Changelog

2.569

June 15, 2026
Windows 2019 controller images have been dropped from this release, and the next LTS release line will not include them either. For users who must use Windows for their controller and are stuck on Windows 2019, the workaround is either to:
  1. Install Jenkins controller via the MSI available via the "Windows" links on https://www.jenkins.io/download/
  2. Build their own image
Enhancement
  • Standardise command palette, dialog, dropdown, and tooltip materials pull 26900
  • Hide CSRF configuration section when only the default crumb issuer is available pull 26057
  • Allow to disable build history widget auto refresh in development mode pull 26558
Bug fix
  • Fix the combobox suggestion list flashing and closing immediately when the field is clicked. pull 26884
  • Do not show "Agent is connected" message when node is marked temporarily offline pull 26675
  • Fix tailing of logs when partial lines are emitted (regression in 2.534). pull 26871
  • Fix experimental job app bar status icon pull 26892
  • Fix unexpected bluish scrollbar pull 26893

2.568

June 10, 2026
Security

2.567

May 30, 2026
Bug fix
  • Ensure urls in widgets loaded via ajax are correct pull 26721

2.566

May 26, 2026
Enhancement
  • Reduce agent creation time during high usage by caching calls to Util.isOverridden. issue 26796pull 26797
  • Extend telemetry collection for Content Security Policy until December. pull 26807
Bug fix
  • Fix description editor rendering empty when reopened inside a modal dialog. pull 26795

2.565

May 19, 2026
Bug fix
  • Limit the SECURITY-3657 security fix by default to the controller JVM due to reported problems extracting some stashes involving symbolic links on agents. pull 26709
  • Prevent active builds from being lost when a job is reloaded (regression in 2.523). pull 26700

2.564

May 12, 2026
Enhancement
  • Add permalinks to experimental job UI menu pull 26699
  • Make scrollbar color derive from secondary text color pull 26735
Bug fix
  • Restore the job name in the page title on the build console and changes pages. pull 26727
  • Ensure applying configuration as code retains the offline cause of agent (regression in 2.482). pull 26749

2.563

May 5, 2026
Enhancement
  • Use variable for jenkins-not-applicable class. pull 26728
  • Refine the System page in Manage Jenkins. pull 26679
  • Update bundled Script Security Plugin from 1399.ve6a_66547f6e1 to 1402.v94c9ce464861, Matrix Authorization Strategy Plugin from 3.2.9 to 3.2.10. pull 26719
Bug fix
  • Wrap long, unbroken strings correctly within the maximum width of the dialog. pull 26574
  • Stop retaining build references in the old data monitor. pull 26711

2.562

April 28, 2026
The Jenkins MSI installer is now signed by "LF Open Source, LLC" using the Microsoft Artifact Signing Service. The change causes the Edge browser on Windows to report that the file is not commonly downloaded. Users need to select "Keep anyway" to download the installer.
When running the Jenkins MSI installer with the new signature, Windows SmartScreen reports "Microsoft Defender SmartScreen prevented an unrecognized app from starting. Running this app might put your PC at risk." Users need to select "More info" to advance to the next screen and then select "Run anyway". A blog post provides screenshots and more details.
The Microsoft support forum says that Microsoft SmartScreen will stop prompting users once there are enough installations to increase its reputation score.
Enhancement
  • Stop signing the war file with jarsigner. Rely on the GPG signature to verify publisher identity. pull 26708

2.561

April 21, 2026
Bug fix
  • Fix parameterised pipeline build triggering. pull 26685

2.560

April 21, 2026
Enhancement
  • Adopt experimental App Bar API for jobs pull 26510
  • Avoid unnecessary copy of all loaded builds in AbstractLazyLoadRunMap.getLoadedBuilds(). pull 26636
  • Refine the 'Users' Manage Jenkins page pull 26475
  • Deprecate CheckMethod#toCheckUrl method, which generates a JS expression, and does not work with CSP enabled. pull 26638
Bug fix
  • Prevent selecting an autocomplete suggestion submitting the configuration form (regression in 2.556). pull 26646
  • Restore warnings in the update site warnings monitor (regression in 2.558). pull 26644
  • Fix console card breaking layout in experimental build view pull 26663
  • Use correct views tab bar in new dashboard page respecting user preferences pull 26640
  • Keep the Duplicate Jenkins checker enabled when saving the global configuration (regression in 2.549). pull 26631

2.559

April 14, 2026
Enhancement
  • Refine appearance of dialogs pull 26514
  • Improve queue maintenance performance for jobs with large build histories pull 26597
Bug fix
  • Update dependency org.apache.ant:ant to v1.10.17 to resolve regression issue due to v1.10.16 pull 26611
  • Fix Windows null pointer exception due to Apache Ant 1.10.16 (regression in 2.558). pull 26606
  • Remove lines from log recorder page. pull 26598
  • Render links to nodes and clouds correctly in the context menu (regression). pull 26583
  • Use the correct URL in delete dialogs invoked from the cloud context menu (regression in 2.556). pull 26593

2.558

April 7, 2026
Enhancement
  • Refine how administrative monitors are displayed pull 26417
  • Deduplicate build causes in queue tooltip and build overview. pull 26392
  • Use a dialog to add/edit the description of jobs, builds, views, computers, ... pull 26535
Bug fix
  • Ensure cancel button for queued jobs doesn't move when other badges are present. pull 26564

2.557

March 31, 2026
Enhancement
  • Refine experimental Run overflow menu. pull 26524
Bug fix
  • Fix wrong permission for description button in new build page. pull 26548
  • Fix multibranch Pipeline scan from parent folder (regression). pull 26517
  • Fix legacy context menu items not working. pull 26525
  • Fix delete button being missing and actions showing when they shouldn't be (regression in 2.556). pull 26526
  • Fix breadcrumb heading label. pull 26523

2.556

March 24, 2026
Enhancement
  • Upgrade to Spring Security 7. pull 11304
  • Upgrade to Spring Framework 7. pull 11292
  • Refine Third Party Licences page. pull 26476
  • Remove maximum width of sections. pull 26435
  • Introduce experimental API for adding actions to experimental Run UI. pull 11204
  • Added Turkish translations to setup wizard. pull 26426
  • Explain prepending additional values to environment variables with BASE+EXTRA in the online help for nodes. JENKINS-41492
Bug fix
  • Use standard size node icon even with long node names. pull 26486

2.555

March 18, 2026
Security

2.554

March 10, 2026
Enhancement
  • Adapt Script Console for experimental Manage Jenkins UI pull 11333
  • Refine legacy Add button for repeatable lists pull 26352
Bug fix
  • Fix keyboard navigation scrolling in dropdowns pull 26358
  • Partially revert optimisation in RunMap that causes issues when reloading pull 26399

2.553

March 3, 2026
Bug fix
  • Restore unsaved changes warning in the new Manage Jenkins UI. pull 26314

2.552

February 24, 2026
Enhancement
  • Update Jenkins CLI's subpages to use experimental Manage Jenkins UI pull 26316
  • Revamp Clouds page pull 26315
  • Add experimental Plugin Manager UI pull 11332
Bug fix
  • Fix estimated build number in Build History widget pull 26355
  • Redirect to the correct URL when creating log recorders with nonASCII names. JENKINS-26318
  • Do not fail builds when the tool installation directory is readonly. JENKINS-16005
  • Don't validate input fields when they are disabled pull 26298
  • Fix link to polling log of upstream build caused by an SCM trigger after a Jenkins restart pull 26291
  • Prevent afterDisconnect() from being called twice when an agent disconnects JENKINS-35272
  • Add support for combobox and autocomplete in dialogs pull 26326

2.551

February 18, 2026
Security

2.550

February 10, 2026
Enhancement
Bug fix
  • Fix progressive rendering progress calculation pull 26235
  • Avoid that when copying a cloud anything else than the name is changed pull 26260
  • Make redirects to documentation on www.jenkins.io work in the builtin administrative monitors when using Chrome and enforcing Content Security Policy. pull 26207
  • Do not compute the CSP header if it's completely disabled using the Java system property jenkins.security.csp.CspHeader.headerName in case computation takes too long. pull 26255

2.549

February 3, 2026
Enhancement
  • Add telemetry for password field masking. pull 26195
  • Clarify UI label when configuring Content Security Policy. pull 26198
  • Minor refinement of dropdowns and empty states. pull 26189
Bug fix
  • Fix shutdown banner visibility on Plugin Manager pages when preparing for shutdown pull 26234
  • Fix a 404 error when clicking plugin names on the “License and dependency information for plugins” page. pull 26029
  • Fix exception message being logged in rare cases on views with keyboard shortcut indicators. pull 26214
  • Fix primary button text color in administrative monitors. pull 26212

2.548

January 27, 2026
Major bug fix
  • Submitting a form would in rare cases, lead to an error (Got type array but no lister class found for type...) JENKINS-76249
Enhancement
  • Add online help for the “Remove last build” build discarder option. pull 26153
  • API tokens with expiration date pull 23859
Bug fix
  • Fix temporary offline state of computer is lost on config submit pull 26154
  • Fix sidebar navigation for nonASCII localized section headers. pull 26068

2.547

January 20, 2026
Enhancement
  • Use display name in directory browser breadcrumb. pull 25924
Bug fix
  • Fix false "Build Scheduled" notification when attempting to build branch jobs in disabled multibranch projects pull 26117
  • Hide build buttons in Multibranch branch/PR jobs when the Multibranch or organization folder is disabled pull 26131
  • Fix cloud URL when using experimental settings redesign pull 26107

2.546

January 13, 2026
Bug fix
  • Fix category headers showing as raw HTML on New Item page. pull 26056

2.545

January 6, 2026
Major enhancement
Enhancement
  • Add telemetry for Java properties. pull 26038
  • Bump the minimum supported remoting.jar version to 3176.v207ec082a_8c0 pull 26034
Bug fix
  • Prevent race condition during initial administrator account creation. pull 26036
  • Avoid NPE in Job#getLastBuildsOverThreshold pull 26005
  • Use rootURL in Cloud sidepanel so links in actions work properly. pull 26004

2.544

December 29, 2025
Enhancement
Bug fix
  • Display a brief message on update site signature verification failure instead of showing a stack trace. JENKINS-75905

2.543

December 23, 2025
A new GPG signing key is used for the Jenkins weekly Linux packages: 5E386EADB55F01504CAE8BCF7198F4B714ABFC68
Follow the instructions in the Linux package signing blog post to install the new public key on your computer.
Enhancement
  • No longer include the client IP address in CSRF protection token ("crumb") calculation. Effectively, the behavior is the same as if the (now removed) "Enable proxy compatibility" option were always checked. pull 25918
  • Show a warning to administrators who set the hudson.security.csrf.DefaultCrumbIssuer.EXCLUDE_SESSION_ID flag, informing them of the further reduced safety, and the option's planned future removal. pull 25918
Bug fix
  • Fix console log copy button for freestyle projects that have finished (regression in 2.493). pull 25953
  • Allow large forms to be submitted (regression in 2.531). pull 25968

2.542

December 15, 2025
Enhancement
  • Add telemetry for Content Security Policy enforcement. pull 23901
  • Enables the Overall/Manage permission by default. This permission when granted to users allows them to configure certain parts of Jenkins' global configuration without the ability to execute arbitrary code. pull 23873
  • Truncate verbose queue blockage messages to show maximum 5 reasons with "... and N more" suffix. JENKINS-45927
  • Allow entirely disabling CSP headers to work around unusual Jenkins configurations resulting in excessive HTTP response header lengths. pull 23915
  • Update Winstone to version 8.1026.v31def012a_f48 to increase the default maximum HTTP response header size to 32KB to account for very complex Content Security Policy headers. pull 25901
Bug fix
  • Fix NullPointerException in "ReverseBuildTrigger" when configuration has a missing threshold. JENKINS-39044

2.541

December 10, 2025
Security

2.540

December 2, 2025
Enhancement
  • Ignore casing in AvatarContributor#extractDomainFromUrl. pull 23865
  • Add X-Jenkins-ValidateButton-Callback (a JSON object with callback and arguments keys) as a replacement for the CSP incompatible script HTTP response header for f:validateButton. pull 20345
Bug fix
  • Show saved log recorders again (regression in 2.537). pull 23858
  • Fix incorrect handling of Content Security Policy inheritance chain for fetch directives. This could affect attempts to set *srcelemor *srcattr directives in CSP Plugin 2.x. pull 23855
  • Make "Change API Token" for legacy API tokens work when Content Security Policy is enforced and prohibits inline JavaScript. pull 20345
Changelogs of historical releases can be found in the changelog archive.