Changelog

Legend:
  • security fix
  • major bug fix
  • bug fix
  • major enhancement
  • enhancement
Community feedback:

What's new in 2.107 (2018-02-14)

What's new in 2.106 (2018-02-11)

  • Update Remoting library from 3.16 to 3.17 to improve diagnostic logging for channel read/write events and JEP-200 related class filtering. (issue 27035issue 49027full changelog)
  • Integrate SSHD module 2.4 which updates Apache Mina SSHD Core from 1.6.0 to 1.7.0. (pull 3278SSHD module changelog)
  • Internal/API: Add DataBoundConstructor to LegacySecurityRealm to facilitate reflective instantiation in Jenkins-related tools and frameworks. (pull 3279)

What's new in 2.105 (2018-02-04)

  • When Jenkins fails to load plugins, show failures that users need to take action on separate from those due to other plugins failing to load. (pull 3256)
  • Upgrade Executable War from 1.36 to 1.37 to allow supplying jenkins.war command-line arguments via standard input using the --paramsFromStdIn parameter. (pull 3223documentation)
  • Jenkins now creates XML 1.1 files to be more accepting of unusual contents. (issue 48463)
  • Form validation for number of executors now properly shows validation errors and user-friendly message on form submission. (issue 47793)
  • Ensure that threads for background tasks cannot be created with a custom classloader to prevent possible Groovy memory leaks. (issue 49206)
  • Upgrade Executable War from 1.36 to 1.37 to prevent multiple copies of winstone-*.jar in the temp folder from using up disk space needlessly. (issue 22088)
  • Update to task reactor version 1.5 to prevent hanging of Jenkins on startup/reload when an initialization task throws an unhandled exception. (issue 48725full changelog)
  • Developer: Introduce ACL#lambda convenience method. (pull 3260Javadoc)

What's new in 2.104 (2018-01-28)

  • Whitelist additional safe Java platform types for use in XStream (XML serialization) and Remoting (agent communication). (pull 3251pull 3252pull 3253issue 49070issue 49071)
  • Remove support for unbounded number of SCM polling threads. Previously, the default was infinite and could be set to between 10 and 100. Existing installations with unbounded SCM polling threads will now use the default of 10, and it is no longer possible to use a value outside of this range. (pull 3258)
  • Define a minimum required version of the Remoting library (agent communication) and print warnings when an older version is connecting. (pull 3250)
  • Improve robustness in case of faulty SCM#guessBrowser implementations. (pull 3267)
  • Improve error message when failing to read some files to actually mention the file name. (issue 49060issue 49112)
  • Restore Manage Jenkins submenu in the context menu accessible from the breadcrumb (regression in 2.103). (issue 49129)
  • Fix MalformedInputException or UnmappableCharacterException when reading the log file after finishing a build (regression in 2.102). (issue 49112)
  • Jenkins 2.102 and later could fail to start or run properly when loaded inside certain containers, including old versions of Tomcat. (issue 49147)
  • Don't attempt to export information about arbitrary offline causes as part of the /computer/(name)/api output, which could result in errors. (issue 24452)

What's new in 2.103 (2018-01-21)

JEP-200: "Switch Remoting/XStream blacklist to a whitelist" has been integrated into 2.102. This change implies a HIGH RISK of regressions in plugins. See this blogpost for list of plugins known to be affected, with instructions how to resolve possible problems.
  • Whitelist additional safe types for use in XStream (XML serialization) and Remoting (agent communication). (issue 48946issue 49000issue 49025)
  • Re-style the Manage Jenkins page, including administrative monitors. (issue 43786blog post)
  • Make Blue Ocean work on Wildfly by excluding its outdated Jackson implementation from the Jenkins class path. (issue 48957)
  • Do not downgrade detached plugins when upgrading Jenkins while its previous version was not properly recorded. (issue 48899)
  • Restore file permissions granted to group and other for file created by Jenkins (regression in 2.93). (issue 48407)
  • Fix a race condition in Initializer implementations creating Items that resulted in their deletion. (issue 47406)
  • A ClassCastException or NoSuchMethodException could under certain circumstances mask the actual error when loading erroneous data from an XML file. (issue 49054)
  • Properly add apostrophes to several localized strings that were missing them before. (pull 3203)
  • Developer: Improve detection of current plugin's or test's classes for exclusion from JEP-200 filtering. (pull 3237)

What's new in 2.102 (2018-01-14)

JEP-200: "Switch Remoting/XStream blacklist to a whitelist" has been integrated to this release. This change implies a HIGH RISK of regressions in plugins. See this blogpost for list of plugins known to be affected, with instructions how to resolve possible problems.

What's new in 2.101 (2018-01-07)

  • Log EOF exceptions on a FINE level instead of WARNING when the Jetty connection is closed by peer. (pull 3214)
  • Fix HTTP 404 error when clicking on New View sidebar link from another view. (issue 48447)
  • Improve Chinese and French localizations. (pull 3209pull 3204pull 3216pull 3179)

What's new in 2.100 (2018-01-03)

What's new in 2.99 (2017-12-31)

The release introduced a serious regression (JENKINS-48761). We recommend upgrading to 2.100 or updating Remoting on agents to 3.15.
  • Updating Jenkins jobs and views by XML left fields at their old value if not defined in the new XML. (issue 21017)

What's new in 2.98 (2017-12-24)

The release introduced a serious regression (JENKINS-48761). We recommend upgrading to 2.100 or updating Remoting on agents to 3.15.

What's new in 2.97 (2017-12-19)

  • Fix regression in 2.96 that caused a downgrade of Script Security when upgrading Jenkins. (issue 48604)

What's new in 2.96 (2017-12-17)

A bug introduced in Jenkins 2.96 will downgrade Script Security Plugin to version 2.18.1, possibly resulting in cascading failures to load other plugins (and reintroducing security issues). We recommend updating Script Security Plugin to its newest release and immediately restarting Jenkins to resolve this issue.
  • Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed when upgrading Jenkins past the version at which the plugin was detached. (issue 48365)
  • Do not require CSRF crumb to be provided when the request is authenticated using API token. (issue 22474)
  • Improve robustness and error handling of various file operations by switching to NIO. (issue 47324issue 48405)
  • Improve Chinese translation. (pull 3176)
  • Update Stapler from 1.253 to 1.254 to make the form that shows up when a URL requiring POST is accessed using a different HTTP verb work with CSRF protection enabled. (issue 34254Stapler changelog)
  • Fix a performance regression in Jenkins 2.86 due to lock contention in ExtensionList. (issue 48505)
  • Trigger SecurityListener#loggedIn events on programmatic login during self-registration when using HudsonPrivateSecurityRealm. (issue 48383)
  • Developer: Capture more authentication-related events in SecurityListener. (issue 27027)
  • Developer: Deprecate hudson.util.Service in favor of Java's ServiceLoader. (pull 3191)
  • Developer: Introduce Cause.UserIdCause(String) constructor, which allows creating causes for specified users without switching the user context. (pull 3162)

What's new in 2.95 (2017-12-14)

What's new in 2.94 (2017-12-11)

  • Export assignedLabels for agents and labelExpression for applicable job types in remote API. (issue 25286)
  • Optimization: Don't consult the authorization strategy about whether the internal SYSTEM pseudo-user has a given permission. (issue 20474)
  • Update SSHD Module 2.0 to 2.3 to fire authentication events in SecurityListeners when a user connects using SSH. (changelog)
  • The setup wizard is now resumed upon restart if it hasn't been completed yet, instead of showing the regular login screen (regression in 2.81). (issue 47439)

What's new in 2.93 (2017-12-03)

  • Use Java NIO to read and write Unix file permissions by default. The previous behavior can be restored by setting the Java system property hudson.Util.useNativeChmodAndMode to true. (issue 36088Jenkins features controlled by system properties)
  • Better handling of certain unreproducible XML file load/save errors. (pull 3167)
  • Improve user lookup performance, for example from Git changelog calculation. (issue 47429)
  • Reduce memory usage when scheduling pipelines on big clusters. (issue 48348)
  • Use atomic file moves if available on the underlying file system from AtomicFileWriter. (issue 34855)
  • Prevent setup wizard from hanging when the two provided passwords differ, instead show a validation error. (issue 48080)
  • Developer: Add ItemGroup#allItems and similar default methods to ItemGroup. (pull 3148)
  • Developer: Add default implementations of deprecated methods to BuildableItem and Item so they don't need to be implemented. (pull 3142)
  • Internal: Add documentation and convenience methods for the User.CanonicalIdResolver extension point. (pull 3140)

What's new in 2.92 (2017-11-26)

  • Revert internal change that broke assumption in ruby-runtime in 2.91, impacting plugins based on it. (issue 48116)
  • Improve UI performance with long list of running builds by caching the estimated duration. (issue 48350)
  • Cache permission names, allowing Jenkins to recover faster after "stop-the-world" Java GC pauses. (issue 48349)
  • Prevent potential NullPointerException when migrating the default "All View" name for a "My Views" user property. (issue 48157)
  • Developer: Add AccessControlled#hasPermission(Authentication, Permission) for convenience. (pull 3149)

What's new in 2.91 (2017-11-19)

  • Use Java NIO library instead of native code to create and detect symbolic links and Windows junctions to improve compatibility and robustness. (issue 36088issue 39179)
  • Prevent concurrent installation of Maven on the same node to prevent problems. (issue 34138)
  • Developer: Deprecate the ambiguous User#getUser(String) in favor of the User#getById() or the new User#getOrCreateByIdOrFullName() methods. (issue 47718)
  • Developer: Implement default methods in TaskListener and BuildListener interfaces so they don't have to be implemented in subclasses. (pull 3122)

What's new in 2.90 (2017-11-12)

  • Recover from legacy user configuration folders with $ characters that are not part of hex escape sequences. (Regression in 2.89) (issue 47909)
  • Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site (again). (issue 47448)
  • Update Remoting from 3.13 to 3.14 in order to apply various performance and stability improvements. (full changelogissue 37566issue 45294issue 47425issue 47901issue 47942)
  • Add option to trim specified string parameter values. (issue 47115)
  • Update Windows Agent Installer from 1.9.1 to 1.9.2: Do not try to update jenkins-slave.exe on Unix agents when they connect. (full changelogissue 47015)
  • Add a note explaining that the nodes count in label selection does not take into account permissions or other plugins. (issue 47940)
  • Improve Chinese localization. (pull 3127)
  • Updated default workspace directory naming for new installations to use filesystem-safe variable ITEM_FULL_NAME. (issue JENKINS-12251)
  • Fix icon for Manage Jenkins link in the sidebar of the Global Tool Configuration form. (pull 3139)
  • Prevent caching of captcha on the login form. (issue 43852)
  • Ensure that the authenticated group is not added twice to the authorities for a user. (issue 47768)

What's new in 2.89 (2017-11-08)

What's new in 2.88 (2017-11-05)

  • Add sidebar link to create new view. (issue 6290)
  • Improve robustness of the /user/(username)/configure page when a UserProperty is missing its descriptor. (issue 45977)
  • Improve Russian localization. (pull 3113pull 3115)

What's new in 2.87 (2017-10-29)

  • Stapler library upgraded from 1.252 to 1.253 with Servlet 3.1 support, improved Blue Ocean performance and changes of interest to plugin developers. (issue 37062Stapler changelog)
  • Commons Codec library upgraded from 1.8 to 1.9. (pull 3033)
  • Agents JVM must be 1.8+ and a clear message is shown in connection logs if it is not. (issue 44851)
  • Major improvement to Italian localization. (pull 3075)
  • Improvements to Chinese localization. (pull 3104pull 3105)
  • Retrieving the list of installed plugins now consumes much less memory. (issue 47713)
  • When the Jenkins root URL was not configured, the login CLI command did not work.
  • Allow users with Job/Cancel permission to abort pipeline builds from the builds history widget. (pull 3101)
  • Jobs no longer disappear from NestedView lists after renaming. (issue 25276)
  • Internal: Move metadata about plugins split from core into a resource file. (pull 3110)
  • Developer: Add ExtensionList#lookupSingleton convenience method. (pull 3021)

What's new in 2.86 (2017-10-22)

  • Launch agent via execution of command on the master has been moved to a new Command Launcher plugin and integrated with the Script Security plugin. (issue 47393Command Launcher plugin site entryrelated security advisory)
  • Add link to recursive cc.xml output on build history page. (issue 36282)
  • Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site. (issue 47448)
  • Secret threw ArrayIndexOutOfBoundsException trying to decrypt {}. (issue 47500)
  • Race conditions in agents going offline could result in an exception when picking a workspace for a build. (issue 47455)
  • Prevent duplicated elements with incorrect URL when using the search on Dashboard View plugin based views. (issue 35459)
  • StackOverflowError thrown under some conditions when using Pipeline on 2.85. (issue 47517)
  • Prevent NullPointerException updating a folder with a primary view specified in Folders plugin 6.2.0. (issue 47416)
  • Developer: Add an empty default implementation for previously abstract methods of SecurityListener. (pull 3077)
  • Developer: Deprecate hudson.util.Memoizer and replace its usage in core. (pull 3091)
  • Developer: Slave.JnlpJar.getURL did not work in some modes when core had a snapshot dependency on the Remoting library. (pull 3069)

What's new in 2.85 (2017-10-15)

  • Upgrade Remoting from 3.12 to 3.13. (issue 47132issue 38711full changelog)
  • Restart agent communication related threads on both master and agents when encountering an unhandled exception, if possible, to improve stability. (issue 38711)
  • Improve performance by not querying queue dispatchers from the UI. (issue 20046)
  • Use node display name when printing "built on" message in the build log. (issue 47168)
  • Enable cc.xml to export jobs in folders recursively when accessed with a query parameter named recursive. (issue 36282)
  • Add new administrative monitor warning users about disabled CSRF protection. (issue 47372)
  • In rare configurations, agents tried to load unloadable classes from the master, resulting in ClassNotFoundException: javax.servlet.ServletContextListener on agents. (issue 46386)
  • Jenkins did not correctly show parts of pipeline builds in side panel widgets if the current view is configured to filter their content. (issue 46759)
  • Developer: Make Xstream2#addCriticalField available for use in plugins. (pull 3066)

What's new in 2.84 (2017-10-11)

What's new in 2.83 (2017-10-08)

  • Fix potential HTTP 414 error in form validation of long Batch/Shell tool installer scripts. (issue 47058)
  • Fix link from build cause or page header to user profile in case of unusual user names. (issue 32623)
  • Properly display agent launch arguments when using nested launch methods. (issue 47056)

What's new in 2.82 (2017-10-01)

  • favicon.ico and other binary resource files were broken since 2.79 because they were incorrectly filtered during the build. (issue 47127)
  • Don't log warning when an anonymous user sends an invalid crumb, usually just an expired session. (issue 40344)
  • Developer: Fix TimeDuration time unit handling and its incorrect usage. TimeDuration uses milliseconds as the default unit. It was supposed to parse sec or secs suffix to interpret the number as seconds, but that never worked. (issue 44052)
  • Developer: Create a copy of a list of parameters in ParametersAction constructor before storing them to improve robustness when the caller reuses that list. (issue 45472)

What's new in 2.81 (2017-09-27)

  • Jenkins 2.80 did not initialize the setup wizard on new installations, causing various security options including authentication and authorization to be turned off by default, granting anonymous administrator access. (security advisorynotificationissue 47139)

What's new in 2.80 (2017-09-24)

  • Improve error reporting when failing to archive artifacts. (pull 2976)
  • Save the current Jenkins version whenever saving the Jenkins object, e.g. when saving the global security configuration. Plugins may rely on this information for data migration that would be triggered unnecessarily. (issue 42577)
  • Prevent possible NullPointerException when removing an item from a list view due to a race condition. (issue 23411)
  • Avoid a possible server-side timeout on long-running CLI commands using plain HTTP mode by sending periodic pings from the client. (issue 46659)
  • Renaming or moving a folder failed to properly move build directories of its children when using custom build directory, resulting of loss of their builds. (issue 44657)
  • Developer: Deprecate hudson.util.TimeUnit2 and replace with java.util.concurrent.TimeUnit. (pull 2892)

What's new in 2.79 (2017-09-17)

  • Fix random failures to use passphrase-protected ed25519 SSH private keys (regression in 2.73). (issue 46754)
  • Update Remoting library from 3.11 to 3.12 to fix regression in Jenkins 2.68 when using non-writable home directories. (issue 45755full changelogissue description in 2.73.1 upgrade guide)
  • Add description of nodes to their remote API. (issue 42854)
  • Disconnect node on ping timeout instead of leaving the channel half open. (issue 46680)
  • Internal: Require Java 8u101 to build Jenkins, as that's the minimum required to run it since 2.77. (pull 3015)

What's new in 2.78 (2017-09-10)

  • Moved Jenkins agent runtime to agent.jar file name, and deprecate (but still support) use of legacy slave.jar. Introduce the AGENTJAR_URL environment variable as replacement for SLAVEJAR_URL. (issue 35451)
  • Accept Basic authentication headers case-insensitively. (issue 44663)
  • Internal: Implement DescriptorByNameOwner using Java 8 interface default method. Make Computer a DescriptorByNameOwner allowing its use as @AncestorInPath. (pull 3009)

What's new in 2.77 (2017-09-03)

  • Default the built-in Jenkins Update Center URL to https://updates.jenkins.io instead of obsolete HTTP endpoint. This requires a JRE compatible with Let's Encrypt, e.g. Oracle JRE 8u101. (pull 2996)
  • Fix problem with auto upgrade when using custom JENKINS_HOME on Windows. (issue 13153)
  • Administrative monitor did not detect when Tomcat's URL escaping does not permit forward slashes. (issue 31068)
  • Fix broken UI for users with Discover permission when renaming a job. (issue 41637)
  • Internal: Avoid code duplication using default methods. (pull 2999)

What's new in 2.76 (2017-08-27)

What's new in 2.75 (2017-08-20)

What's new in 2.74 (2017-08-15)

  • Upgrade Stapler library from 1.250 to 1.252. (pull 2956Stapler changelog)
  • Stapler 1.252: Prevent file handle leak in LargeText#GzipAwareSession. (issue 45903)
  • Prevent core or plugin code from mistakenly attempting to serialize jobs, builds, and users except in their intended top-level XML file positions, preventing a class of serious deserialization-related errors. (issue 45892)
  • Stapler 1.252: Restore ability to attach views to interfaces (regression in Jenkins 2.46). (issue 43715)
  • Improve Polish localization. (pull 2974)
  • Log name of the executor thread that died to improve diagnosability. (issue 42376)
  • Prevent caching of the item categories list by the browser to prevent stale data. (issue 43848)
  • Update Agent Installer module to 1.6 for minor fixes and enhancements. (pull 2965changelog)
  • Show display name of the current view in window title. (pull 2969)
  • Include culprits in XML and JSON API again (regression in 2.60). (issue 46082)
  • Improve robustness of the reverse build trigger ("Build after other projects are built"). (issue 45909)
  • Internal: Cleanup of Maven dependencies in Jenkins core, allowing plugins depending on this version or later to build without “upper bound” dependency warnings on recent Maven HPI Plugin releases. (pull 2956)

What's new in 2.73 (2017-08-06)

  • Avoid unnecessary locking to improve performance related to actions. (issue 45244)
  • Improve performance when reading the console text of a build. (issue 45915)
  • Add Polish translations for setup wizard. (pull 2952)
  • Reliably close build log file when using chained BuildListeners. (issue 45057issue 43199)
  • Modify the JNLPLauncher configuration page to work around regression in Docker Plugin (regression in 2.72). (issue 45895)

What's new in 2.72 (2017-07-30)

  • Enable Remoting work directories by default for newly created agents launched via JNLP (Java Web Start Launcher). (issue 44112feature documentation)
  • Always follow redirects for downloading update center metadata, so misbehaving plugins cannot break it. (issue 38185)
  • Minor optimization to queue maintenance routines and printing of console notes, mainly for the benefit of Pipeline node blocks. (issue 45553)
  • Don't monitor response time on offline agents. (issue 20272)

What's new in 2.71 (2017-07-23)

  • Winstone 4.1: Add Jetty HTTP/2 connector and corresponding options for Winstone-Jetty. (issue 45438enabling HTTP/2 support in Winstone-Jetty)
  • Don't reload user records from disk unless explicitly requested to improve performance of user record access. (issue 45737)
  • Prevent NullPointerException in Jenkins#getRootURL() while the instance is not fully loaded yet. (issue 34914)
  • Contributions to the PATH environment variable could result in malformed values on agents on a platform different from master's. (issue 14807)
  • JNLP for launching agents now requests Java 8. (issue 45679)
  • Prevent NullPointerException when a previous completed build is missing for upstream culprits check. (issue 45516)
  • Correctly show or suppress warnings about undefined parameters based on hudson.model.ParametersAction.keepUndefinedParameters system property. (issue 45519)
  • Internal: Delete obsolete SECURITY-144-compat exclusion that can break tests. (issue 25625)

What's new in 2.70 (2017-07-16)

  • Fix version number shown in 2.0 upgrade wizard. (issue 45459)

What's new in 2.69 (2017-07-09)

What's new in 2.68 (2017-07-02)

What's new in 2.67 (2017-06-25)

  • Enable simpler syntax for upstream build trigger in pipelines. (issue 34464)
  • Remove the "JNLP" protocol references from the TCP Agent Listener log messages. (issue 44103)
  • Internal: Update Annotation Indexer to 1.12 to work around JRE bug in tests. (JDK-8182744)

What's new in 2.66 (2017-06-18)

  • When starting the jenkins.war directly, properly check for Java 8 as minimum instead of Java 7 before proceeding. (issue 44764)
  • Allow overriding the Jenkins session ID suffix so it doesn't change on every restart, possibly resulting in too many cookies. (how to set session IDissue 25046issue 44894)
  • Fix resource loading in plugins using the PluginFirstClassLoader, e.g. loading Groovy classes from plugin resources. (issue 44898)
  • Prevent possible NullPointerException when listing remote directories using the FilePath#list() and FilePath#listDirectories() APIs. (issue 44942)

What's new in 2.65 (2017-06-11)

What's new in 2.64 (2017-06-04)

  • Moved agent port and protocol configuration out of "security" (authentication and authorization) block in Configure Global Security. (issue 4478)
  • Add section headers for Markup Formatter and CSRF Protection in Configure Global Security form to make these options more obvious. (pull 2900)
  • Use one-column layout for REST API documentation (.../api URLs). (issue 44563)
  • Update jnr-posix from 3.0.1 to 3.0.41 to pick up improvements and fixes in the POSIX platforms support. (pull 2904)
  • Jenkins failed to perform some cleanup tasks, including saving the build queue, if stopped via REST /exit, CLI shutdown, or when restarting from Install as Windows Service. (issue 44589)
  • Don't check whether disabled administrative monitors are active or not on the Manage Jenkins page. (issue 44608)
  • Do not submit form when pressing Enter in the plugin manager's filter field. (issue 44523)
  • Plugin Development: Jenkins now no longer publishes a war-for-test artifact. Plugins using this or a later version of Jenkins as baseline need to use plugin parent POM 2.30 or later. (issue 24064)

What's new in 2.63 (2017-05-28)

    No notable changes in this release.

What's new in 2.62 (2017-05-21)

  • Fixed Pipeline compatibility for a number of CLI commands (delete-builds, list-changes, console, set-build-description, and set-build-display-name), as well as some issues affecting error reporting in other commands when used with Pipeline. (issue 30785issue 41527)
  • If you have the Authorize Project plugin installed and configured, its configuration will now be treated as final with respect to the behavior of Job/Build checks from Build other projects and Build after other projects are built. Formerly, if a Per-project configurable Build Authorization was enabled globally but some projects did not specify an Authorization, the two aforementioned checks would automatically fall back to checking as anonymous (typically denying build permission). To restore the former behavior, explicitly configure a Project default Build Authorization to be Run as anonymous. Note that this will affect all build-scoped permission checks, including for example Agent/Build. (issue 22949)
  • Internal API: Tasks.getAuthenticationOf now honors authentication contributed by QueueItemAuthenticatorProvider extensions. (pull 2880)
  • Update WinP from 1.24 to 1.25 to improve performance and diagnostics of issues like JENKINS-30782. (full changelog)
  • Fix for NullPointerException while initiating some SSH connections (regression in 2.59). (issue 44120)
  • Prevent StackOverflowError in log recorder when Winstone-Jetty debug logging is enabled. (regression in 2.61) (issue 44330corresponding Jetty issue)

What's new in 2.61 (2017-05-14)

  • Upgrade Groovy from 2.4.8 to 2.4.11. (Groovy 2.4.9 changelogGroovy 2.4.10 changelogGroovy 2.4.11 changelog)
  • Integration of Winstone 4.0: Upgrade bundled Jetty from 9.2.15.v20160210 to 9.4.5.v20170502. This removes support for the deprecated SPDY protocol. The --spdy parameter has been removed accordingly and Jenkins may refuse to start if it's set. (full changelog)
  • Jetty 9.4.5: Prevent the 400 Bad Host header error for HttpChannelOverHttp when operating behind reverse proxy. (issue 40693corresponding Jetty issue)
  • Update the Mailer plugin version installed when updating from very old Jenkins releases to include the fix for SECURITY-372, the SSH Slaves plugin for SECURITY-161, and the Script Security plugin for SECURITY-258. (SECURITY-372SECURITY-161SECURITY-258)
  • Freestyle projects may now list Pipeline jobs as downstream and trigger them, without needing to use the Parameterized Trigger plugin or reverse triggers ("Build after other projects are built"). (issue 28113)
  • Internal: Define enabling/disabling in ParameterizedJob rather than AbstractProject. (issue 27299)
  • Internal: Offer default methods on ParameterizedJob to have less boilerplate code. (pull 2864)

What's new in 2.60 (2017-05-10)

  • Update to Windows Service Wrapper 2.1.0 to support new features: download command with authentication, flag for startup failure on download error, Delayed Automatic Start mode. (issue 43737)
  • Windows services: Add system property that allows disabling WinSW automatic upgrade on agents. (issue 43603more information)
  • Windows services: Restore compatibility of the WindowsSlaveInstaller#generateSlaveXml() method (regression in 2.50, no known external usages). (issue 42745)
  • Windows services: Prevent fatal file descriptor leak when agent service installer fails to read data from the service startup.log. (issue 43930)
  • Use full display name for runs in RSS feed to restore the project name there (regression in 2.59). (issue 44117)
  • Internal: Generalize the changelog API to support non-AbstractBuild run types. (issue 24141)

What's new in 2.59 (2017-05-07)

  • Move to latest version of Trilead to fix SSH connection issues following a previous Trilead upgrade. (issue 42959issue 43979issue 44046)
  • Prevent Internet Explorer from caching AJAX requests using Cache-Control header. (issue 43929)
  • Properly fail with error when updating view with CLI using input of a different view type. (issue 42728)
  • Fix AccessDeniedException in "Build after other projects are built" when user has Discover permission but not Read. (issue 42707)
  • Properly log failure due to empty archive in Pipeline. (issue 38005)
  • Prevent rare NullPointerException if an admin user is created in the setup wizard after first disabling CSRF protection. (issue 44010)

What's new in 2.58 (2017-04-30)

  • Use build display names in RSS feed titles. (pull 2845)
  • Update the Trilead SSH library to get support of new Mac, Key, and Key Exchange Algorithms. (issue 33021issue 26379issue 31549)
  • Migrate legacy users only once per restart to improve performance of the user retrieval logic. (issue 43936)
  • Internal: Pick up the latest release of version-number library. (issue 43733)
  • Internal: Refactor ProcessTree.Windows logic to propagate errors. (issue 43825)

What's new in 2.57 (2017-04-26)

What's new in 2.56 (2017-04-23)

  • Plugins did not expect InvalidPathException to be thrown in file-related methods, so wrap them in IOException to restore behavior (regression in 2.55). (issue 43531)
  • Remove links in stack traces to the stacktrace.jenkins-ci.org service that has been shut down. (issue 42861)
  • If an exception is thrown while rendering an HTTP response, just log the stack trace on the server side, without trying to send an error page to the client. (issue 21695)
  • Prevent NullPointerException when a non-existent default view is specified in Configure System. (issue 42717)
  • Deleting jobs with running builds could result in NullPointerException (regression in 2.55). (issue 43653)

What's new in 2.55 (2017-04-15)

  • Packaging: Debian package now requires Java 8. (causes regression since 2.54). (issue 43495)
  • Added fine-grain logging of FullDuplexHttpService to diagnose issues when establishing an HTTP Duplex connection. (pull 2481)
  • Update LibZFS from 0.5 to 0.8 to fix compatibility issues with ZFS filesystem and illumos distributions. (issue 41932)
  • Before deleting jobs, try to abort the running builds. Error will be thrown instead of the job deletion if its builds cannot be aborted. (issue 35160)
  • Ensure that Cloud.PROVISION is properly initialized during the configuration loading. (issue 43279)
  • Fix log message formatting when migrating `AllView` names due to JENKINS-38606". (issue 43611)
  • Setup wizard gets into bad state when failures like network issues happen. (issue 41778)
  • Catch and log RuntimeException in Computer#setNode() when updating the Computer list. (issue 42043)
  • SSH CLI client authenticator 1.4. Add missing SSH Public Key field validation in user configuration. (issue 16337)
  • Internal API: SSH CLI client authenticator 1.3. Expose PublicKeySignatureWriter to plugins. (pull 2840)

What's new in 2.54 (2017-04-09)

What's new in 2.53 (2017-04-02)

  • Update to Windows Service Wrapper 2.0.3 and Windows Agent Installer 1.8 to prevent conversion of environment variables to lowercase in the agent executable, regression in Jenkins 2.50. (issue 42744WinSW ChangelogWindows Agent Installer changelog)
  • GC Performance: Avoid using FileInputStream and FileOutputStream in the core codebase. (JDK-8080225issue 42934)
  • Packaging: Do not invoke recursive chown in JENKINS_HOME during the RPM post-install step unless owned by a different user. (issue 23273)
  • Internal API: Add support of a new full screen mode in layout.jelly. (issue 34670)

What's new in 2.52 (2017-03-26)

  • Computer#addAction would throw an UnsupportedOperationException since Jenkins 2.30. Such a call site was released in SSH Slaves Plugin 1.15 for SECURITY-161. (issue 42969security advisory including SECURITY-161)
  • Update German localization. (pull 2777)
  • Removed localizations with very low coverage: Albanian, Basque, Belarusian, Bengali, Esperanto, Galician, Georgian, Gujarati, Hindi, Icelandic, Indonesian, Irish, Kannada, Macedonian, Marathi, Mongolian, Occitan, Punjabi, Sinhala, Tamil, Telugu, Thai. (pull 2813)

What's new in 2.51 (2017-03-19)

  • Restore Windows Slaves Plugin 1.2 compatibility by restoring windows-service/jenkins.xml, regression in 2.50. (issue 42724)
  • SSHD 1.10: Move SSH server port configuration to security options page. (pull 2796)
  • Update Russian localization. (pull 2798)
  • Update French localization. (issue 42627)
  • Internal: Make sure system threads run as SYSTEM. (issue 42556)
  • Internal API: Add the ability for ItemListener to veto copy operations. (issue 34691)
  • Internal API: Make Run#compareTo work across jobs. (issue 42319)
  • Internal API: Save Jenkins after calling setSecurityRealm or setAuthorizationStrategy. (pull 2790)
  • Internal API: Annotate PermissionGroup#owner @Nonnull. (pull 2805)

What's new in 2.50 (2017-03-11)

  • Allow searching by build parameter values in the Build History widget. (issue 40718)
  • Searching in the Build History widget takes into account user preferences (case sensitivity by default). (pull 2683)
  • When creating temporary files, use the jenkins prefix instead of the old hudson one. (pull 2778)
  • Fix relative links in the SCM polling administrative monitor. (pull 2780)
  • Update Remoting from 3.5 to 3.7 in order to prevent file descriptor leaks on agents in the case of multiple connection attempts. (full changelog)
  • Upgrade the Windows Agent Installer module from 1.6 to 1.7. This change picks major updates in Windows service management logic. This fix caused a critical regression in the Windows Slaves Plugin (JENKINS-42724). Update to Windows Slaves 1.3.1 in order to get the fix applied. (full changelogguide to upgrading old Windows service agents)
  • Windows services: Upgrade the bundled Windows Service Wrapper from 1.18 to 2.0.2. (full changelog)
  • Windows services: Enable Runaway Process Killer by default in new Agent and Master installations. (issue 39231)
  • Windows services: Enable auto-upgrade of Remoting on newly installed agents if they are connected by HTTPS. (issue 39237)
  • Windows services: Add support of shared directories mapping in Windows agent services. (Shared Directory Mapper documentation)
  • Windows services: Change the default Agent service display name prefix to Jenkins agent %ID%. (issue 42468)
  • Windows services: Prevent agent connection reset issues when WinSW gets terminated due to the system shutdown. (issue 22692)
  • Windows services: Integrate various stability and performance fixes in Windows Service Wrapper from 1.18 to 2.0.2. There are many fixes around configuration options and process termination. (full changelog)
  • Prevent file descriptor leaks when Windows Service installer fails to read data from the service startup log. (issue 42670)
  • Select controls in Jenkins Web UI now show the spinner icon while waiting for the list of possible options during AJAX. requests. (issue 42443)
  • Improve plugin access performance in the default PluginManager implementation. (issue 42585)
  • Internal API: Allow providing a custom task name in Run/Schedule UI via the AlternativeUiTextProvider extension. (issue 34522)
  • Search results page did not correctly encode query parameters. (issue 42390)

What's new in 2.49 (2017-03-05)

  • Do not attempt to find the next occurrence of an impossible date such as June 31st in validation of trigger schedules. (issue 41864)
  • Remove invalid translations in Slovene (issue 41756)

What's new in 2.48 (2017-02-26)

  • Upgrade Apache Commons Collections to version 3.2.2. Note: Jenkins has been using a blacklist to prevent exploiting the serialization vulnerability in 3.2.1 since before 3.2.2 was released. (issue 31598)
  • Use redirect URLs on jenkins.io instead of linking to wiki pages directly, allowing future reorganization of documentation without breaking links in Jenkins. (pull 2756)
  • Fix performance issue in deduplication of lists of tool installers. (issue 42141)
  • Use of the remote API to create items in views (/view/…/createItem) didn't actually add items to views since Jenkins 2.22. (issue 41128)
  • Do not display a warning when an SCM trigger has no schedules (either to disable SCM post-commit hooks, or to enable them without polling). (issue 42194)
  • Developer: Allow referencing radio buttons in f:validateButton validation methods. (pull 2734)

What's new in 2.47 (2017-02-19)

  • Update Groovy to 2.4.8 to address memory leak issue. Do not use this version if you are running Pipeline builds unless you also update Pipeline: Groovy to 2.28 or higher. (issue 33358issue 42189)
  • Windows service restart did not retain build queue. (issue 32820)
  • Exceptions during Jenkins cleanup step should not block restart. (issue 42164)
  • Upgrade Remoting to version 3.5. (full changelog)
  • Remoting 3.5: Remoting clients now accept lowercase (HTTP 2) headers sent by reverse proxies. (issue 40710)
  • Remoting 3.5: Add option to specify the Remoting protocol to use on the client. (issue 41730)
  • Remoting 3.5: Stability improvements. (issue 41513issue 41852)
  • Developer: Snapshot builds of plugins that had dependencies on other snapshot builds were not having their version numbers compared correctly. (issue 41899)

Older changelogs can be found in a separate file