Changelog

Legend:
  • security fix
  • major bug fix
  • bug fix
  • major enhancement
  • enhancement
Community feedback:

What's new in 2.151 (2018-11-11)

  • Add a new CLI command disable-plugin to disable one ore more installed plugins and optionally restart Jenkins. (issue 27177)
  • Add new category Languages to the plugin wizard, which automatically installs available localization plugins based on browser language. (pull 3626)
  • Update Windows Agent Installer from 1.9.2 to 1.9.3 to reduce remote class loading when not actually using Windows. (pull 3723Windows Agent Installer changelog)
  • Avoid Premature EOF error when using the shutdown CLI command. (issue 49196)
  • Prevent Stream is closed error in case a CLI command finishes before the input is entirely read. (issue 54310)

What's new in 2.150 (2018-11-04)

    No notable changes in this release.

What's new in 2.149 (2018-10-28)

  • Do not submit telemetry if there's no relevant data. (issue 54137)
  • Use per-trial correlation IDs for telemetry submissions. (issue 54136)
  • Fix concurrency bug that caused requests to hang since 2.147. (issue 54135)
  • When using elastic agents (clouds), agent JVMs could be incorrectly relaunched and never terminated. (pull 3701)

What's new in 2.148 (2018-10-21)

What's new in 2.147 (2018-10-14)

What's new in 2.146 (2018-10-10)

What's new in 2.145 (2018-10-07)

  • Migrate all Simplified Chinese translations into Localization: Chinese (Simplified) Plugin. Jenkins (core) now no longer contains Simplified Chinese translations. (pull 3667)
  • Prevent NullPointerException on restart with an undefined update site URL. (issue 31448)
  • Fix problems with update center metadata signature check on Java 11. (issue 53710)
  • The initial visibility of nested groups of radio buttons did not accurately reflect the current values. (issue 48516)
  • New JENKINS_USER_ID and JENKINS_API_TOKEN environment variables can be used to configure the CLI authentication. (issue 53792)
  • Minor improvements to reduce minimum memory footprint for Jenkins, especially around update center & plugin metadata. (pull 3654)
  • Developer: Add overridable Queue.Task#getAffinityKey() to allow consistent hashing for Pipeline builds in the future. (issue 36547)
  • Developer: ConsoleAnnotatorFactory mishandled its type parameter, effectively forcing all implementations to use Object or raw types. (pull 3662)
  • Internal: Update META-INF/services generator from 1.4 to 1.8 to fix compilation on JDK 10+. (issue 52024META-INF/services generator)
  • Internal: Update Parent POM to 1.49 to make the build flow compatible with Java 11. (Parent POM changelog)

What's new in 2.144 (2018-09-30)

  • Update jnr-posix to 3.0.45 to prevent Illegal Reflective access warnings when running with Java 11. (issue 46725)
  • Update Remoting from 3.26 to 3.27 to eliminate a potential deadlock. (Full changelogissue 53569)
  • Prevent process termination failure when ProcessKiller extension fails with NoClassDefFoundError. (issue 53593)
  • Remove unreliable action caching in views so that plugins installed after Jenkins startup can contribute to the UI. (issue 53353)
  • Update Unix process management logic to support Process Tree termination when running with Java 11. (issue 46523)
  • Developer: Introduce getPlatform() and setPlatform() methods in hudson.EnvVars. (issue 53721)
  • Developer: Introduce new hudson.Util#fixNull(value, defaultValue) method. (pull 3656)

What's new in 2.143 (2018-09-25)

  • Hyperlinks in build logs for builds run using Jenkins 2.138 or older were not displayed correctly in newer versions of Jenkins. As a side effect of this fix, build logs created with Jenkins between 2.139 and 2.142 (inclusive) will lose the hyperlink metadata. (issue 53729)
  • Update Groovy from 2.4.11 to 2.4.12 to pick up fixes towards Java 11 support. (issue 52019Groovy 2.4.12 changelog)
  • Add extensibility mechanism for anonymous usage statistics with initial implementation collecting information about applied security fix escape hatches. (JEP-214)
  • Fix a thread safety issue when creating multiple nodes in parallel. (issue 53401)
  • Developer: Add Telemetry extension point. (JEP-214)
  • Developer: Update PowerMock and Mockito to versions compatible with Java 11. (issue 53693)
  • Internal: Incorrect API signatures on some classes performing custom deserialization. (issue 53608)
  • Internal: Update sezpoz from 1.12 to 1.13 to enable building plugins with JDK 11. (issue 52024)

What's new in 2.142 (2018-09-20)

  • Improve robustness when search items don't specify a display name. (issue 50795)
  • Certain kinds of errors in build console display were being suppressed and ANSI escape sequences displayed instead. (pull 3612)
  • Further improvements to not show scroll bar prematurely on long build display names in the sidepanel builds widget. (pull 3601)
  • Developer: Make HashedToken and ApiTokenStore Serializable. (issue 53561)

What's new in 2.141 (2018-09-02)

  • Update Winstone-Jetty from 4.4 to 5.0 to fix HTTP/2 support and threading problems on hosts with 30+ cores. (issue 53239issue 52804issue 51136issue 52358)
  • Update Remoting from 3.25 to 3.26 to remove some unhelpful warnings. (issue 42533issue 52945)
  • Wait up to two minutes for process termination before killing it (typically when aborting a build). (issue 17116)
  • Reduce logging level of restart and shutdown related notifications from SEVERE to INFO. (issue 53282)

What's new in 2.140 (2018-08-26)

  • A configured quiet period was interpreted as milliseconds, instead of seconds. (Regression in 2.82) (issue 48770)

What's new in 2.139

2.139 was not properly released, so only the corresponding Git commits exist.
  • Allow use of the console command with Job/Read permission. (issue 52181)
  • Upgrade libpam4j from 1.8 to 1.11. (issue 53055)
  • CLI command enable-plugin -restart will no longer restart Jenkins if no plugins were actually enabled. (issue 52950)
  • Nested f:repeatable/f:repeatableProperty form elements inherited minimum when they shouldn't. (issue 37599)
  • Build logs were not displayed correctly when they contained hyperlinks whose link text contains newline characters. (issue 53016)
  • Developer: Add support for the @PostConstruct lifecycle method annotation. (issue 52818)
  • Developer: Add interface PersistentDescriptor that allows implementing Descriptors to skip explicit calls to load(). (issue 52818)

What's new in 2.138 (2018-08-15)

What's new in 2.137 (2018-08-12)

  • Do not show scroll bar prematurely on long build display names in the sidepanel builds widget. (pull 3576)
  • Developer: Downgrade errors about plugin dependency version mismatches to warnings when Maven snapshot versions are involved. Typically only relevant for developers, especially when using incrementals. (issue 52665)
  • Internal: Update parent POM. Jenkins now requires Maven 3.5.4 or newer to build. (pull 3567)

What's new in 2.136 (2018-08-05)

  • Add a new CLI command enable-plugin to enable one or more installed plugins and optionally restart Jenkins. (issue 52822)
  • Update JNA from 4.2.1 to 4.5.2 to add support for s390x, update GNU C minimal requirement to 2.7 on Unix platforms. (issue 52771)
  • Some types of builds, like pipelines, would sometimes run concurrently even when that was disabled. (issue 41127)
  • Legacy API token monitoring did not work correctly for users with id null. (issue 52441)
  • Launcher.ProcStarter.stdout(TaskListener) did not properly send its argument over a Remoting channel to an agent. (issue 52729)
  • Developer: Add EnvironmentVariablesNodeProperty#getEnv() for better Configuration-as-Code support. (issue 52794)

What's new in 2.135 (2018-07-29)

  • Some deserialization rejections are now logged on WARNING log level, instead of only on FINER. (issue 51666)
  • Prevent warnings about deserialization of hudson.model.ParametersDefinitionProperty$1. (issue 50457)
  • Developer: Make Jenkins#getInstallState and Jenkins#setInstallState(…) available to plugins. (issue 52718)

What's new in 2.134 (2018-07-22)

What's new in 2.133 (2018-07-18)

What's new in 2.132 (2018-07-15)

  • Don't log warnings when SHA-256 checksums are provided (but SHA-512 are not) for plugin downloads. (pull 3546)
  • Whitelist java.time.Ser for use in XStream (XML serialization) and Remoting (agent communication). (issue 52534)
  • Don't fail to archive artifacts when attributes cannot be preserved, instead log a message and proceed without preserving attributes (regression in 2.120). (issue 52325)

What's new in 2.131 (2018-07-08)

  • Add support for Zip files larger than 4 GB (Zip64). (issue 52356)
  • Developer: Remove hudson.FilePath#copyFromRemotely(URL) Beta API. (issue 52417)

What's new in 2.130 (2018-07-01)

  • Check SHA-512 or SHA-256 checksums of update site and tool installer metadata and core and plugin downloads if the update site provides them. (pull 3356)
  • Improve API token metadata to be able to distinguish between API tokens created today, and whose creation date is unknown (legacy API tokens). (issue 52161)
  • Update Remoting from 3.22 to 3.23 to skip TCP Agent Listener port availability check when the -tunnel option is set (regression in Remoting 3.22 and Jenkins 2.129). (issue 52204)
  • Instances of some item types could not be renamed (regression in 2.110). (issue 52164)
  • Robustness: Don't break queue processing when the configured queue sorter throws exceptions. (issue 52159)
  • Update instance identity module from 2.1 to 2.2 to improve Java 11 compatibility. (issue 51965full changelog)

What's new in 2.129 (2018-06-24)

  • Replace single per-user API token with new system of multiple, revocable, unrecoverable API tokens with usage tracking. (issue 32442issue 32776blog post)
  • Dynamically loaded plugins now have any PeriodicWork/AperiodicWork extensions scheduled. (issue 28683)
  • Upgrade Bytecode Compatibility Transformer from 1.8 to 2.0-beta-2, upgrading ASM from 5.0.1 to 6.2 to improve support of Java 9+ runtimes. (issue 51837supported Java versions)
  • Upgrade Remoting from 3.21 to 3.22 to have agents check availability of the master's TCP Agent Listener port when connecting over TCP. (issue 51818Remoting 3.22 changelog)
  • Update Executable WAR from 1.40 to 1.41 to link the Jenkins Java support policy and to fix reflection warnings when running on Java 9+ (experimental support). (issue 51994issue 46622Executable WAR 1.41 changelogsupported Java versions)
  • Developer API: Remoting 3.22 now offers a new Channel#readFrom(Channel, byte[]) method for a standardized command deserialization from the channel. (issue 51841)

What's new in 2.128 (2018-06-18)

  • Redesigned login, signup, and Jenkins is (re)starting pages. Existing page decorators like Simple Theme Plugin will no longer work with these redesigned pages. (issue 50447announcement blog post)
  • The deprecated Jenkins CLI Protocol versions 1 and 2, and Java Web Start Agent Protocol versions 1, 2, and 3 have been disabled. If you still use these protocols (e.g. remoting-based CLI, or old slave.jars on agents), you need to re-enable these protocols after upgrade, or upgrade the clients. The same recommendations as in The 2.121.x upgrade guide for remoting changes apply here. (issue 48480)
  • Upgrade Winstone from 4.3 to 4.4 to update Jetty from 9.4.8.v20171121 to 9.4.11.v20180605. (pull 3497full changelogJetty 9.4.11 changelogJetty 9.4.10 changelogJetty 9.4.9 changelog)
  • Jenkins remote API: Export fingerprints for builds which do not derive from AbstractBuild, like Pipeline builds. (issue 51667)
  • Stop using deprecated com.google.common.io.NullOutputStream from Guava to avoid binary conflicts with plugins bundling newer Guava versions (regression in 2.127). (issue 51889)
  • Developer: Introduce SimplePageDecorator extension point, which allows decorating the redesigned login page. (announcement blog post)
  • Developer API: Prevent NullPointerException in SlaveComputer#setChannel(Channel,OutputStream,Channel.Listener) with null OutputStream. (issue 51955)
  • Developer API: StreamTaskListener#getCharset() now returns the default charset when it is not configured. (issue 51971)

What's new in 2.127 (2018-06-11)

  • Optional extensions are now loaded without requiring to restart Jenkins after installing an optional dependency. (issue 50336)
  • Update Remoting from 3.20 to 3.21 to apply logging enhancements and better no_proxy support. (issue 51223issue 50965issue 51551Remoting 3.21 changelog)
  • Add modification timestamp to files in directory browser views such as archived artifacts and workspaces. (issue 20998)
  • Improve diagnostics of corrupted plugin archives during plugin dynamic loading. (issue 51608)
  • Update Executable WAR from 1.39 to 1.40 to allow running Jenkins with incompatible (too new) Java versions by setting the --enable-future-java flag. (issue 51155Executable WAR 1.40 changelog)
  • Have the setup wizard propose a root URL ending with a slash as is necessary. (issue 51660)
  • Fix a potential deadlock between queue maintenance and asynchronous execution. (issue 46248)
  • Security hardening: Prevent files in tar archives from being written to a path outside the destination directory. (issue 51777)
  • If using the Artifact Manager on S3 plugin with the (non-default) option to delete artifacts, they were not deleted when the entire build was deleted. (issue 51819)
  • Prevent Enter resulting in a broken presentation of the setup wizard. (issue 51816)
  • Developer: PermissionGroups now expose their IDs to Java API. (issue 51598)
  • Developer: ComputerLauncher implementations can now set channels with a custom CommandTransport implementation. (issue 51541)
  • Developer/Internal: Remove use of a Guava method deleted in later versions, which could cause problems for plugins running functional tests. (issue 51779)

What's new in 2.126 (2018-06-03)

  • Robustness: A buggy ComputerListener#onConfigurationChange implementation should not block Jenkins startup. (issue 50217)
  • Diagnostics: Log stack traces in JEP-200 rejection messages when jenkins.security.ClassFilterImpl logging level is FINE or above. (issue 51355)
  • Copying Run parameters did not work as expected as RunParameterDefinition#copyWithDefaultValue called the wrong constructor. (issue 51650)
  • Actions created from a TransientActionFactory that got attached to an item in the queue are no longer persisted, which could previously lead to duplicate actions shown for builds. (issue 51584)
  • Do not attempt to disconnect offline computers for not responding. (issue 20272)
  • Restore implied dependency on JDK Tool Plugin from Apache HttpComponents Client 4 API Plugin to fix dependency problems. (issue 51483)
  • Fix behaviour of Advanced button when a section element is nested inside. (issue 14632)
  • Do not duplicate caller stack trace when FilePath#act fails. (issue 51082)
  • Developer: Make various form validation related attributes in Jelly form taglib explicitly available. (pull 3470)

What's new in 2.125 (2018-05-27)

  • Export path to agent file system root directory in remote API. (pull 3206)
  • Do not remove workspaces for projects with builds in progress. (issue 27329)

What's new in 2.124 (2018-05-21)

  • Fix release process issue that resulted in 2.123 not being properly released. (pull 3452)

What's new in 2.123 (2018-05-21)

A Maven issue prevented 2.123 from being properly released. Use 2.124 instead.

What's new in 2.122 (2018-05-14)

What's new in 2.121 (2018-05-09)

What's new in 2.120 (2018-05-06)

  • The Job/Build permission no longer implies the Job/Cancel permission. The latter needs to be granted explicitly to users who previously got it via this relationship. (issue 14713)
  • Fix issue preventing process killing vetoes being effective on agents. (issue 9104ProcessKillingVeto extension point implementations)
  • Allow additional administrative monitors to be dismissed directly from their warning messages. (pull 3416)
  • Make fingerprint logs less verbose. (issue 50412)
  • Be more lenient when validating the root URL (regression in 2.119). (issue 51064)
  • Archiving artifacts now preserves file permissions and last modification time. (issue 13128)
  • Don't extract files from plugin archives to outside their destination directory. (issue 32778)
  • Internal: Add support for incremental Maven releases. (JEP-305)
  • Internal: Further simplify storage of the Jenkins setup wizard’s installation state. (pull 3405)
  • Developer: Extend ClassFilterImpl#isLocationWhitelisted Maven-oriented exclusions to plugin under test during Gradle builds. (issue 51062)

What's new in 2.119 (2018-04-25)

  • Ensure as much as possible that the Jenkins root URL is defined by adding a new setup wizard page and an administrative monitor. (issue 31661)
  • Default Crumb Issuer proxy compatibility can be enabled on first startup by setting the system property jenkins.model.Jenkins.crumbIssuerProxyCompatibility to true on startup. (issue 50767Jenkins features controlled by system properties)
  • Remove the options to define custom Build Record Root Directory and Workspace Root Directory on the Configure System form to prevent unexpected failures during runtime. Instead, these locations can now be customized using system properties on startup. (issue 50164Jenkins features controlled by system properties)
  • Whitelist java.util.EnumMap and org.jruby.RubyNil for use in XStream (XML serialization) and Remoting (agent communication). (issue 50939issue 50616)
  • Developer: Add a new overload for HttpResponses#errorJSON. (pull 3082)

What's new in 2.118 (2018-04-18)

  • Update Remoting from 3.19 to 3.20 in order to refresh the code signing certificate. (pull 3398full changelog)
  • Update WinP from 1.25 to 1.26 to fix loading of WinP libraries on Windows inside Weblogic web container. (issue 48347full changelog)
  • Developer: JEP-202: Extend VirtualFile API to streamline external artifact storage. API additions are marked beta and may change at any time. (JEP-202pull 3302)

What's new in 2.117 (2018-04-15)

What's new in 2.116 (2018-04-11)

What's new in 2.115 (2018-04-08)

  • Sort nodes matching labels on UI. (issue 25910)
  • Internal: Run threadPoolForRemoting threads in the context of the SYSTEM user to be consistent with executor threads. (issue 50296)
  • Developer: Add new overloads for HttpResponses#errorJSON. (pull 3379)

What's new in 2.114 (2018-04-01)

  • Introduce hudson.triggers.SafeTimerTask.logsTargetDir system property to write logs usually written to $JENKINS_HOME/logs to another location. (issue 50291)
  • Update Executable War from 1.38 to 1.39 to remove an irrelevant warning on Jenkins startup. (issue 50439)
  • Make Cancel Shutdown link in side panel work without requiring the page to be reloaded. (issue 44402)
  • Prevent f:combobox input fields from breaking customized form submission handlers. (issue 21613)
  • Fix a race condition in the Setup Wizard that could lead to it being skipped on the first startup when groovy scripts or init scripts are pre-installed. (issue 49401)
  • Internal: Minimize visibility of readResolve methods. (pull 2567)

What's new in 2.113 (2018-03-25)

  • Update Remoting from 3.18 to 3.19 so that Jenkins core can always deserialize exceptions even if they're not whitelisted. To benefit from this improvement, Remoting needs to be updated on the agent side as well. (issue 50237issue 49618full changelog)
  • JEP-200: Whitelist org.apache.tools.ant.Location to prevent deserialization exception when listing agent files in non-existent directory or invalid filter. (issue 50237)
  • Prevent some cases of linkage errors relating to Servlet classes when code is run on an agent. (issue 46386)
  • Allow users without Overall/Read access to use the who-am-i and logout commands. (issue 50324)
  • Show more entries in the search results dropdown and search results page. (issue 47020)

What's new in 2.112 (2018-03-18)

  • Install from java.sun.com installation method for JDK tools has been moved to a new JDK Tool Plugin. (issue 22367)
  • Update Remoting from 3.17 to 3.18 in order to apply various performance and diagnosability improvements, such as logging warnings when anonymous classes are serialized over a Remoting channel. (issue 49415issue 49472issue 48561issue 49994)
  • Allow use of lists of options as provided by the Pipeline snippet generator for choice parameters. (issue 26143)
  • Restore serialVersionUID of AbstractTaskListener (regression in 2.91). (issue 50124)
  • Use case-insensitive autocompletion for item selection dialogs if the current user prefers case-insensitive search (issue 38812)
  • Better autocompletion for loggers supporting multiple tokens and proposing useful parent loggers. (pull 3345)
  • Internal: Move "Submit" button localization from various forms to the button control. (pull 3319)

What's new in 2.111 (2018-03-11)

  • Pipeline builds could not be started if the Authorize Project plugin was configured to associate the build with a user to whom the authorization strategy was configured to deny Agent/Build permission on the master node. (issue 46652)
  • Reduce memory footprint of jenkins.model.lazy.AbstractLazyLoadRunMap#search in descending order. (issue 50056)
  • Update Executable War from 1.37 to 1.38 to show an error when an attempt is made to run Jenkins on Java 9. (issue 49737full changelog)
  • Display estimated remaining time again for Pipeline jobs (regression in 2.92). (issue 48821)
  • Revert update of PrototypeJS in 2.110 due to regression. (issue 49968)
  • Do not show an error message when renaming an item before changing the name. (issue 49906)
  • Improve robustness in case a build with parameters was stored with a null list of parameters. (issue 39495)
  • Setup wizard did not properly display form validation errors in "Create First Admin User" form. (issue 45387)
  • Prevent FileNotFoundException in hudson.Util#loadFile in case of race condition. (issue 49971)
  • Ignore misplaced config.xml file directly in users/ directory. (issue 32599)
  • Developer: Introduce hudson.util.TextFile#linesStream for file stream processing with proper error propagation. (pull 3211pull 3340)
  • Internal: Choose more mnemonic artifactIds for modules not consumed externally. (pull 3311)

What's new in 2.110 (2018-03-05)

  • It is no longer possible to rename jobs from their configuration page. Jobs now have a link in the side panel titled "Rename" that links to a page specifically dedicated to renaming jobs. (issue 22936)
  • Show the "Add" button in lists of tool installations also on the top. (issue 43581)
  • Add ConcurrentLinkedQueue to white-listed classes for use in XStream (XML serialization) and Remoting (agent communication). (issue 49788)
  • Issue warnings to the system log when attempts are made to use classes with unpredictable names and serial forms (such as anonymous classes) in Remoting or XStream (de)serialization. (issue 49795)
  • Make JEP-200 serialization whitelist more reliable on old versions of Tomcat 8. (issue 49543)
  • Clean up the build.xml files of parameterized projects that contained unnecessary serialized data. (issue 49795)
  • Upgrade Winstone from 4.1.0 to 4.1.2 to prevent User session memory leak by setting the default idle session eviction timeout to 30 minutes. (issue 49596full changelog)
  • Make proxy views work inside folders. (issue 49642)
  • Prevent NullPointerException in AbstractProject#checkout when the agent disconnects during a build. (issue 29470)
  • Developer: Subclasses of AbstractItem can implement AbstractItem#isNameEditable and return true to get automatic support for renames. Subclasses are also able to dynamically validate renames by implementing AbstractItem#checkRename. (issue 22936)
  • Developer: Add support for also showing the "Add" button on top for lib/form/repeatable Jelly controls when the enableTopButton attribute is set to true. (pull 2926)
  • Internal: Upgrade PrototypeJS 1.7.0 to 1.7.3. (issue 49319PrototypeJS blog/changelog)
  • Internal: Improve the implementation of Util#createTempDir. (pull 3226)
  • Internal: Make Apply buttons localizable. (pull 3287)

What's new in 2.109 (2018-02-25)

  • Periodically persist the build queue so it can be restored on abnormal process termination. (issue 30909)
  • Add agent symbol for a permanent agent in Structs Plugin based configuration. (issue 49661)
  • Match more date formats for sortable tables. (pull 3125)
  • Prevent NullPointerException when saving a parameterized job without parameters defined. (issue 46638)
  • Don't link to a non-existing user profile from the build log of a build started by an anonymous user. (issue 48467)

What's new in 2.108 (2018-02-18)

  • Always show the master node in the executors widget, even when it is offline. (issue 34712)
  • archiveArtifacts in a Pipeline failed to throw a normal exception when there were no matches. (issue 47142)
  • Update Apache Mina SSHD Core from 1.6.0 to 1.7.0 in CLI client. (issue 49565changelog)
  • Don't show input validation errors in optional numeric form fields (regression in 2.105). (issue 49387issue 49520)
  • Fix translation of 'sign up' in Dutch, used to be 'sign in'. (issue 49498)
  • Extensibility: Allow SecurityRealm and AuthorizationStrategy implementations to be hidden on Configure Global Security form using DescriptorVisibilityFilter. (issue 49044)

What's new in 2.107 (2018-02-14)

What's new in 2.106 (2018-02-11)

  • Update Remoting library from 3.16 to 3.17 to improve diagnostic logging for channel read/write events and JEP-200 related class filtering. (issue 27035issue 49027full changelog)
  • Integrate SSHD module 2.4 which updates Apache Mina SSHD Core from 1.6.0 to 1.7.0. (pull 3278SSHD module changelog)
  • Internal/API: Add DataBoundConstructor to LegacySecurityRealm to facilitate reflective instantiation in Jenkins-related tools and frameworks. (pull 3279)

What's new in 2.105 (2018-02-04)

  • When Jenkins fails to load plugins, show failures that users need to take action on separate from those due to other plugins failing to load. (pull 3256)
  • Upgrade Executable War from 1.36 to 1.37 to allow supplying jenkins.war command-line arguments via standard input using the --paramsFromStdIn parameter. (pull 3223documentation)
  • Jenkins now creates XML 1.1 files to be more accepting of unusual contents. (issue 48463)
  • Form validation for number of executors now properly shows validation errors and user-friendly message on form submission. (issue 47793)
  • Ensure that threads for background tasks cannot be created with a custom classloader to prevent possible Groovy memory leaks. (issue 49206)
  • Upgrade Executable War from 1.36 to 1.37 to prevent multiple copies of winstone-*.jar in the temp folder from using up disk space needlessly. (issue 22088)
  • Update to task reactor version 1.5 to prevent hanging of Jenkins on startup/reload when an initialization task throws an unhandled exception. (issue 48725full changelog)
  • Developer: Introduce ACL#lambda convenience method. (pull 3260Javadoc)

What's new in 2.104 (2018-01-28)

  • Whitelist additional safe Java platform types for use in XStream (XML serialization) and Remoting (agent communication). (pull 3251pull 3252pull 3253issue 49070issue 49071)
  • Remove support for unbounded number of SCM polling threads. Previously, the default was infinite and could be set to between 10 and 100. Existing installations with unbounded SCM polling threads will now use the default of 10, and it is no longer possible to use a value outside of this range. (pull 3258)
  • Define a minimum required version of the Remoting library (agent communication) and print warnings when an older version is connecting. (pull 3250)
  • Improve robustness in case of faulty SCM#guessBrowser implementations. (pull 3267)
  • Improve error message when failing to read some files to actually mention the file name. (issue 49060issue 49112)
  • Restore Manage Jenkins submenu in the context menu accessible from the breadcrumb (regression in 2.103). (issue 49129)
  • Fix MalformedInputException or UnmappableCharacterException when reading the log file after finishing a build (regression in 2.102). (issue 49112)
  • Jenkins 2.102 and later could fail to start or run properly when loaded inside certain containers, including old versions of Tomcat. (issue 49147)
  • Don't attempt to export information about arbitrary offline causes as part of the /computer/(name)/api output, which could result in errors. (issue 24452)

What's new in 2.103 (2018-01-21)

JEP-200: "Switch Remoting/XStream blacklist to a whitelist" has been integrated into 2.102. This change implies a HIGH RISK of regressions in plugins. See this blogpost for list of plugins known to be affected, with instructions how to resolve possible problems.
  • Whitelist additional safe types for use in XStream (XML serialization) and Remoting (agent communication). (issue 48946issue 49000issue 49025)
  • Re-style the Manage Jenkins page, including administrative monitors. (issue 43786blog post)
  • Make Blue Ocean work on Wildfly by excluding its outdated Jackson implementation from the Jenkins class path. (issue 48957)
  • Do not downgrade detached plugins when upgrading Jenkins while its previous version was not properly recorded. (issue 48899)
  • Restore file permissions granted to group and other for file created by Jenkins (regression in 2.93). (issue 48407)
  • Fix a race condition in Initializer implementations creating Items that resulted in their deletion. (issue 47406)
  • A ClassCastException or NoSuchMethodException could under certain circumstances mask the actual error when loading erroneous data from an XML file. (issue 49054)
  • Properly add apostrophes to several localized strings that were missing them before. (pull 3203)
  • Developer: Improve detection of current plugin's or test's classes for exclusion from JEP-200 filtering. (pull 3237)

What's new in 2.102 (2018-01-14)

JEP-200: "Switch Remoting/XStream blacklist to a whitelist" has been integrated to this release. This change implies a HIGH RISK of regressions in plugins. See this blogpost for list of plugins known to be affected, with instructions how to resolve possible problems.

What's new in 2.101 (2018-01-07)

  • Log EOF exceptions on a FINE level instead of WARNING when the Jetty connection is closed by peer. (pull 3214)
  • Fix HTTP 404 error when clicking on New View sidebar link from another view. (issue 48447)
  • Improve Chinese and French localizations. (pull 3209pull 3204pull 3216pull 3179)

What's new in 2.100 (2018-01-03)

What's new in 2.99 (2017-12-31)

The release introduced a serious regression (JENKINS-48761). We recommend upgrading to 2.100 or updating Remoting on agents to 3.15.
  • Updating Jenkins jobs and views by XML left fields at their old value if not defined in the new XML. (issue 21017)

What's new in 2.98 (2017-12-24)

The release introduced a serious regression (JENKINS-48761). We recommend upgrading to 2.100 or updating Remoting on agents to 3.15.

What's new in 2.97 (2017-12-19)

  • Fix regression in 2.96 that caused a downgrade of Script Security when upgrading Jenkins. (issue 48604)

What's new in 2.96 (2017-12-17)

A bug introduced in Jenkins 2.96 will downgrade Script Security Plugin to version 2.18.1, possibly resulting in cascading failures to load other plugins (and reintroducing security issues). We recommend updating Script Security Plugin to its newest release and immediately restarting Jenkins to resolve this issue.
  • Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed when upgrading Jenkins past the version at which the plugin was detached. (issue 48365)
  • Do not require CSRF crumb to be provided when the request is authenticated using API token. (issue 22474)
  • Improve robustness and error handling of various file operations by switching to NIO. (issue 47324issue 48405)
  • Improve Chinese translation. (pull 3176)
  • Update Stapler from 1.253 to 1.254 to make the form that shows up when a URL requiring POST is accessed using a different HTTP verb work with CSRF protection enabled. (issue 34254Stapler changelog)
  • Fix a performance regression in Jenkins 2.86 due to lock contention in ExtensionList. (issue 48505)
  • Trigger SecurityListener#loggedIn events on programmatic login during self-registration when using HudsonPrivateSecurityRealm. (issue 48383)
  • Developer: Capture more authentication-related events in SecurityListener. (issue 27027)
  • Developer: Deprecate hudson.util.Service in favor of Java's ServiceLoader. (pull 3191)
  • Developer: Introduce Cause.UserIdCause(String) constructor, which allows creating causes for specified users without switching the user context. (pull 3162)

What's new in 2.95 (2017-12-14)

What's new in 2.94 (2017-12-11)

  • Export assignedLabels for agents and labelExpression for applicable job types in remote API. (issue 25286)
  • Optimization: Don't consult the authorization strategy about whether the internal SYSTEM pseudo-user has a given permission. (issue 20474)
  • Update SSHD Module 2.0 to 2.3 to fire authentication events in SecurityListeners when a user connects using SSH. (changelog)
  • The setup wizard is now resumed upon restart if it hasn't been completed yet, instead of showing the regular login screen (regression in 2.81). (issue 47439)

What's new in 2.93 (2017-12-03)

  • Use Java NIO to read and write Unix file permissions by default. The previous behavior can be restored by setting the Java system property hudson.Util.useNativeChmodAndMode to true. (issue 36088Jenkins features controlled by system properties)
  • Better handling of certain unreproducible XML file load/save errors. (pull 3167)
  • Improve user lookup performance, for example from Git changelog calculation. (issue 47429)
  • Reduce memory usage when scheduling pipelines on big clusters. (issue 48348)
  • Use atomic file moves if available on the underlying file system from AtomicFileWriter. (issue 34855)
  • Prevent setup wizard from hanging when the two provided passwords differ, instead show a validation error. (issue 48080)
  • Developer: Add ItemGroup#allItems and similar default methods to ItemGroup. (pull 3148)
  • Developer: Add default implementations of deprecated methods to BuildableItem and Item so they don't need to be implemented. (pull 3142)
  • Internal: Add documentation and convenience methods for the User.CanonicalIdResolver extension point. (pull 3140)

What's new in 2.92 (2017-11-26)

  • Revert internal change that broke assumption in ruby-runtime in 2.91, impacting plugins based on it. (issue 48116)
  • Improve UI performance with long list of running builds by caching the estimated duration. (issue 48350)
  • Cache permission names, allowing Jenkins to recover faster after "stop-the-world" Java GC pauses. (issue 48349)
  • Prevent potential NullPointerException when migrating the default "All View" name for a "My Views" user property. (issue 48157)
  • Developer: Add AccessControlled#hasPermission(Authentication, Permission) for convenience. (pull 3149)

What's new in 2.91 (2017-11-19)

  • Use Java NIO library instead of native code to create and detect symbolic links and Windows junctions to improve compatibility and robustness. (issue 36088issue 39179)
  • Prevent concurrent installation of Maven on the same node to prevent problems. (issue 34138)
  • Developer: Deprecate the ambiguous User#getUser(String) in favor of the User#getById() or the new User#getOrCreateByIdOrFullName() methods. (issue 47718)
  • Developer: Implement default methods in TaskListener and BuildListener interfaces so they don't have to be implemented in subclasses. (pull 3122)

What's new in 2.90 (2017-11-12)

  • Recover from legacy user configuration folders with $ characters that are not part of hex escape sequences. (Regression in 2.89) (issue 47909)
  • Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site (again). (issue 47448)
  • Update Remoting from 3.13 to 3.14 in order to apply various performance and stability improvements. (full changelogissue 37566issue 45294issue 47425issue 47901issue 47942)
  • Add option to trim specified string parameter values. (issue 47115)
  • Update Windows Agent Installer from 1.9.1 to 1.9.2: Do not try to update jenkins-slave.exe on Unix agents when they connect. (full changelogissue 47015)
  • Add a note explaining that the nodes count in label selection does not take into account permissions or other plugins. (issue 47940)
  • Improve Chinese localization. (pull 3127)
  • Updated default workspace directory naming for new installations to use filesystem-safe variable ITEM_FULL_NAME. (issue JENKINS-12251)
  • Fix icon for Manage Jenkins link in the sidebar of the Global Tool Configuration form. (pull 3139)
  • Prevent caching of captcha on the login form. (issue 43852)
  • Ensure that the authenticated group is not added twice to the authorities for a user. (issue 47768)

What's new in 2.89 (2017-11-08)

What's new in 2.88 (2017-11-05)

  • Add sidebar link to create new view. (issue 6290)
  • Improve robustness of the /user/(username)/configure page when a UserProperty is missing its descriptor. (issue 45977)
  • Improve Russian localization. (pull 3113pull 3115)

What's new in 2.87 (2017-10-29)

  • Stapler library upgraded from 1.252 to 1.253 with Servlet 3.1 support, improved Blue Ocean performance and changes of interest to plugin developers. (issue 37062Stapler changelog)
  • Commons Codec library upgraded from 1.8 to 1.9. (pull 3033)
  • Agents JVM must be 1.8+ and a clear message is shown in connection logs if it is not. (issue 44851)
  • Major improvement to Italian localization. (pull 3075)
  • Improvements to Chinese localization. (pull 3104pull 3105)
  • Retrieving the list of installed plugins now consumes much less memory. (issue 47713)
  • When the Jenkins root URL was not configured, the login CLI command did not work.
  • Allow users with Job/Cancel permission to abort pipeline builds from the builds history widget. (pull 3101)
  • Jobs no longer disappear from NestedView lists after renaming. (issue 25276)
  • Internal: Move metadata about plugins split from core into a resource file. (pull 3110)
  • Developer: Add ExtensionList#lookupSingleton convenience method. (pull 3021)

What's new in 2.86 (2017-10-22)

  • Launch agent via execution of command on the master has been moved to a new Command Launcher plugin and integrated with the Script Security plugin. (issue 47393Command Launcher plugin site entryrelated security advisory)
  • Add link to recursive cc.xml output on build history page. (issue 36282)
  • Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site. (issue 47448)
  • Secret threw ArrayIndexOutOfBoundsException trying to decrypt {}. (issue 47500)
  • Race conditions in agents going offline could result in an exception when picking a workspace for a build. (issue 47455)
  • Prevent duplicated elements with incorrect URL when using the search on Dashboard View plugin based views. (issue 35459)
  • StackOverflowError thrown under some conditions when using Pipeline on 2.85. (issue 47517)
  • Prevent NullPointerException updating a folder with a primary view specified in Folders plugin 6.2.0. (issue 47416)
  • Developer: Add an empty default implementation for previously abstract methods of SecurityListener. (pull 3077)
  • Developer: Deprecate hudson.util.Memoizer and replace its usage in core. (pull 3091)
  • Developer: Slave.JnlpJar.getURL did not work in some modes when core had a snapshot dependency on the Remoting library. (pull 3069)

What's new in 2.85 (2017-10-15)

  • Upgrade Remoting from 3.12 to 3.13. (issue 47132issue 38711full changelog)
  • Restart agent communication related threads on both master and agents when encountering an unhandled exception, if possible, to improve stability. (issue 38711)
  • Improve performance by not querying queue dispatchers from the UI. (issue 20046)
  • Use node display name when printing "built on" message in the build log. (issue 47168)
  • Enable cc.xml to export jobs in folders recursively when accessed with a query parameter named recursive. (issue 36282)
  • Add new administrative monitor warning users about disabled CSRF protection. (issue 47372)
  • In rare configurations, agents tried to load unloadable classes from the master, resulting in ClassNotFoundException: javax.servlet.ServletContextListener on agents. (issue 46386)
  • Jenkins did not correctly show parts of pipeline builds in side panel widgets if the current view is configured to filter their content. (issue 46759)
  • Developer: Make Xstream2#addCriticalField available for use in plugins. (pull 3066)

What's new in 2.84 (2017-10-11)

What's new in 2.83 (2017-10-08)

  • Fix potential HTTP 414 error in form validation of long Batch/Shell tool installer scripts. (issue 47058)
  • Fix link from build cause or page header to user profile in case of unusual user names. (issue 32623)
  • Properly display agent launch arguments when using nested launch methods. (issue 47056)

What's new in 2.82 (2017-10-01)

  • favicon.ico and other binary resource files were broken since 2.79 because they were incorrectly filtered during the build. (issue 47127)
  • Don't log warning when an anonymous user sends an invalid crumb, usually just an expired session. (issue 40344)
  • Developer: Fix TimeDuration time unit handling and its incorrect usage. TimeDuration uses milliseconds as the default unit. It was supposed to parse sec or secs suffix to interpret the number as seconds, but that never worked. (issue 44052)
  • Developer: Create a copy of a list of parameters in ParametersAction constructor before storing them to improve robustness when the caller reuses that list. (issue 45472)

What's new in 2.81 (2017-09-27)

  • Jenkins 2.80 did not initialize the setup wizard on new installations, causing various security options including authentication and authorization to be turned off by default, granting anonymous administrator access. (security advisorynotificationissue 47139)

What's new in 2.80 (2017-09-24)

  • Improve error reporting when failing to archive artifacts. (pull 2976)
  • Save the current Jenkins version whenever saving the Jenkins object, e.g. when saving the global security configuration. Plugins may rely on this information for data migration that would be triggered unnecessarily. (issue 42577)
  • Prevent possible NullPointerException when removing an item from a list view due to a race condition. (issue 23411)
  • Avoid a possible server-side timeout on long-running CLI commands using plain HTTP mode by sending periodic pings from the client. (issue 46659)
  • Renaming or moving a folder failed to properly move build directories of its children when using custom build directory, resulting of loss of their builds. (issue 44657)
  • Developer: Deprecate hudson.util.TimeUnit2 and replace with java.util.concurrent.TimeUnit. (pull 2892)

What's new in 2.79 (2017-09-17)

  • Fix random failures to use passphrase-protected ed25519 SSH private keys (regression in 2.73). (issue 46754)
  • Update Remoting library from 3.11 to 3.12 to fix regression in Jenkins 2.68 when using non-writable home directories. (issue 45755full changelogissue description in 2.73.1 upgrade guide)
  • Add description of nodes to their remote API. (issue 42854)
  • Disconnect node on ping timeout instead of leaving the channel half open. (issue 46680)
  • Internal: Require Java 8u101 to build Jenkins, as that's the minimum required to run it since 2.77. (pull 3015)

What's new in 2.78 (2017-09-10)

  • Moved Jenkins agent runtime to agent.jar file name, and deprecate (but still support) use of legacy slave.jar. Introduce the AGENTJAR_URL environment variable as replacement for SLAVEJAR_URL. (issue 35451)
  • Accept Basic authentication headers case-insensitively. (issue 44663)
  • Internal: Implement DescriptorByNameOwner using Java 8 interface default method. Make Computer a DescriptorByNameOwner allowing its use as @AncestorInPath. (pull 3009)

What's new in 2.77 (2017-09-03)

  • Default the built-in Jenkins Update Center URL to https://updates.jenkins.io instead of obsolete HTTP endpoint. This requires a JRE compatible with Let's Encrypt, e.g. Oracle JRE 8u101. (pull 2996)
  • Fix problem with auto upgrade when using custom JENKINS_HOME on Windows. (issue 13153)
  • Administrative monitor did not detect when Tomcat's URL escaping does not permit forward slashes. (issue 31068)
  • Fix broken UI for users with Discover permission when renaming a job. (issue 41637)
  • Internal: Avoid code duplication using default methods. (pull 2999)

What's new in 2.76 (2017-08-27)

What's new in 2.75 (2017-08-20)

What's new in 2.74 (2017-08-15)

  • Upgrade Stapler library from 1.250 to 1.252. (pull 2956Stapler changelog)
  • Stapler 1.252: Prevent file handle leak in LargeText#GzipAwareSession. (issue 45903)
  • Prevent core or plugin code from mistakenly attempting to serialize jobs, builds, and users except in their intended top-level XML file positions, preventing a class of serious deserialization-related errors. (issue 45892)
  • Stapler 1.252: Restore ability to attach views to interfaces (regression in Jenkins 2.46). (issue 43715)
  • Improve Polish localization. (pull 2974)
  • Log name of the executor thread that died to improve diagnosability. (issue 42376)
  • Prevent caching of the item categories list by the browser to prevent stale data. (issue 43848)
  • Update Agent Installer module to 1.6 for minor fixes and enhancements. (pull 2965changelog)
  • Show display name of the current view in window title. (pull 2969)
  • Include culprits in XML and JSON API again (regression in 2.60). (issue 46082)
  • Improve robustness of the reverse build trigger ("Build after other projects are built"). (issue 45909)
  • Internal: Cleanup of Maven dependencies in Jenkins core, allowing plugins depending on this version or later to build without “upper bound” dependency warnings on recent Maven HPI Plugin releases. (pull 2956)

What's new in 2.73 (2017-08-06)

  • Avoid unnecessary locking to improve performance related to actions. (issue 45244)
  • Improve performance when reading the console text of a build. (issue 45915)
  • Add Polish translations for setup wizard. (pull 2952)
  • Reliably close build log file when using chained BuildListeners. (issue 45057issue 43199)
  • Modify the JNLPLauncher configuration page to work around regression in Docker Plugin (regression in 2.72). (issue 45895)

What's new in 2.72 (2017-07-30)

  • Enable Remoting work directories by default for newly created agents launched via JNLP (Java Web Start Launcher). (issue 44112feature documentation)
  • Always follow redirects for downloading update center metadata, so misbehaving plugins cannot break it. (issue 38185)
  • Minor optimization to queue maintenance routines and printing of console notes, mainly for the benefit of Pipeline node blocks. (issue 45553)
  • Don't monitor response time on offline agents. (issue 20272)

What's new in 2.71 (2017-07-23)

  • Winstone 4.1: Add Jetty HTTP/2 connector and corresponding options for Winstone-Jetty. (issue 45438enabling HTTP/2 support in Winstone-Jetty)
  • Don't reload user records from disk unless explicitly requested to improve performance of user record access. (issue 45737)
  • Prevent NullPointerException in Jenkins#getRootURL() while the instance is not fully loaded yet. (issue 34914)
  • Contributions to the PATH environment variable could result in malformed values on agents on a platform different from master's. (issue 14807)
  • JNLP for launching agents now requests Java 8. (issue 45679)
  • Prevent NullPointerException when a previous completed build is missing for upstream culprits check. (issue 45516)
  • Correctly show or suppress warnings about undefined parameters based on hudson.model.ParametersAction.keepUndefinedParameters system property. (issue 45519)
  • Internal: Delete obsolete SECURITY-144-compat exclusion that can break tests. (issue 25625)

What's new in 2.70 (2017-07-16)

  • Fix version number shown in 2.0 upgrade wizard. (issue 45459)

What's new in 2.69 (2017-07-09)

What's new in 2.68 (2017-07-02)

What's new in 2.67 (2017-06-25)

  • Enable simpler syntax for upstream build trigger in pipelines. (issue 34464)
  • Remove the "JNLP" protocol references from the TCP Agent Listener log messages. (issue 44103)
  • Internal: Update Annotation Indexer to 1.12 to work around JRE bug in tests. (JDK-8182744)

What's new in 2.66 (2017-06-18)

  • When starting the jenkins.war directly, properly check for Java 8 as minimum instead of Java 7 before proceeding. (issue 44764)
  • Allow overriding the Jenkins session ID suffix so it doesn't change on every restart, possibly resulting in too many cookies. (how to set session IDissue 25046issue 44894)
  • Fix resource loading in plugins using the PluginFirstClassLoader, e.g. loading Groovy classes from plugin resources. (issue 44898)
  • Prevent possible NullPointerException when listing remote directories using the FilePath#list() and FilePath#listDirectories() APIs. (issue 44942)

What's new in 2.65 (2017-06-11)

What's new in 2.64 (2017-06-04)

  • Moved agent port and protocol configuration out of "security" (authentication and authorization) block in Configure Global Security. (issue 4478)
  • Add section headers for Markup Formatter and CSRF Protection in Configure Global Security form to make these options more obvious. (pull 2900)
  • Use one-column layout for REST API documentation (.../api URLs). (issue 44563)
  • Update jnr-posix from 3.0.1 to 3.0.41 to pick up improvements and fixes in the POSIX platforms support. (pull 2904)
  • Jenkins failed to perform some cleanup tasks, including saving the build queue, if stopped via REST /exit, CLI shutdown, or when restarting from Install as Windows Service. (issue 44589)
  • Don't check whether disabled administrative monitors are active or not on the Manage Jenkins page. (issue 44608)
  • Do not submit form when pressing Enter in the plugin manager's filter field. (issue 44523)
  • Plugin Development: Jenkins now no longer publishes a war-for-test artifact. Plugins using this or a later version of Jenkins as baseline need to use plugin parent POM 2.30 or later. (issue 24064)

What's new in 2.63 (2017-05-28)

    No notable changes in this release.

What's new in 2.62 (2017-05-21)

  • Fixed Pipeline compatibility for a number of CLI commands (delete-builds, list-changes, console, set-build-description, and set-build-display-name), as well as some issues affecting error reporting in other commands when used with Pipeline. (issue 30785issue 41527)
  • If you have the Authorize Project plugin installed and configured, its configuration will now be treated as final with respect to the behavior of Job/Build checks from Build other projects and Build after other projects are built. Formerly, if a Per-project configurable Build Authorization was enabled globally but some projects did not specify an Authorization, the two aforementioned checks would automatically fall back to checking as anonymous (typically denying build permission). To restore the former behavior, explicitly configure a Project default Build Authorization to be Run as anonymous. Note that this will affect all build-scoped permission checks, including for example Agent/Build. (issue 22949)
  • Internal API: Tasks.getAuthenticationOf now honors authentication contributed by QueueItemAuthenticatorProvider extensions. (pull 2880)
  • Update WinP from 1.24 to 1.25 to improve performance and diagnostics of issues like JENKINS-30782. (full changelog)
  • Fix for NullPointerException while initiating some SSH connections (regression in 2.59). (issue 44120)
  • Prevent StackOverflowError in log recorder when Winstone-Jetty debug logging is enabled. (regression in 2.61) (issue 44330corresponding Jetty issue)

What's new in 2.61 (2017-05-14)

  • Upgrade Groovy from 2.4.8 to 2.4.11. (Groovy 2.4.9 changelogGroovy 2.4.10 changelogGroovy 2.4.11 changelog)
  • Integration of Winstone 4.0: Upgrade bundled Jetty from 9.2.15.v20160210 to 9.4.5.v20170502. This removes support for the deprecated SPDY protocol. The --spdy parameter has been removed accordingly and Jenkins may refuse to start if it's set. (full changelog)
  • Jetty 9.4.5: Prevent the 400 Bad Host header error for HttpChannelOverHttp when operating behind reverse proxy. (issue 40693corresponding Jetty issue)
  • Update the Mailer plugin version installed when updating from very old Jenkins releases to include the fix for SECURITY-372, the SSH Slaves plugin for SECURITY-161, and the Script Security plugin for SECURITY-258. (SECURITY-372SECURITY-161SECURITY-258)
  • Freestyle projects may now list Pipeline jobs as downstream and trigger them, without needing to use the Parameterized Trigger plugin or reverse triggers ("Build after other projects are built"). (issue 28113)
  • Internal: Define enabling/disabling in ParameterizedJob rather than AbstractProject. (issue 27299)
  • Internal: Offer default methods on ParameterizedJob to have less boilerplate code. (pull 2864)

What's new in 2.60 (2017-05-10)

  • Update to Windows Service Wrapper 2.1.0 to support new features: download command with authentication, flag for startup failure on download error, Delayed Automatic Start mode. (issue 43737)
  • Windows services: Add system property that allows disabling WinSW automatic upgrade on agents. (issue 43603more information)
  • Windows services: Restore compatibility of the WindowsSlaveInstaller#generateSlaveXml() method (regression in 2.50, no known external usages). (issue 42745)
  • Windows services: Prevent fatal file descriptor leak when agent service installer fails to read data from the service startup.log. (issue 43930)
  • Use full display name for runs in RSS feed to restore the project name there (regression in 2.59). (issue 44117)
  • Internal: Generalize the changelog API to support non-AbstractBuild run types. (issue 24141)

What's new in 2.59 (2017-05-07)

  • Move to latest version of Trilead to fix SSH connection issues following a previous Trilead upgrade. (issue 42959issue 43979issue 44046)
  • Prevent Internet Explorer from caching AJAX requests using Cache-Control header. (issue 43929)
  • Properly fail with error when updating view with CLI using input of a different view type. (issue 42728)
  • Fix AccessDeniedException in "Build after other projects are built" when user has Discover permission but not Read. (issue 42707)
  • Properly log failure due to empty archive in Pipeline. (issue 38005)
  • Prevent rare NullPointerException if an admin user is created in the setup wizard after first disabling CSRF protection. (issue 44010)

What's new in 2.58 (2017-04-30)

  • Use build display names in RSS feed titles. (pull 2845)
  • Update the Trilead SSH library to get support of new Mac, Key, and Key Exchange Algorithms. (issue 33021issue 26379issue 31549)
  • Migrate legacy users only once per restart to improve performance of the user retrieval logic. (issue 43936)
  • Internal: Pick up the latest release of version-number library. (issue 43733)
  • Internal: Refactor ProcessTree.Windows logic to propagate errors. (issue 43825)

What's new in 2.57 (2017-04-26)

What's new in 2.56 (2017-04-23)

  • Plugins did not expect InvalidPathException to be thrown in file-related methods, so wrap them in IOException to restore behavior (regression in 2.55). (issue 43531)
  • Remove links in stack traces to the stacktrace.jenkins-ci.org service that has been shut down. (issue 42861)
  • If an exception is thrown while rendering an HTTP response, just log the stack trace on the server side, without trying to send an error page to the client. (issue 21695)
  • Prevent NullPointerException when a non-existent default view is specified in Configure System. (issue 42717)
  • Deleting jobs with running builds could result in NullPointerException (regression in 2.55). (issue 43653)

What's new in 2.55 (2017-04-15)

  • Packaging: Debian package now requires Java 8. (causes regression since 2.54). (issue 43495)
  • Added fine-grain logging of FullDuplexHttpService to diagnose issues when establishing an HTTP Duplex connection. (pull 2481)
  • Update LibZFS from 0.5 to 0.8 to fix compatibility issues with ZFS filesystem and illumos distributions. (issue 41932)
  • Before deleting jobs, try to abort the running builds. Error will be thrown instead of the job deletion if its builds cannot be aborted. (issue 35160)
  • Ensure that Cloud.PROVISION is properly initialized during the configuration loading. (issue 43279)
  • Fix log message formatting when migrating `AllView` names due to JENKINS-38606". (issue 43611)
  • Setup wizard gets into bad state when failures like network issues happen. (issue 41778)
  • Catch and log RuntimeException in Computer#setNode() when updating the Computer list. (issue 42043)
  • SSH CLI client authenticator 1.4. Add missing SSH Public Key field validation in user configuration. (issue 16337)
  • Internal API: SSH CLI client authenticator 1.3. Expose PublicKeySignatureWriter to plugins. (pull 2840)

What's new in 2.54 (2017-04-09)

What's new in 2.53 (2017-04-02)

  • Update to Windows Service Wrapper 2.0.3 and Windows Agent Installer 1.8 to prevent conversion of environment variables to lowercase in the agent executable, regression in Jenkins 2.50. (issue 42744WinSW ChangelogWindows Agent Installer changelog)
  • GC Performance: Avoid using FileInputStream and FileOutputStream in the core codebase. (JDK-8080225issue 42934)
  • Packaging: Do not invoke recursive chown in JENKINS_HOME during the RPM post-install step unless owned by a different user. (issue 23273)
  • Internal API: Add support of a new full screen mode in layout.jelly. (issue 34670)

What's new in 2.52 (2017-03-26)

  • Computer#addAction would throw an UnsupportedOperationException since Jenkins 2.30. Such a call site was released in SSH Slaves Plugin 1.15 for SECURITY-161. (issue 42969security advisory including SECURITY-161)
  • Update German localization. (pull 2777)
  • Removed localizations with very low coverage: Albanian, Basque, Belarusian, Bengali, Esperanto, Galician, Georgian, Gujarati, Hindi, Icelandic, Indonesian, Irish, Kannada, Macedonian, Marathi, Mongolian, Occitan, Punjabi, Sinhala, Tamil, Telugu, Thai. (pull 2813)

What's new in 2.51 (2017-03-19)

  • Restore Windows Slaves Plugin 1.2 compatibility by restoring windows-service/jenkins.xml, regression in 2.50. (issue 42724)
  • SSHD 1.10: Move SSH server port configuration to security options page. (pull 2796)
  • Update Russian localization. (pull 2798)
  • Update French localization. (issue 42627)
  • Internal: Make sure system threads run as SYSTEM. (issue 42556)
  • Internal API: Add the ability for ItemListener to veto copy operations. (issue 34691)
  • Internal API: Make Run#compareTo work across jobs. (issue 42319)
  • Internal API: Save Jenkins after calling setSecurityRealm or setAuthorizationStrategy. (pull 2790)
  • Internal API: Annotate PermissionGroup#owner @Nonnull. (pull 2805)

What's new in 2.50 (2017-03-11)

  • Allow searching by build parameter values in the Build History widget. (issue 40718)
  • Searching in the Build History widget takes into account user preferences (case sensitivity by default). (pull 2683)
  • When creating temporary files, use the jenkins prefix instead of the old hudson one. (pull 2778)
  • Fix relative links in the SCM polling administrative monitor. (pull 2780)
  • Update Remoting from 3.5 to 3.7 in order to prevent file descriptor leaks on agents in the case of multiple connection attempts. (full changelog)
  • Upgrade the Windows Agent Installer module from 1.6 to 1.7. This change picks major updates in Windows service management logic. This fix caused a critical regression in the Windows Slaves Plugin (JENKINS-42724). Update to Windows Slaves 1.3.1 in order to get the fix applied. (full changelogguide to upgrading old Windows service agents)
  • Windows services: Upgrade the bundled Windows Service Wrapper from 1.18 to 2.0.2. (full changelog)
  • Windows services: Enable Runaway Process Killer by default in new Agent and Master installations. (issue 39231)
  • Windows services: Enable auto-upgrade of Remoting on newly installed agents if they are connected by HTTPS. (issue 39237)
  • Windows services: Add support of shared directories mapping in Windows agent services. (Shared Directory Mapper documentation)
  • Windows services: Change the default Agent service display name prefix to Jenkins agent %ID%. (issue 42468)
  • Windows services: Prevent agent connection reset issues when WinSW gets terminated due to the system shutdown. (issue 22692)
  • Windows services: Integrate various stability and performance fixes in Windows Service Wrapper from 1.18 to 2.0.2. There are many fixes around configuration options and process termination. (full changelog)
  • Prevent file descriptor leaks when Windows Service installer fails to read data from the service startup log. (issue 42670)
  • Select controls in Jenkins Web UI now show the spinner icon while waiting for the list of possible options during AJAX. requests. (issue 42443)
  • Improve plugin access performance in the default PluginManager implementation. (issue 42585)
  • Internal API: Allow providing a custom task name in Run/Schedule UI via the AlternativeUiTextProvider extension. (issue 34522)
  • Search results page did not correctly encode query parameters. (issue 42390)

What's new in 2.49 (2017-03-05)

  • Do not attempt to find the next occurrence of an impossible date such as June 31st in validation of trigger schedules. (issue 41864)
  • Remove invalid translations in Slovene (issue 41756)

What's new in 2.48 (2017-02-26)

  • Upgrade Apache Commons Collections to version 3.2.2. Note: Jenkins has been using a blacklist to prevent exploiting the serialization vulnerability in 3.2.1 since before 3.2.2 was released. (issue 31598)
  • Use redirect URLs on jenkins.io instead of linking to wiki pages directly, allowing future reorganization of documentation without breaking links in Jenkins. (pull 2756)
  • Fix performance issue in deduplication of lists of tool installers. (issue 42141)
  • Use of the remote API to create items in views (/view/…/createItem) didn't actually add items to views since Jenkins 2.22. (issue 41128)
  • Do not display a warning when an SCM trigger has no schedules (either to disable SCM post-commit hooks, or to enable them without polling). (issue 42194)
  • Developer: Allow referencing radio buttons in f:validateButton validation methods. (pull 2734)

What's new in 2.47 (2017-02-19)

  • Update Groovy to 2.4.8 to address memory leak issue. Do not use this version if you are running Pipeline builds unless you also update Pipeline: Groovy to 2.28 or higher. (issue 33358issue 42189)
  • Windows service restart did not retain build queue. (issue 32820)
  • Exceptions during Jenkins cleanup step should not block restart. (issue 42164)
  • Upgrade Remoting to version 3.5. (full changelog)
  • Remoting 3.5: Remoting clients now accept lowercase (HTTP 2) headers sent by reverse proxies. (issue 40710)
  • Remoting 3.5: Add option to specify the Remoting protocol to use on the client. (issue 41730)
  • Remoting 3.5: Stability improvements. (issue 41513issue 41852)
  • Developer: Snapshot builds of plugins that had dependencies on other snapshot builds were not having their version numbers compared correctly. (issue 41899)

Older changelogs can be found in a separate file