Jenkins July 2023 Newsletter

Damien DUPORTAL

Mark Waite

Bruno Verachten

Wadeck Follonier

Kevin Martens

Alyssa Tong August 2, 2023

Jenkins July Newsletter

Key Takeaways

A Jenkins Core security advisory was published on July 26
The official documentation has migrated to Java 17
Operating system end of life notifications have been added

Security Update

Contributed by: Wadeck Follonier

During July, there were two Security Advisories published:

Plugin security advisory published on July 12
- Multiple high-score vulnerabilities
- A total of 16 plugins were affected
Jenkins core and plugins security advisory published on July 26
- The highest severity is “High”

Governance Update

Contributed by: Mark Waite

The Jira upgrade was successful. Special thanks to the Linux Foundation for their continued support.
Mark Waite was elected to the CDF Governing Board as a committer representative.
Jenkins core continues to improve.
- Prototype.js removal is progressing well. More details are in the tracking sheet. Thanks to Basil Crow, Tim Jacomb, and many others.
Jenkins plugins continue to improve.
- HTMLUnit 3 upgrades are in progress. More details are in the tracking sheet. Thanks to Tim Jacomb, Basil Crow, and many others.

Infrastructure Update

Contributed by: Damien Duportal

Rollout of Kubernetes 1.25.
There was a production outage on public services (download mirrors, LDAP, etc.) which led to a public IP change. More information can be found in the post mortem blog post.
Jenkins LTS' 2.401.3 (security release) was deployed everywhere less than 2 hours after the security advisory.
ci.jenkins.io migrated to new (and more powerful) hardware and a new network for faster builds.
Windows 2022 agents reached general availability.

User Experience Update

Contributed by: Mark Waite

The browser confirm dialog has been replaced with friendly modal dialogs - Markus Winter
Safe restart has a better user experience - Jan Meiswinkel
The log manager page has more improvements - Jan Faracik

Platform Modernization Update

Contributed by: Bruno Verachten

Several platform updates occurred throughout June:

Updates on Docker Images
- Ssh-agent(releases 5.6.0, 5.6.1, 5.6.2, 5.6.3, 5.7.0):
  - Tracking JDK versions for the next level of performance.
  - Bumping node alpine docker image to 18.16.1-alpine3.18.
  - Bump debian from bullseye-20230522 to bullseye-20230703
  - Install Debian ca-certificates package
- Docker-agent (releases 3131.vf2b_b_798b_ce99-2, 3131.vf2b_b_798b_ce99-3, 3131.vf2b_b_798b_ce99-4)
  - Windows enthusiasts, rejoice! Introducing Windows Server and Nanoserver LTSC 2022 images.
  - More efficient image building with multi-stage image for Windows Server Core.
  - Bump debian from bullseye-20230502 to bullseye-20230703
  - Bump archlinux from base-20230430.0.146624 to base-20230702.0.161694
  - Bumping Git version on Windows to 2.41.0.windows.2
- Inbound-agent (releases 3131.vf2b_b_798b_ce99-2 and 3131.vf2b_b_798b_ce99-3):
  - Bump the parent image jenkins/agent version to 3131.vf2b_b_798b_ce99-3
  - Now allows JENKINS_URL to be unset when JENKINS_DIRECT_CONNECTION is set.
- Controller (releases 2.401.2, 2.412, 2.413, 2.414 and 2.415):
  - Keeping up-to-date with the latest Bullseye version and timezone changes.
Latest News
- End of life operating systems:
  - Beginning with Jenkins 2.407, Jenkins administrators will be warned if they are running Jenkins on an operating system that is within 6 months of its end of life date.
  - The operating system end of life warning has been backported to Jenkins 2.401.2 after discussion in the Jenkins developer mailing list.
  - The Jenkins project does not test Jenkins on operating systems that are not supported by the operating system provider.
  - We don’t support Jenkins on operating systems that are not supported by the operating system provider.
  - These last months, we’ve seen OS vendors offer extended support contracts for their systems having reached their end of life. However, the Jenkins project has not extended its Linux support policy or its Windows support policy beyond the public end of life for any of those operating systems.
- Java 17 instructions
  - Jenkins is transitioning from using Java 11 as the preferred version to using Java 17, which offers more functionality, speed, and development support.
  - The documentation and usage areas are being updated to reflect this change, while also clarifying that Java 11 support in Jenkins will continue.

Documentation Update

Contributed by: Kevin Martens

Over the course of July, six different blog posts were published from nine different authors, including updates on the Google Summer of Code projects that are in progress. Thanks to all the participants for their insights and work!

The Jenkins documentation has transitioned to using Java 17 within the installation guides and other documentation areas. This issue explains some more background of the transition and what work has been completed already. A blog post was published to highlight this change and provide background for the transition. The post also encourages users to upgrade so that they can enjoy the additional features and functions that come with Java 17.

Outreach and advocacy Update

Contributed by: Alyssa Tong

Google Summer of Code projects midterm evaluations are complete!

The midterm demos were presented via the Jenkins online meetup at the beginning of July, 2023. If you missed it, refer to the blog post for the recap.

Congratulations to all four GSoC Contributors for passing this milestone!

Onward to the second half of GSoC 2023.

Happy coding!

About the authors

Damien DUPORTAL

Damien is the Jenkins Infrastructure officer and a software engineer at CloudBees working as a Site Reliability Engineer for the Jenkins Infrastructure project. Not only he is a decade-old Hudson/Jenkins user but also an open-source citizen who participates in Updatecli, Asciidoctor, Traefik and many others.

Mark Waite

Mark is a member of the Jenkins governing board, a long-time Jenkins user and contributor, a core maintainer, and maintainer of the git plugin, the git client plugin, the platform labeler plugin, the embeddable build status plugin, and several others. He is one of the authors of the "Improve a plugin" tutorial.

Bruno Verachten

Bruno is a father of two, husband of one, geek in denial, beekeeper, permie and a Developer Relations for the Jenkins project. He’s been tinkering with continuous integration and continuous deployment since 2013, with various products/tools/platforms (Gitlab CI, Circle CI, Travis CI, Shippable, Github Actions, …), mostly for mobile and embedded development.
He’s passionate about embedded platforms, the ARM&RISC-V ecosystems, and Edge Computing. His main goal is to add FOSS projects and platforms to the ARM&RISC-V architectures, so that they become as boring as X86_64.
He is also the creator of miniJen, the smallest multi-cpu architectures Jenkins instance known to mankind.

Wadeck Follonier

Wadeck is the Jenkins security officer, leading the security team in improving Jenkins security. He likes to provide solutions that are both useful and easy to use.

Kevin Martens

Kevin Martens is part of the CloudBees Documentation team, helping with Jenkins documentation creation and maintenance.

Alyssa Tong

Member of the Jenkins Advocacy and Outreach SIG. Alyssa drives and manages Jenkins participation in community events and conferences like FOSDEM, SCaLE, cdCON, and KubeCon. She is also responsible for Marketing & Community Programs at CloudBees, Inc.