Back to blog

Jenkins February 2023 Newsletter

Alyssa Tong
Alyssa Tong
Damien DUPORTAL
Damien DUPORTAL
Kevin Martens
Kevin Martens
Mark Waite
Mark Waite
Kevin Guerroudj
Kevin Guerroudj
Bruno Verachten
Bruno Verachten
March 9, 2023

Jenkins January Newsletter

Highlights

  • FOSDEM 2023 insights

  • Jenkins is a mentor organization for Google Summer of Code

  • Several container image updates

  • Jenkins Awards voting is now open

Outreach and advocacy Update

Contributed by: Alyssa Tong

FOSDEM 2023

Returning to FOSDEM for the first in-person event since COVID was both exciting and nostalgic for our Jenkins contributors. It was exciting to see the same crowd size and enthusiasm by attendees. Many thanks to the wonderful FOSDEM organizers for yet another fantastic event!

image

image

Jenkins in Google Summer of Code (GSoC)

We are thrilled to have been accepted to the Google Summer of Code 2023!! This will be Jenkins' eighth (8th) year participating with the program. Weekly GSoC office hours have begun as well, with office hours every Thursday @ 16:00 UTC. Refer to the Event Calendar for additional details. If you missed the initial meetings, the recordings are below:

Join in on all GSoC discussions in our gitter channel.

image

Jenkins Awards

Award season is here! Nominations are closed but voting is now open. Congratulations to all the nominees and thank you for your contributions! Check out our blog post about the Jenkins awards.

image

Infrastructure Update Contributed by: Damien Duportal

Following FOSDEM, where most of the infrastructure team was present physically, February was a busy month for the Jenkins Infrastructure team:

  • In an effort to reduce bandwidth with JFrog (repo.jenkins-ci.org), Jenkins continuous integration jobs are now using significantly less internet bandwidth thanks to the artifact caching proxy implemented by the team. The artifact caching proxy is implemented on our three cloud providers, so that artifacts can be downloaded from a local cache rather than accessing the artifact repository.

  • Jenkins LTS 2.375.3 is now used on all of our controllers, less than 3 days after its release.

  • We have removed all Jenkins deprecated plugins on all of our controllers such as jquery, momentjs, and ace-editor.

  • We upgraded all six of our Kubernetes clusters from the 1.23 to 1.24 baseline in the three cloud providers.

  • All of the private and internal web services are now using TLS with certificates provided by Let’s Encrypt, along with Azure DNS challenge.

  • We contributed to Docker documentation after catching issues with the Docker CE 23.x fresh release and Docker BuildX on Ubuntu.

Documentation Update Contributed by: Kevin Martens

February was a busy month for the Jenkins project. We want to highlight several blog posts from various authors such as:

We’ve also received numerous pull requests from contributors that are getting started with Jenkins, as well as several excited participants of the Google Summer of Code. For all of the work and energy you’re putting into the Jenkins project, we extend our deepest gratitude.

Governance Update

Contributed by: Mark Waite

The Jenkins governance board met once in February, resolved several action items, and noted the progress on projects with sponsors like JFrog and Atlassian. We’re sincerely grateful for the sponsorships provided by those generous companies and many other companies.

Platform Modernization Update

Contributed by: Bruno Verachten

As part of our ongoing work, we are considering CentOS 7 and its eventual end of life. There is a proposal to deprecate the Centos 7 Jenkins controller Docker images. When we decide to deprecate these images, we’ll publish an announcement and a JEP. Before it is fully deprecated, we’ll also release a merged version of the centos and centos7 image as the very last CentOS 7 Docker image.

In regards to our Docker images, there were several updates here as well:

  • The latest updates are now part of the agent images such as:

    • ssh-agent: Upgraded Git version on Windows to 2.39.2.windows.1 (#209) @github-actions

    • docker-agent: Upgraded Git version on Windows to 2.39.2.windows.1 (#376) @github-actions

    • Inbound agent:

      • Upgraded the parent image jenkins/agent version to 3107.v665000b_51092-4 (#331) @github-actions

      • Upgraded the parent image jenkins/agent version to 3107.v665000b_51092-3 (#330) @github-actions

      • Upgraded updatecli/updatecli-action from 2.19.0 to 2.20.1 (#329) @dependabot

      • The Windows controller image is not updated as often as the rest. It’s been more than one year without any updates, and we may choose to drop it.

  • With the release of Debian 12 (“bookworm”), Debian will no longer deliver OpenJDK 11.

    • Thankfully, the end of life date for Debian’s openJDK11 won’t happen until 2026 or 2027.

    • The Jenkins documentation will be updated when it goes out, so that we describe the use and installation of Jenkins with openJDK17.

New platforms:

  • RISC-V support is far from official for Jenkins, but tests are progressing.

User Experience Update

Contributed by: Mark Waite

User experience improvements continued to arrive in February, thanks to contributions from Jan Faracik, Alexander Brandes, Tim Jacomb, Markus Winter, and others. Look for the improvements in recent weekly releases and in the new Jenkins 2.387.1 LTS release.

The pipeline graph viewer plugin continues to improve its user interface. Refer to the video highlights in the User Experience SIG recording. Additionally, build logs are now viewed from the main panel with easier navigation.

Security Update

Contributed by: Kevin Guerroudj

Two security advisories have been published during the month of February:

  • One regarding plugins, including 5 plugins that were affected and have been fixed, with one vulnerable to a sandbox bypass vulnerability.

  • One regarding Docker images and fixing the vulnerabilities CVE-2022-23521 and CVE-2022-41903 present in git, making remote code execution possible.

The security team recommends that users update as soon as possible.

About the authors

Alyssa Tong

Alyssa Tong

Member of the Jenkins Advocacy and Outreach SIG. Alyssa drives and manages Jenkins participation in community events and conferences like FOSDEM, SCaLE, cdCON, and KubeCon. She is also responsible for Marketing & Community Programs at CloudBees, Inc.

Damien DUPORTAL

Damien DUPORTAL

Damien is the Jenkins Infrastructure officer and a software engineer at CloudBees working as a Site Reliability Engineer for the Jenkins Infrastructure project. Not only he is a decade-old Hudson/Jenkins user but also an open-source citizen who participates in Updatecli, Asciidoctor, Traefik and many others.

Kevin Martens

Kevin Martens

Kevin Martens is part of the CloudBees Documentation team, helping with Jenkins documentation creation and maintenance.

Mark Waite

Mark Waite

Mark is a member of the Jenkins governing board, a long-time Jenkins user and contributor, a core maintainer, and maintainer of the git plugin, the git client plugin, the platform labeler plugin, the embeddable build status plugin, and several others. He is one of the authors of the "Improve a plugin" tutorial.

Kevin Guerroudj
Bruno Verachten

Bruno Verachten

Bruno is a father of two, husband of one, geek in denial, beekeeper, permie and a Developer Relations for the Jenkins project. He’s been tinkering with continuous integration and continuous deployment since 2013, with various products/tools/platforms (Gitlab CI, Circle CI, Travis CI, Shippable, Github Actions, …​), mostly for mobile and embedded development.
He’s passionate about embedded platforms, the ARM&RISC-V ecosystems, and Edge Computing. His main goal is to add FOSS projects and platforms to the ARM&RISC-V architectures, so that they become as boring as X86_64.
He is also the creator of miniJen, the smallest multi-cpu architectures Jenkins instance known to mankind.