LTS Changelog

Legend:
  • security fix
  • major bug fix
  • bug fix
  • major enhancement
  • enhancement
Community feedback:
See the LTS upgrade guide for advice on upgrading Jenkins.

What's new in 2.332.3 (2022-05-04)

  • Avoid a deadlock between agent class loading and logging. (issue 68122)
  • Replace the computer-flash GIF icon with the hourglass icon. (issue 67742)
  • Make "View build information" pages readonly for users who don't have permission. (issue 67967)
  • Upgrade bundled Jackson 2 API plugin from 2.12.0 to 2.13.2.20220328-273.v11d70a_b_a_1a_52. (issue 68276pull 6480Jackson 2 API plugin changelogs)
  • Allow filtering updates in plugin manager by plugin ID (regression in 2.320). (issue 68260)
  • Display log entries with missing logger names in the log viewer. (pull 6310)
  • Preserve load statistics data for label expressions. (issue 68055)
  • Fix bad encoding of security warnings in French showing special characters. (pull 6382)

What's new in 2.332.2 (2022-04-06)

  • Show warning dialog if Java 8 is selected in Windows installer. (issue 68170pull 306)
  • Prefer --httpPort from JENKINS_ARGS over HTTP_PORT when the two differ. (issue 68007Packaging pull request 296)
  • Remove unnecessary log spam when starting Jenkins under systemd on Debian 11 (regression in 2.333 and 2.332.1). (issue 67995)
  • Don't show build status on jobs that are not yet built (regression in 2.321). (issue 67797)
  • Ensure inbound agent restart logic is applied. (issue 66446)
  • Recover gracefully after incorrect merge of /etc/sysconfig/jenkins on Red Hat-based systems. (issue 68149pull 301)

What's new in 2.332.1 (2022-03-09)

Changes since 2.332:
  • Switch Linux installers from System V init to systemd. (issue 41218)
  • Update the bundled Matrix Project plugin from 1.18 to 1.20. (pull 6180issue 676742022-01-12 security advisory)
  • Update bundled Display URL API plugin to prevent issues starting the mailer plugin for offline installations. (issue 67885)
  • Keep the same height when dragging and dropping a component (regression in 2.277). (issue 67496)
  • Correctly render expandable text boxes into multiple lines (regression in 2.197 and 2.176.4). (issue 67627)
  • Show correct feature name in tooltips of help links (regression in 2.179). (issue 67662)
  • Launch only one agent to satisfy cloud agent requests that use label expressions. (issue 67635)
  • Truncate long build names again (regression in 2.332). (issue 67689)
  • Overwrite grey balls icon with the modern "not built" status. (issue 67753)
  • Render the question mark on the new help button only once so that it is not shown twice, even while using different themes. (pull 6233)
  • Update remoting from 4.11 to 4.12 to allow Java web start agents to connect (regression in 2.318). (pull 5983issue 67000Remoting 4.11.2 changelogRemoting 4.12 changelog)
  • Restart systemd service when the controller exits unexpectedly. (issue 56219)
  • Restart the Jenkins service after plugin updates on Debian 11 (bullseye). (issue 65809)
Notable changes since 2.319.3:
  • Always enable the agent-to-controller security subsystem. Remove the admin-customizable allowlists for callables and file paths. Remove the ability to access some files on the controller from agents. Use the Plugin Manager to upgrade incompatible plugins. (pull 5885issue 67173the issue tracker)
  • Upgrade the Guava library from 11.0.1 (released on January 9, 2012) to 31.0.1 (released on September 27, 2021). Plugins have already been prepared to support the new version of Guava. Use the Plugin Manager to upgrade all plugins before and after upgrading Jenkins. (pull 5707issue 36779JEP-233Guava web siteGuava 31.0.1 changelog)
  • Modernise the table design. Add support for Ionicons. Improve the usability and layout of the 'Plugin Manager' page with better controls and a 'Report an issue' link for each plugin. Update the 'New view', 'New node', 'About', 'System Info', and 'Log Recorder' pages. (pull 5851pull 5925pull 5842pull 6055pull 5916pull 5358issue 65113)
  • Allow the plugin manager to upload by URL in addition to upload by file name. (issue 4814)
  • Improve visualization of the 'Environment Variables' page. (pull 6096)
  • Improve artifact list readability in dark theme. (pull 5889)
  • Use CSS animation for console progress. (pull 5871)
  • Remove support for plugins written in JRuby or Jython. JRuby support has been removed from the Stapler web framework used in Jenkins core. Plugins written in JRuby and Jython have not been distributed by update center since January 22, 2022. (pull 6103JEP-7: Deprecation of Ruby and Python plugin runtimesDeprecating non-Java plugins (blog post)Stapler repositoryJRuby project)
  • Remove support for setting the Jenkins home directory via Java Naming and Directory Interface (JNDI). (pull 6111)
  • Developer: Provide a stable version of ObjectWebASM (currently 9.1) on the classpath. (pull 5524ObjectWebASM web site)
  • Developer: Use the upstream version of AntClassLoader without custom patches. (pull 5856)

What's new in 2.319.3 (2022-02-09)

  • Security fix. (security advisory)
  • Fix ClassNotFoundException: io.jenkins.cli.shaded.org.w3c.dom.Node when using JAXB. (issue 67470)
  • Upgrade the XStream library from 1.4.18 to 1.4.19. Addresses the CVE-2021-43859 security vulnerability when unmarshalling highly recursive collections or maps causing a Denial of Service. (pull 6231XStream 1.4.19 changelogXStream CVE-2021-43859)
  • Launch only one agent to satisfy cloud agent requests that use label expressions. (issue 67635)

What's new in 2.319.2 (2022-01-12)

What's new in 2.319.1 (2021-12-01)

Changes since 2.319:
  • Do not attempt to canonicalize tar entries when untaring, as the result may be unexpected for symlinks. (issue 67063)
  • Fix form submission for file access rules of agent to controller security subsystem (regression in 2.111). (pull 5881issue 67061Upgrade guide - Agent to controller path filter security fixes)
  • Fix missing hyperlink in build history (regression in 2.314). (issue 67028)
  • An exception thrown by a RestartListener no longer leaves Jenkins in a zombie-like state. (issue 67002)
  • Prevent LinkageError during class loading (regression in 2.309). (issue 66993)
  • Show ongoing first build in build history (regression in 2.314). (issue 66969)
  • Jenkins startup could hang due to a deadlock in class loading. (issue 67188)
  • Display the "Configure System" icon in the drop down menu. (issue 67033)
Notable changes since 2.303.3:
  • Replace the term "master" for the main Jenkins application with "controller" or "built-in node" in user interface strings and documentation. New installations get the new node and label immediately. Existing installations do not change the node name (e.g. NODE_NAME environment variable) or label of the built-in node until an administrator explicitly performs the migration. If a job definition, Pipeline definition, or tool installer reference must be tied to the built-in node, it should use the label "built-in". (Upgrade guide - Built-In Node Name and Label Migration)
  • Modernise the "Manage Jenkins" screen. (pull 5693)
  • Modernise the "Build History" search bar. (pull 5692)
  • Update appearance for feed bar and description button to be modern and consistent. (pull 5664)
  • Improve layout of console output header. (pull 5507)
  • Show new status icons in build history. (issue 66659)
  • Update tooltips to be consistent across Jenkins. (pull 5763)
  • Use SVGs over PNGs for the sidebar when possible. Breadcrumb bar/logo/menu items are now correctly aligned on the left together. Move old war/images folder to webapp so they can be used in frontend - the SVGs are now in the webapp/images/svgs folder. (pull 5663)
  • Replace the old icons with the new SVG icons in the job trend page. (issue 65928)
  • Graphs now scale correctly on high resolution screens. (pull 5697)
  • Screen resolution cookie now has the secure flag set when Jenkins is running on HTTPS. (issue 49675)
  • Deprecate the -cp option in the remoting agent.jar command line. Upgrade from Remoting 4.10 to Remoting 4.11. (pull 5821issue 64831Remoting 4.11 changelog)
  • When the buildWithParameter API is called, if the requests with the same parameters in the queue are merged, the http response code of the request uses a more appropriate 303(see other) instead of 201(created). (issue 66105)
  • Fix wrong parameter type for Text Parameter when triggering a build via the buildWithParameters API call. (pull 5704)
  • Use the JVM's default keystore type for the Jenkins server when terminating TLS connections within Jenkins. Used if Jenkins is started with the --httpsPort argument. Winstone 5.21: Update Jetty from 9.4.42.v20210604 to Jetty 9.4.43.v20210629. (pull 5670issue 66379Winstone 5.20 changelogWinstone 5.21 changelogJetty 9.4.43 changelog)
  • Correction of label expression including a "implies" relationship without spaces around. (issue 66613)
  • Fix agent handshake when connecting over Websocket on Java 11. Upgrade from Remoting 4.10 to Remoting 4.11. (pull 5821issue 61212Remoting 4.11 changelog)
  • Remove deprecated, unsafe classes previously copied from Apache Ant. Docker Slaves plugin is incompatible with this change. (issue 66930)
  • Load classes from plugins in parallel for faster startup on multicore machines. (issue 23784)
  • Remove the Woodstox implementation of the StAX API from Jenkins core. Users of the Azure Artifact Manager, Azure Container Agents, Azure Storage, and Azure SDK API plugins must upgrade those plugins to the latest versions in lockstep with this core upgrade. Plugins that consume Woodstox should depend on it directly or via the Jackson 2 API plugin. (pull 5651Woodstox implementationStAX APIAzure Artifact Manager pluginAzure Container Agents pluginAzure Storage pluginAzure SDK API pluginJackson 2 API plugin)
  • Internal: Experimental support for URLClassLoader can be enabled by setting hudson.ClassicPluginStrategy.useAntClassLoader=false. (pull 5698)

What's new in 2.303.3 (2021-11-04)

What's new in 2.303.2 (2021-10-06)

What's new in 2.303.1 (2021-08-25)

Changes since 2.303:
  • Fix an issue unzipping archives in a corner case when entries have the same path prefix as the target location. (issue 66094)
  • Detect files in a symlink that points to a directory (regression in 2.301). Bump Commons IO to 2.11.0. (pull 5675issue 66413Apache Commons-IO issue 741)
  • Show tooltips when users hover on the SVG icons. (issue 65923)
  • Use Java 11 in Docker images instead of Java 8. (Blog post)
  • Allow Java 11 administrative monitor to be disabled with a system property. (issue 66177)
Notable changes since 2.289.3:

What's new in 2.289.3 (2021-07-28)

  • Improve build status progress animation. (issue 65574)

What's new in 2.289.2 (2021-06-30)

What's new in 2.289.1 (2021-06-02)

Changes since 2.289:
  • Fix NoSuchMethodError when using plugins that rely on bridge methods for compatibility (regression in 2.278). (issue 65605)
  • Fix form submission for some specific form validation cases (regression in 2.289). (issue 65585)
  • Wrap the build name in the build results list if it is too long. (issue 65190)
  • Improve performance for standard input of the Jenkins CLI, for example with the `install-plugin` command. (issue 64294)
  • Fix an issue archiving files greater than 4 GiB in size when creating ZIP64 archives. (issue 52356)
Notable changes since 2.277.4:

What's new in 2.277.4 (2021-05-05)

  • Fix disabled dropdown items to appear disabled (regression in 2.277.1). (issue 65021)
  • Fix load statistics graph links to include correct graph duration (regression in 2.277.1). (issue 65336)
  • Honor the current folder when creating new views with the "New View" link. (issue 56934)
  • Upgrade from xstream 1.4.15 to 1.4.16. (pull 5360issue 65281XStream 1.4.16)

What's new in 2.277.3 (2021-04-20)

What's new in 2.277.2 (2021-04-07)

What's new in 2.277.1 (2021-03-10)

As described in the Major changes in the weekly release line blog post, this release improves key user interface components. Configuration user interfaces now use html div markup to present a better layout than the previous html table layout. Configuration pages are now easier to read, easier to understand, and work better on a wide range of screens. See the Jenkins issue tracker for a list of plugins known to have issues with the change.

 

As described in the Spring and XStream updates (breaking changes!) blog post, this release updates and replaces outdated internal components. The Acegi security library used for authentication has been replaced by Spring Security (JEP-227). See the Spring Security compatibility table for the latest plugin compatibility status. A fork of the XStream library used to read and write XML files has been replaced by the upstream version of XStream (JEP-228). See the XStream compatibility table for the latest plugin compatibility status.

 

Known IssuesIf your Jenkins instance was created before Jenkins 2.4 or 2.7.1 LTS, a Setup Wizard may appear on the startup after the upgrade. In such a case, a Jenkins admin may need to skip the plugin installation. See the upgrade guide for the detailed guidelines.
Changes since 2.277:
Notable changes since 2.263.4:

What's new in 2.263.4 (2021-02-10)

  • Improve performance in fingerprint file creation. (issue 64670)
  • Use the correct freestyle font-size for descriptions. (issue 64332)
  • Don't tell user's to signup when signup is not available. (issue 64426)

What's new in 2.263.3 (2021-01-25)

What's new in 2.263.2 (2021-01-13)

What's new in 2.263.1 (2020-12-03)

Changes since 2.263:
Notable changes since 2.249.3:
  • Fix Debian / Ubuntu Java version check for Java 11.0.9.1. (issue 64212pull 198)
  • Graduate Overall/SystemRead permission to general availability (GA) status. (pull 4909JEP-224)
  • SSHD module 2.7: Remove deprecated key exchange and MAC algorithms. (pull 4951SSHD module 2.7 changelog)
  • SSHD module 2.7: Allow configuring disabled key exchange and MAC algorithms through system properties. (pull 4951SSHD module 2.7 changelog)
  • Improve the layout and clarity of the page displayed when jobs are not yet created. (issue 63592)
  • Allow users with the Jenkins/MANAGE permission to restart and safe restart Jenkins. (issue 63795)
  • Set Cross-Origin-Opener-Policy to same-origin. (pull 4910Cross-Origin-Opener-Policy at developer.mozilla.org)
  • Improve the scripting capacity related to the API Token system. Provide a way to configure a fixed/default API Token for admin during installation phase. (issue 57484)
  • Hide description panel in sidebar if historyWidget.descriptionLimit is 0. (pull 4978Features controlled with System Properties)
  • Prevent JavaScript error when registering validators in some cases. (issue 42228)
  • Prevent resource leak in the File Fingerprint Storage implementation. (pull 4992)
  • Developer: Improve the combobox component to support default value and readonly mode. (pull 4939)
  • Developer: Allow migration of fingerprints from local storage to external storage. (issue 62757)
  • Developer: Expose fingerprint range set serialization methods for plugins. (pull 4888)
  • Developer: Pluggable Artifact Storage: Make the VirtualFile API generally available to plugin developers. (pull 4974JEP-202)
  • Developer: A SimpleBuildStep or SimpleBuildWrapper can now choose not to require a workspace context (working directory and launcher). (issue 46175)
  • Developer: Cloud implementations are given more context about ongoing planned nodes. Add CloudState to be passed to Cloud#provision and Cloud#canProvision methods. (pull 4922)

What's new in 2.249.3 (2020-11-04)

What's new in 2.249.2 (2020-10-07)

  • Fix migration of status filter when coming from an older version of Jenkins (regression in 2.249.1). (issue 62661)
  • Make alert colors consistent with 'Manage Jenkins' alert colors. (issue 63330)
  • Avoid warning on logs about Anonymous Class in hudson.FilePath. (issue 63563)
  • Fix NullPointerException pollution on logs if PluginDeprecationMonitor is enabled and some conditions are met. (issue 63562)
  • Developer: Make unavailable plugin background themeable. (issue 63331)

What's new in 2.249.1 (2020-09-09)

Changes since 2.249:
  • Important security fixes from Jenkins 2.252 and 2.235.4. (security advisory)
  • Stop pre-formatting agent logs to prevent deadlocks (regression in 2.231). (issue 63458)
  • Fix button that copies API token to clipboard (regression in 2.238). (issue 63274)
  • Restore wrapping tabs into multiple lines instead of overflowing (regression in 2.248). (issue 63180)
  • Normalize widget colors to be consistent with the new color palette. (Fixes bread crumbs flash in Dark Theme)
  • Empty installed plugins table text is readable again (regression in 2.249). (issue 63276)
  • Show build time data in the Build Time Trend Page (regression in 2.245). (issue 63232)
  • Replace text references to slave with agent in Japanese documentation and messages. (issue 63166)
  • Fix backspace key sometimes did not delete text from the Script Console on a Mac (regression in 2.248). (issue 63342)
  • Fix regular expression validator UI location (regression in 2.244). (issue 63308)
  • Prevent concurrent build deletion. (issue 61687)
Notable changes since 2.235.5:

What's new in 2.235.5 (2020-08-17)

  • Important security fixes. (security advisory)
  • Major update of the Alpine-based Jenkins Docker image. Jenkins Docker image for Alpine now uses Alpine 3.12 and AdoptOpenJDK 8u262. (upgrade guide)

What's new in 2.235.4 (2020-08-12)

A new GPG signing key is used for the Jenkins long term support package repositories. Follow the instructions in the Linux repository signing blog post to install the new public key on your computer.
  • Important security fixes. (security advisory)
  • Use new 64 bit Windows installer with service account checks and port validation. Supports 64 bit Java 8 and 64 bit Java 11. (AnnouncementUpgrade guide)
  • Allow graceful shutdown when SCM triggers are configured. (issue 62695)
  • Fix IllegalArgumentException: Method not found error caused by misbehaviour in Util.isOverridden() (regression in 2.241). (issue 62723)

What's new in 2.235.3 (2020-07-27)

What's new in 2.235.2 (2020-07-15)

What's new in 2.235.1 (2020-06-17)

Changes since 2.235:
  • Make plugin manager work on Internet Explorer 11 again (regression in 2.231). (issue 62163)
  • Prevent telemetry warnings about missing javax.annotation classes when running with Java 11 (regression in 2.231). (issue 61920)
  • Fix a deadlock involving custom loggers during agent startup (regression in 2.231). (issue 62181)
  • Prevent Old Data Monitor from failing plugin loading in the case of class field unmarshalling issues. (issue 62231)
Notable changes since 2.222.4:
  • Various improvements to the plugin manager, including: It no longer shows all available plugins by default; use search field to find plugins. They are now sorted by popularity by default. Additionally, categories are no longer used to group plugins, instead they're shown as labels. (issue 61166pull 4580pull 4513pull 4588pull 4534pull 4591pull 4535pull 4589pull 4584)
  • Organize entries on the Manage Jenkins page into categories and show them in a grid. (pull 4546)
  • Remove 'auto refresh' feature, including now obsolete auto refresh telemetry capability. (pull 4503)
  • Users with extended read permission now get a more read-only looking UI. (issue 61202pull 4479Read-only Jenkins Configuration blog post)
  • Allow users with Overall/SystemRead permission to view About Jenkins, Manage Plugins, Global Security Configuration, and System Log. (issue 61205issue 61201issue 61203issue 61207issue 61455issue 61208issue 61208)
  • Distinguish between defined (*****) and undefined (N/A) password on read-only configuration forms for users with Overall/SystemRead or Item/ExtendedRead permissions. (issue 61812)
  • Allow users with Overall/Manage permission to access the System Information, Prepare for Shutdown, and About Jenkins management links. Usage Statistics in Global Configuration is now also configurable by users with that permission. (issue 61456issue 61453issue 61457issue 61455)
  • Use modern system fonts provided by the browser when possible. Changes font size for body copy and headings to improve consistency and legibility. (issue 60921)
  • Restyle buttons. Add support for large buttons, hyperlinks styled as buttons and icon-only buttons. (issue 61840)
  • Restyle the help icon. (pull 4663)
  • Improve styling of alert banners to be more visually appealing and to better match existing user interface components. Alerts now fully cover the navigation bar while they are displayed instead of covering only a portion of the navigation bar. (issue 61478)
  • Suppress error stack traces for non-administrator users as core capability. (issue 60410)

What's new in 2.222.4 (2020-05-24)

  • Prevent a form validation "404 Not Found" error when the resource root URL configuration points at a previously configured resource root URL (regression in 2.222.1). (issue 62133)
  • Upgrade to Remoting 4.2.1 to fix an issue with large payloads over WebSockets. Requires a matching agent.jar with remoting 4.2.1 or later. (issue 61409pull 4601pull 4596Remoting 4.2.1 changelogWebSockets blog postJEP-222)
  • Update Groovy Init hooks to run after all job configurations are adapted. (issue 61694)
  • Fix spacing between error messages in Setup Wizard (regression in 2.222.1). (issue 61660)
  • Fix input field hints for tools like the git plugin that search the PATH for their executable (regression in 2.222.1). (issue 61711)
  • Remove grey bar below the textarea form elements for read only users. (issue 61284)
  • Distinguish between defined (*****) and undefined (N/A) password on read-only configuration forms for users with Overall/SystemRead or Item/ExtendedRead permissions. (issue 61812)
  • Users with extended read permission now get a more read-only looking UI. (issue 61202pull 4479issue 61321pull 4541)

What's new in 2.222.3 (2020-04-24)

  • Use the saved global build discarder configuration on restart. (issue 61688)
  • Fix proxy form validation when a password is set (regression in 2.222.1). (issue 61692)
  • Prevent NullPointerException when hitting Check Now against a custom update center without tool installer metadata. (issue 60788)
  • Prevent one occurrence of "Jenkins.instance is missing" during Jenkins restart. (pull 4525issue 60454issue 55070issue 59992issue 61192)
  • Developer: Make h.checkAnyPermission and <l:layout permissions="..."> work on objects that aren't AccessControlled. (issue 61465)
  • Developer: Prevent spurious deprecation messages by removing the deprecated findbugs-annotation. (issue 61279)

What's new in 2.222.2 (2020-04-22)

Jenkins 2.222.2 was not packaged or delivered. All changes planned for 2.222.2 are included in 2.222.3.
  • Jenkins 2.222.2 was not placed in the artifact repository or on the download site.

What's new in 2.222.1 (2020-03-25)

Global build discarder configuration is not loaded from disk when Jenkins starts (JENKINS-61688). Configuration is saved but not loaded on restart. Jenkins 2.222.1 will always start with the default configuration of the Job Build Discarder. Custom global build discarder configuration is ignored on restart. The default global build discarder is configured each time that Jenkins restarts.
Changes since 2.222:
Notable changes since 2.204.6:
  • Revamp the layout and icons of the header bar and breadcrumbs. Instances with plugins that depend on details of the Jenkins layout (e.g. Simple Theme Plugin) may experience UI/layout problems. A new experimental header color scheme can be enabled by setting the jenkins.ui.refresh system property to true. (issue 60920)
  • Add globally configured build discarders that delete old builds not marked as "keep forever" even if there is no, or a less aggressive, per-project build discarder configured, executed periodically and after a build finishes. (pull 4368)
  • Move cloud configuration from Configure System into its own configuration form on the Manage Nodes page. (pull 4339)
  • Remove Enable Security checkbox in the Global Security configuration. (issue 40228)
  • Remove the ability to disable CSRF protection. Instances upgrading from older versions of Jenkins will have CSRF protection enabled and the default issuer set if they currently have it disabled. (pull 4509)
  • Redesign password fields to prevent password auto-fill except for the login form. Reduce browsers offering to update stored passwords. Revert by setting the system property hudson.Functions.hidingPasswordFields to false. (pull 3991)
  • Deprecate the macOS native installer packaging. (Jenkins macOS native installer deprecation)
  • Remove old, deprecated, unsupported agent protocols Inbound TCP Agent Protocol/1, Inbound TCP Agent Protocol/2, and Inbound TCP Agent Protocol/3. Update Remoting from 3.36 to 4.2 to remove unsupported protocols and add WebSocket support. (issue 60381Remoting 3.40 release notesRemoting 4.0 release notesRemoting 4.0.1 release notesRemoting 4.2 release notes)
  • Add experimental WebSocket support. (JEP-222blog post)
  • Extends the current milestones so plugins can update jobs and configuration during Jenkins initialization. Adds initialization milestones: SYSTEM_CONFIG_LOADED, SYSTEM_CONFIG_ADAPTED, JOB_CONFIG_ADAPTED. (issue 51856)
  • Introduce a new experimental UI that can be enabled by setting the jenkins.ui.refresh system property to true. Currently it includes a new header color scheme, more changes to be added as a part of the UI/UX revamp. (pull 4463issue 60920JEP-223Jenkins UX SIG)
  • Add a new experimental Overall/Manage permission which allows a user to configure parts of the global Jenkins configuration without having the Overall/Administer permission. This is an experimental feature, disabled by default, that can be enabled by setting the jenkins.security.ManagePermission system property to true. (pull 4501issue 60266JEP-223)
  • Add a new experimental Overall/SystemRead permission, which gives (almost) full read access to the Jenkins instance. The permission is disabled by default, install the Extended Read Permission plugin to activate it. (pull 4506issue 12548JEP-224Extended Read Permission plugin)
  • The environment variable WORKSPACE_TMP may now be used from (non-Pipeline) builds to access a temporary directory associated with the build workspace. (issue 60634)
  • Deprecate the Overall/RunScripts, Overall/UploadPlugins, and Overall/ConfigureUpdateCenter permissions. Permissions were announced as dangerous and disabled by default in major authorization plugins in 2017. Custom authorization strategy implementations that grant Overall/Administer without implying one or more of these three permissions will no longer work as expected. Configurations that grant any of these permissions to users without Overall/Administer will no longer work as expected. (pull 4365issue 60266JEP-2232017-04-10 security advisory for Matrix Authorization plugin2017-04-10 security advisory for Role-Based Authorization plugin)
  • Fix NullPointerException when getting a list of runs with a status threshold (regression in 2.202). (issue 60884)
  • User is no longer logged out when authenticating another user. (issue 59107)
  • Winstone 5.9: Fix support of system logging customization (regression in 2.204.5) (pull 4452issue 57888Winstone 5.9 changelogJetty 9.4.27 changelog)

What's new in 2.204.6 (2020-03-25)

What's new in 2.204.5 (2020-03-07)

System logging customization defect (JENKINS-57888 - system logging customization) from Jenkins 2.177...2.203.3 is reintroduced in this version as it is considered as less serious than the fixed regressions. There is a plan to fix it again in 2.222.1.
  • Fix propagation of the maximum form content size and form content keys number (regression in Jetty 9.4.20 and Jenkins 2.204.3). (issue 60409)
  • Fix improper reverse proxy redirects to 127.0.0.1 due to X-Forwarded-Host and X-Forwarded-Port ordering issue (regression in Jetty 9.4.20 and Jenkins 2.204.3). (issue 60199)
  • Revert Winstone from 5.8 to 5.3 to resolve embedded Jetty web container regressions in later Winstone versions. High default maximum form size limit and reverse proxy redirection are restored (regressions in 2.204.3). (issue 60409issue 60199Winstone changelog)

What's new in 2.204.4 (2020-03-03)

What's new in 2.204.3 (2020-02-28)

  • Internal: Winstone 5.7: Change the Jetty thread pool name to "Jetty (winstone)" (pull 4452issue 60821Winstone 5.7 release notes)
  • If the Jenkins root URL has been configured by scripts prior to running the setup wizard, skip the location configuration panel even if selecting the option to skip creation of an admin user. (issue 60750)
  • Prevent inaccurate warnings about missing classes on Java 11 triggered by JavaMelody when Monitoring Plugin is installed. (issue 60725)
  • Include details in the system log when a build rotation fails. (issue 60716)
  • Fix java version check for AdoptOpenJDK 11. (issue 60678)
  • Prevent Jenkins page rendering from being blocked when the update center data parsing is in progress. (issue 60625)
  • Winstone 5.7: Fix support of system logging customization (regression in 2.177). (pull 4452issue 57888Winstone 5.7 release notes)
  • Fix null pointer exception in Agent API when the agent is offline (e.g. retrieving agent version or OS description). (issue 42658)

What's new in 2.204.2 (2020-01-29)

  • Important security fixes. (security advisory)
  • User is no longer logged out when authenticating another user. (issue 59107)
  • Security hardening related to Stapler routing.
  • Security hardening: Set X-Content-Type-Options to nosniff in REST API responses.
  • Disable multiple deletion attempts if hudson.Util.maxFileDeletionRetries is zero. (issue 60351)
  • Prevent 'zombie' executors on built-in node by removing one-off executors in Computer.removeExecutor. (issue 57304)
  • Fix AtomicFileWriter performance issue on CephFS when creating an empty file. (issue 60167)
  • Developer: ViewGroupMixIn#getPrimaryView() may return null, and needs to be checked by plugins depending on this version of weekly and beyond. It is an intermediate state until a default view is implemented. (issue 60092)

What's new in 2.204.1 (2019-12-18)

Configuration as code plugin users upgrading to Jenkins 2.204.1 should review the LTS upgrade guide global configuration save topic and the LTS upgrade guide download settings topic
Changes since 2.204:
  • Show a tooltip with the full link name when hovering over sidebar links. (issue 59508)
  • Prevent faulty subtask contributors from leaving builds running forever. (issue 59793)
  • Fix Uninstall column sorting in the Plugin Manager Install pane. (issue 59665)
Notable changes since 2.190.3:
  • Prevent calls to Jenkins#save persisting data before we have finished loading the in-memory model. This prevents possible corruption of the main Jenkins configuration. (issue 58993)
  • Remove the ability to download update center metadata using the user's browser (deprecated since 2015). Jenkins will no longer inform about available updates without a connection to update sites. We recommend the use of a local mirror of our update sites, or a self-hosted update center like Juseppe in these situations. (pull 3970)
  • Allow time zone to be set on a per-user basis. (issue 19887)
  • Add an option for a Resource Root URL through which Jenkins will serve user-generated static resources like workspace files or archived artifacts without the need for Content-Security-Policy headers. (issue 41891)
  • Stop bundling Maven Plugin, Subversion Plugin, and several other plugins inside the Jenkins war file. In very rare cases, this could result in problems when attempting to install plugins compatible with Jenkins before 1.310. The Jenkins project is currently not publishing any such plugins. (pull 4040)
  • Deprecate the macOS native installer in favor of Homebrew. (macOS Native Installer Deprecation blog post)
  • Revert changes in forms submission in Jenkins classic UI with Firefox have caused a regression on forms with "file" inputs. These were made to anticipate a bugfix in Firefox which has been backed out since. (regression in 2.173) (issue 58296issue 53462Firefox issue 1370630)
  • Remove 100 character length limitation of build description in build history widget. (issue 19760issue 31209)
  • Update Remoting from 3.33 to 3.36. Adds a new connection mode for inbound TCP agents. Update minimum required remoting version to 3.14. Adds command line options "-help" and "-version". (Remoting 3.36 release notespull 4193Remoting 3.35 release notespull 4208pull 4186issue 53461pull 4165Remoting 3.34 release notesRemoting connection steps reduced)

What's new in 2.190.3 (2019-11-20)

  • Robustness: Do not allow users to resubmit requests using POST on URLs requiring a form submission, as that will fail anyway. (issue 59514)
  • The lastCompletedBuild permalink was not being cached in the …/builds/permalinks file. (issue 56809)
  • Fix labels to Atom feed links. (issue 48375)
  • Revert changes in forms submission in Jenkins classic UI with Firefox. Changes caused a regression on forms with "file" inputs. These were made to anticipate a bugfix in Firefox which has been backed out since. (regression in 2.164.3) (issue 58296issue 53462Firefox issue 1370630)

What's new in 2.190.2 (2019-10-28)

  • URLs of some projects with emojis in their name were inaccessible. (issue 59406)
  • Increase client-side keep-alive ping frequency on the HTTP-based CLI to prevent timeouts. (issue 59267)
  • Internal: hudson.util.ProcessTree.OSProcess#getEnvironmentVariables returned null when an error occurred even though it shouldn't. (issue 59580)

What's new in 2.190.1 (2019-09-25)

Changes since 2.190:
Notable changes since 2.176.4:
  • Jenkins no longer creates symbolic links inside project or build directories. The Build Symlink plugin may be installed to restore this functionality if desired. URLs such as /job/…/lastStableBuild/ are not affected, only tools which directly access the $JENKINS_HOME filesystem. (issue 37862)
  • Remove Trilead SSH library from Jenkins core and make it available in a new detached plugin. (issue 43610)
  • Add support of emojis and other non-UTF-8 characters in job names. 🎉 (issue 23349)
  • Update Windows Agent Installer from 1.10.0 to 1.11, enabling TLS 1.2 on agent downloads when running with .NET 4.6 or newer. (issue 51577full changelog)
  • Update Winstone-Jetty from 5.2 to 5.3 to update Jetty to 9.4.18. (pull 4016full changelogJetty 9.4.18 changelogJetty 9.4.17 changelogJetty 9.4.16 changelog)
  • Update JNA from 4.5.2 to 5.3.1 to fix issue with shared library loading on AIX when using OpenJDK. (issue 57515)
  • Update Remoting to 3.33. (issue 57959issue 50095issue 57713full changelog)
  • Support setting excludes and case sensitivity in the fingerprint() build step in Pipeline and other job types. (documentationpull 3915)
  • Improve Configuration-as-Code compatibility of ListView. (issue 57121)
  • Stop using the name argument in the install-plugin CLI command. (pull 4123)
  • Remove obsolete session cookies when logging out, preventing errors related to headers being too large. (issue 25046)
  • Add support for IPv6 addresses in the Jenkins URL configuration. (issue 58041)
  • Allow distinguishing between new projects, disabled projects, and those with aborted builds through differently shaded build balls. (pull 3997)
  • Add a warning when cron trigger spends a long time in its execution. (issue 54854)
  • Batch up plugin installations in setup wizard to improve performance. (pull 4124)
  • The default interval for node monitors (e.g. free disk space) can now be changed by setting the system property hudson.node_monitors.AbstractNodeMonitorDescriptor.periodMinutes. (pull 4105Jenkins features controlled by system properties)

What's new in 2.176.4 (2019-09-25)

2.176.4 and 2.190.1 contain the same security fixes. We're providing an additional release of the 2.176.x LTS line to allow administrators to apply security updates without having to perform a major upgrade.

What's new in 2.176.3 (2019-08-28)

  • Important security fixes. (security advisory)
  • The plugin manager UI no longer prevents disabling a plugin when other plugins only have optional dependencies to it. (issue 33843)
  • Fix performance issue when using "Remember me". (regression in 2.160) (issue 56243)
  • Do not throw exception when testing proxy configuration. (regression in 2.168) (issue 57383)
  • Prevent occasional IllegalStateException on Jenkins restart and invalidate the user session. (issue 55945)

What's new in 2.176.2 (2019-07-17)

  • Important security fixes. (security advisory)
  • A thread pool used to wait for external processes to complete could leak class loaders. (issue 57725)
  • Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed upon Jenkins startup when needed as implied dependencies of other plugins which were already present. This simplifies compatibility for specialized installation scenarios not using the update center, such as when Jenkins is run from a Docker image prepackaged with some plugins. (issue 57528)
  • Update WinP from 1.27 to 1.28 to fix problems with a missing DLL and flickering console window in the Windows graceful process shutdown logic. (issue 57477full changelog)
  • Replace some exception stack traces related to agent channels with simpler messages. (issue 57993)

What's new in 2.176.1 (2019-06-10)

Changes since 2.176:
  • Restore Chinese localized resources used by the setup wizard. (issue 57412)
  • Robustness: Do not put agent offline for runtime exceptions in ComputerListener#onOnline(). (issue 57111)
Notable changes since 2.164.3:
  • Support for the Remoting mode of the CLI (-remoting option) has been removed. (pull 3838announcement blog post)
  • Remove misleading nonStoredPasswordParam symbol for password parameter definitions, since it's actually stored encrypted. (issue 56776)
  • Remove built-in support for CCtray (cc.xml) files. To restore this feature, install the CCtray XML Plugin. (issue 40750)
  • Add stop-job CLI command which allows aborting builds. (issue 11888)
  • Add support for turning off a log recorder in the logger configuration. (issue 56200)
  • Add the run parameter filter value to REST API responses. (issue 56554)
  • Update status icon of a build when the build is finished. (issue 16750)
  • Remove misleading references to Java Web Start and JNLP from GUI surrounding inbound Jenkins agents. (pull 3998)
  • Inform administrators about potentially unsafe permissions setup involving builds running as the virtual SYSTEM user. (issue 24513)
  • Add a log message to build logs when builds run with the virtual SYSTEM authentication. (pull 3908)
  • Migrate all Chinese localization resources into Localization: Chinese (Simplified) plugin. (pull 4008)
  • Adjust stream flushing behavior for code running remotely on agents for better performance. This may lead to loss of messages for plugins which print to a build log from the agent machine but do not flush their output. Use -Dhudson.util.StreamTaskListener.AUTO_FLUSH=true to restore the previous behavior for freestyle builds. Note that Pipeline builds always expect remote flush. (pull 3961)
  • Update Winstone from 5.1 to 5.2 to make HTTPS cipher exclusions configurable. (issue 56659issue 56591full changelog)
  • Remove Mailer related localized strings from core. Make sure you use Mailer Plugin 1.23. (issue 55292)
  • Do not offer a workspace lease to a new build if it is already in use by a (Pipeline) build running across an agent reconnection. (issue 50504)
  • Developer: Update Stapler from 1.256 to 1.257 to add support for loading localized webapp resources from any plugin. Add jenkins.PluginLocaleDrivenResourceProvider interface for plugins to participate in localized resource lookup. (JEP-216full changelog)
  • Developer: Update Localizer library from 1.24 to 1.26 allowing plugins to override the lookup for localized resource files. (pull 3896JEP-216full changelog)
  • Developer: Add Jelly UI component f:secretTextarea for multi-line secrets analogous to f:password for single-line. (pull 3967Storing Secrets in Jenkins)
  • Developer: SystemProperties may now be used from agent-side code. See SystemProperties#allowOnAgent. (pull 3961)

What's new in 2.164.3 (2019-05-09)

  • Corrupted console notes could cause an uninformative NegativeArraySizeException to be thrown from ConsoleNote#readFrom and build log display to be broken. (issue 45661)
  • The setup wizard did not properly escape passwords, resulting in errors with certain special characters. (issue 56856)
  • Make form submit buttons on the Jenkins classic UI compatible with potentially upcoming Firefox bug fix. (issue 53462Firefox bug 1370630)
  • Properly flush output from the Maven console annotator. (issue 56995)
  • Make Debian/Ubuntu launcher script work with Java 11. (issue 57096)
  • Re-enable Stapler request dispatching telemetry. (issue 57167)

What's new in 2.164.2 (2019-04-10)

  • Security fixes. (security advisory)
  • Workspace and artifacts browsing did not work on Windows Server 2016 with Microsoft Docker. (regression in 2.150.2) (issue 56114)
  • Prevent NullPointerException when discarding unreadable fingerprint data. (issue 43218)

What's new in 2.164.1 (2019-03-13)

Changes since 2.164:
    No notable changes in this release.
Notable changes since 2.150.3:
  • Java 11 is now fully supported. Multiple improvements for running Jenkins on Java 11 since 2.150.x, including support for plugins declaring a minimum Java version in their metadata and refusing to load incompatible plugins, and installation of a new JAXB plugin when running on Java 11 to allow use of JAXB APIs from plugins. (announcement blog postrunning on Java 11upgrading to Java 11issue 52012issue 52282issue 55076issue 55048issue 55980issue 55681issue 52285)
  • The list-jobs no longer lists items recursively when listing a specific folder. (issue 48220)
  • Add a new CLI command disable-plugin to disable one ore more installed plugins and optionally restart Jenkins. (issue 27177)
  • Update Trilead SSH library to add support for OpenSSH keys with AES256-CTR encryption. (issue 47603issue 47458issue 55133issue 53653)
  • Add support for the ed25519 key algorithm in Jenkins CLI. (issue 45318)
  • Reduce the performance impact of the SECURITY-904 fix when downloading artifacts or workspaces as ZIP file. (issue 55050)
  • Add new category Languages to the plugin wizard, which automatically installs available localization plugins based on browser language. (pull 3626)
  • Update Windows Service Wrapper from 2.1.2 to 2.2.0 and Windows Agent Installer from 1.9.3 to 1.10.0 to support disabling, renaming and archiving service logs. (pull 3854Windows Service Wrapper changelogWindows Agent Installer Module changelog)
  • Update SSHD Module from 2.5 to 2.6 to apply a proper Apache Mina idle timeout value when a custom value was set using the org.jenkinsci.main.modules.sshd.SSHD.idle-timeout system property. (issue 55978full changelog)
  • Developer: Login and signup pages redesigned in 2.129 now can receive style contributions (footer view for SimplePageDecorator) from multiple plugins. (issue 54325)

What's new in 2.150.3 (2019-02-13)

  • Improve robustness of console annotators such as the Timestamper plugin in conjunction with certain Pipeline steps such as git on an agent with an old agent.jar. (issue 55257)
  • User account creation by administrators did not show error messages when it failed. (regression in 2.129 and 2.138.1) (issue 52869)

What's new in 2.150.2 (2019-01-16)

  • Important security fixes. (security advisory)
  • Invalidate sessions and CLI authentication caches when changing the user password in the Jenkins user database.
  • Add support for killing child processes on AIX. (issue 16867)

What's new in 2.150.1 (2018-12-05)

Changes since 2.150:
  • Important security fixes. (security advisory)
  • Revert compatibility fix for future releases of Firefox due to regressions it caused since 2.148. (issue 54261issue 54333issue 54570)
  • Prevent Stream is closed error in case a CLI command finishes before the input is entirely read. (issue 54310)
  • Avoid Premature EOF error when using the shutdown CLI command. (issue 49196)
  • Do not cache CSS/JS resource files for console annotations like Timestamper Plugin across Jenkins restarts. (issue 38719)
Notable changes since 2.138.4:

What's new in 2.138.4 (2018-12-05)

What's new in 2.138.3 (2018-11-08)

  • The initial visibility of nested groups of radio buttons did not accurately reflect the current values. (issue 48516)
  • Improve robustness when search items don't specify a display name. (issue 50795)
  • Update Stapler from 1.254.2 to 1.255 to integrate a fix related to StaplerProxy#getTarget() return value handling. (pull 3690stapler/stapler#149)
  • Add telemetry trial related to Stapler request dispatching. (issue 54029)

What's new in 2.138.2 (2018-10-10)

What's new in 2.138.1 (2018-09-12)

Changes since 2.138:
  • A configured quiet period was interpreted as milliseconds, instead of seconds. (regression in 2.82) (issue 48770)
Notable changes since 2.121.3:
  • Redesigned login, signup, and Jenkins is (re)starting pages. Existing page decorators like Simple Theme Plugin will no longer work with these redesigned pages. (issue 50447announcement blog post)
  • Replace single per-user API token with new system of multiple, revocable, unrecoverable API tokens with usage tracking. (issue 32442issue 32776blog post)
  • The deprecated Jenkins CLI Protocol versions 1 and 2, and Java Web Start Agent Protocol versions 1, 2, and 3 have been disabled. If you still use these protocols (e.g. remoting-based CLI, or old slave.jars on agents), you need to re-enable these protocols after upgrade, or upgrade the clients. The same recommendations as in The 2.121.x upgrade guide for remoting changes apply here. (issue 48480)
  • Check SHA-512 or SHA-256 checksums of update site and tool installer metadata and core and plugin downloads if the update site provides them. (pull 3356)
  • Optional extensions are now loaded without requiring to restart Jenkins after installing an optional dependency. (issue 50336)
  • Upgrade Winstone from 4.2 to 4.4 to update Jetty from 9.4.8.v20171121 to 9.4.11.v20180605, adding an option to enable JMX when running Jenkins using java -jar jenkins.war. (pull 3422pull 3497full changelogJetty 9.4.11 changelogJetty 9.4.10 changelogJetty 9.4.9 changelogJMX Documentation for Jettyfull list of options)
  • Upgrade Remoting from 3.21.1 to 3.25 to have agents check availability of the controller's TCP Agent Listener port when connecting over TCP. (issue 51818issue 52204Remoting 3.22 changelog)
  • Upgrade Bytecode Compatibility Transformer from 1.8 to 2.0-beta-2, upgrading ASM from 5.0.1 to 6.2 to improve support of Java 9+ runtimes. (issue 51837supported Java versions)
  • Update Executable WAR from 1.39 to 1.41 to allow running Jenkins with incompatible (too new) Java versions by setting the --enable-future-java flag. (issue 51155issue 51994issue 46622Executable WAR 1.40 changelogExecutable WAR 1.41 changelogsupported Java versions)
  • Update instance identity module from 2.1 to 2.2 to improve Java 11 compatibility. (issue 51965full changelog)
  • Update JNA from 4.2.1 to 4.5.2 to add support for s390x, update GNU C minimal requirement to 2.7 on Unix platforms. (issue 52771)
  • Add a new CLI command enable-plugin to enable one or more installed plugins and optionally restart Jenkins. (issue 52822)
  • Add support for Zip files larger than 4 GB (Zip64). (issue 52356)
  • Add modification timestamp to files in directory browser views such as archived artifacts and workspaces. (issue 20998)
  • Export path to agent file system root directory in remote API. (pull 3206)
  • Jenkins remote API: Export fingerprints for builds which do not derive from AbstractBuild, like Pipeline builds. (issue 51667)
  • Some deserialization rejections are now logged on WARNING log level, instead of only on FINER. (issue 51666)
  • Instances of some item types could not be renamed. (regression in 2.110) (issue 52164)
  • Don't fail to archive artifacts when attributes cannot be preserved, instead log a message and proceed without preserving attributes. (regression in 2.120) (issue 52325)
  • Some types of builds, like pipelines, would sometimes run concurrently even when that was disabled. (issue 41127)
  • Developer: Introduce SimplePageDecorator extension point, which allows decorating the redesigned login page. (announcement blog post)
  • Internal: Update parent POM. Jenkins now requires Maven 3.5.4 or newer to build. (pull 3567)
  • Internal: Various improvements related to incremental Maven releases. (issue 51187issue 51247pull 3430JEP-305)

What's new in 2.121.3 (2018-08-15)

  • Security fixes. (security advisory)
  • Security hardening related to Stapler routing. (SECURITY-595 in the 2018-12-05 security advisory)
  • Robustness: Don't break queue processing when the configured queue sorter throws exceptions. (issue 52159)
  • Allow java.time.Ser for use in XStream (XML serialization) and Remoting (agent communication). (issue 52534)
  • Fix a potential deadlock between queue maintenance and asynchronous execution. (issue 46248)
  • Security hardening: Prevent files in tar archives from being written to a path outside the destination directory. (issue 51777)
  • Dynamically loaded plugins now have any PeriodicWork/AperiodicWork extensions scheduled. (issue 28683)
  • Developer: Remove hudson.FilePath#copyFromRemotely(URL) Beta API. (issue 52417)

What's new in 2.121.2 (2018-07-18)

  • Important security fixes. (security advisory)
  • Update Remoting from 3.20 to 3.21 to apply logging enhancements and better no_proxy support. (issue 51223issue 50965issue 51551Remoting 3.21 changelog)
  • Improve diagnostics of corrupted plugin archives during plugin dynamic loading. (issue 51608)
  • Robustness: A buggy ComputerListener#onConfigurationChange implementation should not block Jenkins startup. (issue 50217)
  • Diagnostics: Log stack traces in JEP-200 rejection messages when jenkins.security.ClassFilterImpl logging level is FINE or above. (issue 51355)
  • Improve Jenkins root URL validation. (issue 51158)
  • Do not remove workspaces for projects with builds in progress. (issue 27329)
  • If using the Artifact Manager on S3 plugin with the (non-default) option to delete artifacts, they were not deleted when the entire build was deleted. (issue 51819)
  • Don't monitor response time on offline agents. (issue 20272)
  • Copying Run parameters did not work as expected as RunParameterDefinition#copyWithDefaultValue called the wrong constructor. (issue 51650)
  • Restore implied dependency on JDK Tool Plugin from Apache HttpComponents Client 4 API Plugin to fix dependency problems. (issue 51483)
  • Actions created from a TransientActionFactory that got attached to an item in the queue are no longer persisted, which could previously lead to duplicate actions shown for builds. (issue 51584)
  • Prevent unhandled ClassCastException when loading fingerprints from corrupted files. (issue 51179)
  • Do not duplicate caller stack trace when FilePath#act fails. (issue 51082)
  • Fix behaviour of Advanced button when a section element is nested inside. (issue 14632)
  • Developer: ComputerLauncher implementations can now set channels with a custom CommandTransport implementation. (issue 51541)
  • Developer/Internal: Remove use of a Guava method deleted in later versions, which could cause problems for plugins running functional tests. (issue 51779)
  • Developer API: StreamTaskListener#getCharset() now returns the default charset when it is not configured. (issue 51971)
  • Developer API: Prevent NullPointerException in SlaveComputer#setChannel(Channel,OutputStream,Channel.Listener) with null OutputStream. (issue 51955)

What's new in 2.121.1 (2018-06-07)

Changes since 2.121:
  • Faster list rendering of Plugin Manager » Available. (issue 51205)
Notable changes since 2.107.3:
  • Install from java.sun.com installation method for JDK tools has been moved to a new JDK Tool Plugin. (issue 22367)
  • It is no longer possible to rename jobs from their configuration page. Jobs now have a link in the side panel titled "Rename" that links to a page specifically dedicated to renaming jobs. (issue 22936)
  • The Job/Build permission no longer implies the Job/Cancel permission. The latter needs to be granted explicitly to users who previously got it via this relationship. (issue 14713)
  • Update Remoting from 3.17 to 3.20 in order to apply various performance and diagnosability improvements, such as logging warnings when anonymous classes are serialized over a Remoting channel, and allowing Jenkins core to always deserialize exceptions even if they're not allowed. To benefit from the latter improvement, Remoting needs to be updated on the agent side as well. (issue 49415issue 49472issue 48561issue 49994issue 49618full changelog)
  • Fix issue preventing process killing vetoes being effective on agents. (issue 9104ProcessKillingVeto extension point implementations)
  • Pipeline builds could not be started if the Authorize Project plugin was configured to associate the build with a user to whom the authorization strategy was configured to deny Agent/Build permission on the built-in node. (issue 46652)
  • archiveArtifacts in a Pipeline failed to throw a normal exception when there were no matches. (issue 47142)
  • Allow use of lists of options as provided by the Pipeline snippet generator for choice parameters. (issue 26143)
  • Default Crumb Issuer proxy compatibility can be enabled on first startup by setting the system property jenkins.model.Jenkins.crumbIssuerProxyCompatibility to true on startup. (issue 50767Jenkins features controlled by system properties)
  • Introduce hudson.triggers.SafeTimerTask.logsTargetDir system property to write logs usually written to $JENKINS_HOME/logs to another location. (issue 50291)
  • Remove the options to define custom Build Record Root Directory and Workspace Root Directory on the Configure System form to prevent unexpected failures during runtime. Instead, these locations can now be customized using system properties on startup. (issue 50164Jenkins features controlled by system properties)
  • Use case-insensitive autocompletion for item selection dialogs if the current user prefers case-insensitive search. (issue 38812)
  • Better autocompletion for loggers supporting multiple tokens and proposing useful parent loggers. (pull 3345)
  • Show more entries in the search results dropdown and search results page. (issue 47020)
  • Ensure as much as possible that the Jenkins root URL is defined by adding a new setup wizard page and an administrative monitor. (issue 31661)
  • Add agent symbol for a permanent agent in Structs Plugin based configuration. (issue 49661)
  • Issue warnings to the system log when attempts are made to use classes with unpredictable names and serial forms (such as anonymous classes) in Remoting or XStream (de)serialization. (issue 49795)
  • Update Winstone from 4.1.2 to 4.2 to update Jetty from 9.4.5 to 9.4.8 for various bugfixes and improvements. (full changelogJetty 9.4.6 changelogJetty 9.4.7 changelogJetty 9.4.8 changelog)
  • Archiving artifacts now preserves file permissions and last modification time. (issue 13128)
  • Prevent some cases of linkage errors relating to Servlet classes when code is run on an agent. (issue 46386)
  • Make the logic for adding nodes atomic, so that if a newly added node fails to be persisted it will not exist in a partly-initialized state. (issue 50599)
  • Update WinP from 1.25 to 1.26 to fix loading of WinP libraries on Windows inside Weblogic web container. (issue 48347full changelog)
  • Developer: JEP-202: Extend VirtualFile API to streamline external artifact storage. API additions are marked beta and may change at any time. (JEP-202pull 3302)
  • Developer: Subclasses of AbstractItem can implement AbstractItem#isNameEditable and return true to get automatic support for renames. Subclasses are also able to dynamically validate renames by implementing AbstractItem#checkRename. (issue 22936)
  • Internal: Choose more mnemonic artifactIds for modules not consumed externally. (pull 3311)

What's new in 2.107.3 (2018-05-09)

  • Important security fixes. (security advisory)
  • Allow java.util.EnumMap and org.jruby.RubyNil for use in XStream (XML serialization) and Remoting (agent communication). (issue 50939issue 50616)
  • Internal: Add new update center root CA certificate. (Help desk issue 1236)
  • Don't log null pointer exceptions on some forms with validation button. (regression in 2.107.2) (issue 50748)
  • Allow users without Overall/Read access to use the who-am-i and logout commands. (issue 50324)
  • Fix a race condition in the Setup Wizard that could lead to it being skipped on the first startup when groovy scripts or init scripts are pre-installed. (issue 49401)
  • In rare configurations, agents tried to load unloadable classes from the controller, resulting in ClassNotFoundException: javax.servlet.ServletContextListener on agents. (issue 46386)
  • Make Cancel Shutdown link in side panel work without requiring the page to be reloaded. (issue 44402)

What's new in 2.107.2 (2018-04-11)

  • Security fixes. (security advisory)
  • Display estimated remaining time again for Pipeline jobs. (regression in 2.89.4) (issue 48821)
  • Update Apache Mina SSHD Core from 1.6.0 to 1.7.0 in CLI client. (issue 49565changelog)
  • Update Executable War from 1.37 to 1.38 to show an error when an attempt is made to run Jenkins on Java 9. (issue 49737full changelog)
  • Always show the built-in node in the executors widget, even when it is offline. (issue 34712)
  • Periodically persist the build queue so it can be restored on abnormal process termination. (issue 30909)
  • Reduce memory footprint of jenkins.model.lazy.AbstractLazyLoadRunMap#search in descending order. (issue 50056)
  • Add ConcurrentLinkedQueue to white-listed classes for use in XStream (XML serialization) and Remoting (agent communication). (issue 49788)
  • JEP-200: Allow org.apache.tools.ant.Location deserialization to prevent exception when listing agent files in non-existent directory or invalid filter. (issue 50237)
  • Clean up the build.xml files of parameterized projects that contained unnecessary serialized data. (issue 49795)
  • Restore serialVersionUID of AbstractTaskListener. (regression in 2.91) (issue 50124)
  • Prevent FileNotFoundException in hudson.Util#loadFile in case of race condition. (issue 49971)
  • Make proxy views work inside folders. (issue 49642)
  • Upgrade Winstone from 4.1.0 to 4.1.2 to prevent User session memory leak by setting the default idle session eviction timeout to 30 minutes. (issue 49596full changelog)
  • Fix translation of 'sign up' in Dutch, used to be 'sign in'. (issue 49498)
  • Improve robustness in case a build with parameters was stored with a null list of parameters. (issue 39495)
  • Prevent NullPointerException in AbstractProject#checkout when the agent disconnects during a build. (issue 29470)

What's new in 2.107.1 (2018-03-14)

This is the first LTS release that includes the JEP-200 Remoting and XStream serialization allowlist. This core change requires corresponding changes in many plugins for them to be compatible. We strongly recommend that you read the LTS upgrade guide, make sure you have good backups before upgrading, and validate this release in a staging environment first.
Changes since 2.107:
  • Make JEP-200 serialization allowlist more reliable on old versions of Tomcat 8. (issue 49543)
  • Don't show input validation errors in optional numeric form fields. (regression in 2.105) (issue 49387issue 49520)
Notable changes since 2.89.4:
  • Switch Remoting/XStream denylist to an allowlist. (issue 47736upgrade guidelines for admins and plugin maintainerslist of plugins known to be impacted)
  • Jenkins now creates XML 1.1 files to be more accepting of unusual contents. (issue 48463)
  • Use Java NIO library instead of native code to create and detect symbolic links and Windows junctions to improve compatibility and robustness. (issue 36088issue 39179)
  • Use Java NIO to read and write Unix file permissions by default. The previous behavior can be restored by setting the Java system property hudson.Util.useNativeChmodAndMode to true. (issue 36088Jenkins features controlled by system properties)
  • Improve robustness and error handling of various file operations by switching to NIO. (issue 47324issue 48405)
  • Update Remoting from 3.14 to 3.17 to integrate multiple fixes and improvements. (full changelogissue 37566issue 37670issue 38696issue 46724issue 47965issue 48055issue 48130issue 48133issue 48309issue 47736issue 48686issue 27035issue 49027)
  • Remove support for unbounded number of SCM polling threads. Previously, the default was infinite and could be set to between 10 and 100. Existing installations with unbounded SCM polling threads will now use the default of 10, and it is no longer possible to use a value outside of this range. (pull 3258)
  • Do not require CSRF crumb to be provided when the request is authenticated using API token. (issue 22474)
  • Introduce new hudson.lifecycle.ExitLifecycle to exit instead of restart. (issue 47043Jenkins features controlled by system properties)
  • Upgrade Executable War from 1.36 to 1.37 to allow supplying jenkins.war command-line arguments via standard input using the --paramsFromStdIn parameter. (pull 3223documentation)
  • Update SSHD Module 2.0 to 2.4 to update Apache Mina SSHD Core from 1.6.0 to 1.7.0, and fire authentication events in SecurityListeners when a user connects using SSH. (pull 3278pull 3111SSHD module changelog)
  • Export assignedLabels for agents and labelExpression for applicable job types in remote API. (issue 25286)
  • Re-style the Manage Jenkins page, including administrative monitors. (issue 43786blog post)
  • Define a minimum required version of the Remoting library (agent communication) and print warnings when an older version is connecting. (pull 3250)
  • When Jenkins fails to load plugins, show failures that users need to take action on separate from those due to other plugins failing to load. (pull 3256)
  • Updating Jenkins jobs and views by XML left fields at their old value if not defined in the new XML. (issue 21017)
  • Fix HTTP 404 error when clicking on New View sidebar link from another view. (issue 48447)
  • Upgrade Executable War from 1.36 to 1.37 to prevent multiple copies of winstone-*.jar in the temp folder from using up disk space needlessly. (issue 22088)
  • Update to task reactor version 1.5 to prevent hanging of Jenkins on startup/reload when an initialization task throws an unhandled exception. (issue 48725full changelog)
  • Developer: Jenkins#getInstance() is now deprecated as its semantics have been a source of confusion for some time. Use #get() in typical cases and Jenkins#getInstanceOrNull() in rare cases (see Javadoc). (issue 48638)
  • Developer: Deprecate the ambiguous User#getUser(String) in favor of the User#getById() or the new User#getOrCreateByIdOrFullName() methods. (issue 47718)
  • Developer: Capture more authentication-related events in SecurityListener. (issue 27027)
  • Developer: Deprecate hudson.util.Service in favor of Java's ServiceLoader. (pull 3191)

What's new in 2.89.4 (2018-02-14)

  • Important security fixes. (security advisory)
  • Security hardening to prevent problems like SECURITY-624 in the future. (2017-12-05 security advisoryAnt Plugin fix in 2018-01-22 security advisory)
  • Update Stapler from 1.253 to 1.254 to make the form that shows up when a URL requiring POST is accessed using a different HTTP verb work with CSRF protection enabled. (issue 34254Stapler changelog)
  • Do not downgrade detached plugins when upgrading Jenkins while its previous version was not properly recorded. (issue 48899)
  • The setup wizard is now resumed upon restart if it hasn't been completed yet, instead of showing the regular login screen. (regression in 2.81) (issue 47439)
  • Reduce memory usage when scheduling pipelines on big clusters. (issue 48348)
  • Improve UI performance with long list of running builds by caching the estimated duration. (issue 48350)

What's new in 2.89.3 (2018-01-18)

  • Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed when upgrading Jenkins past the version at which the plugin was detached. (issue 48365)
  • Make the system property hudson.consoleTailKB actually work. (issue 48593Jenkins features controlled by system properties)
  • Fix a performance regression in Jenkins 2.86 due to lock contention in ExtensionList. (issue 48505)
  • Prevent setup wizard from hanging when the two provided passwords differ, instead show a validation error. (issue 48080)
  • Prevent concurrent installation of Maven on the same node to prevent problems. (issue 34138)
  • Prevent potential NullPointerException when migrating the default "All View" name for a "My Views" user property. (issue 48157)
  • Cache permission names, allowing Jenkins to recover faster after "stop-the-world" Java GC pauses. (issue 48349)
  • Improve user lookup performance, for example from Git changelog calculation. (issue 47429)

What's new in 2.89.2 (2017-12-14)

What's new in 2.89.1 (2017-12-06)

Upgrading to Jenkins 2.89.1 does not install the Command Launcher plugin (see below) as it should. If you're using the Launch agent via execution of command on the master launch method for agents, or cloud provider plugins, make sure to manually install the plugin after upgrading, and restart Jenkins afterwards.
Changes since 2.89:
  • Recover from legacy user configuration folders with $ characters that are not part of hex escape sequences. (regression in 2.89) (issue 47909)
  • Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site. (issue 47448)
  • Update Remoting from 3.13 to 3.14 in order to apply various performance and stability improvements. (full changelogissue 37566issue 45294issue 47425issue 47901issue 47942)
  • Update Windows Agent Installer from 1.9.1 to 1.9.2: Do not try to update jenkins-slave.exe on Unix agents when they connect. (full changelogissue 47015)
  • Prevent caching of captcha on the login form. (issue 43852)
Notable changes since 2.73.3:
  • Launch agent via execution of command on the master has been moved to a new Command Launcher plugin and integrated with the Script Security plugin. (issue 47393Command Launcher plugin site entryrelated security advisory)
  • Prevent core or plugin code from mistakenly attempting to serialize jobs, builds, and users except in their intended top-level XML file positions, preventing a class of serious deserialization-related errors. (issue 45892)
  • Developer: Fix TimeDuration time unit handling and its incorrect usage. TimeDuration uses milliseconds as the default unit. It was supposed to parse sec or secs suffix to interpret the number as seconds, but that never worked. (issue 44052)
  • Upgrade Stapler library from 1.250 to 1.253. (pull 2956Stapler changelog)
  • Stapler 1.252: Prevent file handle leak in LargeText#GzipAwareSession. (issue 45903)
  • Stapler 1.252: Restore ability to attach views to interfaces. (regression in 2.46) (issue 43715)
  • Stapler 1.253: Servlet 3.1 support, improved Blue Ocean performance and changes of interest to plugin developers. (issue 37062Stapler changelog)
  • Update Remoting to improve stability and diagnosability. (issue 37567issue 43985issue 45522issue 47132issue 38711full changelog)
  • Disable obsolete JNLP, JNLP2, and CLI protocols on new Jenkins installations during Setup Wizard. (issue 45841announcement blog post)
  • Restart agent communication related threads on both controller and agents when encountering an unhandled exception, if possible, to improve stability. (issue 38711)
  • Default the built-in Jenkins Update Center URL to https://updates.jenkins.io instead of obsolete HTTP endpoint. This requires a JRE compatible with Let's Encrypt, e.g. Oracle JRE 8u101. (pull 2996)
  • Moved Jenkins agent runtime to agent.jar file name, and deprecate (but still support) use of legacy slave.jar. Introduce the AGENTJAR_URL environment variable as replacement for SLAVEJAR_URL. (issue 35451)
  • Improve error reporting when failing to archive artifacts. (pull 2976)
  • Enable cc.xml to export jobs in folders recursively when accessed with a query parameter named recursive. (issue 36282)
  • Add new administrative monitor warning users about disabled CSRF protection. (issue 47372)
  • Commons Codec library upgraded from 1.8 to 1.9. (pull 3033)
  • Agents JVM must be 1.8+ and a clear message is shown in connection logs if it is not. (issue 44851)
  • Add sidebar link to create new view. (issue 6290)

What's new in 2.73.3 (2017-11-08)

  • Security fixes. (security advisory)
  • Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site. (issue 47448)
  • Fix potential HTTP 414 error in form validation of long Batch/Shell tool installer scripts. (issue 47058)
  • Properly display agent launch arguments when using nested launch methods. (issue 47056)
  • Disconnect node on ping timeout instead of leaving the channel half open. (issue 46680)
  • Avoid a possible server-side timeout on long-running CLI commands using plain HTTP mode by sending periodic pings from the client. (issue 46659)

What's new in 2.73.2 (2017-10-11)

What's new in 2.73.1 (2017-09-13)

Two regressions since the previous LTS release have been identified in 2.73.1. One involved Remoting (agent) connections and the other concerns failures to use passphrase-protected ed25519 SSH keys. Please see the LTS upgrade guide for 2.73.1 for more information.
Changes since 2.73:
Notable changes since 2.60.3:
  • Upgrade Groovy from 2.4.8 to 2.4.11. (Groovy 2.4.9 changelogGroovy 2.4.10 changelogGroovy 2.4.11 changelog)
  • Integration of Winstone 4: Upgrade bundled Jetty from 9.2.15.v20160210 to 9.4.5.v20170502. This removes support for the deprecated SPDY protocol. The --spdy parameter has been removed accordingly and Jenkins may refuse to start if it's set. (full changelog)
  • Jetty 9.4.5: Prevent the 400 Bad Host header error for HttpChannelOverHttp when operating behind reverse proxy. (issue 40693corresponding Jetty issue)
  • Winstone 4.1: Add Jetty HTTP/2 connector and corresponding options for Winstone-Jetty. (issue 45438enabling HTTP/2 support in Winstone-Jetty)
  • Update Remoting from 3.7 to 3.10 adding opt-in support for work directories and improving logging in Jenkins agents. (work directory documentationlogging documentationremoting changelogissue 39370)
  • Enable Remoting work directories by default for newly created agents launched via JNLP (Java Web Start Launcher). (issue 44112feature documentation)
  • SSHD Module 2.0: Update from SSHD Core 0.14.0 to Apache MINA SSHD 1.6.0 in Jenkins core and Jenkins CLI. (changelogplugin compatibility noticeissue 43668)
  • SSHD Module 2.0: Enable aes192ctr and aes256ctr ciphers if JVM supports unlimited-strength encryption. (issue 39738)
  • Update WinP from 1.24 to 1.25 to improve performance and diagnostics of issues like JENKINS-30782. (full changelog)
  • Update jnr-posix from 3.0.1 to 3.0.41 to pick up improvements and fixes in the POSIX platforms support. (pull 2904)
  • Freestyle projects may now list Pipeline jobs as downstream and trigger them, without needing to use the Parameterized Trigger plugin or reverse triggers ("Build after other projects are built"). (issue 28113)
  • Internal: Define enabling/disabling in ParameterizedJob rather than AbstractProject. (issue 27299)
  • Fixed Pipeline compatibility for a number of CLI commands (delete-builds, list-changes, console, set-build-description, and set-build-display-name), as well as some issues affecting error reporting in other commands when used with Pipeline. (issue 30785issue 41527)
  • Enable simpler syntax for upstream build trigger in pipelines. (issue 34464)
  • Minor optimization to queue maintenance routines and printing of console notes, mainly for the benefit of Pipeline node blocks. (issue 45553)
  • If you have the Authorize Project plugin installed and configured, its configuration will now be treated as final with respect to the behavior of Job/Build checks from Build other projects and Build after other projects are built. Formerly, if a Per-project configurable Build Authorization was enabled globally but some projects did not specify an Authorization, the two aforementioned checks would automatically fall back to checking as anonymous (typically denying build permission). To restore the former behavior, explicitly configure a Project default Build Authorization to be Run as anonymous. Note that this will affect all build-scoped permission checks, including for example Agent/Build. (issue 22949)
  • Internal API: Tasks.getAuthenticationOf now honors authentication contributed by QueueItemAuthenticatorProvider extensions. (pull 2880)
  • Moved agent port and protocol configuration out of "security" (authentication and authorization) block in Configure Global Security. (issue 4478)
  • Don't reload user records from disk unless explicitly requested to improve performance of user record access. (issue 45737)
  • Plugin Development: Jenkins now no longer publishes a war-for-test artifact. Plugins using 2.64 or a later version of Jenkins (including 2.73.1) as baseline need to use plugin parent POM 2.30 or later. (issue 24064)

What's new in 2.60.3 (2017-08-17)

  • Contributions to the PATH environment variable could result in malformed values on agents on a platform different from controller's. (issue 14807)
  • Robustness improvements related to agent connections. (issue 43496issue 38527)
  • JNLP for launching agents now requests Java 8. (issue 45679)
  • Prevent NullPointerException in Jenkins#getRootURL() while the instance is not fully loaded yet. (issue 34914)
  • Fix NullPointerException when calculating culprits. (issue 45516)
  • The reload-configuration CLI command now waits until the reload is finished, and returns an error code if the reload failed. (issue 45256)
  • Remove the "JNLP" protocol references from the TCP Agent Listener log messages. (issue 44103)

What's new in 2.60.2 (2017-07-19)

  • Allow overriding the Jenkins session ID suffix so it doesn't change on every restart, possibly resulting in too many cookies. (how to set session IDissue 25046issue 44894)
  • Add documentation for time zone specification for cron patterns (e.g. SCM polling). (issue 9283)
  • Do not submit form when pressing Enter in the plugin manager's filter field. (issue 44523)
  • Jenkins failed to perform some cleanup tasks, including saving the build queue, if stopped via REST /exit, CLI shutdown, or when restarting from Install as Windows Service. (issue 44589)
  • Don't check whether disabled administrative monitors are active or not on the Manage Jenkins page. (issue 44608)
  • When starting the jenkins.war directly, properly check for Java 8 as minimum instead of Java 7 before proceeding. (issue 44764)
  • Prevent NullPointerException when calling restart CLI command. (regression in 2.57) (issue 44769)
  • Prevent possible NullPointerException when listing remote directories using the FilePath#list() and FilePath#listDirectories() APIs. (issue 44942)

What's new in 2.60.1 (2017-06-21)

2.60.1 is the first Jenkins LTS release that requires Java 8 to run. If you're using the Maven Project type, please note that it needs to use a JDK capable of running Jenkins, i.e. JDK 8 or up. If you configure an older JDK in a Maven Project, Jenkins will attempt to find a newer JDK and use that automatically. If your SSH Build Agents fail to start and you have the plugin install the JRE to run them, make sure to update SSH Build Agents Plugin to at least version 1.17 (1.20 recommended).
Changes since 2.60:
  • Fix for NullPointerException while initiating some SSH connections. (regression in 2.59) (issue 44120)
Notable changes since 2.46.3:

What's new in 2.46.3 (2017-05-25)

  • If an exception is thrown while rendering an HTTP response, just log the stack trace on the server side, without trying to send an error page to the client. (issue 21695)
  • Setup wizard gets into bad state when failures like network issues happen. (issue 41778)
  • Catch and log RuntimeException in Computer#setNode() when updating the Computer list. (issue 42043)
  • Fix AccessDeniedException in "Build after other projects are built" when user has Discover permission but not Read. (issue 42707)
  • Prevent NullPointerException when a non-existent default view is specified in Configure System. (issue 42717)
  • Properly handle saving system configuration when disabling all, or all but one, administrative monitors. (issue 42852)
  • Remove links in stack traces to the stacktrace.jenkins-ci.org service that has been shut down. (issue 42861)
  • Ensure that Cloud.PROVISION is properly initialized during the configuration loading. (issue 43279)
  • Migrate legacy users only once per restart to improve performance of the user retrieval logic. (issue 43936)
  • Prevent rare NullPointerException if an admin user is created in the setup wizard after first disabling CSRF protection. (issue 44010)

What's new in 2.46.2 (2017-04-26)

What's new in 2.46.1 (2017-03-29)

Changes since 2.46:
  • Prevent file descriptor leaks when Windows Service installer fails to read data from the service startup log. (issue 42670)
  • Update Remoting from 3.5 to 3.7 in order to prevent file descriptor leaks on agents in the case of multiple connection attempts. (full changelog)
  • Exceptions during Jenkins cleanup step should not block restart. (issue 42164)
  • Cryptic error message when loading JnlpSlaveAgentProtocol4. (issue 41987)
  • Developer: Snapshot builds of plugins that had dependencies on other snapshot builds were not having their version numbers compared correctly. (issue 41899)
  • Do not attempt to find the next occurrence of an impossible date such as June 31st in validation of trigger schedules. (issue 41864)
  • Remoting 3.5: Stability improvements. (issue 41513issue 41852)
  • Remove invalid translations in Slovene. (issue 41756)
  • Remoting 3.5: Add option to specify the Remoting protocol to use on the client. (issue 41730)
  • Use of the remote API to create items in views (/view/…/createItem) didn't actually add items to views since Jenkins 2.22. (issue 41128)
  • Remoting 3.5: Remoting clients now accept lowercase (HTTP 2) headers sent by reverse proxies. (issue 40710)
  • Windows service restart did not retain build queue. (issue 32820)
Notable changes since 2.32.3:
  • Update the SSHD module from 1.7 to 1.8. The change disables obsolete Ciphers: AES128CBC, TripleDESCBC, and BlowfishCBC.
  • Enable the JNLP4 agent protocol by default. (issue 40886upgrade notes)
  • Allow defining agent ping interval and ping timeout in seconds. It can be done via the hudson.slaves.ChannelPinger.pingIntervalSeconds and hudson.slaves.ChannelPinger.pingTimeoutSeconds system properties. (issue 28245)
  • Print stack traces in logical order, with the most important part on top. (pull 1485)
  • Reduce size of Jenkins WAR file by not storing identical copies of remoting.jar/slave.jar there. (pull 2633)
  • Do not print warnings about undefined parameters when hudson.model.ParametersAction.keepUndefinedParameters property is set to false. (pull 2687)
  • Increase the JENKINS_HOME disk space threshold from 1 GB to 10 GB left. The warning will be shown only if more than 90% of the disk is utilized. (issue 40749)
  • Delete obsolete pinning UI. (issue 34065)
  • Use project-specific validation URL for SCM Trigger, so H is handled correctly in preview. (issue 26977)
  • Failure to serialize a single Action could cause an entire REST export response to fail. Upgraded to Stapler 1.250 with a fix. (issue 40088)
  • Add Usage Statistics section to the global configuration to make it easier to find. (issue 32938)
  • Allow groovy CLI command via SSH CLI. (issue 41765)

What's new in 2.32.3 (2017-03-01)

  • Display an informative message, rather than a Groovy exception, when View#getItems fails. (issue 41825)
  • Don't try to set Agent Port when it is enforced, breaking form submission. (issue 41511)
  • Don't add all group names as HTTP headers on "access denied" pages, possibly breaking reverse proxies due to very large headers. (issue 39402)
  • Fix handling of the POST flag in ManagementLinks within the Manage Jenkins page. (issue 38175)
  • IllegalStateException from Winstone when making certain requests with access logging enabled. (issue 37625)
  • Do not fail to write a log file just because something deleted the parent directory. (issue 16634)

What's new in 2.32.2 (2017-02-01)

  • Important security fixes. (security advisory)
  • Support displaying of warnings from the update site in the plugin manager and in administrative monitors. (issue 40494announcement blog post)
  • Correctly state that Jenkins will refuse to load plugins whose dependencies are not satisfied in plugin manager. (issue 40666)
  • The install-plugin CLI command now correctly installs plugins when multiple file arguments are specified. (issue 32358)
  • Prevent the ClassNotFoundException: javax.servlet.ServletException error when invoking shell tasks on remote agents. (issue 40863)
  • Properties were not passed to Maven command by Maven build step when the Inject Build Variables flag was not set. (issue 39268)
  • Job configuration submission now does not fail when there is no parameters property. (issue 39700)
  • Update Remoting to 3.4 in order to properly terminate the channel in the case Errors and Exceptions. (issue 39835)
  • Check for Updates button in the Plugin Manager was hidden in the Updates tab when there was no plugins updates available. (issue 39971)
  • SSHD Module: Handshake was failing (wrong shared secret) 1 out of 256 times due to SSHD-330. (issue 40362)
  • Performance: Use bulk change when submitting Job configurations to minimize the number of sequential config.xml write operations. (issue 40435)
  • Jobs were hanging during process termination on the Solaris 11 Intel platform, regression in 2.20. (issue 40470)
  • Restore option value for setting build result to unstable when loading shell and batch build steps from disk. (issue 40894)
  • Update to Winstone 3.2 to support ad-hoc certificate generation on Java 8 (using unsupported APIs). This option is deprecated and will be removed in a future release. We strongly recommend you create self-signed certificates yourself and use --httpsKeyStore and related options instead. (issue 25333)

What's new in 2.32.1 (2016-12-24)

Changes since 2.32:
  • Prevent early deallocation of process references by Garbage Collector when starting a remote process. It was sometimes causing build failures with messages like FATAL: Invalid object ID 184 iuota=187 and java.lang.Exception: Object was recently deallocated. (issue 23271)
  • Redirect to login page in the case of authorisation error when checking connectivity to the Update Center. (issue 39741)
  • WinP 1.24: Native class now tries loading DLLs from the temporary location. (issue 20913)
  • WinP 1.24: WinP sometimes kills wrong processes when using killRecursive(). It was likely impacting process termination on Windows agents and sometimes leading to BSoD. (issue 24453)
Notable changes since 2.19.4:
  • Upgrade Remoting to version 3.1 with JNLP4-connect protocol. Compatibility notes are available here. Notably, it is no longer possible to use JDK 6 for the Maven project type, as communication with the Maven process uses Remoting, and it now requires Java 7. (issue 37564issue 36871issue 37565)
  • Show notification with popup on most pages when administrative monitors are active. (issue 38391)
  • Allow disabling/enabling administrative monitors on Configure Jenkins form. (issue 38301)
  • Ask for confirmation before canceling/aborting runs. (issue 30565)
  • Prompt user whether to add the job to the current view. (issue 19142)
  • Allow CommandInterpreter build steps to set a build result as Unstable via the return code. Shell and Batch build steps now support this feature. (issue 23786)
  • Internal: Upgrade Stapler library from 1.243 to 1.246 with fixes required for the Blue Ocean project. Changes are listed here. (pull 2593)

What's new in 2.19.4 (2016-11-23)

  • Reduce logging level when the localization resource is missing ResourceBundleUtil#getBundle(). (issue 39604)
  • Custom remoting enable/disable settings were not properly persisted on the disk and then reloaded. If the option has been configured in Jenkins starting from 2.16, a reconfiguration may be required. (issue 39465)
  • Prevent NullPointerException when rendering CauseOfInterruption.UserInterruption in build summary pages for non-existent users. (issue 38721 and issue 37282, regression in 2.14)
  • Display transient actions for labels. (issue 38651)
  • Performance: Fix the performance of file compress/uncompress operations over the remoting channel. (issue 38640, issue 38814)
  • Add user to restart log message for restart after plugin installation. (issue 38615)
  • Remoting 2.62.2: Improve connection stability by turning on Socket Keep-alive by default. Keep-alive can be disabled via the -noKeepAlive option on agent process. (issue 38539)
  • Remoting 2.62.2: Prevent NullPointerException in Engine#connect() when host or port parameters are null or empty. (issue 37539)
  • Jenkins startup does not fail if one of ComputerListeners throws exception in the onOnline() handler. (issue 38487)
  • Fix handling of the jenkins.model.Jenkins.slaveAgentPort system property, which was not honored. (issue 38187, regression in 2.0)
  • Properly enable submit button on New Item page when choosing item type first. (issue 36539)
  • Add missing internationalization support to ResourceBundleUtil. It fixes internationalization in Blue Ocean and Jenkins Design Language. (issue 35845)
  • Properly handle quotes and other special symbols in item names during form validation. (issue 31871)
  • Prevent deadlocks during modification of node executor numbers (e.g. during deletion of nodes). (issue 31768)
  • Restore automatic line wrapping in Build Step text boxes with syntax highlighting. (issue 27367)
  • Print warnings if none of Tool Installers can be used during the tool installation. (issue 26940)
  • Node build history page was hammering the performance of the Jenkins instance by spawning parallel heavy requests. Now the information is being loaded sequentially. (issue 23244)
  • Fix JS/browser memory leak on Jenkins dashboard. (issue 10912)

What's new in 2.19.3 (2016-11-16)

This is an out-of-schedule release addressing the zero day vulnerability published on November 11, 2016. It does not contain the usual LTS bug fixes, but only addresses the security vulnerability. There will be another LTS release in the 2.19.x line containing bug fixes as regularly scheduled.
  • Important security fixes (security advisory)
  • Allow disabling the Jenkins CLI over HTTP and JNLP agent port by setting the System property jenkins.CLI.disabled to true.

What's new in 2.19.2 (2016-11-01)

  • Prevent instatination of jenkins.model.Jenkins on agents in the ProcessKillingVeto extension point. (issue 38534)
  • Decrease connection timeout when changing the JNLP agent port via Groovy system scripts. (issue 38473)
  • Fix NullPointerException when descriptor is not in DescriptorList. (issue 37997)
  • Print warnings to system logs and administrative monitors when Jenkins initialization does not reach the final milestone. (issue 37874, diagnostics for issue-37759)
  • Allow the use of custom JSON signature validator for Update Site metadata signature checks. (issue 36537)
  • Failed to load jenkins.util.SystemProperties on agents. (issue 35184)
  • CLI: Connection over HTTP was not working correctly. (issue 34287, regression in 2.0)
  • Use the correct 'gear' icon for Manage Jenkins in Plugin Manager. (issue 34250)
  • Build history was not properly updating via AJAX. (issue 31487)
  • CLI: Disable the channel message chunking by default. Prevents connection issues like java.io.StreamCorruptedException: invalid stream header: 0A0A0A0A. (issue 23232)
  • Exclude /cli URL from CSRF protection crumb requirement, making the CLI work with CSRF protection enabled and JNLP port disabled. (issue 18114)

What's new in 2.19.1 (2016-10-03)

Changes from 2.19:
  • Fixed the missing icon in the System Script console. (issue 37814)
  • Fixed background color in the ComboBoxList element in order to make options visible. (issue 37549)
  • Fixed editing default view description with automatic refresh. System message is not being displayed instead of the view description. (issue 37360)
  • Do not process null CRON specifications in build triggers. (issue 36748, enhances fix in 2.15)
  • Setup wizard now checks if the restart is supported on the system before displaying the restart button. (issue 33374)
  • Test Windows junctions before Java 7 symlink in symbolic link checks. (issue 29956)
Notable changes since 2.7.4:
  • Fix plugin dependency resolution. Jenkins will now refuse to load plugins with unsatisfied dependencies, which resulted in difficult to diagnose problems. This may result in errors on startup if your instance has an invalid plugin configuration., check the Jenkins log for details. (issue 21486)
  • Don't load all builds to display the paginated build history widget. (issue 31791)
  • Tell browsers not to cache or try to autocomplete forms in Jenkins to prevent problems due to invalid data in form submissions. From now on, only select form fields (e.g. job name) will offer autocompletion. (issue 18435)
  • Add diagnostic HTTP response to TCP agent listener. (issue 37223)
  • Allow admins to control the enabled agent protocols on their instance from the global security settings screen. (issue 37032)
  • Prevent NullPointerException on startup after update from Jenkins 2.5. (issue 35206)
  • Always send usage statistics over HTTPs to the new usage.jenkins.io hostname. (issue 35641)
  • Do not inject build variables into Maven process by default for new projects. (issue 25416, issue 28790)
  • IllegalStateException under certain conditions when reloading configuration from disk while jobs are in the queue. (issue 27530)
  • Underprivileged users were unable to use the default value of a password parameter. (issue 36476)

What's new in 2.7.4 (2016-09-08)

  • Prevent File descriptor leaks when reading plugin manifests. It causes failures during the upgrade of detached plugins on Windows. (issue 37332)

What's new in 2.7.3 (2016/08/31)

  • Stop A/B testing of the remoting JNLP3 protocol due to the known issues. The protocol can be enabled manually via the jenkins.slaves.JnlpSlaveAgentProtocol3.enabled system property. (issue 37315)
  • When checking Update Center, append ?uctest parameter to HTTP and HTTPS URLs only. (issue 37189)
  • Ensure that detached plugins are always at least their minimum version. (issue 37041)
  • Remove trailing space from Hudson.DisplayName in Spanish, which resulted in problems with Blue Ocean. (issue 36940)
  • Make sure that the All view is created. (issue 36908)
  • Incorrect formatting of messages in the Update Center and Setup Wizard. (issue 36757)
  • Underprivileged users were unable to use the default value of a password parameter. (issue 36476)
  • Properly handle exceptions during global configuration form submissions when SCM Retry Count field is empty. (issue 36387)
  • Do not allow disabled project to be triggered remotely. (issue 36193)
  • Ensure that SCMDescriptor.newInstance overrides are honored when creating new SCM entries. (issue 36043, issue 35906)
  • Add a cache for user information to fix performance regression due to SECURITY-243. (issue 35493)
  • Performance: Disable AutoBrowserHolder by default to improve the changelog rendering performance. (issue 35098)
  • Honor non-default update sites in setup wizard. (issue 34882)

What's new in 2.7.2 (2016/08/03)

  • Always send usage statistics over HTTPs to the new usage.jenkins.io hostname. (issue 35641)
  • Fix issues in file management in hudson.remoting.Launcher (main executable class). (issue 35494)
  • Remoting 2.60: Fix potential file handle leaks during the build agent startup. issue 35190)
  • Remoting 2.60: Proper handling of the no_proxy environment variable. (issue 32326)
  • Performance: Improve configuration page load times by removing the CodeMirror reloading cycle. (issue 32027)
  • Remoting 2.60: hudson.Remoting.Engine#waitForServerToBack now uses credentials for connection. (issue 31256)
  • IllegalStateException under certain conditions when reloading configuration from disk while jobs are in the queue. (issue 27530)
  • Allow keeping builds forever with custom build retention strategies. (issue 26438)
  • Remoting 2.60: Make the channel reader tolerant against Socket timeouts. (issue 22722)

What's new in 2.7.1 (2016/07/06)

Changes from 2.7:
  • Installation Wizard: Do not offer creating new admin user if the security is preconfigured. (Issue 34881)
  • API: Make it easier for UpdateSites to tweak the InstallationJob. (Issue 35402)
  • Fix the repeatable item delete button layout in Safari. Addresses Build Steps and other such configuration items. (Issue 35178)
  • Prevent NullPointerException on startup after update from Jenkins 2.5. (Issue 35206)
  • Explicitly declare compatibility of Windows build agent service with .NET Framework 4. (PR #2386)
  • Honor noProxy settings from "Manage Jenkins > Manage Plugins > Advanced". (Issue 31915)
  • API: Restrict external usages of jenkins.util.ResourceBundleUtil. (Issue 35381)
  • Internal: Upgrade Groovy to 2.4.7 to finalize the fix in Jenkins 2.7. (Issue 34751)
Notable changes since 1.651.3:
More detailed information about the new features in Jenkins 2 on the overview page. Note that AJP support has been removed, if your service script enables it, Jenkins will fail to start.
  • New password-protected setup wizard shown on first run to guide users through installation of popular plugins and setting up an admin user. (issue 30749, issue 9598)
  • Plugin bundling overhaul: Bundled plugins are only installed if necessary when upgrading, all plugins can be uninstalled. (issue 20617)
  • Redesigned job configuration form makes it easier to understand the option hierarchy, and to navigate the form. (issue 32357)
  • Richer 'Create Item' form with job icons and job categories (once a threshold of three categories has been reached). (issue 31162)
  • Support encrypted communication between master and inbound Jenkins agents. (issue 26580)
  • Enable disabled dependencies during plugin installations. (issue 34494)
  • Force ordering between GPG and jarsigner to ensure correct GPG signature. (pull 2285)
  • Secured Jenkins installations didn't properly save the queue on shutdown. (issue 34281)
  • Upgrade wizard encourages installation of Pipeline related plugins when upgrading from 1.x. (issue 33662)
  • Jenkins now requires Servlet 3.1. Upgraded embedded Winstone-Jetty to Jetty 9 accordingly. This removes AJP support when using the embedded Winstone-Jetty container. (issue 23378)
  • Bundled Groovy updated from 1.8.9 to 2.4.7. (issue 21249)
  • Moved tools configuration from Configure Jenkins to separate dialog.
  • Added option to prohibit anonymous access to security realm "Logged in users can do anything", enable by default. (issue 30749)
  • Renamed 'slave' to 'agent' on the UI. (issue 27268)
  • Improvements to inline documentation of numerous form fields in Jenkins global and job configuration. (issue 33364)
  • Change default CSRF protection crumb name to Jenkins-Crumb for nginx compatibility. (issue 12875)
  • Add symbol annotations on core. (pull 2293)
  • Workaround for unpredictable Windows file locking. (issue 15331)
  • Remove the historical initialization of CVS changelog parser for jobs without explicit SCM definition. Warning! This change may potentially cause a regression if a Jenkins plugin depends on this default behavior and injects changelogs without SCM. (issue 4610)
  • Add the JOB_BASE_NAME environment variable to builds (job name without path). (issue 25164)
  • Allow overriding Jenkins UpdateCenter by a custom implementation. (issue 34733)
  • Allow overriding Jenkins PluginManager by a custom implementation. (issue 34681)
  • Allow setting of properties from context.xml and web.xml in addition to setting system properties from the command line. (issue 34755)
  • Remoting: Allow Jenkins admins to adjust the socket timeout. (Controlled by hudson.remoting.Engine.socketTimeout) (issue 34808)
  • Remoting: Allow disabling the remoting protocols individually. Allows working around compatibility issues like JENKINS-34121. (Controlled by PROTOCOL_CLASS_NAME.disabled) (issue 34819)
  • Remoting, scalability: Ensure that the unexporter cleans up whatever it can each GC sweep. (issue 34213)
  • Remoting: Force class load on UserRequest to prevent deadlocks on Windows nodes agents in the case of multiple classloaders. (Controlled by hudson.remoting.RemoteClassLoader.force) (issue 19445)
  • Make ToolInstallers to follow HTTP 30x redirects. (issue 23507)
  • Disable JSESSIONID in URLs when running in the JBoss web container. It prevents Error 404 due to invalid links starting from Jenkins 1.556. More info: WFLY-4782 (issue 34675)
  • Allow starting non-AbstractProject (e.g. Pipeline) jobs from CLI. (issue 28071)
  • Plugin Manager was building incorrect list of bundled plugins for nested dependencies. (issue 34748)
  • Developer API: Add WorkspaceList.tempDir(…). (issue 27152)
  • Developer API: Allow putting @Initializer annotations on instance methods. (pull 2176)
  • Developer API: Allow specifying custom AbortExceptions. (pull 2288)

What's new in 1.651.3 (2016/06/08)

What's new in 1.651.2 (2016/05/11)

  • Important security fixes (security advisory)
  • Update remoting to 2.57. (issue 33999, issue 32980, issue 28289)
  • Pipeline runs not reliably started after restart when using Build after other projects are built. (issue 33971)
  • Prevent badges in build history sidepanel widget from overlapping page contents. (issue 33826)
  • Do not hardcode .bat extension for Maven on Windows. (issue 33693)
  • Don't store redundant build causes, make list of build causes immutable. (issue 33467)
  • Make context menu link Delete Project work with CSRF protection enabled. (issue 18032)

What's new in 1.651.1 (2016/04/14)

Changes from 1.651:
  • Honor the option to opt out of usage statistics submission. (advisory)
  • Plugin filters were failing to be removed and blocking restart. (issue 33681)
  • Do not fail update center check if there are no tool installers defined. (issue 32831)
  • Fix argument masking for sensitive build variables on Windows. (issue 28790)
  • Under some conditions Jenkins startup could fail because of incorrectly linked extensions; now recovering more gracefully. (issue 25440)
  • Multiple bug fixes related to shutdown sequence. (issue 33377, issue 33384)
Notable changes since 1.642.3:
  • Move periodic task log files from JENKINS_HOME/*.log to JENKINS_HOME/logs/tasks/*.log and rotate them periodically rather than overwrite every execution. (issue 33068)
  • Allow changing the directory used for the extraction of plugin archives via the --pluginroot CLI option (also controllable via the hudson.PluginManager.workDir system property / context parameter. Also document the --webroot CLI parameter in java -jar jenkins.war --help (issue 32765)
  • Unify CLI exit code semantics. (issue 32273)
  • Add time zone to generation date in footer in most locales. (issue 32194)
  • The Windows service wrapper now specifies the --webroot argument to extract the war file into %BASE%. (pull 1951)
  • Allow retrying core update when the first attempt failed. (issue 11016)
  • Allow specifying the default TCP agent listener port via system property. (commit 653fbdb)
  • Fix documentation of proxy configuration. (pull 2060)
  • Retrieve tool installer metadata from all update sites. (issue 32328)
  • Fields on the parameters page are no longer aligned at the bottom. (issue 31753)
  • Cleanup of CLI error handling and return codes. (issue 32273)
  • Boot failure hook script did not work, WebAppMain.contextDestroyed produces weird errors. (issue 24696)
  • ArrayIndexOutOfBoundsException when parsing range set. (issue 32852)
  • Generate new instance identity file when the existing one is found to be corrupt. (issue 29240)
  • Developer: The official parent POM for plugins is now hosted in the plugin-pom repository, starting with version 2.0. (issue 32493)
  • API changes: Add a reusable implementation of IdleOfflineCause class. (commit 7e05b50)
  • Developer: Split test harness into separate artifact. (issue 32478)
  • Developer: Pass $it to contents of dropdownDescriptorSelector. (issue 19565)

What's new in 1.642.4 (2016/03/31)

  • Honor the option to opt out of usage statistics submission. (advisory)

What's new in 1.642.3 (2016/03/16)

  • Fields on the parameters page are no longer aligned at the bottom. (issue 31753)
  • Under some conditions a build record could be loaded twice, leading to erratic behavior. (issue 22767)

What's new in 1.642.2 (2016/02/24)

  • Important security fixes (security advisory)
  • Don't submit usage statistics while Jenkins hasn't finished loading. (issue 32190)
  • Performance regression when setting JDK installations. (issue 31932)
  • Renaming a node over another was possible and destroys both configurations. (issue 31321)
  • A CloudProvisioningListener can prevent provisioning of all clouds instead of just the targeted cloud. (issue 31219)
  • GroovyHookScript needs Jenkins to be initialized but should not (for e.g. boot failure script). (issue 24696)
  • Don't show “termination trace” as warning in the log as it's not necessarily an error condition. (issue 32567)

What's new in 1.642.1 (2016/01/20)

No changes compared to 1.642. Notable changes since 1.625.3:
  • Build history pagination and search. (issue 26445)
  • “Form too large” errors from Jetty when submitting massive forms. (issue 20327)
  • Allow retrying core update when the first attempt failed. (issue 11016)
  • Allow specifying the default TCP agent listener port via system property. (commit 653fbdb)
  • Display expected CRON run times even if a warning occurs. (issue 29059)
  • Add "lastCompletedBuild" job permalink. (issue 26270)
  • Allow case insensitive file patterns in Artifacts Archiving. (issue 5253)
  • Let a combobox display its drop-down when focused, so users can see candidates without entering a letter. (issue 26278)
  • Add safari pinned tab icon. (discussion)
  • Plugin Manager UI prevents users from enabling/disabling/uninstalling plugins at the "wrong" time. (issue 23150)
  • Do not show REST API link for pages which have no API handlers. (issue 29014)
  • JS alert still prevented leaving a configuration page without changes. (issue 21720)
  • API: New OptionalJobProperty class to simplify JobProperty creation. (PR 1888)
  • API: Add get method for causes of interruption in hudson.model.Executor (PR 1712)

What's new in 1.625.3 (2015/12/09)

  • Important security fixes (security advisory)
  • SECURITY-186 regression: non-item tasks hidden (issue 31649)
  • Inbound agents can fail to correctly negotiate a transport (issue 31718)
  • delete-node CLI command did not work correctly for cloud nodes (issue 31098)

What's new in 1.625.2 (2015/11/11)

  • Important security fixes (security advisory)
  • AbstractBuildExecution#reportError should work will any kind of Build Step (issue 30730)
  • Optimize TagCloud size calculation (issue 30705)
  • Tar implementation can't handle > 8GB and doesn't error out. (issue 10629)
  • FlyWeightTasks tied to a label will not cause node provisioning and will be blocked forever. (issue 30084)

What's new in 1.625.1 (2015/10/14)

1.625.1 is the first Jenkins LTS release that requires Java 7 to run. If you're using the Maven Project type, please note that it needs to use a JDK capable of running Jenkins, i.e. JDK 7 or up. If you configure an older JDK in a Maven Project, Jenkins will attempt to find a newer JDK and use that automatically. If your SSH agents fail to start and you have the plugin install the JRE to run them, make sure to update SSH Build Agents Plugin to at least version 1.10.
  • Build history text field wrap fails when containing markup (issue 26406)
  • First-time display with many Maven jobs blocked in FingerprintAction.compact (issue 19392)
  • Animated ball in job's build history widget won't open Console Output (issue 26365)
  • Memory leak in ProgressiveRendering (issue 25081)
  • Hudson test case leaks temp folders (issue 4409)
  • Large number of build parameters for pending jobs (e.g.gerrit triggered job) can cause unwieldy build history (issue 22311)
  • "unknown format type" on console output (issue 24614)
  • Build health computed twice per job (issue 25074)
  • SSH agents can block for a long time in NativePRNG (issue 20108)
  • ClosedByInterruptException in JenkinsRule setup (issue 30395)
  • Job owned by SYSTEM instead of creator when 'Setup after creation' used (issue 25400)
  • AbstractProject: makeDisabled() performs operations even if supportsMakeDisabled() is false (issue 24340)
  • Infinite loop with crontab "H H(19-24) * * *" (issue 25897)
  • quietDown reports HTTP 405 Method Not Allowed (issue 23942)
  • "Given final block not properly padded" after deleting master.key after Java security update (issue 25937)
  • Run parameters should display in human readable form rather than build numbers (issue 25174)
  • FilePath.validateAntFileMask sucks up heap (issue 25759)
  • AbstractLazyLoadRunMap.entrySet improperly cached (issue 25655)
  • Wrong EOL (UNIX type: LF) in Windows batch files executed for build steps of type "Execute Windows batch command" (issue 7478)
  • JDK9 with jigsaw file layer is not detected as valid JDK (issue 25601)
  • Basic Authentication in combination with Session is broken (issue 25144)
  • Missing build history moving a job when BuildDir is set to a custom location (issue 24825)
  • Maven build step fail to launch mvn process when special chars are present in build variables (issue 26684)
  • Manage->Cancel Shutdown requests POST method and even POST fails due to invalid crumb if CSRF protection is enabled (issue 23020)
  • Unnecessarily slow & serialized I/O for top-level item loading in loadTasks (issue 25473)
  • No wrap up(not in multiple lines) of too long list of agents at label page (issue 25989)
  • Jenkins merges queued builds with the different file parameters (issue 19017)
  • RunIdMigrator fails to revert Matrix and Maven jobs (issue 29989)
  • WARNING: hudson.model.FreeStyleProject@9a4e77f[...] did not contain ... #584 to begin with (issue 25788)
  • ListView's ItemListener runs with user privileges, might miss affected views (issue 22769)

What's new in 1.609.3 (2015/09/02)

  • When NodeProvisioner processes planned nodes, it must always call spent() (issue 29568)
  • Sort by 'Free Disk Space' is incorrect (issue 29286)
  • Label expression help is missing in recent Jenkins versions (issue 29376)
  • The curious case of the Channel memory cycles (issue 28844)
  • Excessive classes being sent to agent machine (issue 28058)

What's new in 1.609.2 (2015/07/28)

  • NPE may happen if somebody tries to drop the e-mail JenkinsLocationConfiguration:setAdminAddress() (issue 28419)
  • Build History badges don't wrap (issue 28455)
  • Deadlock between Queue.maintain and Executor.interrupt (issue 28840)
  • Jenkins queue self-locking without apparent reason? (issue 28926)
  • Deadlock in hudson.model.Executor (issue 28690)
  • UnlabeledLoad.computeQueueLength() includes labeled jobs (issue 28446)
  • Job loading can be broken by a NPE in a build trigger (issue 27549)
  • post-build action statuses handling (issue 26964)

What's new in 1.609.1 (2015/05/29)

  • Concurrent build limits not honored on Jenkins 1.607 (issue 27708)
  • Division by zero in Executor.getProgress (issue 28115)
  • Channel listener onClose propagated exceptions (issue 28062)
  • Failed to instantiate class hudson.plugins.copyartifact.CopyArtifact when saving a job (issue 28011)
  • Block on upstream projects does not work (issue 27871)
  • Unhelpful log warning about stapler-class (issue 27918)
  • 404 on jenkins.plugins.nodejs.tools.NodeJSInstaller.json.html (issue 28093)
  • 1.610 “Failed to instantiate” error (issue 28110)
  • NPE from LoadStatistics$LoadStatisticsSnapshot$Builder.with (issue 28384)
  • Dropdowns display limited and scrollable (issue 27067)

What's new in 1.596.3 (2015/05/20)

  • Build history text field wrap fails when containing markup (issue 26406)
  • Maven build step fail to launch mvn process when special chars are present in build variables (issue 26684)
  • Hudson test case leaks temp folders (issue 4409)

What's new in 1.596.2 (2015/03/23)

  • Important security fixes (security advisory)
  • JDK9 with jigsaw file layer is not detected as valid JDK (issue 25601)
  • First-time display with many Maven jobs blocked in FingerprintAction.compact (issue 19392)
  • Animated ball in job's build history widget won't open Console Output (issue 26365)
  • Large number of build parameters for pending jobs (e.g.gerrit triggered job) can cause unwieldy build history (issue 22311)
  • Infinite loop with crontab "H H(19-24) * * *" (issue 25897)
  • Run parameters should display in human readable form rather than build numbers (issue 25174)

What's new in 1.596.1 (2015/02/28)

  • Important security fixes (security advisory)
  • Job failure on remote node running JDK1.8 - java.lang.NoSuchMethodException: java.lang.UNIXProcess.destroyProcess(int) (issue 21341)
  • Download update center from master by default (issue 19081)
  • ArrayIndexOutOfBoundsException during Jenkins.doConfigSubmit; need XStream 1.4.6 (issue 18537)
  • "Given final block not properly padded" after deleting master.key after Java security update (issue 25937)

What's new in 1.580.3 (2015/01/27)

  • Basic Authentication in combination with Session is broken (issue 25144)
  • No wrap up(not in multiple lines) of too long list of agents at label page (issue 25989)
  • FilePath.validateAntFileMask sucks up heap (issue 25759)
  • Unnecessarily slow & serialized I/O for top-level item loading in loadTasks (issue 25473)
  • AbstractLazyLoadRunMap.entrySet improperly cached (issue 25655)
  • Build health computed twice per job (issue 25074)
  • WARNING: hudson.model.FreeStyleProject@9a4e77f[...] did not contain ... #584 to begin with (issue 25788)
  • "Given final block not properly padded" after deleting master.key after Java security update (issue 25937)

What's new in 1.580.2 (2014/12/15)

  • Job owned by SYSTEM instead of creator when 'Setup after creation' used (issue 25400)
  • Missing build history moving a job when BuildDir is set to a custom location (issue 24825)
  • Manage->Cancel Shutdown requests POST method and even POST fails due to invalid crumb if CSRF protection is enabled (issue 23020)
  • Memory leak in ProgressiveRendering (issue 25081)
  • AbstractProject: makeDisabled() performs operations even if supportsMakeDisabled() is false (issue 24340)
  • Jenkins merges queued builds with the different file parameters (issue 19017)
  • quietDown reports HTTP 405 Method Not Allowed (issue 23942)
  • SSH agents can block for a long time in NativePRNG (issue 20108)
  • ListView's ItemListener runs with user privileges, might miss affected views (issue 22769)

What's new in 1.580.1 (2014/10/29)

  • Important security fixes (security advisory)
  • Jetty should be used rather than Winstone for embedded deployments (issue 18366)
  • Updating a WAR should unpin a plugin which is now older than the bundled plugin (issue 24046)
  • "unknown format type" on console output (issue 24614)
  • Wrong EOL (UNIX type: LF) in Windows batch files executed for build steps of type "Execute Windows batch command" (issue 7478)

What's new in 1.565.3 (2014/10/01)

What's new in 1.565.2 (2014/09/03)

  • Jenkins needs to check whether the war's directory is writeable before offering to upgrade (issue 23683)
  • AbstractLazyLoadRunMap.iterator() calls .all() (issue 18065)
  • Jenkins no longer kills running processes after job fails (issue 22641)
  • HTTP error 405 when trying to restart ssh host (issue 23094)
  • Run.delete (from LogRotator) failing with "...looks to have already been deleted" (issue 22395)
  • file name encoding broken in zip archives (issue 20663)
  • Kill win32 processes from win64 JVMs (issue 23410)

What's new in 1.565.1 (2014/07/30)

  • Queue.maintain does disk I/O via PeepholePermalink.resolve (issue 22822)
  • “Form too large” errors submitting view configurations with many jobs (issue 20327)
  • NPE on plugin install (issue 20031)
  • Link to the console output missing in popup when log >200Kb (issue 14264)
  • Parameters: NPE in canTake() procedures may kill all executors (issue 15094)
  • NPE from AbstractBuild$AbstractBuildExecution.run (issue 23277)
  • broken ProjectNamingStrategy Extension (issue 23127)
  • Move DecoratedLauncher from the custom-tools plugin to the Jenkins Core (issue 19454)
  • hudson.Launcher:ProcStarter::envs() may throw NPE (issue 20559)
  • Resource leak in hudson.model.FileParameterValue (issue 22693)
  • ReverseBuildTrigger.threshold not consistently saved (issue 23191)
  • AccessRestriction on SecurityListener methods (issue 23417)
  • After deleting folder, get 404 (issue 23375)
  • email-ext plugin doesn't handle tokens when an agent has gone offline: IAE from AbstractProject.getEnvironment (issue 23517)
  • Jenkins cannot restart Windows service (issue 22685)
  • Rules for showing/hiding SCMTrigger.pollingThreadCount option are broken (issue 22934)

What's new in 1.554.3 (2014/06/30)

  • Queue.maintain does disk I/O via PeepholePermalink.resolve (issue 22822)
  • Non-recursive ListViews unnecessarily call owner.getAllItems in getItems (issue 22720)
  • SSH agent connections die after the agent outputs 4MB of stderr, usually during findbugs analysis (issue 22938)
  • Jenkins cannot restart Windows service (issue 22685)

What's new in 1.554.2 (2014/05/30)

  • Don't ask for confirmation when it doesn't make any sense (issue 21720)
  • On a configure screen that has multiple groups of radio buttons, clicking the apply button clears all but the last radio group selection (issue 22570)
  • Optimize creation of relative links to jobs (issue 18364)
  • Jenkins asks for confirmation before leaving edited 'View Configuration' page (issue 20597)
  • OutOfOrderBuildMonitor fails to correct builds with duplicate number (issue 22631)
  • Computer does not exist returns NPE (issue 21999)
  • Last build of project reloaded when project asked for later build (issue 22681)
  • After clicking 'Apply' at least once, 'Save' opens a new window (issue 20245)
  • hetero-radio should work with multiple instances of the same ui (issue 22583)
  • Cannot submit configuration after removing groovy step (issue 22582)
  • No autocompletion and NullPointerException when using 'Copy Existing Job' (issue 22142)

What's new in 1.554.1 (2014/04/30)

  • NPE if trying to install a plugin from the update center and either the update source or the plugin contains a '.' in its name (issue 22080)
  • Download update center from master by default (issue 19081)
  • OutOfMemory due to unbounded storage in OldDataMonitor (issue 19544)
  • Very slow resource loading from UberClassLoader (issue 21579)
  • Jetty exploding war to /tmp is a bad idea (issue 22442)
  • Performance issue with search box (issue 21969)
  • ArrayIndexOutOfBoundsException during Jenkins.doConfigSubmit; need XStream 1.4.6 (issue 18537)
  • NullPointerException when trying to mark agent temporarily offline (issue 21875)
  • Build queue is not filtered after progress updated (issue 20500)
  • copy-job permission checks wrong (issue 22262)

What's new in 1.532.3 (2014/04/11)

  • Replace description in error dialog instead of appending (issue 21457)
  • NPE from xstream.core.JVM.isOpenJDK (issue 21183)
  • WorkspaceCleanupThread does not handle folders (issue 21023)
  • Copy Artifact's fingerprinting creates second hudson.tasks.Fingerprinter_-FingerprintAction section with just the artifacts copied (issue 17606)
  • /login offers link to /opensearch.xml which anonymous users cannot retrieve (issue 21254)
  • Miscellaneous exceptions in config.xml can prevent entire job from loading (issue 21024)
  • Jobs named "." can be created, but not built, configured, accessed, ... (issue 21639)
  • DirectoryBrowserSupport.buildChildPaths does quadratic number of calls to check whether entries are directories (issue 21780)
  • ZIP file download generates corrupt zip file (issue 20345)
  • Update credentials plugin to 1.9.4 (issue 21820)
  • Apply button does not work in IE Compat View (issue 19826)
  • Deadlock while parallel deletion/rename of jobs (issue 19446)

What's new in 1.532.2 (2014/02/14)

  • Important security fixes (security advisory)
  • CannotResolveClassException breaks loading of entire containing folder, not just one job (issue 20951)
  • Using jenkins-cli connecting to HTTPS port fails due to hostname mismatch in certificate (issue 12629)
  • HTTP two-way remoting does not work (jenkins-cli.jar without JNLP) (issue 20128)
  • Agent launcher fails after NoClassDefFoundError: Could not initialize class jenkins.model.Jenkins$MasterComputer (issue 19453)
  • StreamCorruptedException (issue 8856)
  • Fail to run 'groovysh' in CLI due to insufficient permission (issue 17929)
  • Loading projects too slow because of File.isDirectory calls (issue 21078)
  • HTML metacharacters not escaped in log messages (issue 20800)
  • Channel's executorService's pool should have a name (issue 19004)
  • ListView.expand throws ClassCastException: … cannot be cast to hudson.model.TopLevelItem (issue 20415)
  • RingBufferLogHandler throws ArrayIndexOutOfBoundsException after int-overflow (issue 9120)
  • l:breakable mishandles HTML metacharacters (issue 20928)
  • Start inbound agent ignores jar-cache flag (issue 20093)
  • Too many open files upon HTTP listener init or shutdown (issue 14336)
  • Extension point for secure users of Api (issue 16936)
  • 'Apply' error screens don't work (issue 20772)
  • Workspaces seem to be removed prematurely on concurrent jobs (issue 10615)
  • Disable\Delete "Remember me on this computer" check box in login screen (issue 15757)
  • Builds disappear some time after renaming job (issue 18678)
  • Use RunAction2 from TestResultAction (issue 18410)
  • java.lang.NoClassDefFoundError: sun/net/www/protocol/jar/JarURLConnection (issue 20163)
  • you cannot use the cli without giving Overall read to Anonymous (issue 8815)

What's new in 1.532.1 (2013/11/25)

  • Collecting findbugs analysis results occasionally causes ssh agents to go offline causing job to abort (issue 19619)
  • Bytecode compatibility transformer mistakenly corrupts org.apache.ivy.core.settings.IvySettings.triggers (issue 19383)
  • Functions.globalIota overflow (issue 20085)
  • Upgrade bundled versions of Credentials, SSH Credentials and SSH Build Agents plugins (issue 19945)
  • /me/my-views/editDescription may be used by any user to set global description (issue 18633)
  • Missing base directory in ZIP from .../artifact/dir/subdir/*zip*/subdir.zip (issue 19947)
  • After deleting last build, next build of last build is zombie (issue 19920)
  • Upgrade error to 1.531: PROXY_HEADER is null (issue 19613)
  • Upgrade bundled versions of Credentials and SSH Build Agents so we can assume <c:select/> available (issue 20071)
  • Collecting finbugs analysis results randomly fails with exception (issue 18879)
  • ViewJobFilter.filter expect "All jobs that are possible." but don't get recursive ones (issue 20143)
  • Download build artifacts as zip generates a corrupted file (issue 19752)
  • Jenkins redirecting from https to http (issue 10675)
  • java.io.IOException: Unexpected termination of the channel (issue 18836)
  • When installing a plugin and the needed dependencies have compatibility issues, warn the user (issue 19739)
  • Installing a plugin with optional dependencies doesn't upgrade the optional dependencies when needed (issue 19736)
  • After upgrade from 1.519 to 1.526 -> NumberFormatException occurs during maven 3 build (issue 19251)

What's new in 1.509.4 (2013/10/09)

  • Configurable loggers should capture messages on agents (issue 18274)
  • @RequirePOST and similar should send a 405 (issue 16918)
  • Using jenkins-cli connecting to HTTPS port fails due to hostname mismatch in certificate (issue 12629)
  • [XStream] ConcurrentModificationException from DefaultConverterLookup (issue 18775)
  • @QueryParameter with @RelativePath broken (issue 18776)
  • fingerprint are truncated (issue 19515)
  • Environment variable replacement/resolving (issue 16660)
  • failed to archive agent artifacts. Unexpected end of ZLIB input stream (issue 19473)
  • winstone.ClientSocketException: Failed to write to client (issue 10524)
  • /log/all polluted with FINE* messages from other loggers (issue 18959)
  • Incorrect redirect after editing view with Unicode name (issue 18373)
  • Flyweight jobs and zero executors (issue 7291)
  • ERR_CONTENT_DECODING_FAILED on Custom Views with Project-based Matrix Authorization (issue 15437)
  • Buttons do not work in IE 11 (issue 19171)
  • CLI login command fails on Windows (issue 19192)
  • Problems with "Latest Test Result" and "Aggregated Test Result" links (issue 9637)
  • Exception while trigger downstream projects (issue 17247)
  • Maven 2 jobs fail (exception in MavenFingerprinter) (issue 18441)
  • Outdated JRuby libs (issue 14351)
  • Deadlock (issue 18589)
  • When copying folder, display names of contained jobs are gratuitously cleared (issue 18074)
  • Incorrect redirection after delete of job in folder in view (issue 17575)
  • Javadoc project action yields HTTP 404 (issue 19168)
  • Memory exhaustion parsing large test stdio from Surefire (issue 15382)
  • With lazy-build loading estimated build duration may become expensive (issue 18196)
  • Can't build using maven 3.1.0 (issue 15935)
  • Cannot create a custom logger matching any namespace (issue 17983)
  • Clean up fingerprint records that correspond to the deleted build recods (issue 18417)
  • "projects tied to node" shows unrelated maven module jobs (issue 17451)
  • hudson.security.AccessDeniedException2: anonymous is missing the Administer permission (issue 15578)
  • ”My Views" links leads to 404 Not Found (issue 17317)
  • Some jobs not loaded after jenkins restart: java.lang.NoSuchFieldError: triggers (issue 18677)
  • New lazy loading permalinks can break job.lastStableBuild != null => job.lastSuccessfulBuild != null (issue 18846)

What's new in 1.509.3 (2013/09/09)

  • Standalone install does not work with Apache + mod_proxy_ajp + SSL (issue 5753)
  • Reload configuration from disk no longer works after upgrade to Jenkins 1.512. (issue 17977)
  • Build Now link on MultiJob page doesn't work (issue 16974)
  • Add descriptions for custom tools (issue 18771)
  • Lazy loading causes massive delays after a period of inactivity when loading dashboard (issue 16023)
  • NPE running matrix job (issue 18024)
  • LastSuccessful and LastStable symlinks are invalid under Windows (issue 17681)
  • IllegalStateException from MavenProject.getParent can break MavenFingerprinter.recordParents (issue 17775)
  • NPE (isEmpty) from main.groovy (issue 15309)
  • DependencyClassLoader#getTransitiveDependencies returns disabled plugins (issue 18654)
  • parameter description don't use MarkupFormatter (issue 18427)
  • Incompatible signature change in 1.489: AbstractProject.doBuild (issue 18356)
  • Display Name is not shown (issue 17715)
  • Fingerprint throws exceptions on 1.518 (issue 18337)
  • FingerprintAction deserialization leads to NPE (issue 17125)
  • update view via REST API doesn't work (issue 17302)
  • MavenModuleSetBuild.getResult is expensive (issue 18895)
  • Builds disappear from jobs - hudson.util.IOException2: Invalid directory name - java.text.ParseException: Unparsable date: "39" (issue 15587)
  • Outdated JRuby libs (issue 14351)
  • Fingerprint performance (issue 16301)
  • 10,000+ jobs tied to a label make Node index page unusably unresponsive (issue 18660)
  • "Delete Project" link fails with 403 Exception: No valid crumb was included in the request (issue 18032)
  • Manually uploaded plugins are incorrectly unpacked (issue 4543)
  • Decorated Launcher Does Not Maintain "isUnix" for RemoteLauncher (issue 18368)
  • Test harness packs copies of Maven into plugin archive (issue 18918)
  • All Maven 2 builds fail with java.lang.NoSuchMethodError DigestUtils.md5Hex (issue 18178)

What's new in 1.509.2 (2013/06/27)

  • Quoting Issue with JDK Installer with Windows agents (issue 5408)
  • /about no longer shows third-party licenses (issue 17724)
  • Failed to instantiate class hudson.plugins.copyartifact.CopyArtifact (issue 17402)
  • ArrayIndexOutOfBoundsException from AbstractLazyLoadRunMap.search (issue 15652)
  • Dashboard web pages don't render correctly in Chrome because of bad cache/session (issue 17684)
  • NPE from MatrixConfiguration.newBuild (issue 17728)

What's new in 1.509.1 (2013/05/01)

  • Important security fixes (security advisory)
  • FilePath.installIfNecessaryFrom routes download over remoting channel (issue 17330)
  • Add 'Are you sure' on Reload configuration from disk (issue 15340)
  • Hover-over "Build Now" broken for parameterized jobs: "This page expects a form submission" (issue 17110)
  • Jenkins is no more WinXP compliant : CreateSymbolicLinkW is not available (issue 17343)

What's new in 1.480.3 (2013/02/15)

  • Important security fixes (security advisory)
  • "Remember me on this computer" does not work, cookie is not accepted in new session (issue 16278)
  • Slow/hung web UI in 1.483+ (stuck in parseURI) (issue 16474)
  • Failure to delete old config files during rekeying on Windows (issue 16319)
  • NoClassDefFoundError on Base64 when launching a headless agent with -jnlpCredential option (issue 9679)
  • Loading asynchPeople calls (synch) People constructor (issue 16397)
  • Jenkins briefly displays build queue and then it disappears until the page is reloaded (issue 15335)
  • View.hasPeople too slow to use in sidepanel.jelly (issue 16244)
  • File parameter causing data lost after Jenkins restart (issue 13536)

What's new in 1.480.2 (2013/01/06)

  • The master key that was protecting all the sensitive data in $JENKINS_HOME was vulnerable. (security advisory)

What's new in 1.480.1 (2012/11/17)

  • Important security fixes (security advisory)
  • FilePath.validateAntFileMask too slow for /configure (issue 7214)
  • java.io.InvalidClassException (issue 14667)
  • Log recorders do not work reliably (issue 15226)
  • Invalid JSON is produced during remote api operations when a changeSet contains duplicate keys. (issue 13336)
  • Memory exhaustion parsing large test stdio from Surefire (issue 15382)

What's new in 1.466.2 (2012/09/13)

What's new in 1.466.1 (2012/07/23)

  • A current active build in the build history is lost if the job configuration XML uploaded (issue 12318)
  • UnprotectedRootAction doesn't work for /github-webhook/ (issue 14113)
  • ERR_CONTENT_DECODING_FAILED returned on testResults and console output after Jenkins reload (issue 13625)
  • Cannot parse coverage results Premature end of file. (issue 11251)

What's new in 1.447.2 (2012/06/11)

  • Guice injector failure can cause failure of whole Jenkins (issue 13448)
  • Jenkins runs out of file descriptors (winstone problem) (issue 9882)
  • Parsing of POM happens before SNAPSHOT-Parents are updated (issue 8663)
  • Loading All Build History Fails (issue 13238)

What's new in 1.447.1 (2012/03/28)

  • File handle leak in serving static files (issue 13097)
  • LDAP config error (issue 8152)
  • jenkins running in Tomcat doesn't initialize slf4j properly (issue 12650)
  • java.lang.NoClassDefFoundError: org.slf4j.impl.StaticLoggerBinder (issue 12446)
  • Remote call on CLI channel from [ip] failed (issue 12302)
  • jenkins does not start in jboss container (issue 12334)

What's new in 1.424.6 (2012/03/06)

What's new in 1.424.5 (2012/03/05)

What's new in 1.424.4 (2012/03/05)

What's new in 1.424.3 (2012/02/27)

What's new in 1.424.2 (2012/01/10)

  • Important security fixes (security advisory)
  • Viewing large console logs with timestamper plugin cause Jenkins to crash (issue 9349)
  • Maven3 parallel build fails with java.util.ConcurrentModificationException in Jenkins (issue 11256)
  • Jenkins PID changes after restart (issue 11742)

What's new in 1.424.1 (2011/11/30)

  • Important security fixes (security advisory)
  • JDKInstaller fails with OutOfMemory exception (issue 10689)
  • Tools download does not appear to respect proxy settings (issue 5271)
  • Builds fail in JUnit test archiving (since 1.416) if specifying JDK other than the container (issue 10030)
  • Update Json File Signature Error (issue 11110)
  • SSH public key based CLI authentication added in 1.419 is broken in 1.421+ (issue 10647)
  • JSONException (issue 7034)
  • Jenkins 1.427 doesn't work on AIX (issue 10810)
  • Maven assembly plugin fails (issue 8837)
  • SNAPSHOT dependency detection not working for plugins anymore (issue 10530)
  • Proxy settings arent used by JDK-downloader (issue 10634)

What's new in 1.409.3 (2011/11/08)

What's new in 1.409.2 (2011/09/12)

  • Failure in test class constructor or @Before method is not reported (was: Maven plugin doesn't set build to unstable on SurefireExecutionException) (issue 6700)
  • truncation or corruption of zip workspace archive from agent (issue 9189)
  • testSaturation-fork remoting test hangs (issue 8703)
  • Race condition in creating fingerprints for artifacts (issue 10346)
  • Slave-Squatter + Heavy-Job plugin causes many executor threads to die (issue 8882)
  • Auto Install JDK asks for Oracle account, but the link goes 404 (issue 10556)

What's new in 1.409.1 (2011/06/06)

  • Deadlock when upstream and downstream jobs are blocked on each other (issue 8929)
  • sporadic : ClassCastException for Maven Pom parsing phase on node (issue 9017)
  • Jenkins 1.399: java.lang.UnsupportedClassVersionError: Bad version number in .class file using JmDNS 3.4.0 (issue 8914)
  • Raw HTML codes are displayed since 1.407 (issue 9426)
  • Access to api/json on second level view fails (issue 9367)
  • NULLPOINTER exception on build 1.395 when saving configuration (issue 8866)
  • "java.io.IOException: Bad file descriptor" when file copied from agent (issue 7871)
  • Block when Downstream breaks Block when Upstream (issue 8968)
  • Remember me box doesn't work with unix groups (issue 9094)