Legend: major RFEmajor enhancement RFEenhancement major bugmajor bug fix bugbug fix xxxxx
Community ratings
See our new LTS upgrade guide for advice on upgrading Jenkins.

What's new in 2.19.4 (2016-11-23)

  • Reduce logging level when the localization resource is missing ResourceBundleUtil#getBundle(). (issue 39604)
  • Custom remoting enable/disable settings were not properly persisted on the disk and then reloaded. If the option has been configured in Jenkins starting from 2.16, a reconfiguration may be required. (issue 39465)
  • Prevent NullPointerException when rendering CauseOfInterruption.UserInterruption in build summary pages for non-existent users. (issue 38721 and issue 37282, regression in 2.14)
  • Display transient actions for labels. (issue 38651)
  • Performance: Fix the performance of file compress/uncompress operations over the remoting channel. (issue 38640, issue 38814)
  • Add user to restart log message for restart after plugin installation. (issue 38615)
  • Remoting 2.62.2: Improve connection stability by turning on Socket Keep-alive by default. Keep-alive can be disabled via the -noKeepAlive option on slave agent process. (issue 38539)
  • Remoting 2.62.2: Prevent NullPointerException in Engine#connect() when host or port parameters are null or empty. (issue 37539)
  • Jenkins startup does not fail if one of ComputerListeners throws exception in the onOnline() handler. (issue 38487)
  • Fix handling of the jenkins.model.Jenkins.slaveAgentPort system property, which was not honored. (issue 38187, regression in 2.0)
  • Properly enable submit button on New Item page when choosing item type first. (issue 36539)
  • Add missing internationalization support to ResourceBundleUtil. It fixes internationalization in Blue Ocean and Jenkins Design Language. (issue 35845)
  • Properly handle quotes and other special symbols in item names during form validation. (issue 31871)
  • Prevent deadlocks during modification of node executor numbers (e.g. during deletion of nodes). (issue 31768)
  • Restore automatic line wrapping in Build Step text boxes with syntax highlighting. (issue 27367)
  • Print warnings if none of Tool Installers can be used during the tool installation. (issue 26940)
  • Node build history page was hammering the performance of the Jenkins instance by spawning parallel heavy requests. Now the information is being loaded sequentially. (issue 23244)
  • Fix JS/browser memory leak on Jenkins dashboard. (issue 10912)

What's new in 2.19.3 (2016-11-16)

This is an out-of-schedule release addressing the zero day vulnerability published on November 11, 2016. It does not contain the usual LTS bug fixes, but only addresses the security vulnerability. There will be another LTS release in the 2.19.x line containing bug fixes as regularly scheduled.
  • Important security fixes (security advisory)
  • Allow disabling the Jenkins CLI over HTTP and JNLP agent port by setting the System property jenkins.CLI.disabled to true.

What's new in 2.19.2 (2016-11-01)

  • Prevent instatination of jenkins.model.Jenkins on agents in the ProcessKillingVeto extension point. (issue 38534)
  • Decrease connection timeout when changing the JNLP agent port via Groovy system scripts. (issue 38473)
  • Fix NullPointerException when descriptor is not in DescriptorList. (issue 37997)
  • Print warnings to system logs and administrative monitors when Jenkins initialization does not reach the final milestone. (issue 37874, diagnostics for issue-37759)
  • Allow the use of custom JSON signature validator for Update Site metadata signature checks. (issue 36537)
  • Failed to load jenkins.util.SystemProperties on slaves. (issue 35184)
  • CLI: Connection over HTTP was not working correctly. (issue 34287, regression in 2.0)
  • Use the correct 'gear' icon for Manage Jenkins in Plugin Manager. (issue 34250)
  • Build history was not properly updating via AJAX. (issue 31487)
  • CLI: Disable the channel message chunking by default. Prevents connection issues like java.io.StreamCorruptedException: invalid stream header: 0A0A0A0A. (issue 23232)
  • Exclude /cli URL from CSRF protection crumb requirement, making the CLI work with CSRF protection enabled and JNLP port disabled. (issue 18114)

What's new in 2.19.1 (2016-10-03)

Changes from 2.19:
  • Fixed the missing icon in the System Script console. (issue 37814)
  • Fixed background color in the ComboBoxList element in order to make options visible. (issue 37549)
  • Fixed editing default view description with automatic refresh. System message is not being displayed instead of the view description. (issue 37360)
  • Do not process null CRON specifications in build triggers. (issue 36748, enhances fix in 2.15)
  • Setup wizard now checks if the restart is supported on the system before displaying the restart button. (issue 33374)
  • Test Windows junctions before Java 7 symlink in symbolic link checks. (issue 29956)
Notable changes since 2.7.4:
  • Fix plugin dependency resolution. Jenkins will now refuse to load plugins with unsatisfied dependencies, which resulted in difficult to diagnose problems. This may result in errors on startup if your instance has an invalid plugin configuration., check the Jenkins log for details. (issue 21486)
  • Don't load all builds to display the paginated build history widget. (issue 31791)
  • Tell browsers not to cache or try to autocomplete forms in Jenkins to prevent problems due to invalid data in form submissions. From now on, only select form fields (e.g. job name) will offer autocompletion. (issue 18435)
  • Add diagnostic HTTP response to TCP agent listener. (issue 37223)
  • Allow admins to control the enabled agent protocols on their instance from the global security settings screen. (issue 37032)
  • Prevent NullPointerException on startup after update from Jenkins 2.5. (issue 35206)
  • Always send usage statistics over HTTPs to the new usage.jenkins.io hostname. (issue 35641)
  • Do not inject build variables into Maven process by default for new projects. (issue 25416, issue 28790)
  • IllegalStateException under certain conditions when reloading configuration from disk while jobs are in the queue. (issue 27530)
  • Underprivileged users were unable to use the default value of a password parameter. (issue 36476)

What's new in 2.7.4 (2016-09-08)

  • Prevent File descriptor leaks when reading plugin manifests. It causes failures during the upgrade of detached plugins on Windows. (issue 37332)

What's new in 2.7.3 (2016/08/31)

  • Stop A/B testing of the remoting JNLP3 protocol due to the known issues. The protocol can be enabled manually via the jenkins.slaves.JnlpSlaveAgentProtocol3.enabled system property. (issue 37315)
  • When checking Update Center, append ?uctest parameter to HTTP and HTTPS URLs only. (issue 37189)
  • Ensure that detached plugins are always at least their minimum version. (issue 37041)
  • Remove trailing space from Hudson.DisplayName in Spanish, which resulted in problems with Blue Ocean. (issue 36940)
  • Make sure that the All view is created. (issue 36908)
  • Incorrect formatting of messages in the Update Center and Setup Wizard. (issue 36757)
  • Underprivileged users were unable to use the default value of a password parameter. (issue 36476)
  • Properly handle exceptions during global configuration form submissions when SCM Retry Count field is empty. (issue 36387)
  • Do not allow disabled project to be triggered remotely. (issue 36193)
  • Ensure that SCMDescriptor.newInstance overrides are honored when creating new SCM entries. (issue 36043, issue 35906)
  • Add a cache for user information to fix performance regression due to SECURITY-243. (issue 35493)
  • Performance: Disable AutoBrowserHolder by default to improve the changelog rendering performance. (issue 35098)
  • Honor non-default update sites in setup wizard. (issue 34882)

What's new in 2.7.2 (2016/08/03)

  • Always send usage statistics over HTTPs to the new usage.jenkins.io hostname. (issue 35641)
  • Fix issues in file management in hudson.remoting.Launcher (main executable class). (issue 35494)
  • Remoting 2.60: Fix potential file handle leaks during the build agent (FKA slave) startup. issue 35190)
  • Remoting 2.60: Proper handling of the no_proxy environment variable. (issue 32326)
  • Performance: Improve configuration page load times by removing the CodeMirror reloading cycle. (issue 32027)
  • Remoting 2.60: hudson.Remoting.Engine#waitForServerToBack now uses credentials for connection. (issue 31256)
  • IllegalStateException under certain conditions when reloading configuration from disk while jobs are in the queue. (issue 27530)
  • Allow keeping builds forever with custom build retention strategies. (issue 26438)
  • Remoting 2.60: Make the channel reader tolerant against Socket timeouts. (issue 22722)

What's new in 2.7.1 (2016/07/06)

Changes from 2.7:
  • Installation Wizard: Do not offer creating new admin user if the security is preconfigured. (Issue 34881)
  • API: Make it easier for UpdateSites to tweak the InstallationJob. (Issue 35402)
  • Fix the repeatable item delete button layout in Safari. Addresses Build Steps and other such configuration items. (Issue 35178)
  • Prevent NullPointerException on startup after update from Jenkins 2.5. (Issue 35206)
  • Explicitly declare compatibility of Windows build agent service with .NET Framework 4. (PR #2386)
  • Honor noProxy settings from "Manage Jenkins > Manage Plugins > Advanced". (Issue 31915)
  • API: Restrict external usages of jenkins.util.ResourceBundleUtil. (Issue 35381)
  • Internal: Upgrade Groovy to 2.4.7 to finalize the fix in Jenkins 2.7. (Issue 34751)
Notable changes since 1.651.3:
More detailed information about the new features in Jenkins 2 on the overview page. Note that AJP support has been removed, if your service script enables it, Jenkins will fail to start.
  • New password-protected setup wizard shown on first run to guide users through installation of popular plugins and setting up an admin user. (issue 30749, issue 9598)
  • Plugin bundling overhaul: Bundled plugins are only installed if necessary when upgrading, all plugins can be uninstalled. (issue 20617)
  • Redesigned job configuration form makes it easier to understand the option hierarchy, and to navigate the form. (issue 32357)
  • Richer 'Create Item' form with job icons and job categories (once a threshold of three categories has been reached). (issue 31162)
  • Support encrypted communication between master and JNLP slaves. (issue 26580)
  • Enable disabled dependencies during plugin installations. (issue 34494)
  • Force ordering between GPG and jarsigner to ensure correct GPG signature. (pull 2285)
  • Secured Jenkins installations didn't properly save the queue on shutdown. (issue 34281)
  • Upgrade wizard encourages installation of Pipeline related plugins when upgrading from 1.x. (issue 33662)
  • Jenkins now requires Servlet 3.1. Upgraded embedded Winstone-Jetty to Jetty 9 accordingly. This removes AJP support when using the embedded Winstone-Jetty container. (issue 23378)
  • Bundled Groovy updated from 1.8.9 to 2.4.7. (issue 21249)
  • Moved tools configuration from Configure Jenkins to separate dialog.
  • Added option to prohibit anonymous access to security realm "Logged in users can do anything", enable by default. (issue 30749)
  • Renamed 'slave' to 'agent' on the UI. (issue 27268)
  • Improvements to inline documentation of numerous form fields in Jenkins global and job configuration. (issue 33364)
  • Change default CSRF protection crumb name to Jenkins-Crumb for nginx compatibility. (issue 12875)
  • Add symbol annotations on core. (pull 2293)
  • Workaround for unpredictable Windows file locking. (issue 15331)
  • Remove the historical initialization of CVS changelog parser for jobs without explicit SCM definition. Warning! This change may potentially cause a regression if a Jenkins plugin depends on this default behavior and injects changelogs without SCM. (issue 4610)
  • Add the JOB_BASE_NAME environment variable to builds (job name without path). (issue 25164)
  • Allow overriding Jenkins UpdateCenter by a custom implementation. (issue 34733)
  • Allow overriding Jenkins PluginManager by a custom implementation. (issue 34681)
  • Allow setting of properties from context.xml and web.xml in addition to setting system properties from the command line. (issue 34755)
  • Remoting: Allow Jenkins admins to adjust the socket timeout. (Controlled by hudson.remoting.Engine.socketTimeout) (issue 34808)
  • Remoting: Allow disabling the remoting protocols individually. Allows working around compatibility issues like JENKINS-34121. (Controlled by PROTOCOL_CLASS_NAME.disabled) (issue 34819)
  • Remoting, scalability: Ensure that the unexporter cleans up whatever it can each GC sweep. (issue 34213)
  • Remoting: Force class load on UserRequest to prevent deadlocks on Windows nodes agents in the case of multiple classloaders. (Controlled by hudson.remoting.RemoteClassLoader.force) (issue 19445)
  • Make ToolInstallers to follow HTTP 30x redirects. (issue 23507)
  • Disable JSESSIONID in URLs when running in the JBoss web container. It prevents Error 404 due to invalid links starting from Jenkins 1.556. More info: WFLY-4782 (issue 34675)
  • Allow starting non-AbstractProject (e.g. Pipeline) jobs from CLI. (issue 28071)
  • Plugin Manager was building incorrect list of bundled plugins for nested dependencies. (issue 34748)
  • Developer API: Add WorkspaceList.tempDir(…). (issue 27152)
  • Developer API: Allow putting @Initializer annotations on instance methods. (pull 2176)
  • Developer API: Allow specifying custom AbortExceptions. (pull 2288)

What's new in 1.651.3 (2016/06/08)

What's new in 1.651.2 (2016/05/11)

  • Important security fixes (security advisory)
  • Update remoting to 2.57. (issue 33999, issue 32980, issue 28289)
  • Pipeline runs not reliably started after restart when using Build after other projects are built. (issue 33971)
  • Prevent badges in build history sidepanel widget from overlapping page contents. (issue 33826)
  • Do not hardcode .bat extension for Maven on Windows. (issue 33693)
  • Don't store redundant build causes, make list of build causes immutable. (issue 33467)
  • Make context meny link Delete Project work with CSRF protection enabled. (issue 18032)

What's new in 1.651.1 (2016/04/14)

Changes from 1.651:
  • Honor the option to opt out of usage statistics submission. (advisory)
  • Plugin filters were failing to be removed and blocking restart. (issue 33681)
  • Do not fail update center check if there are no tool installers defined. (issue 32831)
  • Fix argument masking for sensitive build variables on Windows. (issue 28790)
  • Under some conditions Jenkins startup could fail because of incorrectly linked extensions; now recovering more gracefully. (issue 25440)
  • Multiple bug fixes related to shutdown sequence. (issue 33377, issue 33384)
Notable changes since 1.642.3:
  • Move periodic task log files from JENKINS_HOME/*.log to JENKINS_HOME/logs/tasks/*.log and rotate them periodically rather than overwrite every execution. (issue 33068)
  • Allow changing the directory used for the extraction of plugin archives via the --pluginroot CLI option (also controllable via the hudson.PluginManager.workDir system property / context parameter. Also document the --webroot CLI parameter in java -jar jenkins.war --help (issue 32765)
  • Unify CLI exit code semantics. (issue 32273)
  • Add time zone to generation date in footer in most locales. (issue 32194)
  • The Windows service wrapper now specifies the --webroot argument to extract the war file into %BASE%. (pull 1951)
  • Allow retrying core update when the first attempt failed. (issue 11016)
  • Allow specifying the default TCP slave agent listener port via system property. (commit 653fbdb)
  • Fix documentation of proxy configuration. (pull 2060)
  • Retrieve tool installer metadata from all update sites. (issue 32328)
  • Fields on the parameters page are no longer aligned at the bottom. (issue 31753)
  • Cleanup of CLI error handling and return codes. (issue 32273)
  • Boot failure hook script did not work, WebAppMain.contextDestroyed produces weird errors. (issue 24696)
  • ArrayIndexOutOfBoundsException when parsing range set. (issue 32852)
  • Generate new instance identity file when the existing one is found to be corrupt. (issue 29240)
  • Developer: The official parent POM for plugins is now hosted in the plugin-pom repository, starting with version 2.0. (issue 32493)
  • API changes: Add a reusable implementation of IdleOfflineCause class. (commit 7e05b50)
  • Developer: Split test harness into separate artifact. (issue 32478)
  • Developer: Pass $it to contents of dropdownDescriptorSelector. (issue 19565)

What's new in 1.642.4 (2016/03/31)

  • Honor the option to opt out of usage statistics submission. (advisory)

What's new in 1.642.3 (2016/03/16)

  • Fields on the parameters page are no longer aligned at the bottom. (issue 31753)
  • Under some conditions a build record could be loaded twice, leading to erratic behavior. (issue 22767)

What's new in 1.642.2 (2016/02/24)

  • Important security fixes (security advisory)
  • Don't submit usage statistics while Jenkins hasn't finished loading. (issue 32190)
  • Performance regression when setting JDK installations. (issue 31932)
  • Renaming a node over another was possible and destroys both configurations. (issue 31321)
  • A CloudProvisioningListener can prevent provisioning of all clouds instead of just the targeted cloud. (issue 31219)
  • GroovyHookScript needs Jenkins to be initialized but should not (for e.g. boot failure script). (issue 24696)
  • Don't show “termination trace” as warning in the log as it's not necessarily an error condition. (issue 32567)

What's new in 1.642.1 (2016/01/20)

No changes compared to 1.642. Notable changes since 1.625.3:
  • Build history pagination and search. (issue 26445)
  • “Form too large” errors from Jetty when submitting massive forms. (issue 20327)
  • Allow retrying core update when the first attempt failed. (issue 11016)
  • Allow specifying the default TCP slave agent listener port via system property. (commit 653fbdb)
  • Display expected CRON run times even if a warning occurs. (issue 29059)
  • Add "lastCompletedBuild" job permalink. (issue 26270)
  • Allow case insensitive file patterns in Artifacts Archiving. (issue 5253)
  • Let a combobox display its drop-down when focused, so users can see candidates without entering a letter. (issue 26278)
  • Add safari pinned tab icon. (discussion)
  • Plugin Manager UI prevents users from enabling/disabling/uninstalling plugins at the "wrong" time. (issue 23150)
  • Do not show REST API link for pages which have no API handlers. (issue 29014)
  • JS alert still prevented leaving a configuration page without changes. (issue 21720)
  • API: New OptionalJobProperty class to simplify JobProperty creation. (PR 1888)
  • API: Add get method for causes of interruption in hudson.model.Executor (PR 1712)

What's new in 1.625.3 (2015/12/09)

  • Important security fixes (security advisory)
  • SECURITY-186 regression: non-item tasks hidden (issue 31649)
  • JNLP slaves can fail to correctly negotiate a transport (issue 31718)
  • delete-node CLI command did not work correctly for cloud nodes (issue 31098)

What's new in 1.625.2 (2015/11/11)

  • Important security fixes (security advisory)
  • AbstractBuildExecution#reportError should work will any kind of Build Step (issue 30730)
  • Optimize TagCloud size calculation (issue 30705)
  • Tar implimentation can't handle > 8GB and doesn't error out. (issue 10629)
  • FlyWeightTasks tied to a label will not cause node provisioning and will be blocked forever. (issue 30084)
  • People with Jenkins.ADMINISTER are always able to see API tokens of all users (SECURITY-200)
  • CLI (/cli) exposes instance information via left sidebar (SECURITY-192)

What's new in 1.625.1 (2015/10/14)

1.625.1 is the first Jenkins LTS release that requires Java 7 to run. If you're using the Maven Project type, please note that it needs to use a JDK capable of running Jenkins, i.e. JDK 7 or up. If you configure an older JDK in a Maven Project, Jenkins will attempt to find a newer JDK and use that automatically. If your SSH Slaves fail to start and you have the plugin install the JRE to run them, make sure to update SSH Slaves Plugin to at least version 1.10.
  • Build history text field wrap fails when containing markup (issue 26406)
  • First-time display with many Maven jobs blocked in FingerprintAction.compact (issue 19392)
  • Animated ball in job's build history widget won't open Console Output (issue 26365)
  • Memory leak in ProgressiveRendering (issue 25081)
  • Hudson test case leaks temp folders (issue 4409)
  • Large number of build parameters for pending jobs (e.g.gerrit triggered job) can cause unwieldy build history (issue 22311)
  • "unknown format type" on console output (issue 24614)
  • Build health computed twice per job (issue 25074)
  • SSH slaves can block for a long time in NativePRNG (issue 20108)
  • ClosedByInterruptException in JenkinsRule setup (issue 30395)
  • Job owned by SYSTEM instead of creator when 'Setup after creation' used (issue 25400)
  • AbstractProject: makeDisabled() performs operations even if supportsMakeDisabled() is false (issue 24340)
  • Infinite loop with crontab "H H(19-24) * * *" (issue 25897)
  • quietDown reports HTTP 405 Method Not Allowed (issue 23942)
  • "Given final block not properly padded" after deleting master.key after Java security update (issue 25937)
  • Run parameters should display in human readable form rather than build numbers (issue 25174)
  • FilePath.validateAntFileMask sucks up heap (issue 25759)
  • AbstractLazyLoadRunMap.entrySet improperly cached (issue 25655)
  • Wrong EOL (UNIX type: LF) in Windows batch files executed for build steps of type "Execute Windows batch command" (issue 7478)
  • Unreliable slave Plugin will offline the slave or not? what’s the meaning of “try slave reconnect of put offline”? how to use the plugin? (issue 23568)
  • JDK9 with jigsaw file layer is not detected as valid JDK (issue 25601)
  • Basic Authentication in combination with Session is broken (issue 25144)
  • Missing build history moving a job when BuildDir is set to a custom location (issue 24825)
  • Maven build step fail to launch mvn process when special chars are present in build variables (issue 26684)
  • Manage->Cancel Shutdown requests POST method and even POST fails due to invalid crumb if CSRF protection is enabled (issue 23020)
  • Unnecessarily slow & serialized I/O for top-level item loading in loadTasks (issue 25473)
  • No wrap up(not in multiple lines) of too long list of slaves at label page (issue 25989)
  • Jenkins merges queued builds with the different file parameters (issue 19017)
  • RunIdMigrator fails to revert Matrix and Maven jobs (issue 29989)
  • WARNING: hudson.model.FreeStyleProject@9a4e77f[...] did not contain ... #584 to begin with (issue 25788)
  • ListView's ItemListener runs with user privileges, might miss affected views (issue 22769)

What's new in 1.609.3 (2015/09/02)

  • When NodeProvisioner processes planned nodes, it must always call spent() (issue 29568)
  • Sort by 'Free Disk Space' is incorrect (issue 29286)
  • Label expression help is missing in recent Jenkins versions (issue 29376)
  • The curious case of the Channel memory cycles (issue 28844)
  • Excessive classes being sent to slave machine (issue 28058)

What's new in 1.609.2 (2015/07/28)

  • NPE may happen if somebody tries to drop the e-mail JenkinsLocationConfiguration:setAdminAddress() (issue 28419)
  • Build History badges don't wrap (issue 28455)
  • Deadlock between Queue.maintain and Executor.interrupt (issue 28840)
  • Jenkins queue self-locking without apparent reason? (issue 28926)
  • Deadlock in hudson.model.Executor (issue 28690)
  • UnlabeledLoad.computeQueueLength() includes labeled jobs (issue 28446)
  • Job loading can be broken by a NPE in a build trigger (issue 27549)
  • post-build action statuses handling (issue 26964)

What's new in 1.609.1 (2015/05/29)

  • Concurrent build limits not honored on Jenkins 1.607 (issue 27708)
  • Division by zero in Executor.getProgress (issue 28115)
  • Channel listener onClose propagated exceptions (issue 28062)
  • Failed to instantiate class hudson.plugins.copyartifact.CopyArtifact when saving a job (issue 28011)
  • Block on upstream projects does not work (issue 27871)
  • Unhelpful log warning about stapler-class (issue 27918)
  • 404 on jenkins.plugins.nodejs.tools.NodeJSInstaller.json.html (issue 28093)
  • 1.610 “Failed to instantiate” error (issue 28110)
  • NPE from LoadStatistics$LoadStatisticsSnapshot$Builder.with (issue 28384)
  • Dropdowns display limited and scrollable (issue 27067)

What's new in 1.596.3 (2015/05/20)

  • Build history text field wrap fails when containing markup (issue 26406)
  • Maven build step fail to launch mvn process when special chars are present in build variables (issue 26684)
  • Hudson test case leaks temp folders (issue 4409)

What's new in 1.596.2 (2015/03/23)

  • JDK9 with jigsaw file layer is not detected as valid JDK (issue 25601)
  • First-time display with many Maven jobs blocked in FingerprintAction.compact (issue 19392)
  • Animated ball in job's build history widget won't open Console Output (issue 26365)
  • Reflected XSS (affects IE all versions and Safari) (SECURITY-177)
  • Large number of build parameters for pending jobs (e.g.gerrit triggered job) can cause unwieldy build history (issue 22311)
  • Infinite loop with crontab "H H(19-24) * * *" (issue 25897)
  • XSS in FormValidation._error(..., Throwable, ...) (SECURITY-171)
  • Run parameters should display in human readable form rather than build numbers (issue 25174)
  • arbitrary API Token change/leak via changeToken (SECURITY-180)

What's new in 1.596.1 (2015/02/28)

  • Job failure on remote node running JDK1.8 - java.lang.NoSuchMethodException: java.lang.UNIXProcess.destroyProcess(int) (issue 21341)
  • Download update center from master by default (issue 19081)
  • Unreliable slave Plugin will offline the slave or not? what’s the meaning of “try slave reconnect of put offline”? how to use the plugin? (issue 23568)
  • ArrayIndexOutOfBoundsException during Jenkins.doConfigSubmit; need XStream 1.4.6 (issue 18537)
  • "Given final block not properly padded" after deleting master.key after Java security update (issue 25937)

What's new in 1.580.3 (2015/01/27)

  • Basic Authentication in combination with Session is broken (issue 25144)
  • No wrap up(not in multiple lines) of too long list of slaves at label page (issue 25989)
  • FilePath.validateAntFileMask sucks up heap (issue 25759)
  • Unnecessarily slow & serialized I/O for top-level item loading in loadTasks (issue 25473)
  • AbstractLazyLoadRunMap.entrySet improperly cached (issue 25655)
  • Build health computed twice per job (issue 25074)
  • WARNING: hudson.model.FreeStyleProject@9a4e77f[...] did not contain ... #584 to begin with (issue 25788)
  • "Given final block not properly padded" after deleting master.key after Java security update (issue 25937)

What's new in 1.580.2 (2014/12/15)

  • Job owned by SYSTEM instead of creator when 'Setup after creation' used (issue 25400)
  • Missing build history moving a job when BuildDir is set to a custom location (issue 24825)
  • Manage->Cancel Shutdown requests POST method and even POST fails due to invalid crumb if CSRF protection is enabled (issue 23020)
  • Memory leak in ProgressiveRendering (issue 25081)
  • AbstractProject: makeDisabled() performs operations even if supportsMakeDisabled() is false (issue 24340)
  • Jenkins merges queued builds with the different file parameters (issue 19017)
  • quietDown reports HTTP 405 Method Not Allowed (issue 23942)
  • SSH slaves can block for a long time in NativePRNG (issue 20108)
  • ListView's ItemListener runs with user privileges, might miss affected views (issue 22769)

What's new in 1.580.1 (2014/10/29)

  • Jetty should be used rather than Winstone for embedded deployments (issue 18366)
  • Updating a WAR should unpin a plugin which is now older than the bundled plugin (issue 24046)
  • "unknown format type" on console output (issue 24614)
  • Wrong EOL (UNIX type: LF) in Windows batch files executed for build steps of type "Execute Windows batch command" (issue 7478)
  • hudson.cli.util.ScriptLoader lets you read any file from the master with a variant of SECURITY-145 (SECURITY-147)
  • RemotingDiagnostics based variant of SECURITY-145 (SECURITY-146)

What's new in 1.565.3 (2014/10/01)

  • Plugin code can be downloaded by anyone with Overall/Read (SECURITY-155)
  • Stored passwords can be read out from build with parameters page (SECURITY-138)
  • Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2 as included with Jenkins (SECURITY-149)
  • Unauthenticated users can make Jenkins behind Apache unresponsive (SECURITY-87)
  • Users with limited Job/Configure can replace other jobs they have no access to (if they know the name) (SECURITY-128)
  • CLI calls are causing file descriptor leaks. (issue 23248)
  • Users with limited Job/Configure can change the kind of job via CLI, getting access to denied job types (SECURITY-127)
  • Test result trend breaks lazy-loading (issue 23945)
  • Unable to kill a job which is running (issue 17667)
  • XSS weakness in load-statistics (SECURITY-143)
  • Job is removed from ListView after rename (issue 23893)
  • set-build-result and set-build-parameter do insufficient checks (issue 24080)
  • Missing no-sniff header (SECURITY-122)
  • Directory traversal (SECURITY-131)
  • "incompatible InnerClasses attribute" error in IBM J9 VM (issue 22525)
  • Arbitrary file system write via DiskFileItem deserialization (SECURITY-159)
  • Missing SecureFlag cookie (SECURITY-120)
  • Prevent (private security realm) usernames from being guessed (SECURITY-79 redux!) (SECURITY-110)
  • Deadlock in OldDataMonitor (issue 24358)
  • RemoteInvocationHandler.RPCRequest allows invoking any method on an exported object event those not exposed by the exported interface (SECURITY-150)

What's new in 1.565.2 (2014/09/03)

  • Jenkins needs to check whether the war's directory is writeable before offering to upgrade (issue 23683)
  • AbstractLazyLoadRunMap.iterator() calls .all() (issue 18065)
  • Jenkins no longer kills running processes after job fails (issue 22641)
  • HTTP error 405 when trying to restart ssh host (issue 23094)
  • Run.delete (from LogRotator) failing with "...looks to have already been deleted" (issue 22395)
  • file name encoding broken in zip archives (issue 20663)
  • Kill win32 processes from win64 JVMs (issue 23410)

What's new in 1.565.1 (2014/07/30)

  • Queue.maintain does disk I/O via PeepholePermalink.resolve (issue 22822)
  • “Form too large” errors submitting view configurations with many jobs (issue 20327)
  • NPE on plugin install (issue 20031)
  • Link to the console output missing in popup when log >200Kb (issue 14264)
  • Parameters: NPE in canTake() procedures may kill all executors (issue 15094)
  • NPE from AbstractBuild$AbstractBuildExecution.run (issue 23277)
  • broken ProjectNamingStrategy Extension (issue 23127)
  • Move DecoratedLauncher from the custom-tools plugin to the Jenkins Core (issue 19454)
  • hudson.Launcher:ProcStarter::envs() may throw NPE (issue 20559)
  • Resource leak in hudson.model.FileParameterValue (issue 22693)
  • ReverseBuildTrigger.threshold not consistently saved (issue 23191)
  • AccessRestriction on SecurityListener methods (issue 23417)
  • After deleting folder, get 404 (issue 23375)
  • email-ext plugin doesn't handle tokens when slave has gone offline: IAE from AbstractProject.getEnvironment (issue 23517)
  • Jenkins cannot restart Windows service (issue 22685)
  • Rules for showing/hiding SCMTrigger.pollingThreadCount option are broken (issue 22934)

What's new in 1.554.3 (2014/06/30)

  • Queue.maintain does disk I/O via PeepholePermalink.resolve (issue 22822)
  • Non-recursive ListViews unnecessarily call owner.getAllItems in getItems (issue 22720)
  • SSH slave connections die after the slave outputs 4MB of stderr, usually during findbugs analysis (issue 22938)
  • Jenkins cannot restart Windows service (issue 22685)

What's new in 1.554.2 (2014/05/30)

  • Don't ask for confirmation when it doesn't make any sense (issue 21720)
  • On a configure screen that has multiple groups of radio buttons, clicking the apply button clears all but the last radio group selection (issue 22570)
  • Optimize creation of relative links to jobs (issue 18364)
  • Jenkins asks for confirmation before leaving edited 'View Configuration' page (issue 20597)
  • OutOfOrderBuildMonitor fails to correct builds with duplicate number (issue 22631)
  • Computer does not exist returns NPE (issue 21999)
  • Last build of project reloaded when project asked for later build (issue 22681)
  • After clicking 'Apply' at least once, 'Save' opens a new window (issue 20245)
  • hetero-radio should work with multiple instances of the same ui (issue 22583)
  • Cannot submit configuration after removing groovy step (issue 22582)
  • No autocompletion and NullPointerException when using 'Copy Existing Job' (issue 22142)

What's new in 1.554.1 (2014/04/30)

  • NPE if trying to install a plugin from the update center and either the update source or the plugin contains a '.' in its name (issue 22080)
  • Download update center from master by default (issue 19081)
  • OutOfMemory due to unbounded storage in OldDataMonitor (issue 19544)
  • Very slow resource loading from UberClassLoader (issue 21579)
  • Jetty exploding war to /tmp is a bad idea (issue 22442)
  • Performance issue with search box (issue 21969)
  • ArrayIndexOutOfBoundsException during Jenkins.doConfigSubmit; need XStream 1.4.6 (issue 18537)
  • NullPointerException when trying to mark slave temporarily offline (issue 21875)
  • Build queue is not filtered after progress updated (issue 20500)
  • copy-job permission checks wrong (issue 22262)

What's new in 1.532.3 (2014/04/11)

  • Replace description in error dialog instead of appending (issue 21457)
  • NPE from xstream.core.JVM.isOpenJDK (issue 21183)
  • WorkspaceCleanupThread does not handle folders (issue 21023)
  • Copy Artifact's fingerprinting creates second hudson.tasks.Fingerprinter_-FingerprintAction section with just the artifacts copied (issue 17606)
  • /login offers link to /opensearch.xml which anonymous users cannot retrieve (issue 21254)
  • Miscellaneous exceptions in config.xml can prevent entire job from loading (issue 21024)
  • Jobs named "." can be created, but not built, configured, accessed, ... (issue 21639)
  • DirectoryBrowserSupport.buildChildPaths does quadratic number of calls to check whether entries are directories (issue 21780)
  • ZIP file download generates corrupt zip file (issue 20345)
  • Update credentials plugin to 1.9.4 (issue 21820)
  • Apply button does not work in IE Compat View (issue 19826)
  • Deadlock while parallel deletion/rename of jobs (issue 19446)

What's new in 1.532.2 (2014/02/14)

  • CannotResolveClassException breaks loading of entire containing folder, not just one job (issue 20951)
  • Default markup formatter permits offsite-bound forms (SECURITY-88)
  • Using jenkins-cli connecting to HTTPS port fails due to hostname mismatch in certificate (issue 12629)
  • ApiTokenFilter does not check that the user actually exists (SECURITY-89)
  • HTTP two-way remoting does not work (jenkins-cli.jar without JNLP) (issue 20128)
  • Slave launcher fails after NoClassDefFoundError: Could not initialize class jenkins.model.Jenkins$MasterComputer (issue 19453)
  • StreamCorruptedException (issue 8856)
  • UI Redressing/ClickJacking (SECURITY-80)
  • Fail to run 'groovysh' in CLI due to insufficient permission (issue 17929)
  • Loading projects too slow because of File.isDirectory calls (issue 21078)
  • HTML metacharacters not escaped in log messages (issue 20800)
  • Channel's executorService's pool should have a name (issue 19004)
  • ListView.expand throws ClassCastException: … cannot be cast to hudson.model.TopLevelItem (issue 20415)
  • Stored XSS (SECURITY-74)
  • Session Fixation (SECURITY-75)
  • /heapDump offered to anyone with ADMINISTER (SECURITY-73)
  • Username Guessing/Enumeration (SECURITY-79)
  • RingBufferLogHandler throws ArrayIndexOutOfBoundsException after int-overflow (issue 9120)
  • Iframe Injection (SECURITY-76)
  • Reflected XSS in Cookie (SECURITY-77)
  • l:breakable mishandles HTML metacharacters (issue 20928)
  • Start JNLP slave ignores jar-cache flag (issue 20093)
  • Stored passwords can be read out from UIs with password fields (SECURITY-93)
  • Too many open files upon HTTP listener init or shutdown (issue 14336)
  • Extension point for secure users of Api (issue 16936)
  • 'Apply' error screens don't work (issue 20772)
  • Workspaces seem to be removed prematurely on concurrent jobs (issue 10615)
  • Job creators are able to edit or destroy the system configuration via the CLI (SECURITY-108)
  • Disable\Delete "Remember me on this computer" check box in login screen (issue 15757)
  • SECURITY-55 fails if downstream project not visible (SECURITY-109)
  • Builds disappear some time after renaming job (issue 18678)
  • Use RunAction2 from TestResultAction (issue 18410)
  • java.lang.NoClassDefFoundError: sun/net/www/protocol/jar/JarURLConnection (issue 20163)
  • Remote code execution via xstream deserialization in XML API (SECURITY-105)
  • Jenkins on winstone vulnerable to session hijacking (SECURITY-106)
  • Jenkins allows anonymous access if the Authorization Strategy can't be loaded (SECURITY-107)
  • you cannot use the cli without giving Overall read to Anonymous (issue 8815)

What's new in 1.532.1 (2013/11/25)

  • Collecting findbugs analysis results occasionally causes ssh slave to go offline causing job to abort (issue 19619)
  • Bytecode compatibility transformer mistakenly corrupts org.apache.ivy.core.settings.IvySettings.triggers (issue 19383)
  • Functions.globalIota overflow (issue 20085)
  • Upgrade bundled versions of credentials, ssh-credentials and ssh-slaves plugins (issue 19945)
  • /me/my-views/editDescription may be used by any user to set global description (issue 18633)
  • Missing base directory in ZIP from .../artifact/dir/subdir/*zip*/subdir.zip (issue 19947)
  • After deleting last build, next build of last build is zombie (issue 19920)
  • Upgrade error to 1.531: PROXY_HEADER is null (issue 19613)
  • Upgrade bundled versions of credentials and ssh-slaves so we can assume available (issue 20071)
  • Collecting finbugs analysis results randomly fails with exception (issue 18879)
  • ViewJobFilter.filter expect "All jobs that are possible." but don't get recursive ones (issue 20143)
  • Download build artifacts as zip generates a corrupted file (issue 19752)
  • Jenkins redirecting from https to http (issue 10675)
  • java.io.IOException: Unexpected termination of the channel (issue 18836)
  • When installing a plugin and the needed dependencies have compatibility issues, warn the user (issue 19739)
  • Installing a plugin with optional dependencies doesn't upgrade the optional dependencies when needed (issue 19736)
  • After upgrade from 1.519 to 1.526 -> NumberFormatException occurs during maven 3 build (issue 19251)

What's new in 1.509.4 (2013/10/09)

  • Configurable loggers should capture messages on slaves (issue 18274)
  • @RequirePOST and similar should send a 405 (issue 16918)
  • Using jenkins-cli connecting to HTTPS port fails due to hostname mismatch in certificate (issue 12629)
  • [XStream] ConcurrentModificationException from DefaultConverterLookup (issue 18775)
  • @QueryParameter with @RelativePath broken (issue 18776)
  • fingerprint are truncated (issue 19515)
  • Environment variable replacement/resolving (issue 16660)
  • failed to archive slave artifacts. Unexpected end of ZLIB input stream (issue 19473)
  • winstone.ClientSocketException: Failed to write to client (issue 10524)
  • /log/all polluted with FINE* messages from other loggers (issue 18959)
  • Incorrect redirect after editing view with Unicode name (issue 18373)
  • Flyweight jobs and zero executors (issue 7291)
  • ERR_CONTENT_DECODING_FAILED on Custom Views with Project-based Matrix Authorization (issue 15437)
  • Buttons do not work in IE 11 (issue 19171)
  • CLI login command fails on Windows (issue 19192)
  • Problems with "Latest Test Result" and "Aggregated Test Result" links (issue 9637)
  • Exception while trigger downstream projects (issue 17247)
  • Maven 2 jobs fail (exception in MavenFingerprinter) (issue 18441)
  • Outdated JRuby libs (issue 14351)
  • Deadlock (issue 18589)
  • When copying folder, display names of contained jobs are gratuitously cleared (issue 18074)
  • Incorrect redirection after delete of job in folder in view (issue 17575)
  • Javadoc project action yields HTTP 404 (issue 19168)
  • Memory exhaustion parsing large test stdio from Surefire (issue 15382)
  • With lazy-build loading estimated build duration may become expensive (issue 18196)
  • Can't build using maven 3.1.0 (issue 15935)
  • Cannot create a custom logger matching any namespace (issue 17983)
  • Clean up fingerprint records that correspond to the deleted build recods (issue 18417)
  • "projects tied to slave" shows unrelated maven module jobs (issue 17451)
  • hudson.security.AccessDeniedException2: anonymous is missing the Administer permission (issue 15578)
  • ”My Views" links leads to 404 Not Found (issue 17317)
  • Some jobs not loaded after jenkins restart: java.lang.NoSuchFieldError: triggers (issue 18677)
  • New lazy loading permalinks can break job.lastStableBuild != null => job.lastSuccessfulBuild != null (issue 18846)

What's new in 1.509.3 (2013/09/09)

  • Standalone install does not work with Apache + mod_proxy_ajp + SSL (issue 5753)
  • Reload configuration from disk no longer works after upgrade to Jenkins 1.512. (issue 17977)
  • Build Now link on MultiJob page doesn't work (issue 16974)
  • Add descriptions for custom tools (issue 18771)
  • Lazy loading causes massive delays after a period of inactivity when loading dashboard (issue 16023)
  • NPE running matrix job (issue 18024)
  • LastSuccessful and LastStable symlinks are invalid under Windows (issue 17681)
  • IllegalStateException from MavenProject.getParent can break MavenFingerprinter.recordParents (issue 17775)
  • NPE (isEmpty) from main.groovy (issue 15309)
  • DependencyClassLoader#getTransitiveDependencies returns disabled plugins (issue 18654)
  • parameter description don't use MarkupFormatter (issue 18427)
  • Incompatible signature change in 1.489: AbstractProject.doBuild (issue 18356)
  • Display Name is not shown (issue 17715)
  • Fingerprint throws exceptions on 1.518 (issue 18337)
  • FingerprintAction deserialization leads to NPE (issue 17125)
  • update view via REST API doesn't work (issue 17302)
  • MavenModuleSetBuild.getResult is expensive (issue 18895)
  • Builds disappear from jobs - hudson.util.IOException2: Invalid directory name - java.text.ParseException: Unparseable date: "39" (issue 15587)
  • Outdated JRuby libs (issue 14351)
  • Fingerprint performance (issue 16301)
  • 10,000+ jobs tied to a label make Node index page unusably unresponsive (issue 18660)
  • "Delete Project" link fails with 403 Exception: No valid crumb was included in the request (issue 18032)
  • Manually uploaded plugins are incorrectly unpacked (issue 4543)
  • Decorated Launcher Does Not Maintain "isUnix" for RemoteLauncher (issue 18368)
  • Test harness packs copies of Maven into plugin archive (issue 18918)
  • All Maven 2 builds fail with java.lang.NoSuchMethodError DigestUtils.md5Hex (issue 18178)

What's new in 1.509.2 (2013/06/27)

  • Quoting Issue with JDK Installer with Windows Slave (issue 5408)
  • /about no longer shows third-party licenses (issue 17724)
  • Failed to instantiate class hudson.plugins.copyartifact.CopyArtifact (issue 17402)
  • ArrayIndexOutOfBoundsException from AbstractLazyLoadRunMap.search (issue 15652)
  • Dashboard web pages don't render correctly in Chrome because of bad cache/session (issue 17684)
  • NPE from MatrixConfiguration.newBuild (issue 17728)

What's new in 1.509.1 (2013/05/01)

  • FilePath.installIfNecessaryFrom routes download over remoting channel (issue 17330)
  • Add 'Are you sure' on Reload configuration from disk (issue 15340)
  • MavenAbstractArtifactRecord.doRedeploy should require POST (SECURITY-69)
  • Hover-over "Build Now" broken for parameterized jobs: "This page expects a form submission" (issue 17110)
  • XSS issue, where an internal attacker can cause a remote stylesheet to be loaded and containing scripts executed. (SECURITY-67)
  • CVE-2013-1808 stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer (SECURITY-71)
  • Jenkins.doEval checks ADMINISTER rather than RUN_SCRIPTS; doScript CSRF (SECURITY-63)
  • Jenkins is no more WinXP compliant : CreateSymbolicLinkW is not available (issue 17343)

What's new in 1.480.3 (2013/02/15)

  • "Remember me on this computer" does not work, cookie is not accepted in new session (issue 16278)
  • Slow/hung web UI in 1.483+ (stuck in parseURI) (issue 16474)
  • Failure to delete old config files during rekeying on Windows (issue 16319)
  • NoClassDefFoundError on Base64 when launching an headless slave with -jnlpCredential option (issue 9679)
  • Loading asynchPeople calls (synch) People constructor (issue 16397)
  • Jenkins briefly displays build queue and then it disappears until the page is reloaded (issue 15335)
  • View.hasPeople too slow to use in sidepanel.jelly (issue 16244)
  • XSS (SECURITY-46)
  • File parameter causing data lost after Jenkins restart (issue 13536)

What's new in 1.480.2 (2013/01/06)

  • The master key that was protecting all the sensitive data in $JENKINS_HOME was vulnerable. (SECURITY-49)

What's new in 1.480.1 (2012/11/17)

  • FilePath.validateAntFileMask too slow for /configure (issue 7214)
  • java.io.InvalidClassException (issue 14667)
  • Log recorders do not work reliably (issue 15226)
  • Invalid JSON is produced during remote api operations when a changeSet contains duplicate keys. (issue 13336)
  • Header manipulation (CrLf) – open redirect vulnerability in "j_acegi_security_check" (SECURITY-44)
  • Memory exhaustion parsing large test stdio from Surefire (issue 15382)
  • Persistence XSS vulnerability in build's decription (SECURITY-43)
  • Header manipulation (CrLf) – open redirect vulnerability in Work Space (SECURITY-45)

What's new in 1.466.2 (2012/09/13)

What's new in 1.466.1 (2012/07/23)

  • A current active build in the build history is lost if the job configuration XML uploaded (issue 12318)
  • UnprotectedRootAction doesn't work for /github-webhook/ (issue 14113)
  • ERR_CONTENT_DECODING_FAILED returned on testResults and console output after Jenkins reload (issue 13625)
  • Cannot parse coverage results Premature end of file. (issue 11251)

What's new in 1.447.2 (2012/06/11)

  • Guice injector failure can cause failure of whole Jenkins (issue 13448)
  • Jenkins runs out of file descriptors (winstone problem) (issue 9882)
  • Parsing of POM happens before SNAPSHOT-Parents are updated (issue 8663)
  • Loading All Build History Fails (issue 13238)

What's new in 1.447.1 (2012/03/28)

  • File handle leak in serving static files (issue 13097)
  • LDAP config error (issue 8152)
  • jenkins running in Tomcat doesn't initalize slf4j properly (issue 12650)
  • java.lang.NoClassDefFoundError: org.slf4j.impl.StaticLoggerBinder (issue 12446)
  • Remote call on CLI channel from [ip] failed (issue 12302)
  • jenkins does not start in jboss container (issue 12334)

What's new in 1.424.6 (2012/03/06)

What's new in 1.424.5 (2012/03/05)

What's new in 1.424.4 (2012/03/05)

What's new in 1.424.3 (2012/02/27)

What's new in 1.424.2 (2012/01/10)

  • Viewing large console logs with timestamper plugin cause Jenkins to crash (issue 9349)
  • Maven3 parallel build fails with java.util.ConcurrentModificationException in Jenkins (issue 11256)
  • Jenkins PID changes after restart (issue 11742)
  • Running Jenkins with the bundeled Winstone is succeptible to the hash table attack http://www.ocert.org/advisories/ocert-2011-003.html (SECURITY-22)

What's new in 1.424.1 (2011/11/30)

  • JDKInstaller fails with OutOfMemory exception (issue 10689)
  • XSS in Winstone (SECURITY-17)
  • Tools download does not appear to respect proxy settings (issue 5271)
  • Builds fail in JUnit test archiving (since 1.416) if specifying JDK other than the container (issue 10030)
  • Update Json File Signature Error (issue 11110)
  • SSH public key based CLI authentication added in 1.419 is broken in 1.421+ (issue 10647)
  • JSONException (issue 7034)
  • Jenkins 1.427 doesn't work on AIX (issue 10810)
  • Maven assembly plugin fails (issue 8837)
  • SNAPSHOT dependency detection not working for plugins anymore (issue 10530)
  • Proxy settings arent used by JDK-downloader (issue 10634)

What's new in 1.409.3 (2011/11/08)

  • XSS in Winstone (SECURITY-17)

What's new in 1.409.2 (2011/09/12)

  • Failure in test class constructor or @Before method is not reported (was: Maven plugin doesn't set build to unstable on SurefireExecutionException) (issue 6700)
  • truncation or corruption of zip workspace archive from slave (issue 9189)
  • testSaturation-fork remoting test hangs (issue 8703)
  • Race condition in creating fingerprints for artifacts (issue 10346)
  • Slave-Squatter + Heavy-Job plugin causes many executor threads to die (issue 8882)
  • Auto Install JDK asks for Oracle account, but the link goes 404 (issue 10556)

What's new in 1.409.1 (2011/06/06)

  • Deadlock when upstream and downstream jobs are blocked on each other (issue 8929)
  • sporadic : ClassCastException for Maven Pom parsing phase on node (issue 9017)
  • Jenkins 1.399: java.lang.UnsupportedClassVersionError: Bad version number in .class file using JmDNS 3.4.0 (issue 8914)
  • Raw HTML codes are displayed since 1.407 (issue 9426)
  • Access to api/json on second level view fails (issue 9367)
  • NULLPOINTER exception on build 1.395 when saving configuration (issue 8866)
  • "java.io.IOException: Bad file descriptor" when file copied from slave (issue 7871)
  • Block when Downstream breaks Block when Upstream (issue 8968)
  • Remember me box doesn't work with unix groups (issue 9094)