changes since 2.263
Major bug fix
Bug fix
  • Fix file handle leak when viewing corrupted build logs. Upgrade Stapler from 1.260 to 1.261. pull 5038Stapler 1.261 changelog
  • Prevent the Build History Widget from crashing when users have Discover permissions without Read for folders. JENKINS-63868
Enhancement
Notable changes since 2.249.3
Major bug fix
Major enhancement
Enhancement
  • SSHD module 2.7: Allow configuring disabled key exchange and MAC algorithms through system properties. pull 4951SSHD module 2.7 changelog
  • Improve the layout and clarity of the page displayed when jobs are not yet created. JENKINS-63592
  • Allow users with the Jenkins/MANAGE permission to restart and safe restart Jenkins. JENKINS-63795
  • Set Cross-Origin-Opener-Policy to same-origin. pull 4910Cross-Origin-Opener-Policy at developer.mozilla.org
  • Improve the scripting capacity related to the API Token system. Provide a way to configure a fixed/default API Token for admin during installation phase. JENKINS-57484
  • Developer: Improve the combobox component to support default value and readonly mode. pull 4939
  • Developer: Allow migration of fingerprints from local storage to external storage. JENKINS-62757
  • Developer: Expose fingerprint range set serialization methods for plugins. pull 4888
  • Developer: Pluggable Artifact Storage: Make the VirtualFile API generally available to plugin developers. pull 4974JEP-202
  • Developer: A SimpleBuildStep or SimpleBuildWrapper can now choose not to require a workspace context (working directory and launcher). JENKINS-46175
  • Developer: Cloud implementations are given more context about ongoing planned nodes. Add CloudState to be passed to Cloud#provision and Cloud#canProvision methods. pull 4922
Bug fix

2.249.3

November 4, 2020
Major bug fix
Bug fix
  • Prevent radio buttons from moving when they are clicked. JENKINS-63332

2.249.2

October 7, 2020
Major bug fix
  • Fix migration of status filter when coming from an older version of Jenkins (regression in 2.249.1). JENKINS-62661
Bug fix
  • Make alert colors consistent with 'Manage Jenkins' alert colors. JENKINS-63330
  • Avoid warning on logs about Anonymous Class in hudson.FilePath. JENKINS-63563
  • Fix NullPointerException pollution on logs if PluginDeprecationMonitor is enabled and some conditions are met. JENKINS-63562
  • Developer: Make unavailable plugin background themeable. JENKINS-63331

2.249.1

September 9, 2020
Changes since 2.249
Security
Major bug fix
  • Stop pre-formatting agent logs to prevent deadlocks (regression in 2.231). JENKINS-63458
  • Fix button that copies API token to clipboard (regression in 2.238). JENKINS-63274
  • Restore wrapping tabs into multiple lines instead of overflowing (regression in 2.248). JENKINS-63180
Bug fix
  • Normalize widget colors to be consistent with the new color palette. Fixes bread crumbs flash in Dark Theme
  • Empty installed plugins table text is readable again (regression in 2.249). JENKINS-63276
  • Show build time data in the Build Time Trend Page (regression in 2.245). JENKINS-63232
  • Replace text references to slave with agent in Japanese documentation and messages. JENKINS-63166
  • Fix backspace key sometimes did not delete text from the Script Console on a Mac (regression in 2.248). JENKINS-63342
  • Fix regular expression validator UI location (regression in 2.244). JENKINS-63308
Enhancement
Notable changes since 2.235.5
Major enhancement
Enhancement
Bug fix

2.235.5

August 17, 2020
Security
Major enhancement
  • Major update of the Alpine-based Jenkins Docker image. Jenkins Docker image for Alpine now uses Alpine 3.12 and AdoptOpenJDK 8u262. upgrade guide

2.235.4

August 12, 2020
A new GPG signing key is used for the Jenkins long term support package repositories. Follow the instructions in the Linux repository signing blog post to install the new public key on your computer.
Security
Major enhancement
  • Use new 64 bit Windows installer with service account checks and port validation. Supports 64 bit Java 8 and 64 bit Java 11. AnnouncementUpgrade guide
Bug fix
  • Allow graceful shutdown when SCM triggers are configured. JENKINS-62695
  • Fix IllegalArgumentException: Method not found error caused by misbehaviour in Util.isOverridden() (regression in 2.241). JENKINS-62723

2.235.3

July 27, 2020
Major enhancement

2.235.2

July 15, 2020
Security
Bug fix

2.235.1

June 17, 2020
Changes since 2.235
Major bug fix
  • Make plugin manager work on Internet Explorer 11 again (regression in 2.231). JENKINS-62163
  • Prevent telemetry warnings about missing javax.annotation classes when running with Java 11 (regression in 2.231). JENKINS-61920
  • Fix a deadlock involving custom loggers during agent startup (regression in 2.231). JENKINS-62181
Bug fix
  • Prevent Old Data Monitor from failing plugin loading in the case of class field unmarshalling issues. JENKINS-62231
Notable changes since 2.222.4
Major enhancement
Bug fix
  • Distinguish between defined (*****) and undefined (N/A) password on read-only configuration forms for users with Overall/SystemRead or Item/ExtendedRead permissions. JENKINS-61812
Enhancement
  • Use modern system fonts provided by the browser when possible. Changes font size for body copy and headings to improve consistency and legibility. JENKINS-60921
  • Restyle buttons. Add support for large buttons, hyperlinks styled as buttons and icon-only buttons. JENKINS-61840
  • Restyle the help icon. pull 4663
  • Improve styling of alert banners to be more visually appealing and to better match existing user interface components. Alerts now fully cover the navigation bar while they are displayed instead of covering only a portion of the navigation bar. JENKINS-61478
  • Suppress error stack traces for non-administrator users as core capability. JENKINS-60410

2.222.4

May 24, 2020
Major bug fix
  • Prevent a form validation "404 Not Found" error when the resource root URL configuration points at a previously configured resource root URL (regression in 2.222.1). JENKINS-62133
Bug fix
  • Upgrade to Remoting 4.2.1 to fix an issue with large payloads over WebSockets. Requires a matching agent.jar with remoting 4.2.1 or later. JENKINS-61409pull 4601pull 4596Remoting 4.2.1 changelogWebSockets blog postJEP-222
  • Update Groovy Init hooks to run after all job configurations are adapted. JENKINS-61694
  • Fix spacing between error messages in Setup Wizard (regression in 2.222.1). JENKINS-61660
  • Fix input field hints for tools like the git plugin that search the PATH for their executable (regression in 2.222.1). JENKINS-61711
  • Remove grey bar below the textarea form elements for read only users. JENKINS-61284
  • Distinguish between defined (*****) and undefined (N/A) password on read-only configuration forms for users with Overall/SystemRead or Item/ExtendedRead permissions. JENKINS-61812
Enhancement

2.222.3

April 24, 2020
Major bug fix
  • Use the saved global build discarder configuration on restart. JENKINS-61688
  • Fix proxy form validation when a password is set (regression in 2.222.1). JENKINS-61692
Bug fix
Enhancement
  • Developer: Make h.checkAnyPermission and <l:layout permissions="..."> work on objects that aren't AccessControlled. JENKINS-61465
  • Developer: Prevent spurious deprecation messages by removing the deprecated findbugs-annotation. JENKINS-61279

2.222.2

April 22, 2020
Jenkins 2.222.2 was not packaged or delivered. All changes planned for 2.222.2 are included in 2.222.3.
Bug fix
  • Jenkins 2.222.2 was not placed in the artifact repository or on the download site.

2.222.1

March 25, 2020
Global build discarder configuration is not loaded from disk when Jenkins starts (JENKINS-61688). Configuration is saved but not loaded on restart. Jenkins 2.222.1 will always start with the default configuration of the Job Build Discarder. Custom global build discarder configuration is ignored on restart. The default global build discarder is configured each time that Jenkins restarts.
Changes since 2.222
Security
Major bug fix
Enhancement
  • Security hardening related to request routing and CSRF protection. related upgrade guide
  • Developer: Listen on loopback interface by default in debug mode. pull 4515
Notable changes since 2.204.6
Major enhancement
  • Revamp the layout and icons of the header bar and breadcrumbs. Instances with plugins that depend on details of the Jenkins layout (e.g. Simple Theme Plugin) may experience UI/layout problems. A new experimental header color scheme can be enabled by setting the jenkins.ui.refresh system property to true. JENKINS-60920
  • Add globally configured build discarders that delete old builds not marked as "keep forever" even if there is no, or a less aggressive, per-project build discarder configured, executed periodically and after a build finishes. pull 4368
  • Move cloud configuration from Configure System into its own configuration form on the Manage Nodes page. pull 4339
  • Remove Enable Security checkbox in the Global Security configuration. JENKINS-40228
  • Remove the ability to disable CSRF protection. Instances upgrading from older versions of Jenkins will have CSRF protection enabled and the default issuer set if they currently have it disabled. pull 4509
  • Redesign password fields to prevent password auto-fill except for the login form. Reduce browsers offering to update stored passwords. Revert by setting the system property hudson.Functions.hidingPasswordFields to false. pull 3991
  • Deprecate the macOS native installer packaging. Jenkins macOS native installer deprecation
  • Remove old, deprecated, unsupported agent protocols Inbound TCP Agent Protocol/1, Inbound TCP Agent Protocol/2, and Inbound TCP Agent Protocol/3. Update Remoting from 3.36 to 4.2 to remove unsupported protocols and add WebSocket support. JENKINS-60381Remoting 3.40 release notesRemoting 4.0 release notesRemoting 4.0.1 release notesRemoting 4.2 release notes
  • Add experimental WebSocket support. JEP-222blog post
  • Extends the current milestones so plugins can update jobs and configuration during Jenkins initialization. Adds initialization milestones: SYSTEM_CONFIG_LOADED, SYSTEM_CONFIG_ADAPTED, JOB_CONFIG_ADAPTED. JENKINS-51856
  • Introduce a new experimental UI that can be enabled by setting the jenkins.ui.refresh system property to true. Currently it includes a new header color scheme, more changes to be added as a part of the UI/UX revamp. pull 4463JENKINS-60920JEP-223Jenkins UX SIG
  • Add a new experimental Overall/Manage permission which allows a user to configure parts of the global Jenkins configuration without having the Overall/Administer permission. This is an experimental feature, disabled by default, that can be enabled by setting the jenkins.security.ManagePermission system property to true. pull 4501JENKINS-60266JEP-223
  • Add a new experimental Overall/SystemRead permission, which gives (almost) full read access to the Jenkins instance. The permission is disabled by default, install the Extended Read Permission plugin to activate it. pull 4506JENKINS-12548JEP-224Extended Read Permission plugin
Enhancement
Major bug fix
  • Fix NullPointerException when getting a list of runs with a status threshold (regression in 2.202). JENKINS-60884
  • User is no longer logged out when authenticating another user. JENKINS-59107
Bug fix

2.204.6

March 25, 2020
Security
Enhancement

2.204.5

March 7, 2020
System logging customization defect (JENKINS-57888 - system logging customization) from Jenkins 2.177...2.203.3 is reintroduced in this version as it is considered as less serious than the fixed regressions. There is a plan to fix it again in 2.222.1.
Major bug fix
  • Fix propagation of the maximum form content size and form content keys number (regression in Jetty 9.4.20 and Jenkins 2.204.3). JENKINS-60409
  • Fix improper reverse proxy redirects to 127.0.0.1 due to X-Forwarded-Host and X-Forwarded-Port ordering issue (regression in Jetty 9.4.20 and Jenkins 2.204.3). JENKINS-60199
Bug fix
  • Revert Winstone from 5.8 to 5.3 to resolve embedded Jetty web container regressions in later Winstone versions. High default maximum form size limit and reverse proxy redirection are restored (regressions in 2.204.3). JENKINS-60409JENKINS-60199Winstone changelog

2.204.4

March 3, 2020
Major bug fix

2.204.3

February 28, 2020
Enhancement
Bug fix
  • If the Jenkins root URL has been configured by scripts prior to running the setup wizard, skip the location configuration panel even if selecting the option to skip creation of an admin user. JENKINS-60750
  • Prevent inaccurate warnings about missing classes on Java 11 triggered by JavaMelody when Monitoring Plugin is installed. JENKINS-60725
  • Include details in the system log when a build rotation fails. JENKINS-60716
  • Fix java version check for AdoptOpenJDK 11. JENKINS-60678
  • Prevent Jenkins page rendering from being blocked when the update center data parsing is in progress. JENKINS-60625
  • Winstone 5.7: Fix support of system logging customization (regression in 2.177). pull 4452JENKINS-57888Winstone 5.7 release notes
  • Fix null pointer exception in Agent API when the agent is offline (e.g. retrieving agent version or OS description). JENKINS-42658

2.204.2

January 29, 2020
Security
Major bug fix
  • User is no longer logged out when authenticating another user. JENKINS-59107
Enhancement
  • Security hardening related to Stapler routing.
  • Security hardening: Set X-Content-Type-Options to nosniff in REST API responses.
Bug fix
  • Disable multiple deletion attempts if hudson.Util.maxFileDeletionRetries is zero. JENKINS-60351
  • Prevent 'zombie' executors on built-in node by removing one-off executors in Computer.removeExecutor. JENKINS-57304
  • Fix AtomicFileWriter performance issue on CephFS when creating an empty file. JENKINS-60167
  • Developer: ViewGroupMixIn#getPrimaryView() may return null, and needs to be checked by plugins depending on this version of weekly and beyond. It is an intermediate state until a default view is implemented. JENKINS-60092

2.204.1

December 18, 2019
Configuration as code plugin users upgrading to Jenkins 2.204.1 should review the LTS upgrade guide global configuration save topic and the LTS upgrade guide download settings topic
Changes since 2.204
Enhancement
  • Show a tooltip with the full link name when hovering over sidebar links. JENKINS-59508
Bug fix
  • Prevent faulty subtask contributors from leaving builds running forever. JENKINS-59793
  • Fix Uninstall column sorting in the Plugin Manager Install pane. JENKINS-59665
Notable changes since 2.190.3
Major enhancement
  • Prevent calls to Jenkins#save persisting data before we have finished loading the in-memory model. This prevents possible corruption of the main Jenkins configuration. JENKINS-58993
  • Remove the ability to download update center metadata using the user's browser (deprecated since 2015). Jenkins will no longer inform about available updates without a connection to update sites. We recommend the use of a local mirror of our update sites, or a self-hosted update center like Juseppe in these situations. pull 3970
  • Allow time zone to be set on a per-user basis. JENKINS-19887
  • Add an option for a Resource Root URL through which Jenkins will serve user-generated static resources like workspace files or archived artifacts without the need for Content-Security-Policy headers. JENKINS-41891
Enhancement
Bug fix
  • Revert changes in forms submission in Jenkins classic UI with Firefox have caused a regression on forms with "file" inputs. These were made to anticipate a bugfix in Firefox which has been backed out since. (regression in 2.173) JENKINS-58296JENKINS-53462Firefox issue 1370630

2.190.3

November 20, 2019
Bug fix
  • Robustness: Do not allow users to resubmit requests using POST on URLs requiring a form submission, as that will fail anyway. JENKINS-59514
  • The lastCompletedBuild permalink was not being cached in the …/builds/permalinks file. JENKINS-56809
  • Fix labels to Atom feed links. JENKINS-48375
  • Revert changes in forms submission in Jenkins classic UI with Firefox. Changes caused a regression on forms with "file" inputs. These were made to anticipate a bugfix in Firefox which has been backed out since. (regression in 2.164.3) JENKINS-58296JENKINS-53462Firefox issue 1370630

2.190.2

October 28, 2019
Bug fix
  • URLs of some projects with emojis in their name were inaccessible. JENKINS-59406
  • Increase client-side keep-alive ping frequency on the HTTP-based CLI to prevent timeouts. JENKINS-59267
  • Internal: hudson.util.ProcessTree.OSProcess#getEnvironmentVariables returned null when an error occurred even though it shouldn't. JENKINS-59580

2.190.1

September 25, 2019
Changes since 2.190
Security
Bug fix
  • Fix missing absolute URL in the RSS / Atom feeds. (regression in 2.190) JENKINS-59167
Major bug fix
  • Jenkins UI broke when a slow trigger administrative warning would be shown. (regression in 2.189) JENKINS-58938
Notable changes since 2.176.4
Major enhancement
  • Jenkins no longer creates symbolic links inside project or build directories. The Build Symlink plugin may be installed to restore this functionality if desired. URLs such as /job/…/lastStableBuild/ are not affected, only tools which directly access the $JENKINS_HOME filesystem. JENKINS-37862
  • Remove Trilead SSH library from Jenkins core and make it available in a new detached plugin. JENKINS-43610
Bug fix
  • Add support of emojis and other non-UTF-8 characters in job names. 🎉 JENKINS-23349
Enhancement

2.176.4

September 25, 2019
2.176.4 and 2.190.1 contain the same security fixes. We're providing an additional release of the 2.176.x LTS line to allow administrators to apply security updates without having to perform a major upgrade.
Security

2.176.3

August 28, 2019
Security
Bug fix
  • The plugin manager UI no longer prevents disabling a plugin when other plugins only have optional dependencies to it. JENKINS-33843
  • Fix performance issue when using "Remember me". (regression in 2.160) JENKINS-56243
  • Do not throw exception when testing proxy configuration. (regression in 2.168) JENKINS-57383
  • Prevent occasional IllegalStateException on Jenkins restart and invalidate the user session. JENKINS-55945

2.176.2

July 17, 2019
Security
Bug fix
  • A thread pool used to wait for external processes to complete could leak class loaders. JENKINS-57725
  • Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed upon Jenkins startup when needed as implied dependencies of other plugins which were already present. This simplifies compatibility for specialized installation scenarios not using the update center, such as when Jenkins is run from a Docker image prepackaged with some plugins. JENKINS-57528
  • Update WinP from 1.27 to 1.28 to fix problems with a missing DLL and flickering console window in the Windows graceful process shutdown logic. JENKINS-57477full changelog
Enhancement
  • Replace some exception stack traces related to agent channels with simpler messages. JENKINS-57993

2.176.1

June 10, 2019
Changes since 2.176
Bug fix
  • Restore Chinese localized resources used by the setup wizard. JENKINS-57412
  • Robustness: Do not put agent offline for runtime exceptions in ComputerListener#onOnline(). JENKINS-57111
Notable changes since 2.164.3
Major enhancement
  • Support for the Remoting mode of the CLI (-remoting option) has been removed. pull 3838announcement blog post
  • Remove misleading nonStoredPasswordParam symbol for password parameter definitions, since it's actually stored encrypted. JENKINS-56776
  • Remove built-in support for CCtray (cc.xml) files. To restore this feature, install the CCtray XML Plugin. JENKINS-40750
Enhancement
  • Add stop-job CLI command which allows aborting builds. JENKINS-11888
  • Add support for turning off a log recorder in the logger configuration. JENKINS-56200
  • Add the run parameter filter value to REST API responses. JENKINS-56554
  • Update status icon of a build when the build is finished. JENKINS-16750
  • Remove misleading references to Java Web Start and JNLP from GUI surrounding inbound Jenkins agents. pull 3998
  • Inform administrators about potentially unsafe permissions setup involving builds running as the virtual SYSTEM user. JENKINS-24513
  • Add a log message to build logs when builds run with the virtual SYSTEM authentication. pull 3908
  • Migrate all Chinese localization resources into Localization: Chinese (Simplified) plugin. pull 4008
  • Adjust stream flushing behavior for code running remotely on agents for better performance. This may lead to loss of messages for plugins which print to a build log from the agent machine but do not flush their output. Use -Dhudson.util.StreamTaskListener.AUTO_FLUSH=true to restore the previous behavior for freestyle builds. Note that Pipeline builds always expect remote flush. pull 3961
  • Update Winstone from 5.1 to 5.2 to make HTTPS cipher exclusions configurable. JENKINS-56659JENKINS-56591full changelog
  • Developer: Update Stapler from 1.256 to 1.257 to add support for loading localized webapp resources from any plugin. Add jenkins.PluginLocaleDrivenResourceProvider interface for plugins to participate in localized resource lookup. JEP-216full changelog
  • Developer: Update Localizer library from 1.24 to 1.26 allowing plugins to override the lookup for localized resource files. pull 3896JEP-216full changelog
  • Developer: Add Jelly UI component f:secretTextarea for multi-line secrets analogous to f:password for single-line. pull 3967Storing Secrets in Jenkins
  • Developer: SystemProperties may now be used from agent-side code. See SystemProperties#allowOnAgent. pull 3961
Bug fix
  • Remove Mailer related localized strings from core. Make sure you use Mailer Plugin 1.23. JENKINS-55292
  • Do not offer a workspace lease to a new build if it is already in use by a (Pipeline) build running across an agent reconnection. JENKINS-50504

2.164.3

May 9, 2019
Bug fix
  • Corrupted console notes could cause an uninformative NegativeArraySizeException to be thrown from ConsoleNote#readFrom and build log display to be broken. JENKINS-45661
  • The setup wizard did not properly escape passwords, resulting in errors with certain special characters. JENKINS-56856
  • Make form submit buttons on the Jenkins classic UI compatible with potentially upcoming Firefox bug fix. JENKINS-53462Firefox bug 1370630
  • Properly flush output from the Maven console annotator. JENKINS-56995
  • Make Debian/Ubuntu launcher script work with Java 11. JENKINS-57096
Enhancement

2.164.2

April 10, 2019
Security
Bug fix
  • Workspace and artifacts browsing did not work on Windows Server 2016 with Microsoft Docker. (regression in 2.150.2) JENKINS-56114
  • Prevent NullPointerException when discarding unreadable fingerprint data. JENKINS-43218

2.164.1

March 13, 2019
Changes since 2.164
No notable changes in this release.
Notable changes since 2.150.3
Major enhancement
Enhancement
  • The list-jobs no longer lists items recursively when listing a specific folder. JENKINS-48220
  • Add a new CLI command disable-plugin to disable one ore more installed plugins and optionally restart Jenkins. JENKINS-27177
  • Update Trilead SSH library to add support for OpenSSH keys with AES256-CTR encryption. JENKINS-47603JENKINS-47458JENKINS-55133JENKINS-53653
  • Add support for the ed25519 key algorithm in Jenkins CLI. JENKINS-45318
  • Reduce the performance impact of the SECURITY-904 fix when downloading artifacts or workspaces as ZIP file. JENKINS-55050
  • Add new category Languages to the plugin wizard, which automatically installs available localization plugins based on browser language. pull 3626
  • Update Windows Service Wrapper from 2.1.2 to 2.2.0 and Windows Agent Installer from 1.9.3 to 1.10.0 to support disabling, renaming and archiving service logs. pull 3854Windows Service Wrapper changelogWindows Agent Installer Module changelog
  • Developer: Login and signup pages redesigned in 2.129 now can receive style contributions (footer view for SimplePageDecorator) from multiple plugins. JENKINS-54325
Bug fix
  • Update SSHD Module from 2.5 to 2.6 to apply a proper Apache Mina idle timeout value when a custom value was set using the org.jenkinsci.main.modules.sshd.SSHD.idle-timeout system property. JENKINS-55978full changelog

2.150.3

February 13, 2019
Bug fix
  • Improve robustness of console annotators such as the Timestamper plugin in conjunction with certain Pipeline steps such as git on an agent with an old agent.jar. JENKINS-55257
  • User account creation by administrators did not show error messages when it failed. (regression in 2.129 and 2.138.1) JENKINS-52869

2.150.2

January 16, 2019
Security
Enhancement
  • Invalidate sessions and CLI authentication caches when changing the user password in the Jenkins user database.
  • Add support for killing child processes on AIX. JENKINS-16867

2.150.1

December 5, 2018
Changes since 2.150
Security
Bug fix
  • Revert compatibility fix for future releases of Firefox due to regressions it caused since 2.148. JENKINS-54261JENKINS-54333JENKINS-54570
  • Prevent Stream is closed error in case a CLI command finishes before the input is entirely read. JENKINS-54310
  • Avoid Premature EOF error when using the shutdown CLI command. JENKINS-49196
  • Do not cache CSS/JS resource files for console annotations like Timestamper Plugin across Jenkins restarts. JENKINS-38719
Notable changes since 2.138.4
Major enhancement
Enhancement
  • Allow use of the console command with Job/Read permission. JENKINS-52181
  • Wait up to two minutes for process termination before killing it (typically when aborting a build). JENKINS-17116
  • Reduce logging level of restart and shutdown related notifications from SEVERE to INFO. JENKINS-53282
  • New JENKINS_USER_ID and JENKINS_API_TOKEN environment variables can be used to configure the CLI authentication. JENKINS-53792
  • Do not submit telemetry if there's no relevant data. JENKINS-54137
  • Use per-trial correlation IDs for telemetry submissions. JENKINS-54136
  • Developer: Add support for the @PostConstruct lifecycle method annotation. JENKINS-52818
  • Developer: Add interface PersistentDescriptor that allows implementing Descriptors to skip explicit calls to load(). JENKINS-52818
  • Developer: Introduce getPlatform() and setPlatform() methods in hudson.EnvVars. JENKINS-53721
  • Developer: Introduce new hudson.Util#fixNull(value, defaultValue) method. pull 3656
  • Developer: Add overridable Queue.Task#getAffinityKey() to allow consistent hashing for Pipeline builds in the future. JENKINS-36547
Bug fix
  • Update Remoting from 3.26 to 3.27 to eliminate a potential deadlock. full changelogJENKINS-53569
  • Developer: ConsoleAnnotatorFactory mishandled its type parameter, effectively forcing all implementations to use Object or raw types. pull 3662

2.138.4

December 5, 2018
Security

2.138.3

November 8, 2018
Bug fix
  • The initial visibility of nested groups of radio buttons did not accurately reflect the current values. JENKINS-48516
  • Improve robustness when search items don't specify a display name. JENKINS-50795
Enhancement
  • Update Stapler from 1.254.2 to 1.255 to integrate a fix related to StaplerProxy#getTarget() return value handling. pull 3690stapler/stapler#149
  • Add telemetry trial related to Stapler request dispatching. JENKINS-54029

2.138.2

October 10, 2018
Security
Major enhancement
Major bug fix
Enhancement
Bug fix
  • Fix a thread safety issue when creating multiple nodes in parallel. JENKINS-53401
  • Nested f:repeatable/f:repeatableProperty form elements inherited minimum when they shouldn't. JENKINS-37599

2.138.1

September 12, 2018
Changes since 2.138
Bug fix
  • A configured quiet period was interpreted as milliseconds, instead of seconds. (regression in 2.82) JENKINS-48770
Notable changes since 2.121.3
Major enhancement
  • Redesigned login, signup, and Jenkins is (re)starting pages. Existing page decorators like Simple Theme Plugin will no longer work with these redesigned pages. JENKINS-50447announcement blog post
  • Replace single per-user API token with new system of multiple, revocable, unrecoverable API tokens with usage tracking. JENKINS-32442JENKINS-32776blog post
  • The deprecated Jenkins CLI Protocol versions 1 and 2, and Java Web Start Agent Protocol versions 1, 2, and 3 have been disabled. If you still use these protocols (e.g. remoting-based CLI, or old slave.jars on agents), you need to re-enable these protocols after upgrade, or upgrade the clients. The same recommendations as in The 2.121.x upgrade guide for remoting changes apply here. JENKINS-48480
  • Check SHA-512 or SHA-256 checksums of update site and tool installer metadata and core and plugin downloads if the update site provides them. pull 3356
  • Optional extensions are now loaded without requiring to restart Jenkins after installing an optional dependency. JENKINS-50336
Enhancement
Bug fix
  • Instances of some item types could not be renamed. (regression in 2.110) JENKINS-52164
  • Don't fail to archive artifacts when attributes cannot be preserved, instead log a message and proceed without preserving attributes. (regression in 2.120) JENKINS-52325
  • Some types of builds, like pipelines, would sometimes run concurrently even when that was disabled. JENKINS-41127

2.121.3

August 15, 2018
Security
Enhancement
Bug fix
  • Fix a potential deadlock between queue maintenance and asynchronous execution. JENKINS-46248
  • Security hardening: Prevent files in tar archives from being written to a path outside the destination directory. JENKINS-51777
  • Dynamically loaded plugins now have any PeriodicWork/AperiodicWork extensions scheduled. JENKINS-28683

2.121.2

July 18, 2018
Security
Enhancement
  • Update Remoting from 3.20 to 3.21 to apply logging enhancements and better no_proxy support. JENKINS-51223JENKINS-50965JENKINS-51551Remoting 3.21 changelog
  • Improve diagnostics of corrupted plugin archives during plugin dynamic loading. JENKINS-51608
  • Robustness: A buggy ComputerListener#onConfigurationChange implementation should not block Jenkins startup. JENKINS-50217
  • Diagnostics: Log stack traces in JEP-200 rejection messages when jenkins.security.ClassFilterImpl logging level is FINE or above. JENKINS-51355
  • Improve Jenkins root URL validation. JENKINS-51158
  • Do not remove workspaces for projects with builds in progress. JENKINS-27329
  • Developer: ComputerLauncher implementations can now set channels with a custom CommandTransport implementation. JENKINS-51541
  • Developer/Internal: Remove use of a Guava method deleted in later versions, which could cause problems for plugins running functional tests. JENKINS-51779
Bug fix
  • If using the Artifact Manager on S3 plugin with the (non-default) option to delete artifacts, they were not deleted when the entire build was deleted. JENKINS-51819
  • Don't monitor response time on offline agents. JENKINS-20272
  • Copying Run parameters did not work as expected as RunParameterDefinition#copyWithDefaultValue called the wrong constructor. JENKINS-51650
  • Restore implied dependency on JDK Tool Plugin from Apache HttpComponents Client 4 API Plugin to fix dependency problems. JENKINS-51483
  • Actions created from a TransientActionFactory that got attached to an item in the queue are no longer persisted, which could previously lead to duplicate actions shown for builds. JENKINS-51584
  • Prevent unhandled ClassCastException when loading fingerprints from corrupted files. JENKINS-51179
  • Do not duplicate caller stack trace when FilePath#act fails. JENKINS-51082
  • Fix behaviour of Advanced button when a section element is nested inside. JENKINS-14632
  • Developer API: StreamTaskListener#getCharset() now returns the default charset when it is not configured. JENKINS-51971
  • Developer API: Prevent NullPointerException in SlaveComputer#setChannel(Channel,OutputStream,Channel.Listener) with null OutputStream. JENKINS-51955

2.121.1

June 7, 2018
Changes since 2.121
Enhancement
  • Faster list rendering of Plugin Manager » Available. JENKINS-51205
Notable changes since 2.107.3
Major enhancement
  • Install from java.sun.com installation method for JDK tools has been moved to a new JDK Tool Plugin. JENKINS-22367
  • It is no longer possible to rename jobs from their configuration page. Jobs now have a link in the side panel titled "Rename" that links to a page specifically dedicated to renaming jobs. JENKINS-22936
  • The Job/Build permission no longer implies the Job/Cancel permission. The latter needs to be granted explicitly to users who previously got it via this relationship. JENKINS-14713
  • Update Remoting from 3.17 to 3.20 in order to apply various performance and diagnosability improvements, such as logging warnings when anonymous classes are serialized over a Remoting channel, and allowing Jenkins core to always deserialize exceptions even if they're not allowed. To benefit from the latter improvement, Remoting needs to be updated on the agent side as well. JENKINS-49415JENKINS-49472JENKINS-48561JENKINS-49994JENKINS-49618full changelog
  • Developer: JEP-202: Extend VirtualFile API to streamline external artifact storage. API additions are marked beta and may change at any time. JEP-202pull 3302
  • Developer: Subclasses of AbstractItem can implement AbstractItem#isNameEditable and return true to get automatic support for renames. Subclasses are also able to dynamically validate renames by implementing AbstractItem#checkRename. JENKINS-22936
Major bug fix
Enhancement
  • Pipeline builds could not be started if the Authorize Project plugin was configured to associate the build with a user to whom the authorization strategy was configured to deny Agent/Build permission on the built-in node. JENKINS-46652
  • archiveArtifacts in a Pipeline failed to throw a normal exception when there were no matches. JENKINS-47142
  • Allow use of lists of options as provided by the Pipeline snippet generator for choice parameters. JENKINS-26143
  • Default Crumb Issuer proxy compatibility can be enabled on first startup by setting the system property jenkins.model.Jenkins.crumbIssuerProxyCompatibility to true on startup. JENKINS-50767Jenkins features controlled by system properties
  • Introduce hudson.triggers.SafeTimerTask.logsTargetDir system property to write logs usually written to $JENKINS_HOME/logs to another location. JENKINS-50291
  • Remove the options to define custom Build Record Root Directory and Workspace Root Directory on the Configure System form to prevent unexpected failures during runtime. Instead, these locations can now be customized using system properties on startup. JENKINS-50164Jenkins features controlled by system properties
  • Use case-insensitive autocompletion for item selection dialogs if the current user prefers case-insensitive search. JENKINS-38812
  • Better autocompletion for loggers supporting multiple tokens and proposing useful parent loggers. pull 3345
  • Show more entries in the search results dropdown and search results page. JENKINS-47020
  • Ensure as much as possible that the Jenkins root URL is defined by adding a new setup wizard page and an administrative monitor. JENKINS-31661
  • Add agent symbol for a permanent agent in Structs Plugin based configuration. JENKINS-49661
  • Issue warnings to the system log when attempts are made to use classes with unpredictable names and serial forms (such as anonymous classes) in Remoting or XStream (de)serialization. JENKINS-49795
  • Update Winstone from 4.1.2 to 4.2 to update Jetty from 9.4.5 to 9.4.8 for various bugfixes and improvements. full changelogJetty 9.4.6 changelogJetty 9.4.7 changelogJetty 9.4.8 changelog
  • Internal: Choose more mnemonic artifactIds for modules not consumed externally. pull 3311
Bug fix
  • Archiving artifacts now preserves file permissions and last modification time. JENKINS-13128
  • Prevent some cases of linkage errors relating to Servlet classes when code is run on an agent. JENKINS-46386
  • Make the logic for adding nodes atomic, so that if a newly added node fails to be persisted it will not exist in a partly-initialized state. JENKINS-50599
  • Update WinP from 1.25 to 1.26 to fix loading of WinP libraries on Windows inside Weblogic web container. JENKINS-48347full changelog

2.107.3

May 9, 2018
Security
Enhancement
Bug fix
  • Don't log null pointer exceptions on some forms with validation button. (regression in 2.107.2) JENKINS-50748
  • Allow users without Overall/Read access to use the who-am-i and logout commands. JENKINS-50324
  • Fix a race condition in the Setup Wizard that could lead to it being skipped on the first startup when groovy scripts or init scripts are pre-installed. JENKINS-49401
  • In rare configurations, agents tried to load unloadable classes from the controller, resulting in ClassNotFoundException: javax.servlet.ServletContextListener on agents. JENKINS-46386
  • Make Cancel Shutdown link in side panel work without requiring the page to be reloaded. JENKINS-44402

2.107.2

April 11, 2018
Security
Major bug fix
  • Display estimated remaining time again for Pipeline jobs. (regression in 2.89.4) JENKINS-48821
Enhancement
  • Update Apache Mina SSHD Core from 1.6.0 to 1.7.0 in CLI client. JENKINS-49565changelog
  • Update Executable War from 1.37 to 1.38 to show an error when an attempt is made to run Jenkins on Java 9. JENKINS-49737full changelog
  • Always show the built-in node in the executors widget, even when it is offline. JENKINS-34712
  • Periodically persist the build queue so it can be restored on abnormal process termination. JENKINS-30909
  • Reduce memory footprint of jenkins.model.lazy.AbstractLazyLoadRunMap#search in descending order. JENKINS-50056
  • Add ConcurrentLinkedQueue to white-listed classes for use in XStream (XML serialization) and Remoting (agent communication). JENKINS-49788
Bug fix
  • JEP-200: Allow org.apache.tools.ant.Location deserialization to prevent exception when listing agent files in non-existent directory or invalid filter. JENKINS-50237
  • Clean up the build.xml files of parameterized projects that contained unnecessary serialized data. JENKINS-49795
  • Restore serialVersionUID of AbstractTaskListener. (regression in 2.91) JENKINS-50124
  • Prevent FileNotFoundException in hudson.Util#loadFile in case of race condition. JENKINS-49971
  • Make proxy views work inside folders. JENKINS-49642
  • Upgrade Winstone from 4.1.0 to 4.1.2 to prevent User session memory leak by setting the default idle session eviction timeout to 30 minutes. JENKINS-49596full changelog
  • Fix translation of 'sign up' in Dutch, used to be 'sign in'. JENKINS-49498
  • Improve robustness in case a build with parameters was stored with a null list of parameters. JENKINS-39495
  • Prevent NullPointerException in AbstractProject#checkout when the agent disconnects during a build. JENKINS-29470

2.107.1

March 14, 2018
This is the first LTS release that includes the JEP-200 Remoting and XStream serialization allowlist. This core change requires corresponding changes in many plugins for them to be compatible. We strongly recommend that you read the LTS upgrade guide, make sure you have good backups before upgrading, and validate this release in a staging environment first.
Changes since 2.107
Bug fix
  • Make JEP-200 serialization allowlist more reliable on old versions of Tomcat 8. JENKINS-49543
  • Don't show input validation errors in optional numeric form fields. (regression in 2.105) JENKINS-49387JENKINS-49520
Notable changes since 2.89.4
Major enhancement
Enhancement
  • Jenkins now creates XML 1.1 files to be more accepting of unusual contents. JENKINS-48463
  • Use Java NIO to read and write Unix file permissions by default. The previous behavior can be restored by setting the Java system property hudson.Util.useNativeChmodAndMode to true. JENKINS-36088Jenkins features controlled by system properties
  • Improve robustness and error handling of various file operations by switching to NIO. JENKINS-47324JENKINS-48405
  • Remove support for unbounded number of SCM polling threads. Previously, the default was infinite and could be set to between 10 and 100. Existing installations with unbounded SCM polling threads will now use the default of 10, and it is no longer possible to use a value outside of this range. pull 3258
  • Do not require CSRF crumb to be provided when the request is authenticated using API token. JENKINS-22474
  • Introduce new hudson.lifecycle.ExitLifecycle to exit instead of restart. JENKINS-47043Jenkins features controlled by system properties
  • Upgrade Executable War from 1.36 to 1.37 to allow supplying jenkins.war command-line arguments via standard input using the --paramsFromStdIn parameter. pull 3223documentation
  • Update SSHD Module 2.0 to 2.4 to update Apache Mina SSHD Core from 1.6.0 to 1.7.0, and fire authentication events in SecurityListeners when a user connects using SSH. pull 3278pull 3111SSHD module changelog
  • Export assignedLabels for agents and labelExpression for applicable job types in remote API. JENKINS-25286
  • Re-style the Manage Jenkins page, including administrative monitors. JENKINS-43786blog post
  • Define a minimum required version of the Remoting library (agent communication) and print warnings when an older version is connecting. pull 3250
  • When Jenkins fails to load plugins, show failures that users need to take action on separate from those due to other plugins failing to load. pull 3256
  • Developer: Jenkins#getInstance() is now deprecated as its semantics have been a source of confusion for some time. Use #get() in typical cases and Jenkins#getInstanceOrNull() in rare cases (see Javadoc). JENKINS-48638
  • Developer: Deprecate the ambiguous User#getUser(String) in favor of the User#getById() or the new User#getOrCreateByIdOrFullName() methods. JENKINS-47718
  • Developer: Capture more authentication-related events in SecurityListener. JENKINS-27027
  • Developer: Deprecate hudson.util.Service in favor of Java's ServiceLoader. pull 3191
Major bug fix
  • Updating Jenkins jobs and views by XML left fields at their old value if not defined in the new XML. JENKINS-21017
Bug fix
  • Fix HTTP 404 error when clicking on New View sidebar link from another view. JENKINS-48447
  • Upgrade Executable War from 1.36 to 1.37 to prevent multiple copies of winstone-*.jar in the temp folder from using up disk space needlessly. JENKINS-22088
  • Update to task reactor version 1.5 to prevent hanging of Jenkins on startup/reload when an initialization task throws an unhandled exception. JENKINS-48725full changelog

2.89.4

February 14, 2018
Security
Enhancement
Bug fix
  • Update Stapler from 1.253 to 1.254 to make the form that shows up when a URL requiring POST is accessed using a different HTTP verb work with CSRF protection enabled. JENKINS-34254Stapler changelog
  • Do not downgrade detached plugins when upgrading Jenkins while its previous version was not properly recorded. JENKINS-48899
  • The setup wizard is now resumed upon restart if it hasn't been completed yet, instead of showing the regular login screen. (regression in 2.81) JENKINS-47439

2.89.3

January 18, 2018
Major bug fix
  • Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed when upgrading Jenkins past the version at which the plugin was detached. JENKINS-48365
Bug fix
  • Make the system property hudson.consoleTailKB actually work. JENKINS-48593Jenkins features controlled by system properties
  • Fix a performance regression in Jenkins 2.86 due to lock contention in ExtensionList. JENKINS-48505
  • Prevent setup wizard from hanging when the two provided passwords differ, instead show a validation error. JENKINS-48080
  • Prevent concurrent installation of Maven on the same node to prevent problems. JENKINS-34138
  • Prevent potential NullPointerException when migrating the default "All View" name for a "My Views" user property. JENKINS-48157
Enhancement
  • Cache permission names, allowing Jenkins to recover faster after "stop-the-world" Java GC pauses. JENKINS-48349
  • Improve user lookup performance, for example from Git changelog calculation. JENKINS-47429

2.89.2

December 14, 2017
Security

2.89.1

December 6, 2017
Upgrading to Jenkins 2.89.1 does not install the Command Launcher plugin (see below) as it should. If you're using the Launch agent via execution of command on the master launch method for agents, or cloud provider plugins, make sure to manually install the plugin after upgrading, and restart Jenkins afterwards.
Changes since 2.89
Major bug fix
  • Recover from legacy user configuration folders with $ characters that are not part of hex escape sequences. (regression in 2.89) JENKINS-47909
  • Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site. JENKINS-47448
Enhancement
Bug fix
Notable changes since 2.73.3
Major enhancement
Major bug fix
  • Prevent core or plugin code from mistakenly attempting to serialize jobs, builds, and users except in their intended top-level XML file positions, preventing a class of serious deserialization-related errors. JENKINS-45892
  • Developer: Fix TimeDuration time unit handling and its incorrect usage. TimeDuration uses milliseconds as the default unit. It was supposed to parse sec or secs suffix to interpret the number as seconds, but that never worked. JENKINS-44052
  • Stapler 1.252: Prevent file handle leak in LargeText#GzipAwareSession. JENKINS-45903
Bug fix
  • Stapler 1.252: Restore ability to attach views to interfaces. (regression in 2.46) JENKINS-43715
Enhancement
  • Stapler 1.253: Servlet 3.1 support, improved Blue Ocean performance and changes of interest to plugin developers. JENKINS-37062Stapler changelog
  • Disable obsolete JNLP, JNLP2, and CLI protocols on new Jenkins installations during Setup Wizard. JENKINS-45841announcement blog post
  • Restart agent communication related threads on both controller and agents when encountering an unhandled exception, if possible, to improve stability. JENKINS-38711
  • Default the built-in Jenkins Update Center URL to https://updates.jenkins.io instead of obsolete HTTP endpoint. This requires a JRE compatible with Let's Encrypt, e.g. Oracle JRE 8u101. pull 2996
  • Moved Jenkins agent runtime to agent.jar file name, and deprecate (but still support) use of legacy slave.jar. Introduce the AGENTJAR_URL environment variable as replacement for SLAVEJAR_URL. JENKINS-35451
  • Improve error reporting when failing to archive artifacts. pull 2976
  • Enable cc.xml to export jobs in folders recursively when accessed with a query parameter named recursive. JENKINS-36282
  • Add new administrative monitor warning users about disabled CSRF protection. JENKINS-47372
  • Commons Codec library upgraded from 1.8 to 1.9. pull 3033
  • Agents JVM must be 1.8+ and a clear message is shown in connection logs if it is not. JENKINS-44851
  • Add sidebar link to create new view. JENKINS-6290

2.73.3

November 8, 2017
Security
Major bug fix
  • Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site. JENKINS-47448
Bug fix
  • Fix potential HTTP 414 error in form validation of long Batch/Shell tool installer scripts. JENKINS-47058
  • Properly display agent launch arguments when using nested launch methods. JENKINS-47056
  • Disconnect node on ping timeout instead of leaving the channel half open. JENKINS-46680
  • Avoid a possible server-side timeout on long-running CLI commands using plain HTTP mode by sending periodic pings from the client. JENKINS-46659

2.73.2

October 11, 2017
Security
Major bug fix
Major enhancement

2.73.1

September 13, 2017
Two regressions since the previous LTS release have been identified in 2.73.1. One involved Remoting (agent) connections and the other concerns failures to use passphrase-protected ed25519 SSH keys. Please see the LTS upgrade guide for 2.73.1 for more information.
Changes since 2.73
Enhancement
Bug fix
  • Prevent caching of the item categories list by the browser to prevent stale data. JENKINS-43848
  • Improve robustness of the reverse build trigger ("Build after other projects are built"). JENKINS-45909
  • Include culprits in XML and JSON API again. (regression in 2.60) JENKINS-46082
  • Button to validate proxy configuration in Manage Plugins now works correctly with NTLM authorization. JENKINS-46288
Notable changes since 2.60.3
Major enhancement
Bug fix
  • Jetty 9.4.5: Prevent the 400 Bad Host header error for HttpChannelOverHttp when operating behind reverse proxy. JENKINS-40693corresponding Jetty issue
  • Update jnr-posix from 3.0.1 to 3.0.41 to pick up improvements and fixes in the POSIX platforms support. pull 2904
Enhancement
  • Winstone 4.1: Add Jetty HTTP/2 connector and corresponding options for Winstone-Jetty. JENKINS-45438enabling HTTP/2 support in Winstone-Jetty
  • Enable Remoting work directories by default for newly created agents launched via JNLP (Java Web Start Launcher). JENKINS-44112feature documentation
  • SSHD Module 2.0: Enable aes192ctr and aes256ctr ciphers if JVM supports unlimited-strength encryption. JENKINS-39738
  • Update WinP from 1.24 to 1.25 to improve performance and diagnostics of issues like JENKINS-30782. full changelog
  • Freestyle projects may now list Pipeline jobs as downstream and trigger them, without needing to use the Parameterized Trigger plugin or reverse triggers ("Build after other projects are built"). JENKINS-28113
  • Internal: Define enabling/disabling in ParameterizedJob rather than AbstractProject. JENKINS-27299
  • Fixed Pipeline compatibility for a number of CLI commands (delete-builds, list-changes, console, set-build-description, and set-build-display-name), as well as some issues affecting error reporting in other commands when used with Pipeline. JENKINS-30785JENKINS-41527
  • Enable simpler syntax for upstream build trigger in pipelines. JENKINS-34464
  • Minor optimization to queue maintenance routines and printing of console notes, mainly for the benefit of Pipeline node blocks. JENKINS-45553
  • If you have the Authorize Project plugin installed and configured, its configuration will now be treated as final with respect to the behavior of Job/Build checks from Build other projects and Build after other projects are built. Formerly, if a Per-project configurable Build Authorization was enabled globally but some projects did not specify an Authorization, the two aforementioned checks would automatically fall back to checking as anonymous (typically denying build permission). To restore the former behavior, explicitly configure a Project default Build Authorization to be Run as anonymous. Note that this will affect all build-scoped permission checks, including for example Agent/Build. JENKINS-22949
  • Internal API: Tasks.getAuthenticationOf now honors authentication contributed by QueueItemAuthenticatorProvider extensions. pull 2880
  • Moved agent port and protocol configuration out of "security" (authentication and authorization) block in Configure Global Security. JENKINS-4478
  • Don't reload user records from disk unless explicitly requested to improve performance of user record access. JENKINS-45737
  • Plugin Development: Jenkins now no longer publishes a war-for-test artifact. Plugins using 2.64 or a later version of Jenkins (including 2.73.1) as baseline need to use plugin parent POM 2.30 or later. JENKINS-24064

2.60.3

August 17, 2017
Bug fix
  • Contributions to the PATH environment variable could result in malformed values on agents on a platform different from controller's. JENKINS-14807
  • Robustness improvements related to agent connections. JENKINS-43496JENKINS-38527
  • JNLP for launching agents now requests Java 8. JENKINS-45679
  • Prevent NullPointerException in Jenkins#getRootURL() while the instance is not fully loaded yet. JENKINS-34914
  • Fix NullPointerException when calculating culprits. JENKINS-45516
Enhancement
  • The reload-configuration CLI command now waits until the reload is finished, and returns an error code if the reload failed. JENKINS-45256
  • Remove the "JNLP" protocol references from the TCP Agent Listener log messages. JENKINS-44103

2.60.2

July 19, 2017
Enhancement
Bug fix
  • Add documentation for time zone specification for cron patterns (e.g. SCM polling). JENKINS-9283
  • Do not submit form when pressing Enter in the plugin manager's filter field. JENKINS-44523
  • Jenkins failed to perform some cleanup tasks, including saving the build queue, if stopped via REST /exit, CLI shutdown, or when restarting from Install as Windows Service. JENKINS-44589
  • Don't check whether disabled administrative monitors are active or not on the Manage Jenkins page. JENKINS-44608
  • When starting the jenkins.war directly, properly check for Java 8 as minimum instead of Java 7 before proceeding. JENKINS-44764
  • Prevent NullPointerException when calling restart CLI command. (regression in 2.57) JENKINS-44769
  • Prevent possible NullPointerException when listing remote directories using the FilePath#list() and FilePath#listDirectories() APIs. JENKINS-44942

2.60.1

June 21, 2017
2.60.1 is the first Jenkins LTS release that requires Java 8 to run. If you're using the Maven Project type, please note that it needs to use a JDK capable of running Jenkins, i.e. JDK 8 or up. If you configure an older JDK in a Maven Project, Jenkins will attempt to find a newer JDK and use that automatically. If your SSH Build Agents fail to start and you have the plugin install the JRE to run them, make sure to update SSH Build Agents Plugin to at least version 1.17 (1.20 recommended).
Changes since 2.60
Bug fix
  • Fix for NullPointerException while initiating some SSH connections. (regression in 2.59) JENKINS-44120
Notable changes since 2.46.3
Major enhancement
Bug fix
  • Update Groovy to 2.4.8 to address memory leak issue. Pipeline: Groovy needs to be upgraded to 2.28 or higher to prevent regressions. JENKINS-33358JENKINS-42189
  • Windows services: Integrate various stability and performance fixes in Windows Service Wrapper from 1.18 to 2.0.2. There are many fixes around configuration options and process termination. full changelog
  • Packaging: Do not invoke recursive chown in JENKINS_HOME during the RPM post-install step unless owned by a different user. JENKINS-23273
Enhancement
  • Windows services: Enable Runaway Process Killer by default in new agent and controller installations. JENKINS-39231
  • Windows services: Enable auto-upgrade of Remoting on newly installed agents if they are connected by HTTPS. JENKINS-39237
  • Windows services: Add support of shared directories mapping in Windows agent services. Shared Directory Mapper documentation
  • Use case-insensitive search by default for new and anonymous users. JENKINS-42645
  • Searching in the Build History widget takes into account user preferences (case sensitivity by default). pull 2683
  • Allow searching by build parameter values in the Build History widget. JENKINS-40718
  • Update the Trilead SSH library to get support of new Mac, Key, and Key Exchange Algorithms. JENKINS-33021JENKINS-26379JENKINS-31549JENKINS-42959JENKINS-43979JENKINS-44046
  • When creating temporary files, use the jenkins prefix instead of the old hudson one. pull 2778
  • Update German, French and Russian localizations. pull 2777pull 2787pull 2798
  • Removed localizations with very low coverage: Albanian, Basque, Belarusian, Bengali, Esperanto, Galician, Georgian, Gujarati, Hindi, Icelandic, Indonesian, Irish, Kannada, Macedonian, Marathi, Mongolian, Occitan, Punjabi, Sinhala, Tamil, Telugu, Thai. pull 2813
  • Internal API: Add the ability for ItemListener to veto copy operations; make Run#compareTo work across jobs; save Jenkins after calling setSecurityRealm or setAuthorizationStrategy. JENKINS-34691JENKINS-42319pull 2762pull 2782pull 2790pull 2805

2.46.3

May 25, 2017
Bug fix
  • If an exception is thrown while rendering an HTTP response, just log the stack trace on the server side, without trying to send an error page to the client. JENKINS-21695
  • Setup wizard gets into bad state when failures like network issues happen. JENKINS-41778
  • Catch and log RuntimeException in Computer#setNode() when updating the Computer list. JENKINS-42043
  • Fix AccessDeniedException in "Build after other projects are built" when user has Discover permission but not Read. JENKINS-42707
  • Prevent NullPointerException when a non-existent default view is specified in Configure System. JENKINS-42717
  • Properly handle saving system configuration when disabling all, or all but one, administrative monitors. JENKINS-42852
  • Remove links in stack traces to the stacktrace.jenkins-ci.org service that has been shut down. JENKINS-42861
  • Ensure that Cloud.PROVISION is properly initialized during the configuration loading. JENKINS-43279
  • Prevent rare NullPointerException if an admin user is created in the setup wizard after first disabling CSRF protection. JENKINS-44010
Enhancement
  • Migrate legacy users only once per restart to improve performance of the user retrieval logic. JENKINS-43936

2.46.2

April 26, 2017
Security
Major enhancement
Enhancement
Bug fix
  • Computer#addAction would throw an UnsupportedOperationException since Jenkins 2.30. Such a call site was released in SSH Build Agents Plugin 1.15 for SECURITY-161. JENKINS-42969security advisory including SECURITY-161
  • Search results page did not correctly encode query parameters. JENKINS-42390
  • When validating a cron expression, consider the specified time zone. JENKINS-43228
  • Do not display a warning when an SCM trigger has no schedules (either to disable SCM post-commit hooks, or to enable them without polling). JENKINS-42194
  • Fix performance issue in deduplication of lists of tool installers. JENKINS-42141

2.46.1

March 29, 2017
Changes since 2.46
Bug fix
  • Prevent file descriptor leaks when Windows Service installer fails to read data from the service startup log. JENKINS-42670
  • Update Remoting from 3.5 to 3.7 in order to prevent file descriptor leaks on agents in the case of multiple connection attempts. full changelog
  • Exceptions during Jenkins cleanup step should not block restart. JENKINS-42164
  • Cryptic error message when loading JnlpSlaveAgentProtocol4. JENKINS-41987
  • Developer: Snapshot builds of plugins that had dependencies on other snapshot builds were not having their version numbers compared correctly. JENKINS-41899
  • Do not attempt to find the next occurrence of an impossible date such as June 31st in validation of trigger schedules. JENKINS-41864
  • Remoting 3.5: Stability improvements. JENKINS-41513JENKINS-41852
  • Remove invalid translations in Slovene. JENKINS-41756
  • Use of the remote API to create items in views (/view/…/createItem) didn't actually add items to views since Jenkins 2.22. JENKINS-41128
  • Remoting 3.5: Remoting clients now accept lowercase (HTTP 2) headers sent by reverse proxies. JENKINS-40710
  • Windows service restart did not retain build queue. JENKINS-32820
Enhancement
  • Remoting 3.5: Add option to specify the Remoting protocol to use on the client. JENKINS-41730
Notable changes since 2.32.3
Enhancement
  • Update the SSHD module from 1.7 to 1.8. The change disables obsolete Ciphers: AES128CBC, TripleDESCBC, and BlowfishCBC.
  • Enable the JNLP4 agent protocol by default. JENKINS-40886upgrade notes
  • Allow defining agent ping interval and ping timeout in seconds. It can be done via the hudson.slaves.ChannelPinger.pingIntervalSeconds and hudson.slaves.ChannelPinger.pingTimeoutSeconds system properties. JENKINS-28245
  • Print stack traces in logical order, with the most important part on top. pull 1485
  • Reduce size of Jenkins WAR file by not storing identical copies of remoting.jar/slave.jar there. pull 2633
  • Do not print warnings about undefined parameters when hudson.model.ParametersAction.keepUndefinedParameters property is set to false. pull 2687
  • Increase the JENKINS_HOME disk space threshold from 1 GB to 10 GB left. The warning will be shown only if more than 90% of the disk is utilized. JENKINS-40749
Bug fix
  • Delete obsolete pinning UI. JENKINS-34065
  • Use project-specific validation URL for SCM Trigger, so H is handled correctly in preview. JENKINS-26977
  • Failure to serialize a single Action could cause an entire REST export response to fail. Upgraded to Stapler 1.250 with a fix. JENKINS-40088
  • Add Usage Statistics section to the global configuration to make it easier to find. JENKINS-32938
  • Allow groovy CLI command via SSH CLI. JENKINS-41765

2.32.3

March 1, 2017
Bug fix
  • Display an informative message, rather than a Groovy exception, when View#getItems fails. JENKINS-41825
  • Don't try to set Agent Port when it is enforced, breaking form submission. JENKINS-41511
  • Don't add all group names as HTTP headers on "access denied" pages, possibly breaking reverse proxies due to very large headers. JENKINS-39402
  • Fix handling of the POST flag in ManagementLinks within the Manage Jenkins page. JENKINS-38175
  • IllegalStateException from Winstone when making certain requests with access logging enabled. JENKINS-37625
  • Do not fail to write a log file just because something deleted the parent directory. JENKINS-16634

2.32.2

February 1, 2017
Security
Major enhancement
Bug fix
  • Correctly state that Jenkins will refuse to load plugins whose dependencies are not satisfied in plugin manager. JENKINS-40666
  • The install-plugin CLI command now correctly installs plugins when multiple file arguments are specified. JENKINS-32358
  • Prevent the ClassNotFoundException: javax.servlet.ServletException error when invoking shell tasks on remote agents. JENKINS-40863
  • Properties were not passed to Maven command by Maven build step when the Inject Build Variables flag was not set. JENKINS-39268
  • Job configuration submission now does not fail when there is no parameters property. JENKINS-39700
  • Update Remoting to 3.4 in order to properly terminate the channel in the case Errors and Exceptions. JENKINS-39835
  • Check for Updates button in the Plugin Manager was hidden in the Updates tab when there was no plugins updates available. JENKINS-39971
  • SSHD Module: Handshake was failing (wrong shared secret) 1 out of 256 times due to SSHD-330. JENKINS-40362
  • Performance: Use bulk change when submitting Job configurations to minimize the number of sequential config.xml write operations. JENKINS-40435
  • Jobs were hanging during process termination on the Solaris 11 Intel platform, regression in 2.20. JENKINS-40470
  • Restore option value for setting build result to unstable when loading shell and batch build steps from disk. JENKINS-40894
Enhancement
  • Update to Winstone 3.2 to support ad-hoc certificate generation on Java 8 (using unsupported APIs). This option is deprecated and will be removed in a future release. We strongly recommend you create self-signed certificates yourself and use --httpsKeyStore and related options instead. JENKINS-25333

2.32.1

December 24, 2016
Changes since 2.32
Major bug fix
  • Prevent early deallocation of process references by Garbage Collector when starting a remote process. It was sometimes causing build failures with messages like FATAL: Invalid object ID 184 iuota=187 and java.lang.Exception: Object was recently deallocated. JENKINS-23271
Bug fix
  • Redirect to login page in the case of authorisation error when checking connectivity to the Update Center. JENKINS-39741
  • WinP 1.24: Native class now tries loading DLLs from the temporary location. JENKINS-20913
  • WinP 1.24: WinP sometimes kills wrong processes when using killRecursive(). It was likely impacting process termination on Windows agents and sometimes leading to BSoD. JENKINS-24453
Notable changes since 2.19.4
Major enhancement
Enhancement
  • Allow disabling/enabling administrative monitors on Configure Jenkins form. JENKINS-38301
  • Ask for confirmation before canceling/aborting runs. JENKINS-30565
  • Prompt user whether to add the job to the current view. JENKINS-19142
  • Allow CommandInterpreter build steps to set a build result as Unstable via the return code. Shell and Batch build steps now support this feature. JENKINS-23786
  • Internal: Upgrade Stapler library from 1.243 to 1.246 with fixes required for the Blue Ocean project. Changes are listed here. pull 2593

What's new in 2.19.4 (2016-11-23)

What's new in 2.19.3 (2016-11-16)

This is an out-of-schedule release addressing the zero day vulnerability published on November 11, 2016. It does not contain the usual LTS bug fixes, but only addresses the security vulnerability. There will be another LTS release in the 2.19.x line containing bug fixes as regularly scheduled.

What's new in 2.19.2 (2016-11-01)

What's new in 2.19.1 (2016-10-03)

Changes from 2.19:
Notable changes since 2.7.4:

What's new in 2.7.4 (2016-09-08)

What's new in 2.7.3 (2016/08/31)

What's new in 2.7.2 (2016/08/03)

What's new in 2.7.1 (2016/07/06)

Changes from 2.7:
Notable changes since 1.651.3:
More detailed information about the new features in Jenkins 2 on the overview page. Note that AJP support has been removed, if your service script enables it, Jenkins will fail to start.

What's new in 1.651.3 (2016/06/08)

What's new in 1.651.2 (2016/05/11)

What's new in 1.651.1 (2016/04/14)

Changes from 1.651:
Notable changes since 1.642.3:

What's new in 1.642.4 (2016/03/31)

What's new in 1.642.3 (2016/03/16)

What's new in 1.642.2 (2016/02/24)

What's new in 1.642.1 (2016/01/20)

No changes compared to 1.642. Notable changes since 1.625.3:

What's new in 1.625.3 (2015/12/09)

What's new in 1.625.2 (2015/11/11)

What's new in 1.625.1 (2015/10/14)

1.625.1 is the first Jenkins LTS release that requires Java 7 to run. If you're using the Maven Project type, please note that it needs to use a JDK capable of running Jenkins, i.e. JDK 7 or up. If you configure an older JDK in a Maven Project, Jenkins will attempt to find a newer JDK and use that automatically. If your SSH agents fail to start and you have the plugin install the JRE to run them, make sure to update SSH Build Agents Plugin to at least version 1.10.

What's new in 1.609.3 (2015/09/02)

What's new in 1.609.2 (2015/07/28)

What's new in 1.609.1 (2015/05/29)

What's new in 1.596.3 (2015/05/20)

What's new in 1.596.2 (2015/03/23)

What's new in 1.596.1 (2015/02/28)

What's new in 1.580.3 (2015/01/27)

What's new in 1.580.2 (2014/12/15)

What's new in 1.580.1 (2014/10/29)

What's new in 1.565.3 (2014/10/01)

What's new in 1.565.2 (2014/09/03)

What's new in 1.565.1 (2014/07/30)

What's new in 1.554.3 (2014/06/30)

What's new in 1.554.2 (2014/05/30)

What's new in 1.554.1 (2014/04/30)

What's new in 1.532.3 (2014/04/11)

What's new in 1.532.2 (2014/02/14)

What's new in 1.532.1 (2013/11/25)

What's new in 1.509.4 (2013/10/09)

What's new in 1.509.3 (2013/09/09)

What's new in 1.509.2 (2013/06/27)

What's new in 1.509.1 (2013/05/01)

What's new in 1.480.3 (2013/02/15)

What's new in 1.480.2 (2013/01/06)

What's new in 1.480.1 (2012/11/17)

What's new in 1.466.2 (2012/09/13)

What's new in 1.466.1 (2012/07/23)

What's new in 1.447.2 (2012/06/11)

What's new in 1.447.1 (2012/03/28)

What's new in 1.424.6 (2012/03/06)

What's new in 1.424.5 (2012/03/05)

What's new in 1.424.4 (2012/03/05)

What's new in 1.424.3 (2012/02/27)

What's new in 1.424.2 (2012/01/10)

What's new in 1.424.1 (2011/11/30)

What's new in 1.409.3 (2011/11/08)

What's new in 1.409.2 (2011/09/12)

What's new in 1.409.1 (2011/06/06)