Changelog

Legend:
  • security fix
  • major bug fix
  • bug fix
  • major enhancement
  • enhancement
Community feedback:

What's new in 2.238 (2020-05-25)

  • Fix a deadlock involving custom loggers during agent startup (regression in 2.231). (issue 62181)
  • Support Bearer tokens in Jenkins-CLI -auth parameter. (pull 4673)
  • Add system read support for 'Node Monitoring Configuration' and configuring clouds. (issue 61206)
  • Add Agent/ExtendedRead support for viewing agent configuration, system information, and logs. (issue 61206)
  • Fix a thread safety issue in Computer#getLogDir. (pull 4730)
  • Revamp the sidebar task list with improved aesthetics and accessibility. (issue 61973)
  • Allow users with Overall/Manage permissions to reload configuration from disk. (issue 61458)
  • Developer: Add support for the permissions attribute to task.jelly. (issue 61206)
  • Developer: Add hasAnyPermissions API to Functions to allow it to be called by views. (issue 61206)
  • Developer: Add non-deprecated Jenkins core library dependencies to the BOM. (pull 4702)

What's new in 2.237 (2020-05-18)

  • Prevent telemetry warnings about missing javax.annotation classes when running with Java 11 (regression in 2.231). (issue 61920)
  • Prevent Old Data Monitor from failing plugin loading in the case of class field unmarshalling issues. (issue 62231)
  • Ensure that UserLanguages telemetry initializer always runs after extensions are augmented. (issue 60118)
  • Ensure that job/folder creation routines properly check the requested name for invalid characters. (issue 61956)
  • Developer: Update Apache Ant from 1.10.7 to 1.10.8. (pull 4725)
  • Developer: Update the JSTL API library from 1.2.1 to 1.2.7. (pull 4656Changelog up to 1.2.5Diff of 1.2.3 to 1.2.7Diff of 1.2.1 to 1.2.3)
  • Developer: Deprecate jenkins.model.Configuration in the Java API. (pull 4715)

What's new in 2.236 (2020-05-11)

  • Make plugin manager work on Internet Explorer 11 again (regression in 2.231). (issue 62163)
  • Security hardening: Always round-trip password form control values in an encrypted form, even if not backed by an encrypted Secret field. In case of problems, this can be disabled by setting the system property hudson.util.Secret.AUTO_ENCRYPT_PASSWORD_CONTROL to false on startup. (issue 61808)
  • Security hardening: Always use a placeholder value for password form control values in item related configuration forms when the user is missing Item/Configure permission, even if not backed by an encrypted Secret field. In case of problems, this can be disabled by setting the system property hudson.util.Secret.BLANK_NONSECRET_PASSWORD_FIELDS_WITHOUT_ITEM_CONFIGURE to false. (issue 61808)
  • Developer: Make the SystemProperties API available to plugins so that their properties could be managed by a standard engine. (pull 4707Javadoc System PropertiesJenkins Features Controlled with System Properties)

What's new in 2.235 (2020-05-04)

  • Prevent a form validation "404 Not Found" error when the resource root URL configuration points at a previously configured resource root URL (regression in 2.205). (issue 62133)
  • Make Breadcrumbs displayed after notification alerts clickable again. (issue 62065)
  • Allow system read to view more admin monitors. (issue 61208)
  • Limit the number of exceptions thrown by some operations such as recursive directory deletion. Previously, in rare cases, exceptions thrown when failing to delete large directories could consume significant amounts of memory. (issue 61841)
  • Indicate which component provides an URL that is always available without authentication in the global security configuration. (pull 4668)
  • Fix a classloading issue while executing ProcessTree.get(). (issue 62006)
  • Developer: Make it possible to look up extension implementations from more than one specific extension point at a time. (issue 62056)
  • Developer: Add nogrid option to layout.jelly tag to allow suppressing the bootstrap 3 grid. See bootstrap4-api-plugin for details. (issue 61326)
  • Developer: Update javax.mail to jakarta.mail 1.6.5. (pull 4660)
  • Internal: Remove inline resources from ReverseProxySetupMonitor view. Add a specific warning when the Jenkins Root URL does not contain the contextPath. (issue 60866)
  • Internal: Remove inline resources from LogRecorder views. Align the column headers of bigtables to the left (issue 60866)

What's new in 2.234 (2020-04-27)

  • Fix sort order in "Available" tab of the plugin manager (regression in 2.233). (pull 4675)
  • Fix a regression where the dropdown of the autocomplete widget would not be rendered correctly (regression in 2.233). (issue 62001)
  • Restyle the help icon. (pull 4663)
  • Allow users with system read permission to view the system logs. (issue 61207)
  • Reword "Continue as admin" button of the plugin setup wizard. (issue 46669)
  • The default number of executors for an agent created programmatically (or as-code) is now 1 rather than 2. (pull 4677)
  • Session hijacking protection hardening. (issue 61738)
  • Distinguish between defined (*****) and undefined (N/A) password on read-only configuration forms for users with Overall/SystemRead or Item/ExtendedRead permissions. (issue 61812)
  • Developer: Removed unused deprecated HudsonExceptionNote. (pull 4667)

What's new in 2.233 (2020-04-20)

  • Allow linking to plugin manager URLs with pre-filled filter field. Link labels in the plugin manager to pre-filtered lists. (pull 4591)
  • Add system read support to admin monitors. (issue 61208)
  • Allow users with system read permission to view the global tool configuration. (pull 4519)
  • Sort plugins by popularity on the "Available" plugin manager tab if the update site provides popularity data. (pull 4588)
  • Restyle buttons. Add support for large buttons, hyperlinks styled as buttons and icon-only buttons. (issue 61840)
  • Forward Groovy view permission errors to login. Some views showed an error screen instead of forwarding to the login form when necessary permissions were missing. (issue 61905)

What's new in 2.232 (2020-04-16)

NOTE: This is the first Jenkins weekly release delivered by the core release automation project. Some Jenkins Weekly distributables may not be accessible from the Jenkins Downloads page. In such case please see the package links on our mirrors in the Releases section.
  • Fix input field hints for tools like the git plugin that search the PATH for their executable (regression in 2.205 and 2.222.1). (issue 61711)
  • Internal: Remove inline resources from Job views. (issue 60866)
  • Internal: Introduce a new Jenkins core maintainer guide. (pull 4472)

What's new in 2.231 (2020-04-14)

  • Add section headers to context menu of Manage Jenkins. (pull 4586)
  • Improve the view shown when there are no jobs. (pull 4633)
  • Configuration as code plugin support for configuring user timezones. (pull 4557)
  • By default suppress log message about a missing optional extension. (pull 4617)
  • Don't show all available plugins by default; use search field to find plugins. (pull 4580)
  • Allow use of multiple space-separated filter terms in plugin manager. (pull 4580)
  • Allow users with system read permission to view the Manage Plugins configuration. (issue 61203)
  • Add support for serving file parameter values from the resource root URL, if set. (pull 4614)
  • Set httpOnly header on cookie for iconSize storage. (pull 4609)
  • Fix spacing between error messages in Setup Wizard (regression in 2.217). (issue 61660)
  • Ensure that log messages are not missing numeric parameters when log entries are created on an agent. In particular, fix logs collected by the Support Core plugin. (pull 4621)
  • Ensure that encoded console annotations are stripped from system logger messages. (pull 4632)
  • Update crypto-util from 1.1 to 1.5 to fix the license link in Jenkins Web UI. (pull 4631)
  • Developer: Switch bug detection annotations from JSR-305 to SpotBugs / net.jcp equivalents. (pull 4604)
  • Developer: Upgrade commons-codec to 1.14. (pull 4636)

What's new in 2.230 (2020-04-06)

  • Improve styling of alert banners to be more visually appealing and to better match existing user interface components. Alerts now fully cover the navigation bar while they are displayed instead of covering only a portion of the navigation bar. (issue 61478)
  • Do not show disabled permissions in permission errors when checking for any of several permissions. (issue 61467)
  • Allow hyperlinks to be used when displaying causes of blockage related to labels rather than individual nodes. (pull 4616)
  • Add option to configure follow symlinks when archiving artifacts. (issue 5597)
  • Prepare for Shutdown management link is now accessible to users with Overall/Manage permission in addition to the usual Overall/Administer. (issue 61453)
  • Update footer styles. (issue 61496)
  • Allow configuration-as-code plugin to disable admin monitors. (issue 56937)
  • Update Groovy Init hooks to run after all job configurations are adapted. (issue 61694)
  • Fix class cast exception in fingerprint cleanup thread. (issue 61479)

What's new in 2.229 (2020-03-29)

  • Use the saved global build discarder configuration on restart. Jenkins 2.221 through 2.228 ignore the saved global build discarder configuration when they restart. (issue 61688)
  • Fix proxy form validation when a password is set (regression in 2.205). (issue 61692)
  • Update .NET version checks to be more correct for modern .NET versions. (pull 4554)
  • About Jenkins management link is now accessible to users with Overall/Manage or Overall/SystemRead (as well as the usual Overal/Administer). (issue 61455)
  • Robustness: Don't throw a NullPointerException when trying to convert null to Secret. (pull 4608)
  • Upgrade to Remoting 4.3 to fix an issue with large payloads over WebSockets. Requires a matching agent.jar with remoting 4.3 or later. (pull 4601pull 4596issue 61409Remoting 4.3 changelogWebSockets blog postJEP-222)
  • Developer: Create symlinks atomically and log warning on failure. (issue 56643)
  • Developer: Secret and ConfidentialKey implementations can now be used from unit tests without JenkinsRule. (pull 4603)

What's new in 2.228 (2020-03-25)

What's new in 2.227 (2020-03-22)

  • System Information management link is now accessible to users with Overall/Manage, showing only plugins and memory usage information. (issue 61456)
  • Limit max width of Manage Jenkins entries on very large screens. (pull 4582)
  • Usage Statistics in Global Configuration is now configurable by users with Overall/Manage permission (as well as the usual Overal/Administer). (issue 61457)
  • Make HTTP DELETE based item deletion behave more like an API, recommend it over POST /doDelete. (issue 61308)
  • Increase scroll speed of context menus. (pull 4592)
  • List plugins that failed to load on the Installed tab of the plugin manager. (pull 4589)
  • Highlight in the plugin manager when plugins are looking for new maintainers ("Adopt this plugin"). (pull 4584)
  • Developer: Add Javadoc for management link category definitions. (pull 4578)
  • Internal: Permit core building using newer JDK than version 8. (issue 61105)

What's new in 2.226 (2020-03-15)

  • Fix drag & drop for previously saved steps in the job configuration form (regression in 2.217). (issue 61429)
  • Organize entries on the Manage Jenkins page into categories and show them in a grid. (pull 4546)
  • Remove the unnecessary "monitor[s]" text next to the bell for a cleaner UI. Change the colors of the notifications next to the bell to make them more noticeable. (issue 61224)
  • Allow usage statistics to be configured with the configuration-as-code plugin. (issue 54662)
  • Allow ssh authorized keys to be configured with the configuration-as-code plugin. (pull 4563ssh-cli-auth 1.8 changelog)
  • Use modern system fonts provided by the browser when possible. Changes font size for body copy and headings to improve consistency and legibility. (issue 60921)
  • Update bundled Script Security Plugin from 1.70 to 1.71. (pull 4561Script security plugin 1.70 changelogSECURITY-1754 sandbox bypass vulnerability)
  • Show in plugin manager table when there are security issues in a currently installed plugin. (pull 4553)
  • Add French translation for 'New View'. (issue 61424)
  • Fix support of the default attribute in the Jelly enum form control. (issue 61385)
  • Add ManagementLink#getCategory() for entries on Manage Jenkins to be grouped into category. See the ManagementLink.Category enum for supported return values. (pull 4546)
  • Developer: Make h.checkAnyPermission and <l:layout permissions="…"> work on objects that aren't AccessControlled. (issue 61465)
  • Document nullability of newInstanceFromRadioList() methods and callers. (pull 4543)
  • Internal: Remove inline resources from restart views. (issue 60866)

What's new in 2.225 (2020-03-09)

  • Don't lose SCM configuration when saving job (regression in 2.224). (issue 61398)

What's new in 2.224 (2020-03-08)

WARNING: This release introduces a critical regression when saving jobs. See JENKINS-61398. Please avoid updating to this version.
  • Winstone 5.9: Fix propagation of the maximum form content size and form content keys number (regression in Jetty 9.4.20 and Jenkins 2.205). (pull 4542issue 60409Winstone 5.9 changelog)
  • Winstone 5.9: Fix reverse improper proxy redirects to Host due to X-Forwarded-Host and X-Forwarded-Port ordering issue (regression in Jetty 9.4.20 and Jenkins 2.205). (pull 4542issue 60199Winstone 5.9 changelogJetty 9.4.27 changelog)
  • Do not disable all controls on job configuration forms for some users with Job/Configure permission (regression in 2.223). (issue 61321)
  • Show plugin release date in plugin manager. (pull 4535)
  • Suppress error stack traces for non-administrator users as core capability. (issue 60410)
  • Indicate when security issues would be addressed by an update in plugin manager. (issue 61166)
  • Show plugin categories as labels in the plugin manager instead of grouping them into different table sections. (pull 4534)
  • Prevent unhandled JSONException in DescriptorList#newInstanceFromRadioList() and ExtensionDescriptorList#newInstanceFromRadioList(). (issue 61345)
  • Update size of the search box properly when screen is resized. (issue 61300)
  • Remove grey bar below the textarea form elements for read only users. (issue 61284)
  • Prevent NullPointerException when hitting "Check Now" against a custom update center without tool installer metadata. (issue 60788)
  • Fix blank page on configure clouds page if no cloud plugin installed. (issue 61285)
  • Update the descriptorRadioList form elements to honor DescriptorVisibilityFilter extension points. (issue 51495)
  • Update the Version Number library from 1.6 to 1.7 to remove transient dependencies on FindBugs annotations. (issue 61279)

What's new in 2.223 (2020-03-01)

  • Remove 'auto refresh' feature, including now obsolete auto refresh telemetry capability. (pull 4503)
  • Allow users with system read permission to view the global security configuration page. (issue 61205)
  • Allow users with system read permission to view the About Jenkins page. (issue 61201)
  • Users with extended read permission now get a more read-only looking UI. (issue 61202)
  • Prevent one occurrence of "Jenkins.instance is missing" (pull 4525issue 55070issue 59992issue 60454issue 61192)
  • Reintroduce Build History description truncation by default. Allow managing/disabling the limit via the historyWidget.descriptionLimit system property. A negative value removes the limit, 0 forces empty descriptions. (pull 4529issue 61004issue 60299)
  • Avoid a NullPointerException when starting a non-Pipeline build with a custom root directory set to a filesystem root (e.g., C:\). (issue 61197)
  • Allow FingerprintFacet to block the deletion of fingerprint. (issue 28379)
  • Internal: Removed unused class StringConverter2. (pull 4468)
  • Internal: Removed unused internal class Memoizer - use ConcurrentHashMap. (pull 4470)
  • Developer: Listen on loopback interface by default in debug mode. (pull 4515)

What's new in 2.222 (2020-02-23)

  • Revamp the layout and icons of the header bar and breadcrumbs. Instances with plugins that depend on details of the Jenkins layout (e.g. Simple Theme Plugin) may experience UI/layout problems. A new experimental header color scheme can be enabled by setting the jenkins.ui.refresh system property to true. (issue 60920)
  • Introduce a new experimental UI that can be enabled by setting the jenkins.ui.refresh system property to true. Currently it includes a new header color scheme, more changes to be added as a part of the UI/UX revamp. (pull 4463issue 60920JEP-223Jenkins UX SIG)
  • Add a new experimental Overall/Manage permission which allows a user to configure parts of the global Jenkins configuration without having the Overall/Administer permission. This is an experimental feature, disabled by default, that can be enabled by setting the jenkins.security.ManagePermission system property to true. (pull 4501issue 60266JEP-223)
  • Add a new experimental Overall/SystemRead permission, which gives (almost) full read access to the Jenkins instance. The permission is disabled by default, install the Extended Read Permission plugin to activate it. (pull 4506issue 12548JEP-224Extended Read Permission plugin)
  • Deprecate the Overall/RunScripts, Overall/UploadPlugins, and Overall/ConfigureUpdateCenter permissions. Permissions were announced as dangerous and disabled by default in major authorization plugins in 2017. Custom authorization strategy implementations that grant Overall/Administer without implying one or more of these three permissions will no longer work as expected. Configurations that grant any of these permissions to users without Overall/Administer will no longer work as expected. (pull 4365issue 60266JEP-2232017-04-10 security advisory for Matrix Authorization plugin2017-04-10 security advisory for Role-Based Authorization plugin)
  • Remove the ability to have CSRF protection disabled. Instances upgrading from older versions of Jenkins will have CSRF protection enabled and the default issuer set if they currently have it disabled. (pull 4509)
  • Order Admin Monitors in Global Configuration page. (issue 60966)
  • Add memory usage monitor to system information page. (pull 4499)
  • Improve performance when loading tied jobs. (pull 4497)
  • Fix issue with too many open files error when using resource domain. (issue 61121)
  • Add french translation for concurrent build help. (pull 4505)
  • Developer: Add new checkAnyPermission, hasAnyPermission methods that allow access if a user has one of the supplied permissions. (pull 4506issue 12548JEP-224)
  • Developer: Add a new f:possibleReadOnlyField jelly tag, wraps fields in an if readonly check and then outputs the result as text if the authenticated user only has read access. N/A is added if the field is empty. (pull 4506issue 12548JEP-224)
  • Developer: Add a new l:hasAdministerOrManage jelly tag, hides the body of the tag if the user doesn't have Overall/Administer or Overall/Manage. (pull 4506issue 12548JEP-224)
  • Developer: Allow plugins to force an update of an UpdateSite. (issue 61046)

What's new in 2.221 (2020-02-19)

Globally configured build discarders are available for the first time with this release. Jenkins will now execute the configured per-project build discarder periodically even if no build is currently finishing. Globally configured build discarders may delete old builds if a project has been configured with a more aggressive build discarder configuration since the last build was run.
  • Add globally configured build discarders that delete old builds not marked as "keep forever" even if there is no, or a less aggressive, per-project build discarder configured, executed periodically and after a build finishes. (pull 4368)
  • Jenkins will by default execute the configured per-project build discarder periodically even if no build is currently finishing. This may delete old builds of projects that got a more aggressive build discarder configuration since the last build was run. (pull 4368)
  • Dynamically loading certain plugins could result in permission errors. (issue 61071)
  • Update bundled Script Security Plugin from 1.68 to 1.70. (pull 4490)
  • Do not show disabled permissions in permission errors. (pull 4482)
  • Developer: Use correct alert box name in Javadoc description. (pull 4493)
  • Developer: Introduce filtering overload to getAllItems(), allItems() and getItems(). (pull 4469)
  • Developer: Add new extension point BackgroundBuildDiscarderStrategy to allow more flexible build discarding strategies for the global build discarder configuration. (pull 4368)
  • Developer: Add findsecbugs plugin to spotbugs build plugin. (pull 4381)
  • Internal: Remove inline resources from HudsonPrivateSecurityRealm views. (issue 60866)
  • Internal: Changed exception presented when AtomicFileWriter fails to write to file. (pull 3989)

What's new in 2.220 (2020-02-09)

This release includes an incompatible change which impacts users of the Self-Organizing Swarm Modules plugin. Users of this plugin should upgrade it and its CLI client to the version 3.18 or above.
  • Fix agent installation as a service on Windows (regression in 2.217). (issue 60926Remoting 4.2 changelogAgent Installer Module 1.7 changelog)
  • Fix NullPointerException when getting a list of runs with a status threshold (regression in 2.202). (issue 60884)
  • Remove network discovery services (UDP and DNS). Users of the Self-Organizing Swarm Modules plugin should update the plugin and its CLI client to 3.18. (issue 60913Self-Organizing Swarm Modules Plugin 3.18 changelog)
  • Extends the current milestones so plugins can update jobs and configuration during Jenkins initialization. Adds initialization milestones: SYSTEM_CONFIG_LOADED, SYSTEM_CONFIG_ADAPTED, JOB_CONFIG_ADAPTED. (issue 51856)
  • Export the plugin compatibility flag in Update Site REST API. (pull 4385)
  • Suggest Jenkins Configuration as Code plugin in the installation wizard. (pull 4410)
  • Do not record the user creating an agent in some circumstances. (issue 21837)
  • Avoid logging node monitoring exceptions caused by node deletion. (issue 54496)
  • Improve RSS feed titles. (issue 60848)
  • Display build duration as tooltip to build date/time in the job's build history. (pull 4453)
  • Improve performance of List Views when listing items. (pull 4462)
  • Improve performance of artifact archiving when using jenkins.model.StandardArtifactManager.disableTrafficCompression=true. (issue 60907)
  • Prevent creation of duplicated SetupWizard singleton instances on Jenkins startup. (issue 60867)
  • Fix IndexOutOfBounds exception in ChoiceParameterDefinition.getDefaultParameterValue. (issue 60721)
  • Update Plugin manager pages to show icons while Jenkins is restarting. (issue 59486)

What's new in 2.219 (2020-01-29)

  • Important security fixes. (security advisory)
  • Security hardening related to Stapler routing.
  • Security hardening: Set X-Content-Type-Options to nosniff in REST API responses.

What's new in 2.218 (2020-01-27)

What's new in 2.217 (2020-01-23)

What's new in 2.216 (2020-01-22)

NOTE: This release build failed. Release bits were not deployed.
  • Build failed. Release bits were not deployed.

What's new in 2.215 (2020-01-19)

  • If the Jenkins root URL has been configured by scripts prior to running the setup wizard, skip the location configuration panel even if selecting the option to skip creation of an admin user. (issue 60750)
  • Prevent the RSS feed in Computer page from returning an error 404 (issue 60577)
  • Include details in the system log when a build rotation fails. (issue 60716)

What's new in 2.214 (2020-01-11)

  • Remove old, deprecated, unsupported agent protocols Inbound TCP Agent Protocol/1, Inbound TCP Agent Protocol/2, and Inbound TCP Agent Protocol/3. Update Remoting from 3.36 to 3.40 to remove unsupported protocols and minor maintenance improvements. (issue 60381Remoting 3.40 release notes)
  • Remove Enable Security checkbox in the Global Security configuration. (issue 40228)
  • Clarify that build history does not include pipeline stages. (issue 59412)
  • The environment variable WORKSPACE_TMP may now be used from (non-Pipeline) builds to access a temporary directory associated with the build workspace. (issue 60634)
  • Internal: Add a method in EnvVars that extends TreeMap.putAll() functionality by filtering out the null values. (issue 59220)
  • Internal: Allow usage of DescriptorVisibilityFilter to filter View properties on UI. (issue 60579)
  • Fix null pointer exception in Agent API when the agent is offline (e.g. retrieving agent version or OS description). (issue 42658)
  • Fix JavaScript error in Plugin Manager when optional dependency metadata cannot be retrieved. Improve wording in Plugin Manager UI. (issue 56152)
  • Fix minor localization issues (escaping, incomplete entries, etc.). (pull 4420)
  • Fix typos & spelling in Javadoc and WebUI. (pull 4418)

What's new in 2.213 (2020-01-06)

  • Fix plugin class resource loading failures for plugins which include library JARs. At least the Script Security, Active Directory and Maven Integration plugins are known to be affected. (regression in 2.212) (issue 60641issue 60644issue 60648)

What's new in 2.212 (2020-01-05)

WARNING: This release introduces a critical regression, see JENKINS-60644. Please avoid updating to this version.
  • Prevent Jenkins page rendering from being blocked when the update center data parsing is in progress. (issue 60625)
  • Return error when invalid string is passed as a Run status CLI argument. (pull 4212)
  • Fix an edge case of loading optional dependencies that cause Jenkins to blow up on startup. (pull 4393pull 4417issue 60449)
  • Developer: Introduce new AntClassLoader.getUrl() method to prevent code duplication. (pull 4254)

What's new in 2.211 (2020-01-02)

  • Make the queue/cancelItem REST API return meaningful result codes instead of a Error 404. (issue 60326)
  • Remove unused commons-codec dependency from Jenkins CLI. (issue 60326)

What's new in 2.210 (2019-12-22)

What's new in 2.209 (2019-12-15)

  • improved stop button behavior in the executors widget of the classical GUI, to avoid accidentally interrupting the wrong job. (issue 59656)
  • Fix spotbugs reported concurrency issue using an AtomicInteger in SCMDescriptor#generation. (pull 4337)

Changelogs of historical releases can be found in the changelog archive.