Jenkins June 2023 Newsletter
Key Takeaways
-
Red Hat Enterprise Linux 7, and derivatives like CentOS 7, reach early end of life.
-
Upgrades and improvements of Jenkins components continue with significant progress towards the eventual removal of Prototype.js from Jenkins core.
-
Thanks to a kind donation from Launchable, pull requests to Jenkins core now complete their evaluation builds in 2 hours rather than the 6 hours that were previously required.
Contributed by: Wadeck Follonier
-
There was one security advisory published on June 14
-
The security team discovered a vulnerability that was corrected as a (positive) side effect of a maintenance task. There is no new security release per se for Jenkins Core, but an advisory and associated warnings to let administrators know that an update is recommended.
-
That advisory also included fixes for plugins.
-
Expansion of the security audit scope in Jenkins Core
-
Originally the scope of the audit requirement was only “UI-related” changes.
-
But recently, there were multiple changes in JavaScript / Jelly without a UI impact, mainly for maintenance.
-
More information about this is in the Jenkins UX SIG - Agendas & Notes, for June 21.
-
-
Special thanks to the GitHub Security Lab for their reports
-
This is the second time in a row that vulnerabilities they reported were corrected in the advisory.
-
Kudos to Alvaro Muñoz and Tony Torralba for their work on this.
-
In collaboration with them, the Jenkins Security team will improve the CodeQL scanning tool.
-
Contributed by: Mark Waite
The Linux Foundation will upgrade issues.jenkins.io on Thursday, July 6, 2023. Special thanks to the Linux Foundation for their skilled administration of our JIRA instance. More detailed information is available on the status page.
The four Google Summer of Code projects mentored by members of the Jenkins project are preparing midterm presentations and midterm evaluations. The midterm webinar will be Thursday, July 6, 2023. A recording will be available as well along with the presentation slides.
Upgrades and improvements of Jenkins components continue, with significant progress towards the eventual removal of Prototype.js from Jenkins core. We’ve also seen upgrades for Guava, Guice, Apache commons.io, and HTMLUnit. Thanks to the providers of those libraries and special thanks to the Jenkins maintainers that are leading those upgrades.
Thanks to a kind donation from Launchable, pull requests to Jenkins core now complete their evaluation builds in 2 hours, rather than the 6 hours that were previously required. Launchable uses AI techniques to select a time-limited subset of tests, executed as part of pull request evaluation. Special thanks to Basil Crow for implementing Launchable in the Jenkins project.
The CDF Technical Oversight Committee elections have finished. The Jenkins project nominee, Mark Waite, has been elected to serve. We’re pleased that the Jenkins project continues to have representation on the committee.
Contributed by: Damien Duportal
-
The Cloud Costs Control effort continued:
-
We kept the AWS bill at $11,000 while the build workload of ci.jenkins.io increased by 15%.
-
We also decreased the Azure bill by $2,000 ($9,000 → $7,000) despite adding (more) resources.
-
-
For the build workload migration to ARM64: javadoc.jenkins.io is now proudly served by Azure ARM64 instances.
-
Jenkins LTS' 2.401.1 and 2.401.2 were deployed everywhere less than 24 hours after their releases.
-
Ubuntu 18.04 Bionic end of life: All of our VMs are now using Ubuntu 22.04, except the Update Center one.
-
Cloud Control:
-
The trusted.ci.jenkins.io and puppet.jenkins.io systems were migrated to Azure for security.
-
AWS is only used by ci.jenkins.io for container agents. This means no more EC2.
-
-
IPv6 support for get.jenkins.io and every other public services, thanks to their migration to a brand new AKS cluster with dual stack enabled.
Contributed by: Mark Waite
User experience improvements continue thanks to the efforts of Markus Winter, Jan Faracik, Jan Meiswinkel, and others.
Markus is improving the look and feel of the delete dialog, so that it will be consistent and will appear within the web page as a modal dialog, rather than appearing outside the page as a browser dialog.
Jan Faracik continues to improve the look and feel of Jenkins pages, including recent improvements to the logs page and improvement in the cascading style sheets.
Contributed by: Bruno Verachten
Several platform updates occurred throughout June:
-
CentOS 7: Early End of Life announcement.
-
You can find out more details in the blog post announcement.
-
Included in version 2.407.
-
-
Docker Image Updates
-
Jenkins agent and controller images: Utilizing updatecli for image management. JDK17 version tracking for
ssh-agentand Alpine Linux and JDK version tracking for the controller. -
ssh-agent: Released versions5.6.0and5.4.0with JDK version tracking and other enhancements. -
docker-agent: New release3131.vf2b_b_798b_ce99-2with updated dependencies and3.18.2Alpine Linux version. -
docker-inbound-agent: Release3131.vf2b_b_798b_ce99-2with updated parent image. -
Docker Controller: Release
2.411with Jenkins 2.411 and security policy enhancements. Refer to the release notes for more details.
-
-
Docker Hub Stats
-
Monthly image exports are shared on this spreadsheet.
-
ArchLinux usage is low, but not deprecated.
-
-
Work in Progress
-
Windows image availability for the controller. The latest version:
2.410.
-
Contributed by: Kevin Martens
During the month of June, three blog posts were published on the Jenkins blog. This included the May newsletter, an update announcement for Jenkins mirrors, and instructions on removing deprecated plugins from Jenkins when using Docker.
The documentation has also started to transition to using Java 17 in the installation documentation for various platforms. The Linux installation documentation has been updated accordingly and includes a note regarding the Debian 12 release (as it does not deliver OpenJDK 11). This note will be present on any page that is part of the transition so that users are aware of the updates.
As always, we appreciate all the documentation contributions from new and existing users. Thank you for your work and dedication to the open source community!
About the authors
