Jenkins May 2023 Newsletter
Key Takeaways
-
Jenkins plugin updates released to fix security vulnerabilities, advisory published on May 16.
-
JDK8 support has been dropped in favor of JDK11 as the default for running Jenkins agents.
-
Ssh-agent release 5.0.0 introduces breaking changes.
Contributed by: Wadeck Follonier
-
A Security Policy was added for the Docker images of the project.
-
Due to multiple reports about CVEs present in the Docker images the project was publishing, we wanted to clarify the situation.
-
Most CVEs do not impact the final application and do not require publishing justifications about the lack of impact on numerous CVEs every week.
-
-
One plugin advisory was published on May 16:
-
This included at least one high vulnerability in a very popular plugin.
-
Contributed by: Mark Waite
Several significant initiatives are already in progress within the Jenkins project.
Thanks to those who are leading the initiatives and thanks to those who are assisting with initiatives like:
-
Prototype.js removal from Jenkins core and Jenkins plugins. Contributing guidelines are in the blog post. Detailed issue reports are available in the JENKINS-70906: Jira epic. Progress reports for affected plugins are available in the tracking sheet.
-
HTMLUnit 3 upgrade in the Jenkins test harness, Jenkins core, and many Jenkins plugins.
-
Guava 32 upgrade
We’re also excited to have additional efforts in:
-
Reducing the core pull request evaluation time (and cost) with Launchable.
-
Using GitHub autolink for easier references to Jenkins Jira tickets.
Contributed by: Damien Duportal
-
The Cloud Cost Controls effort has continued by optimizing resource usage, resulting in:
-
Decreased the AWS bill of $ 3,000 (14,000 → 11,000).
-
Decreased the Azure bill of $ 2,000 to (11,000 → 9,000) despite adding resources.
-
-
Launchable is now generally available for community developers on ci.jenkins.io.
-
Jenkins LTS
2.387.3was deployed everywhere less than 24 hours after it was released. -
Ubuntu
22.04upgrade campaign (18.04is end of life) continued (6 more VMs, 5 VMs left). -
Build workload migration to
ARM64: internal tools.
Contributed by: Mark Waite
The user experience SIG continues to improve the look and feel and the accessibility of the Jenkins user interface.
The Prototype.js removal from Jenkins core and Jenkins plugins has already shown us that additional UI capabilities will be available as we remove that old library. Dr. Ullrich Hafner has created a prototype of one of those enhancements in the data tables plugin.
Cristina Pizzagalli and Jan Faracik have both been working on improving accessibility for Jenkins users with disabilities. We particularly thank the usability and accessibility team at Deutsche Telekom IT GmbH for their JENKINS-71153: accessibility assessment report.
Contributed by: Bruno Verachten
-
Deprecation
-
Red Hat Enterprise Linux 7 (and derivatives) early end of life
-
To ensure a smooth transition, we are implementing several measures to inform users when an operating system is approaching its end of life. These changes will be visible in upcoming releases and container images.
-
Key Dates:
-
May 28 - Pull request merged
-
May 30 - Blog post and community topic
-
May 30 - First weekly release containing the warning -
2.407 -
Nov 16 - RHEL 7 support ends in Jenkins
-
-
-
-
Ongoing work
-
Damien Duportal is actively working on code factorization, specifically targeting a single repository for all agent images.
-
This will streamline maintenance tasks, such as fixing CVEs.
-
The first phase for JDK versions has already been completed, resulting in significantly reduced code size.
-
Additionally, efforts are underway to merge two agents, aiming for synchronized release cycles. This change should not impact end users, except for the transition of the repository into an archive.
-
-
We can provide more frequent updates on the development of Alpine images thanks to the use of
updatecli. -
There is an ongoing discussion in the pull request regarding the switch of the Alma Linux container from version 8 to version 9.
-
-
What has been done
-
Updates on Docker Images:
-
Significant progress has been made on ppc64le. Thank you, Kenneth, for your valuable contributions!
-
PRs for docker-agent, docker-ssh-agent, inbound-agent, and the controller have been successfully merged.
-
Ssh-agent release 5.0.0 introduces breaking changes.
-
JDK8 support has been dropped in favor of JDK11 as the default for running Jenkins agents.
-
-
-
Contributed by: Mark Waite
We’re pleased to welcome several new documentation contributions, including our Google Summer of Code contributors:
We’re very pleased that these new Jenkins contributors have seen the value of documentation and have submitted documentation improvements.
We also welcomed first-time documentation contributors in May and are pleased to have their additions. Thanks so much to our documentation contributors.
Contributed by: Alyssa Tong
Every year, the community nominates and votes for three outstanding difference makers in the Jenkins community: Most Valuable Advocate, Security MVP, and Most Valuable Contributor. Congratulations go to:
-
Daniel Beck - Security MVP.
-
Jan Faracik - Most Valuable Contributor.
-
Mark Waite - Most Valuable Advocate.
Read what makes them outstanding contributors.
Many THANKS and congratulations to all award nominees!
The Continuous Delivery Foundation (CDF) hosted its fourth flagship event, cdCon, on May 8 – 9, 2023 in Vancouver, Canada as cdCon + GitOpsCon, co-organized with the Cloud Native Computing Foundation (CNCF).
Sessions from the most widely used CI/CD and GitOps technologies, including the Jenkins community, were there with project updates along with various talks from community members and users.
In case you missed it, below are the recorded Jenkins sessions at cdCon:
-
Fidelity’s Software Delivery Platform - Frictionless Approach to Achieve Autonomic DevOps & Enhanced Security/Compliance Practices - Jamie Plower & Evan Elms, Fidelity Investments.
-
CI/CD for Data Building Dev/Test Data Environments with Open Source Stacks - Vinodhini Duraisamy, Treeverse.
-
Intentional and Unintentional Compromises in Test Automation - Mark Waite, Jenkins.
-
The Graduated Panel - Dan Garfield, Codefresh; Priyanka Ravi, Weaveworks; Mark Waite, CloudBees; Andrea Frittoli, IBM & Moderated by Lori Lorusso, JFrog.
Jenkins welcomed four Google Summer of Code contributors to the family. Each contributor will be working hand in hand with their dedicated mentors. We’d like to introduce you to the Jenkins in GSoC contributors and the projects they will be making a difference on:
-
Ashutosh Saxena - Docker Based Jenkins Quickstart Examples.
-
Jagruti Tiwari - Adding Probes to Plugin Health Scoring System.
-
Harsh Pratap Singh - GitLab Plugin Modernization.
-
Vandit Singh - Building Jenkins.io with Alternative Tools.
About the authors
