Enforced HTTPS for Update Center
Summary (TL;DR)
The service https://updates.jenkins.io will enforce HTTPS protocol beginning Wednesday 06 August 2025.
All Jenkins users are impacted but should not see any functional change.
Any plain-HTTP request made to the Jenkins update center will be redirected to the same location but upgraded to HTTPS scheme.
What is the "Update Center"?
Jenkins Update Center is a web server at the core of the Jenkins public infrastructure that distributes the plugins, tool installers, and versions index to all Jenkins servers across the world.
From the installation wizard to regular plugin updates, if you run Jenkins, then you use this service under the hood.
Today, it serves around 50 Tb of data (outbound bandwidth) each month from a network of mirrors spread across 3 cloud providers and 2 continents.
Additional information is available in the GitHub issue.
What Does It Change for Me?
-
Short answer: Nothing
-
Since October 2024 with Jenkins Weekly 2.480 and Jenkins LTS 2.479.1, Jenkins automatically migrates the Update Center URL from HTTP to HTTPS.
-
-
Long answer:
-
Your Jenkins controllers should already be using HTTPS for the Update Center since January 2025.
-
Any other tool or old configuration using the plain-HTTP requests will be redirected to HTTPS.
-
If you are still using a Jenkins version released before 2025 with an old Update Center configuration:
-
In the Web Interface: browse to "Manage Jenkins" > "Plugins" > "Advanced settings" and click the "Reset" link in the "Update site" section to automatically update the outdated URL.
-
Or replace
http://byhttps://in your Jenkins Configuration as Code.
-
-
About the author
Damien is the Jenkins Infrastructure officer and a software engineer at CloudBees working as a Site Reliability Engineer for the Jenkins Infrastructure project. Not only he is a decade-old Hudson/Jenkins user but also an open-source citizen who participates in Updatecli, Asciidoctor, Traefik and many others.
