Changelog

2.543

December 23, 2025
A new GPG signing key is used for the Jenkins weekly Linux packages: 5E386EADB55F01504CAE8BCF7198F4B714ABFC68
Follow the instructions in the Linux package signing blog post to install the new public key on your computer.
Enhancement
  • No longer include the client IP address in CSRF protection token ("crumb") calculation. Effectively, the behavior is the same as if the (now removed) "Enable proxy compatibility" option were always checked. pull 25918
  • Show a warning to administrators who set the hudson.security.csrf.DefaultCrumbIssuer.EXCLUDE_SESSION_ID flag, informing them of the further reduced safety, and the option's planned future removal. pull 25918
Bug fix
  • Fix console log copy button for freestyle projects that have finished (regression in 2.493). pull 25953
  • Allow large forms to be submitted (regression in 2.531). pull 25968

2.542

December 15, 2025
Enhancement
  • Add telemetry for Content Security Policy enforcement. pull 23901
  • Enables the Overall/Manage permission by default. This permission when granted to users allows them to configure certain parts of Jenkins' global configuration without the ability to execute arbitrary code. pull 23873
  • Truncate verbose queue blockage messages to show maximum 5 reasons with "... and N more" suffix. JENKINS-45927
  • Allow entirely disabling CSP headers to work around unusual Jenkins configurations resulting in excessive HTTP response header lengths. pull 23915
  • Update Winstone to version 8.1026.v31def012a_f48 to increase the default maximum HTTP response header size to 32KB to account for very complex Content Security Policy headers. pull 25901
Bug fix
  • Fix NullPointerException in "ReverseBuildTrigger" when configuration has a missing threshold. JENKINS-39044

2.541

December 10, 2025
Security

2.540

December 2, 2025
Enhancement
  • Ignore casing in AvatarContributor#extractDomainFromUrl. pull 23865
  • Add X-Jenkins-ValidateButton-Callback (a JSON object with callback and arguments keys) as a replacement for the CSP incompatible script HTTP response header for f:validateButton. pull 20345
Bug fix
  • Show saved log recorders again (regression in 2.537). pull 23858
  • Fix incorrect handling of Content Security Policy inheritance chain for fetch directives. This could affect attempts to set *srcelemor *srcattr directives in CSP Plugin 2.x. pull 23855
  • Make "Change API Token" for legacy API tokens work when Content Security Policy is enforced and prohibits inline JavaScript. pull 20345

2.539

November 25, 2025
Major enhancement
Enhancement
  • Add rest API to create an agent from XML. pull 11229
Bug fix

2.538

November 18, 2025
Major bug fix

2.537

November 18, 2025
Starting with Jenkins 2.537, RedHat and openSUSE have the same RPM packages from the same unified repository at https://pkg.jenkins.io/rpm/. Users with an already installed prior version are transparently redirected when refreshing their repositories: https://pkg.jenkins.io/redhat/ and https://pkg.jenkins.io/opensuse/ both redirect to the new URL.

The old repositories are retained and allow to install older versions (<2.537) by using the following URLs: https://pkg.jenkins.io/redhat-legacy/ for RedHat distributions and https://pkg.jenkins.io/opensuse-legacy/ for openSUSE distributions.

Note for openSUSE users: the System V initialization scripts are removed for openSUSE installations (details in https://www.jenkins.io/blog/2022/03/25/systemd-migration/).

⚠️ There is a known bug introduced for openSUSE users: the autorefresh feature of the zypper repository is disabled and requires a zypper refresh command.
Enhancement

2.536

November 11, 2025
Enhancement
  • Redesign the reorderable list component. pull 10186
  • Log a thread dump when a /health check exceeds the 10 second default timeout to help diagnose stuck requests. This timeout is configurable via the jenkins.health.HealthCheckAction.thresholdTimeout system property. pull 11266
  • Use the same styling for title bar mouseover effect. JENKINS-75990
Bug fix
  • Revert display:flex addition from the default panel-header CSS. pull 11272
  • Set the default enter delay for tooltips to 250ms. JENKINS-75892
  • Fix the ordering of the experimental Run UI tabs. pull 11236
  • Restore file fingerprint and project relationship actions to views. JENKINS-76275

2.535

November 4, 2025
Enhancement
  • Refine badges. pull 11254
  • Add ability to set default value for experimental flags via system property. JENKINS-76260
  • Remove duplicate built-in executor configuration from System configuration page. It now configures it on the built-in executor under Nodes instead. pull 11224
Bug fix
  • Ignore NoSuchFileException in FilePath#unzip. JENKINS-76192
  • Eliminate spurious CPU utilization in browser when idle. pull 11257
  • CasC items.yaml now loads after the SYSTEM_CONFIG_ADAPTED milestone is completed. pull 11234
  • Fix toggle collapse in Chrome to prevent 404 errors. JENKINS-76118
  • Fix MyViewsProperty condition. pull 11252

2.534

October 28, 2025
Major enhancement
Enhancement

2.533

October 21, 2025
Enhancement
Bug fix
  • Avoid stack overflow to prevent excessive work being performed when loading builds from disk. This could cause an error when using the Maven and Naginator plugins and the experimental build UI. JENKINS-76202

2.532

October 14, 2025
Enhancement
  • Change required input validator to reject strings that are only whitespace. pull 11143
  • Add support for tabs on the experimental run page. pull 11141
  • Remove deprecated and unused FormFieldValidator.NonNegativeInteger. pull 11176
  • Add German localization for proxy configuration. pull 11159
  • Add interface based constructor for AnnotatedLargeText. pull 11071

2.531

October 7, 2025
Enhancement
  • Add health check for failure to bind an enforced TCP agent port. pull 11145
  • Show build cause on experimental build UI. pull 11128
  • Move experimental run sidepanel to overflow menu. pull 11127

2.530

September 30, 2025
Enhancement
  • Add experimental Parameters dialog for builds. pull 11116
  • Refine experimental run details interface. pull 11096
  • Removed configureclouds redirect to clouds. pull 10982
Bug fix
  • Ensure file parameters are retained across Jenkins restarts. JENKINS-73161
  • Streamline logic to disconnect agents during controller shutdown. pull 11102

2.529

September 22, 2025
Enhancement
  • Optimize build lazy loading during iteration via RunMap.entrySet() and RunMap.keySet(). JENKINS-76075
  • Optimize LogRotator build iteration using RunMap.entrySet(). JENKINS-76075
  • Move the user time zone configuration to the user preferences page. pull 11065
  • Improve the display of help text for agent launch methods. pull 11055
Bug fix
  • Fix "All/None/Suggested" buttons visibility in plugin setup wizard. JENKINS-76114
  • Try harder to release controller memory after using some JavaScript features. JENKINS-16341
  • Fix number comparison in min/max form validator. JENKINS-76002

2.528

September 17, 2025
Security

2.527

September 9, 2025
Bug fix
  • Fix a race condition in WebSocket agent connection initialization. pull 11039

2.526

September 2, 2025
Enhancement
  • Improve UberClassLoader class caching. pull 10979
  • Expose NavigableMap interface from the CopyOnWrite.Tree map. Optimise the AbstractLazyLoadRunMap.search() method. JENKINS-76028
  • Add Polish translations. pull 11025

2.525

August 26, 2025
Enhancement
  • Refactor BuildReferenceMapAdapter to improve code re-usage. JENKINS-75986

2.524

August 19, 2025
Security
Enhancement
  • Pick a new name format for subdirectories of $JENKINS_HOME/users/. Stop creating redundant $JENKINS_HOME/users/users.xml. pull 10926
  • Reduce plugin ClassLoader memory consumption. JENKINS-75675
  • Minor performance optimization for administrative monitors badge display. pull 10855
  • Show parameters of a run in read-only mode. pull 10941
Bug fix
  • Create friendlier HTTP response for an attempt to buildWithParameters a disabled or nonparameterized job. pull 10954
  • Fix incorrect parameter name in quietDown API online help. JENKINS-75991
  • Fix memory leak in Java class loading for the GStringTemplateEngine class. JENKINS-75879

2.523

August 12, 2025
Enhancement
  • Apply the current theme color palette to shutdown and safe-restart messages. pull 10945
  • Reduce agent launch log stack trace noise for ClosedChannelExceptions. pull 10927
  • Refine the Add button for repeatable lists. pull 10913
  • Fix text spacing in the Bulgarian localization. pull 10943
  • Developer: Objects with getName, getFullName, and getFullDisplayName can now be referred through dedicated interfaces. pull 10827
Bug fix
  • Remove the styling of a link in a menu when the corresponding menu is closed. JENKINS-75927
  • Position the Save and Apply buttons for views under the header instead of over it. JENKINS-75937

2.522

August 5, 2025
Enhancement
  • Refine User page UI. pull 10807
  • Use secondary text color for dropdown filter. pull 10901
  • Refine Experiments page UI. pull 10902
  • Breadcrumbs now have a visual indicator and are compatible with accessibility guidelines. JENKINS-75851
Bug fix
  • Correct word-wrap and word-break CSS properties to use supported values. pull 10881

2.521

July 29, 2025
Enhancement
  • Add a visible separator between the bottom app bar and Jenkins UI. pull 10853
Bug fix
  • Stop printing an incorrect message from Slave.warnPlugin. pull 10863

2.520

July 22, 2025
Enhancement
Bug fix
  • Restore breadcrumb navigation for the System configuration page. JENKINS-75637

2.519

July 15, 2025
Enhancement
  • Remove the /extensionList/ HTTP endpoint and related telemetry. Users of the Timestamper plugin should update to version 1.29 or newer. pull 10752
  • Add German translation for Global Build Discarder. pull 10835
  • Refine colors and borders. pull 10814
Bug fix
  • Only hide the dropdown on the breadcrumbs, not on other menus. JENKINS-75834

2.518

July 8, 2025
Enhancement
  • Refine alignment of the header, app bar, and side panel. pull 10806
  • SSH cli now uses support of EdDSA natively provided by Apache Mina via Bouncycastle. pull 10788
Bug fix
  • Actions with Alerts now display correctly in the new header when in the hamburger menu. JENKINS-75832
  • Make script console layout configurable. JENKINS-75849
  • Improve UI of secondary actions in the header. JENKINS-75853
  • Enable the chevron button in job tables by removing pointerevents:none from its CSS styling. JENKINS-75252
  • Fix multiple dropdowns for the breadcrumb navigation becoming visible. JENKINS-75834

2.517

July 1, 2025
Enhancement
  • Add window listener computeOverflow to trigger a new compute of the breadcrumbs JENKINS-75818
  • Developer: Asynchronous periodic work executions can now be queued. pull 10716
Bug fix
  • Avoid queue items being lost if the node disconnects at a bad time during allocation. pull 10756

2.516

June 24, 2025
Bug fix
  • Place secondary actions in the collapsing menu instead of displaying them based on screen width. JENKINS-75727
  • Any RootAction that used custom rendering (action.jelly) is once again visible in the header and behaves appropriately. Any RootAction that uses jelly to show/hide is correctly hidden in the header. Any RootAction with sub tasks now shows the subtasks as a dropdown when in the correct context. JENKINS-75683
  • Do not hide contents of Execute shell, parameter descriptions, and other CodeMirror components after skeleton loading. JENKINS-75794
Enhancement
  • Developer: System properties can now use flexible time units: 30s, 3m, 1h, 2d, etc. pull 10561

2.515

June 17, 2025
Bug fix
  • Replace Loading overlay with skeleton outline on Manage Jenkins pages. JENKINS-68934

2.514

June 10, 2025
Enhancement
  • Refine dialog and Command Palette appearances. pull 10721
Bug fix
  • Fix URLs in search result list when running at `root` context. pull 10725
  • Restore side panel actions for views. JENKINS-75683
Changelogs of historical releases can be found in the changelog archive.