Back to blog

Jenkins May 2023 Newsletter

Alyssa Tong
Alyssa Tong
Mark Waite
Mark Waite
Bruno Verachten
Bruno Verachten
Wadeck Follonier
Wadeck Follonier
June 20, 2023

Jenkins May Newsletter

Key Takeaways

  • Jenkins plugin updates released to fix security vulnerabilities, advisory published on May 16.

  • JDK8 support has been dropped in favor of JDK11 as the default for running Jenkins agents.

  • Ssh-agent release 5.0.0 introduces breaking changes.

Security Update

Contributed by: Wadeck Follonier

  • A Security Policy was added for the Docker images of the project.

    • Due to multiple reports about CVEs present in the Docker images the project was publishing, we wanted to clarify the situation.

    • Most CVEs do not impact the final application and do not require publishing justifications about the lack of impact on numerous CVEs every week.

  • One plugin advisory was published on May 16:

    • This included at least one high vulnerability in a very popular plugin.

Governance Update

Contributed by: Mark Waite

Several significant initiatives are already in progress within the Jenkins project.

Thanks to those who are leading the initiatives and thanks to those who are assisting with initiatives like:

  • Prototype.js removal from Jenkins core and Jenkins plugins. Contributing guidelines are in the blog post. Detailed issue reports are available in the JENKINS-70906: Jira epic. Progress reports for affected plugins are available in the tracking sheet.

  • HTMLUnit 3 upgrade in the Jenkins test harness, Jenkins core, and many Jenkins plugins.

  • Guava 32 upgrade

We’re also excited to have additional efforts in:

  • Reducing the core pull request evaluation time (and cost) with Launchable.

  • Using GitHub autolink for easier references to Jenkins Jira tickets.

Infrastructure Update Contributed by: Damien Duportal

  • The Cloud Cost Controls effort has continued by optimizing resource usage, resulting in:

    • Decreased the AWS bill of $ 3,000 (14,000 → 11,000).

    • Decreased the Azure bill of $ 2,000 to (11,000 → 9,000) despite adding resources.

  • Launchable is now generally available for community developers on

  • Jenkins LTS 2.387.3 was deployed everywhere less than 24 hours after it was released.

  • Ubuntu 22.04 upgrade campaign (18.04 is end of life) continued (6 more VMs, 5 VMs left).

  • Build workload migration to ARM64: internal tools.

User Experience Update

Contributed by: Mark Waite

The user experience SIG continues to improve the look and feel and the accessibility of the Jenkins user interface.

The Prototype.js removal from Jenkins core and Jenkins plugins has already shown us that additional UI capabilities will be available as we remove that old library. Dr. Ullrich Hafner has created a prototype of one of those enhancements in the data tables plugin.

Cristina Pizzagalli and Jan Faracik have both been working on improving accessibility for Jenkins users with disabilities. We particularly thank the usability and accessibility team at Deutsche Telekom IT GmbH for their JENKINS-71153: accessibility assessment report.

Platform Modernization Update

Contributed by: Bruno Verachten

  • Deprecation

    • Red Hat Enterprise Linux 7 (and derivatives) early end of life

      • To ensure a smooth transition, we are implementing several measures to inform users when an operating system is approaching its end of life. These changes will be visible in upcoming releases and container images.

      • Key Dates:

  • Ongoing work

    • Damien Duportal is actively working on code factorization, specifically targeting a single repository for all agent images.

      • This will streamline maintenance tasks, such as fixing CVEs.

      • The first phase for JDK versions has already been completed, resulting in significantly reduced code size.

      • Additionally, efforts are underway to merge two agents, aiming for synchronized release cycles. This change should not impact end users, except for the transition of the repository into an archive.

    • We can provide more frequent updates on the development of Alpine images thanks to the use of updatecli.

    • There is an ongoing discussion in the pull request regarding the switch of the Alma Linux container from version 8 to version 9.

  • What has been done

    • Updates on Docker Images:

      • Significant progress has been made on ppc64le. Thank you, Kenneth, for your valuable contributions!

      • PRs for docker-agent, docker-ssh-agent, inbound-agent, and the controller have been successfully merged.

      • Ssh-agent release 5.0.0 introduces breaking changes.

        • JDK8 support has been dropped in favor of JDK11 as the default for running Jenkins agents.

Documentation Update Contributed by: Mark Waite

We’re pleased to welcome several new documentation contributions, including our Google Summer of Code contributors:

We’re very pleased that these new Jenkins contributors have seen the value of documentation and have submitted documentation improvements.

We also welcomed first-time documentation contributors in May and are pleased to have their additions. Thanks so much to our documentation contributors.

Outreach and advocacy Update

Contributed by: Alyssa Tong


Every year, the community nominates and votes for three outstanding difference makers in the Jenkins community: Most Valuable Advocate, Security MVP, and Most Valuable Contributor. Congratulations go to:

Read what makes them outstanding contributors.

Many THANKS and congratulations to all award nominees!


The Continuous Delivery Foundation (CDF) hosted its fourth flagship event, cdCon, on May 8 – 9, 2023 in Vancouver, Canada as cdCon + GitOpsCon, co-organized with the Cloud Native Computing Foundation (CNCF).

Sessions from the most widely used CI/CD and GitOps technologies, including the Jenkins community, were there with project updates along with various talks from community members and users.

In case you missed it, below are the recorded Jenkins sessions at cdCon:


Jenkins welcomed four Google Summer of Code contributors to the family. Each contributor will be working hand in hand with their dedicated mentors. We’d like to introduce you to the Jenkins in GSoC contributors and the projects they will be making a difference on:

About the authors

Alyssa Tong

Alyssa Tong

Member of the Jenkins Advocacy and Outreach SIG. Alyssa drives and manages Jenkins participation in community events and conferences like FOSDEM, SCaLE, cdCON, and KubeCon. She is also responsible for Marketing & Community Programs at CloudBees, Inc.



Damien is the Jenkins Infrastructure officer and a software engineer at CloudBees working as a Site Reliability Engineer for the Jenkins Infrastructure project. Not only he is a decade-old Hudson/Jenkins user but also an open-source citizen who participates in Updatecli, Asciidoctor, Traefik and many others.

Mark Waite

Mark Waite

Mark is a member of the Jenkins governing board, a long-time Jenkins user and contributor, a core maintainer, and maintainer of the git plugin, the git client plugin, the platform labeler plugin, the embeddable build status plugin, and several others. He is one of the authors of the "Improve a plugin" tutorial.

Bruno Verachten

Bruno Verachten

Bruno is a father of two, husband of one, geek in denial, beekeeper, permie and a Developer Relations for the Jenkins project. He’s been tinkering with continuous integration and continuous deployment since 2013, with various products/tools/platforms (Gitlab CI, Circle CI, Travis CI, Shippable, Github Actions, …​), mostly for mobile and embedded development.
He’s passionate about embedded platforms, the ARM&RISC-V ecosystems, and Edge Computing. His main goal is to add FOSS projects and platforms to the ARM&RISC-V architectures, so that they become as boring as X86_64.
He is also the creator of miniJen, the smallest multi-cpu architectures Jenkins instance known to mankind.

Wadeck Follonier

Wadeck Follonier

Wadeck is the Jenkins security officer, leading the security team in improving Jenkins security. He likes to provide solutions that are both useful and easy to use.