A new GPG signing key is used for the Jenkins weekly Linux packages: 5E386EADB55F01504CAE8BCF7198F4B714ABFC68 Follow the instructions in the Linux package signing blog post to install the new public key on your computer.
Enhancement
No longer include the client IP address in CSRF protection token ("crumb") calculation. Effectively, the behavior is the same as if the (now removed) "Enable proxy compatibility" option were always checked.
pull 25918
Show a warning to administrators who set the hudson.security.csrf.DefaultCrumbIssuer.EXCLUDE_SESSION_ID flag, informing them of the further reduced safety, and the option's planned future removal.
pull 25918
Bug fix
Fix console log copy button for freestyle projects that have finished (regression in 2.493).
pull 25953
Allow large forms to be submitted (regression in 2.531).
pull 25968