Changelog

Legend:
  • security fix
  • major bug fix
  • bug fix
  • major enhancement
  • enhancement
Community feedback:

What's new in 2.75 (2017-08-20)

What's new in 2.74 (2017-08-15)

  • Upgrade Stapler library from 1.250 to 1.252. (pull 2956Stapler changelog)
  • Stapler 1.252: Prevent file handle leak in LargeText#GzipAwareSession. (issue 45903)
  • Prevent core or plugin code from mistakenly attempting to serialize jobs, builds, and users except in their intended top-level XML file positions, preventing a class of serious deserialization-related errors. (issue 45892)
  • Stapler 1.252: Restore ability to attach views to interfaces (regression in Jenkins 2.46). (issue 43715)
  • Improve Polish localization. (pull 2974)
  • Log name of the executor thread that died to improve diagnosability. (issue 42376)
  • Prevent caching of the item categories list by the browser to prevent stale data. (issue 43848)
  • Update Agent Installer module to 1.6 for minor fixes and enhancements. (pull 2965changelog)
  • Show display name of the current view in window title. (pull 2969)
  • Include culprits in XML and JSON API again (regression in 2.60). (issue 46082)
  • Improve robustness of the reverse build trigger ("Build after other projects are built"). (issue 45909)
  • Internal: Cleanup of Maven dependencies in Jenkins core, allowing plugins depending on this version or later to build without “upper bound” dependency warnings on recent Maven HPI Plugin releases. (pull 2956)

What's new in 2.73 (2017-08-06)

  • Avoid unnecessary locking to improve performance related to actions. (issue 45244)
  • Improve performance when reading the console text of a build. (issue 45915)
  • Add Polish translations for setup wizard. (pull 2952)
  • Reliably close build log file when using chained BuildListeners. (issue 45057issue 43199)
  • Modify the JNLPLauncher configuration page to work around regression in Docker Plugin (regression in 2.72). (issue 45895)

What's new in 2.72 (2017-07-30)

  • Enable remoting work directories by default for newly created agents launched via JNLP (Java Web Start Launcher). (issue 44112feature documentation)
  • Always follow redirects for downloading update center metadata, so misbehaving plugins cannot break it. (issue 38185)
  • Minor optimization to queue maintenance routines and printing of console notes, mainly for the benefit of Pipeline node blocks. (issue 45553)
  • Don't monitor response time on offline agents. (issue 20272)

What's new in 2.71 (2017-07-23)

  • Winstone 4.1: Add Jetty HTTP/2 connector and corresponding options for Winstone-Jetty. (issue 45438enabling HTTP/2 support in Winstone-Jetty)
  • Don't reload user records from disk unless explicitly requested to improve performance of user record access. (issue 45737)
  • Prevent NullPointerException in Jenkins#getRootURL() while the instance is not fully loaded yet. (issue 34914)
  • Contributions to the PATH environment variable could result in malformed values on agents on a platform different from master's. (issue 14807)
  • JNLP for launching agents now requests Java 8. (issue 45679)
  • Prevent NullPointerException when a previous completed build is missing for upstream culprits check. (issue 45516)
  • Correctly show or suppress warnings about undefined parameters based on hudson.model.ParametersAction.keepUndefinedParameters system property. (issue 45519)
  • Internal: Delete obsolete SECURITY-144-compat exclusion that can break tests. (issue 25625)

What's new in 2.70 (2017-07-16)

  • Fix version number shown in 2.0 upgrade wizard. (issue 45459)

What's new in 2.69 (2017-07-09)

What's new in 2.68 (2017-07-02)

What's new in 2.67 (2017-06-25)

  • Enable simpler syntax for upstream build trigger in pipelines. (issue 34464)
  • Remove the "JNLP" protocol references from the TCP Agent Listener log messages. (issue 44103)
  • Internal: Update Annotation Indexer to 1.12 to work around JRE bug in tests. (JDK-8182744)

What's new in 2.66 (2017-06-18)

  • When starting the jenkins.war directly, properly check for Java 8 as minimum instead of Java 7 before proceeding. (issue 44764)
  • Allow overriding the Jenkins session ID suffix so it doesn't change on every restart, possibly resulting in too many cookies. (how to set session IDissue 25046issue 44894)
  • Fix resource loading in plugins using the PluginFirstClassLoader, e.g. loading Groovy classes from plugin resources. (issue 44898)
  • Prevent possible NullPointerException when listing remote directories using the FilePath#list() and FilePath#listDirectories() APIs. (issue 44942)

What's new in 2.65 (2017-06-11)

What's new in 2.64 (2017-06-04)

  • Moved agent port and protocol configuration out of "security" (authentication and authorization) block in Configure Global Security. (issue 4478)
  • Add section headers for Markup Formatter and CSRF Protection in Configure Global Security form to make these options more obvious. (pull 2900)
  • Use one-column layout for REST API documentation (.../api URLs). (issue 44563)
  • Update jnr-posix from 3.0.1 to 3.0.41 to pick up improvements and fixes in the POSIX platforms support. (pull 2904)
  • Jenkins failed to perform some cleanup tasks, including saving the build queue, if stopped via REST /exit, CLI shutdown, or when restarting from Install as Windows Service. (issue 44589)
  • Don't check whether disabled administrative monitors are active or not on the Manage Jenkins page. (issue 44608)
  • Do not submit form when pressing Enter in the plugin manager's filter field. (issue 44523)
  • Plugin Development: Jenkins now no longer publishes a war-for-test artifact. Plugins using this or a later version of Jenkins as baseline need to use plugin parent POM 2.30 or later. (issue 24064)

What's new in 2.63 (2017-05-28)

    No notable changes in this release.

What's new in 2.62 (2017-05-21)

  • Fixed Pipeline compatibility for a number of CLI commands (delete-builds, list-changes, console, set-build-description, and set-build-display-name), as well as some issues affecting error reporting in other commands when used with Pipeline. (issue 30785issue 41527)
  • If you have the Authorize Project plugin installed and configured, its configuration will now be treated as final with respect to the behavior of Job/Build checks from Build other projects and Build after other projects are built. Formerly, if a Per-project configurable Build Authorization was enabled globally but some projects did not specify an Authorization, the two aforementioned checks would automatically fall back to checking as anonymous (typically denying build permission). To restore the former behavior, explicitly configure a Project default Build Authorization to be Run as anonymous. Note that this will affect all build-scoped permission checks, including for example Agent/Build. (issue 22949)
  • Internal API: Tasks.getAuthenticationOf now honors authentication contributed by QueueItemAuthenticatorProvider extensions. (pull 2880)
  • Update WinP from 1.24 to 1.25 to improve performance and diagnostics of issues like JENKINS-30782. (full changelog)
  • Fix for NullPointerException while initiating some SSH connections (regression in 2.59). (issue 44120)
  • Prevent StackOverflowError in log recorder when Winstone-Jetty debug logging is enabled. (regression in 2.61) (issue 44330corresponding Jetty issue)

What's new in 2.61 (2017-05-14)

  • Upgrade Groovy from 2.4.8 to 2.4.11. (Groovy 2.4.9 changelogGroovy 2.4.10 changelogGroovy 2.4.11 changelog)
  • Integration of Winstone 4.0: Upgrade bundled Jetty from 9.2.15.v20160210 to 9.4.5.v20170502. This removes support for the deprecated SPDY protocol. The --spdy parameter has been removed accordingly and Jenkins may refuse to start if it's set. (full changelog)
  • Jetty 9.4.5: Prevent the 400 Bad Host header error for HttpChannelOverHttp when operating behind reverse proxy. (issue 40693corresponding Jetty issue)
  • Update the Mailer plugin version installed when updating from very old Jenkins releases to include the fix for SECURITY-372, the SSH Slaves plugin for SECURITY-161, and the Script Security plugin for SECURITY-258. (SECURITY-372SECURITY-161SECURITY-258)
  • Freestyle projects may now list Pipeline jobs as downstream and trigger them, without needing to use the Parameterized Trigger plugin or reverse triggers ("Build after other projects are built"). (issue 28113)
  • Internal: Define enabling/disabling in ParameterizedJob rather than AbstractProject. (issue 27299)
  • Internal: Offer default methods on ParameterizedJob to have less boilerplate code. (pull 2864)

What's new in 2.60 (2017-05-10)

  • Update to Windows Service Wrapper 2.1.0 to support new features: download command with authentication, flag for startup failure on download error, Delayed Automatic Start mode. (issue 43737)
  • Windows services: Add system property that allows disabling WinSW automatic upgrade on agents. (issue 43603more information)
  • Windows services: Restore compatibility of the WindowsSlaveInstaller#generateSlaveXml() method (regression in 2.50, no known external usages). (issue 42745)
  • Windows services: Prevent fatal file descriptor leak when agent service installer fails to read data from the service startup.log. (issue 43930)
  • Use full display name for runs in RSS feed to restore the project name there (regression in 2.59). (issue 44117)
  • Internal: Generalize the changelog API to support non-AbstractBuild run types. (issue 24141)

What's new in 2.59 (2017-05-07)

  • Move to latest version of Trilead to fix SSH connection issues following a previous Trilead upgrade. (issue 42959issue 43979issue 44046)
  • Prevent Internet Explorer from caching AJAX requests using Cache-Control header. (issue 43929)
  • Properly fail with error when updating view with CLI using input of a different view type. (issue 42728)
  • Fix AccessDeniedException in "Build after other projects are built" when user has Discover permission but not Read. (issue 42707)
  • Properly log failure due to empty archive in Pipeline. (issue 38005)
  • Prevent rare NullPointerException if an admin user is created in the setup wizard after first disabling CSRF protection. (issue 44010)

What's new in 2.58 (2017-04-30)

  • Use build display names in RSS feed titles. (pull 2845)
  • Update the Trilead SSH library to get support of new Mac, Key, and Key Exchange Algorithms. (issue 33021issue 26379issue 31549)
  • Migrate legacy users only once per restart to improve performance of the user retrieval logic. (issue 43936)
  • Internal: Pick up the latest release of version-number library. (issue 43733)
  • Internal: Refactor ProcessTree.Windows logic to propagate errors. (issue 43825)

What's new in 2.57 (2017-04-26)

What's new in 2.56 (2017-04-23)

  • Plugins did not expect InvalidPathException to be thrown in file-related methods, so wrap them in IOException to restore behavior (regression in 2.55). (issue 43531)
  • Remove links in stack traces to the stacktrace.jenkins-ci.org service that has been shut down. (issue 42861)
  • If an exception is thrown while rendering an HTTP response, just log the stack trace on the server side, without trying to send an error page to the client. (issue 21695)
  • Prevent NullPointerException when a non-existent default view is specified in Configure System. (issue 42717)
  • Deleting jobs with running builds could result in NullPointerException (regression in 2.55). (issue 43653)

What's new in 2.55 (2017-04-15)

  • Packaging: Debian package now requires Java 8. (causes regression since 2.54). (issue 43495)
  • Added fine-grain logging of FullDuplexHttpService to diagnose issues when establishing an HTTP Duplex connection. (pull 2481)
  • Update LibZFS from 0.5 to 0.8 to fix compatibility issues with ZFS filesystem and illumos distributions. (issue 41932)
  • Before deleting jobs, try to abort the running builds. Error will be thrown instead of the job deletion if its builds cannot be aborted. (issue 35160)
  • Ensure that Cloud.PROVISION is properly initialized during the configuration loading. (issue 43279)
  • Fix log message formatting when migrating `AllView` names due to JENKINS-38606". (issue 43611)
  • Setup wizard gets into bad state when failures like network issues happen. (issue 41778)
  • Catch and log RuntimeException in Computer#setNode() when updating the Computer list. (issue 42043)
  • SSH CLI client authenticator 1.4. Add missing SSH Public Key field validation in user configuration. (issue 16337)
  • Internal API: SSH CLI client authenticator 1.3. Expose PublicKeySignatureWriter to plugins. (pull 2840)

What's new in 2.54 (2017-04-09)

What's new in 2.53 (2017-04-02)

  • Update to Windows Service Wrapper 2.0.3 and Windows Agent Installer 1.8 to prevent conversion of environment variables to lowercase in the agent executable, regression in Jenkins 2.50. (issue 42744WinSW ChangelogWindows Agent Installer changelog)
  • GC Performance: Avoid using FileInputStream and FileOutputStream in the core codebase. (JDK-8080225issue 42934)
  • Packaging: Do not invoke recursive chown in JENKINS_HOME during the RPM post-install step unless owned by a different user. (issue 23273)
  • Internal API: Add support of a new full screen mode in layout.jelly. (issue 34670)

What's new in 2.52 (2017-03-26)

  • Computer#addAction would throw an UnsupportedOperationException since Jenkins 2.30. Such a call site was released in SSH Slaves Plugin 1.15 for SECURITY-161. (issue 42969security advisory including SECURITY-161)
  • Update German localization. (pull 2777)
  • Removed localizations with very low coverage: Albanian, Basque, Belarusian, Bengali, Esperanto, Galician, Georgian, Gujarati, Hindi, Icelandic, Indonesian, Irish, Kannada, Macedonian, Marathi, Mongolian, Occitan, Punjabi, Sinhala, Tamil, Telugu, Thai. (pull 2813)

What's new in 2.51 (2017-03-19)

  • Restore Windows Slaves Plugin 1.2 compatibility by restoring windows-service/jenkins.xml, regression in 2.50. (issue 42724)
  • SSHD 1.10: Move SSH server port configuration to security options page. (pull 2796)
  • Update Russian localization. (pull 2798)
  • Update French localization. (issue 42627)
  • Internal: Make sure system threads run as SYSTEM. (issue 42556)
  • Internal API: Add the ability for ItemListener to veto copy operations. (issue 34691)
  • Internal API: Make Run#compareTo work across jobs. (issue 42319)
  • Internal API: Save Jenkins after calling setSecurityRealm or setAuthorizationStrategy. (pull 2790)
  • Internal API: Annotate PermissionGroup#owner @Nonnull. (pull 2805)

What's new in 2.50 (2017-03-11)

  • Allow searching by build parameter values in the Build History widget. (issue 40718)
  • Searching in the Build History widget takes into account user preferences (case sensitivity by default). (pull 2683)
  • When creating temporary files, use the jenkins prefix instead of the old hudson one. (pull 2778)
  • Fix relative links in the SCM polling administrative monitor. (pull 2780)
  • Update Remoting from 3.5 to 3.7 in order to prevent file descriptor leaks on agents in the case of multiple connection attempts. (full changelog)
  • Upgrade the Windows Agent Installer module from 1.6 to 1.7. This change picks major updates in Windows service management logic. This fix caused a critical regression in the Windows Slaves Plugin (JENKINS-42724). Update to Windows Slaves 1.3.1 in order to get the fix applied. (full changelogguide to upgrading old Windows service agents)
  • Windows services: Upgrade the bundled Windows Service Wrapper from 1.18 to 2.0.2. (full changelog)
  • Windows services: Enable Runaway Process Killer by default in new Agent and Master installations. (issue 39231)
  • Windows services: Enable auto-upgrade of remoting on newly installed agents if they are connected by HTTPS. (issue 39237)
  • Windows services: Add support of shared directories mapping in Windows agent services. (Shared Directory Mapper documentation)
  • Windows services: Change the default Agent service display name prefix to Jenkins agent %ID%. (issue 42468)
  • Windows services: Prevent agent connection reset issues when WinSW gets terminated due to the system shutdown. (issue 22692)
  • Windows services: Integrate various stability and performance fixes in Windows Service Wrapper from 1.18 to 2.0.2. There are many fixes around configuration options and process termination. (full changelog)
  • Prevent file descriptor leaks when Windows Service installer fails to read data from the service startup log. (issue 42670)
  • Select controls in Jenkins Web UI now show the spinner icon while waiting for the list of possible options during AJAX. requests. (issue 42443)
  • Improve plugin access performance in the default PluginManager implementation. (issue 42585)
  • Internal API: Allow providing a custom task name in Run/Schedule UI via the AlternativeUiTextProvider extension. (issue 34522)
  • Search results page did not correctly encode query parameters. (issue 42390)

What's new in 2.49 (2017-03-05)

  • Do not attempt to find the next occurrence of an impossible date such as June 31st in validation of trigger schedules. (issue 41864)
  • Remove invalid translations in Slovene (issue 41756)

What's new in 2.48 (2017-02-26)

  • Upgrade Apache Commons Collections to version 3.2.2. Note: Jenkins has been using a blacklist to prevent exploiting the serialization vulnerability in 3.2.1 since before 3.2.2 was released. (issue 31598)
  • Use redirect URLs on jenkins.io instead of linking to wiki pages directly, allowing future reorganization of documentation without breaking links in Jenkins. (pull 2756)
  • Fix performance issue in deduplication of lists of tool installers. (issue 42141)
  • Use of the remote API to create items in views (/view/…/createItem) didn't actually add items to views since Jenkins 2.22. (issue 41128)
  • Do not display a warning when an SCM trigger has no schedules (either to disable SCM post-commit hooks, or to enable them without polling). (issue 42194)
  • Developer: Allow referencing radio buttons in f:validateButton validation methods. (pull 2734)

What's new in 2.47 (2017-02-19)

  • Update Groovy to 2.4.8 to address memory leak issue. Do not use this version if you are running Pipeline builds unless you also update Pipeline: Groovy to 2.28 or higher. (issue 33358issue 42189)
  • Windows service restart did not retain build queue. (issue 32820)
  • Exceptions during Jenkins cleanup step should not block restart. (issue 42164)
  • Upgrade remoting to version 3.5. (full changelog)
  • Remoting 3.5: Remoting clients now accept lowercase (HTTP 2) headers sent by reverse proxies. (issue 40710)
  • Remoting 3.5: Add option to specify the remoting protocol to use on the client. (issue 41730)
  • Remoting 3.5: Stability improvements. (issue 41513issue 41852)
  • Developer: Snapshot builds of plugins that had dependencies on other snapshot builds were not having their version numbers compared correctly. (issue 41899)

What's new in 2.46 (2017/02/13)

  • Failure to serialize a single Action could cause an entire REST export response to fail. Upgraded to Stapler 1.250 with a fix. (issue 40088)
  • Do not fail to write a log file just because something deleted the parent directory. (issue 16634)
  • Use extensible BUILD_NOW_TEXT for parameterized jobs. (issue 41457)
  • Display an informative message, rather than a Groovy exception, when View#getItems fails. (issue 41825)
  • Don't consider a project to be parameterized if no parameters are defined. (issue 37590)
  • Don't add all group names as HTTP headers on "access denied" pages. (issue 39402)
  • Ensure that PluginManager#dynamicLoad runs as SYSTEM. (issue 41684)
  • Add Usage Statistics section to the global configuration to make it easier to find. (issue 32938)
  • Allow groovy CLI command via SSH CLI. (issue 41765)

What's new in 2.45 (2017/02/06)

  • Delete obsolete pinning UI. (issue 34065)
  • Don't try to set Agent Port when it is enforced, breaking form submission. (issue 41511)
  • Use project-specific validation URL for SCM Trigger, so H is handled correctly in preview. (issue 26977)
  • Fix completely wrong Basque translation. (pull 2731)

What's new in 2.44 (2017/02/01)

What's new in 2.43 (2017/01/29)

  • Print stack traces in logical order, with the most important part on top. (pull 1485)

What's new in 2.42 (2017/01/22)

  • IllegalStateException from Winstone when making certain requests with access logging enabled. (issue 37625)

What's new in 2.41 (2017/01/15)

  • Restore option value for setting build result to unstable when loading shell and batch build steps from disk. (issue 40894)
  • Autocomplete admin-only links in search suggestions only when admin. (issue 7874)
  • Improve agent protocol descriptions. (issue 40700)
  • Improve description for Enable Security option and administrative monitor when security is off. (issue 40813)
  • Enable the JNLP4 agent protocol by default. (issue 40886)

What's new in 2.40 (2017/01/08)

  • Support displaying of warnings from the Update Site in the Plugin Manager and in administrative monitors. (issue 40494, announcement blog post)
  • Do not print warnings about undefined parameters when hudson.model.ParametersAction.keepUndefinedParameters property is set to false. (pull 2687)
  • Increase the JENKINS_HOME disk space threshold from 1Gb to 10Gb left. The warning will be shown only if more than 90% of the disk is utilized. (issue 40749)
  • Plugin Manager: Redirect back to the Advanced Tab when saving the Update Site URL. (pull 2703)
  • Prevent the ClassNotFoundException: javax.servlet.ServletException error when invoking shell tasks on remote agents. (issue 40863)
  • Jobs were hanging during process termination on the Solaris 11 Intel platform. (issue 40470, regression in 2.20)
  • Fix handling of the POST flag in ManagementLinks within the Manage Jenkins page. (issue 38175)
  • Require POST in the Reload from disk management link. (pull 2692)

What's new in 2.39 (2017/01/02)

  • Properties were not passed to Maven command by Maven build step when the Inject Build Variables flag was not set. (issue 39268)
  • Update remoting to 3.4 in order to properly terminate the channel in the case Errors and Exceptions. (issue 39835)
  • Improved Polish and Catalan translations. (pull 2688 and pull 2686)

What's new in 2.38 (2016/12/25)

  • Update to Winstone 3.2 to support ad-hoc certificate generation on Java 8 (using unsupported APIs). This option is deprecated and will be removed in a future release. We strongly recommend you create self-signed certificates yourself and use --httpsKeyStore and related options instead. (issue 25333)
  • The install-plugin CLI command now correctly installs plugins when multiple file arguments are specified. (issue 32358)
  • Correctly state that Jenkins will refuse to load plugins whose dependencies are not satisfied in plugin manager. (issue 40666)

What's new in 2.37 (2016/12/18)

  • Allow defining agent ping interval and ping timeout in seconds. It can be done via the hudson.slaves.ChannelPinger.pingIntervalSeconds and hudson.slaves.ChannelPinger.pingTimeoutSeconds system properties. (issue 28245)
  • Delegate JNLP HMAC computation to SlaveComputer instances when possible. (issue 40286)
  • Diagnosability: Split Exception handling of node provision and adding to Jenkins. (issue 38903)
  • Do not report -noCertificateCheck warning to STDOUT. (pull 2666)
  • Improve overall performance of Jenkins by accessing item group elements without sorting where it is possible. (pull 2665)
  • Convert URI encoding check on the Manage Jenkins page into admin monitor. (issue 39433)
  • Update SSHD Core from 0.8.0 to 0.14.0. (pull 2662)
  • SSHD Module: Handshake was failing (wrong shared secret) 1 out of 256 times due to SSHD-330. (issue 40362)
  • View display name was ignored during rendering of tabs. (issue 39300)
  • Job configuration submission now does not fail when there is no parameters property. (issue 39700, regression in 1.637)
  • Fix names of item loading and cleanup Jenkins initialization stages. (issue 40489)
  • Performance: Use bulk change when submitting Job configurations to minimize the number of sequential config.xml write operations. (issue 40435)
  • Check for Updates button in the Plugin Manager was hidden in the Updates tab when there was no plugins updates available. (issue 39971)
  • Remoting 3.3: Agent JAR cache corruption was causing malfunctioning of agents. (issue 39547)
  • Remoting 3.3: Improve diagnostics of the preliminary FifoBuffer termination in the JNLP2 protocol. (issue 40491)
  • Remoting 3.3: Hardening of FifoBuffer operation logic. The change improves the original fix of JENKINS-25218. (remoting pull #100)
  • Remoting 3.3: ProxyException now retains info about suppressed exceptions when serializing over the channel. (remoting pull #136)
  • API: Introduce the new Jenkins#isSubjectToMandatoryReadPermissionCheck(String restOfPath) method for checking access permissions to particular paths. (issue 32797)
  • API: Introduce new Node#getNodeProperty() methods for retrieving node properties. (issue 40365)
  • API: Introduce new Items#allItems() methods for accessing items in item groups without sorting overhead. (issue 40252)
  • Improved Polish translation. (pull 2643)

What's new in 2.36 (2016/12/11)

  • Several badges were missing in builds flagged as KeepBuildForever. (issue 40281, regression in 2.34)
  • Retain cause of blockage if the Queue task cannot be taken due to the decision of QueueTaskDispatcher extension, NodeProperty and other extensions. (issue 38514)
  • Internal API: Allow overriding UserProperty.setUser(User). (issue 40266)
  • Internal API: Restrict usage of core localization message classes in plugins. These message classes are not guaranteed to be binary compatible. (pull 2656)

What's new in 2.35 (2016/12/04)

  • Add display name and full display name of items to the remote API. (issue 39972)
  • API: Allow specifying log level in SystemProperties when a System property is undefined. (pull 2646)
  • Followup fix for JENKINS-23271 in 2.34 addressing plugin implementations not using ProcStarter. (pull 2653)

What's new in 2.34 (2016/11/27)

  • Improve performance of Action retrieval methods. It speeds up core and plugin logic operating with Actionable objects like items, folders, nodes, etc. (issue 38867)
  • Update the SSHD module from 1.7 to 1.8. The change disables obsolete Ciphers: AES128CBC, TripleDESCBC, and BlowfishCBC. (issue 39805)
  • Update the Windows process management library (WinP) from 1.22 to 1.24. Full changelog is available here, only major issues are mentioned below. (pull 2619)
  • WinP 1.24: Native class now tries loading DLLs from the temporary location. (issue 20913)
  • WinP 1.24: WinP sometimes kills wrong processes when using killRecursive(). It was likely impacting process termination on Windows agents and sometimes leading to BSoD. (issue 24453, WinP Issue #22)

What's new in 2.33 (2016/11/20)

  • Reduce size of Jenkins WAR file by not storing identical copies of remoting.jar/slave.jar there. (pull 2633)
  • Prevent early deallocation of process references by Garbage Collector when starting a remote process. It was sometimes causing build failures with messages like FATAL: Invalid object ID 184 iuota=187 and java.lang.Exception: Object was recently deallocated. (issue 23271)
  • Make handling of internalization resource bundle names compliant with W3C standards. (issue 39034)
  • Redirect to login page in the case of authorisation error when checking connectivity to the Update Center. (issue 39741)
  • Remove the obsolete hudson.showWindowsServiceInstallLink property from the slave-agent.jnlp file. It was causing harmless security warnings in Java web start. (issue 39883)
  • Improved Polish translation. (pull 2640)

What's new in 2.32 (2016/11/16)

  • Important security fixes (security advisory)
  • Allow disabling the Jenkins CLI over HTTP and JNLP agent port by setting the System property jenkins.CLI.disabled to true.

What's new in 2.31 (2016/11/13)

  • Performance: Improve responsiveness of Jenkins web UI on mobile devices. (issue 39172, continuation of the patch in 2.28)
  • It was not possible to connect Jenkins agents via Java Web Start due to the issue in Remoting 3.0. Upgraded to Remoting 3.1 with a fix. (issue 39596, regression in 2.26)
  • Prevent NullPointerException when rendering CauseOfInterruption.UserInterruption in build summary pages for non-existent users. (issue 38721 and issue 37282, regression in 2.14)
  • Reduce logging level when the localization resource is missing ResourceBundleUtil#getBundle(). (issue 39604)
  • ExtensionList.removeAll was not unimplemented in Jenkins extension management API. It was causing issues during dynamic loading of GitHub and BitBucket branch source plugins on the same instance. (issue 39520)
  • Remoting 3.1: hudson.remoting.Engine (mostly Java Web Start) was failing to establish connection if one of the URLs in urls parameter was malformed. (issue 39617)
  • Remoting 3.1: Add method for dumping diagnostics across all the channels (e.g. in the Support Core Plugin). (issue 39150)
  • Remoting 3.1: Improve the caller/callee correlation diagnostics in thread dumps. (issue 39543)
  • Remoting 3.1: Add the org.jenkinsci.remoting.nio.NioChannelHub.disabled flag for disabling NIO, mostly for debugging purposes. (issue 39290)
  • Remoting 3.1: Add extra logging to help diagnosing IOHub concurrent thread number spikes. (issue 38692)
  • Remoting 3.1: When a proxy fails, report what caused the channel to go down. (issue 39289)
  • Improved Polish translation. (pull 2631)

What's new in 2.30 (2016/11/07)

  • Adjust incompatible Actionable initialization changes made for issue 39404). It caused massive regressions in plugins like Jenkins Pipeline. (issue 39555, regression in 2.29)
  • Integration of Stapler 1.246 caused regressions in plugins depending on Ruby Runtime Plugin. Upgraded to Stapler 1.248 with a fix. (issue 39414, regression in 2.28)
  • Custom remoting enable/disable settings were not properly persisted on the disk and then reloaded. If the option has been configured in Jenkins starting from 2.16, a reconfiguration may be required. (issue 39465)

What's new in 2.29 (2016/11/06)

Warning! This release is not recommended for use due to issue 39555 and issue 39414. We are working on the out-of-order release (discussion).

  • Performance: Optimize log retrieval logic for large log files. (issue 39535)
  • Integration of Stapler 1.246 caused regressions in plugins depending on Ruby Runtime Plugin. Upgraded to Stapler 1.247 with a partial fix. (issue 39414, partial fix)
  • Jenkins startup does not fail if one of ComputerListeners throws exception in the onOnline() handler. (issue 38487)
  • Queue: Do not consider pending tasks from the internal scheduling logic when looking for duplicate tasks. It was causing race conditions in Jenkins Pipeline. (issue 39454)
  • Internal: Modify the Actionable API to provide methods to assist with manipulation of persisted actions. (issue 39404)
  • Internal: Jelly attribute documentation now supports the since tag. (Stapler pull #84)

What's new in 2.28 (2016/10/30)

  • Performance: Improve responsiveness of Jenkins web UI on mobile devices. (issue 39172)
  • Print warnings if none of Tool Installers can be used during the tool installation. (issue 26940)
  • Update the minimal required versions of the detached Maven Project plugin from 2.7.1 to 2.14. Changelog is available here. (pull 2606)
  • Update the minimal required versions of the detached JUnit plugin from 1.2-beta-4 to 1.6. Changelog is available here. (pull 2606))
  • Relax requirements of the JNLP connection receiver, which was rejections connections from agents not using JNLPComputerLauncher (e.g. from Slave Setup, vSphere Cloud and other plugins). No the connection is accepted from launchers implementing other proxying and filtering Launcher implementations. Particular plugins may require setting up the jenkins.slaves.DefaultJnlpSlaveReceiver.disableStrictVerification system property in the master JVM to allow connecting agents. (issue 39232, regression in 2.28)
  • Prevent resource leak in hudson.XmlFile#readRaw() in the case of encoding issues. (issue 39363)
  • Prevented endless loop in LargeText.BufferSession.skip(), which was causing hanging of Pipeline jobs in corner cases. (issue 37664)
  • Internal: Upgrade Stapler library from 1.243 to 1.246 with fixes required for the Blue Ocean project. More details are coming soon. Raw changes are listed here. (pull 2593)
  • Internal: Start defining APIs that are for the master JVM only. (issue 38370)
  • Internal: Update Guice dependency from 4.0-beta to 4.0. This change required upgrade of detached plugins (see above). (pull 2568)

What's new in 2.27 (2016/10/23)

  • Upgrade to the Remoting 3 baseline. Compatibility notes are available here. (issue 37564)
  • Remoting 3.0: New JNLP4-connect protocol, which improves performance and stability compared to the JNLP3-connect protocol. (issue 36871)
  • Remoting 3.0: Agents using slave.jar now explicitly require Java 7. (issue 37565)
  • Prevent deadlocks during modification of node executor numbers (e.g. during deletion of nodes). (issue 31768)
  • Add missing internationalization support to ResourceBundleUtil. It fixes internationalization in Blue Ocean and Jenkins Design Language. (issue 35845)
  • Internal: Make the code more compatible with Java 9 requirements and allow its editing in newest NetBeans versions with NB bug 268452. (pull 2595)
  • Internal: Icon handling API for items. Deprecate TopLevelItemDescriptor#getIconFilePathPattern() and switch to IconSpec. (issue 38960)

What's new in 2.26 (2016/10/17)

  • Allow CommandInterpreter build steps to set a build result as Unstable via the return code. Shell and Batch build steps now support this feature. (issue 23786)
  • Performance: Avoid acquiring locks in MaskingClassloader. (issue 23784)
  • Performance: Update XStream driver to improve performance of XML serialization/deserialization. (pull 2561)
  • Harden checks of prohibited names in user creation logic. Untrimmed spaces and different letter cases are being checked now. (issue 35967)
  • Performance: Fix the performance of file compress/uncompress operations over the remoting channel. (issue 38640, issue 38814)
  • Restore automatic line wrapping in Build Step text boxes with syntax highlighting. (issue 27367)
  • Properly remove disabled Administrative Monitors from the extension list. (issue 38678)
  • Remoting 2.62.2: Improve connection stability by turning on Socket Keep-alive by default. Keep-alive can be disabled via the -noKeepAlive option. (issue 38539)
  • Remoting 2.62.2: Prevent NullPointerException in Engine#connect() when host or port parameters are null or empty. (issue 37539)
  • Node build history page was hammering the performance of the Jenkins instance by spawning parallel heavy requests. Now the information is being loaded sequentially. (issue 23244)
  • Cleanup spelling in CLI help and error messages. (issue 38650)
  • Properly handle quotes and other special symbols in item names during form validation. (issue 31871)
  • Internal: Invoke hpi:record-core-location during the build in order to enabled coordinated run across repositories. (pull 1894)
  • Internal: Bulk cleanup of @since definitions in Javadoc. (pull 2578)

What's new in 2.25 (2016/10/09)

  • Display transient actions for labels. (issue 38651)
  • Add user to restart log message for restart after plugin installation. (issue 38615)
  • Internal: Code modernization: Use try-with-resources a lot more (pull 2570)

What's new in 2.24 (2016/10/02)

  • Show notification with popup on most pages when administrative monitors are active. (issue 38391)
  • Allow disabling/enabling administrative monitors on Configure Jenkins form. (issue 38301)
  • Ensure exception stacktrace is shown when there's a FormException. (pull 2555)
  • Add new jenkins.model.Jenkins.slaveAgentPortEnforce system property, which prevents slave agent port modification via Jenkins Web UI and form submissions. (PR #2545)
  • Indicate hovered table row on striped tables. (issue 32148)
  • Decrease connection timeout when changing the JNLP agent port via Groovy system scripts. (issue 38473)
  • Added Serbian localization. (PR #2554)
  • Exclude /cli URL from CSRF protection crumb requirement, making the CLI work with CSRF protection enabled and JNLP port disabled. (issue 18114)
  • Prevent instantiation of jenkins.model.Jenkins on agents in the ProcessKillingVeto extension point. (issue 38534)
  • Fix handling of the jenkins.model.Jenkins.slaveAgentPort system property, which was not honored. (issue 38187, regression in 2.0)
  • CLI: Disable the channel message chunking by default. Prevents connection issues like java.io.StreamCorruptedException: invalid stream header: 0A0A0A0A. (issue 23232)
  • CLI: Connection over HTTP was not working correctly. (issue 34287, regression in 2.0)

What's new in 2.23 (2016/09/18)

  • Fix JS/browser memory leak on Jenkins dashboard. (issue 10912)
  • Build history was not properly updating via AJAX. (issue 31487)
  • Properly enable submit button on New Item page when choosing item type first. (issue 36539)

What's new in 2.22 (2016/09/11)

  • Change symbol and constructor for SCMTrigger to pollScm to make it usable in Pipeline scripts. (issue 37731)
  • Prompt user whether to add the job to the current view. (issue 19142)
  • Update to sshd module 1.7, allowing definition of client idle timeout. (pull 2534, issue 36420)
  • Update to sezpoz 1.12 with better diagnostics. (pull 2525)
  • Fix NullPointerException when descriptor is not in DescriptorList. (issue 37997)
  • Use the correct 'gear' icon for Manage Jenkins in Plugin Manager. (issue 34250)

What's new in 2.21 (2016/09/04)

  • Ask for confirmation before canceling/aborting runs. (issue 30565)
  • Add newline after the text in userContent/readme.txt. (PR #2532)
  • Fixed the missing icon in the System Script console. (issue 37814)
  • Print warnings to system logs and administrative monitors when Jenkins initialization does not reach the final milestone. (issue 37874, diagnostics for issue-37759)
  • Developer API: UpdateSite#getJsonSignatureValidator() can be now overridden and used in plugins. (PR #2532)

What's new in 2.20 (2016/08/28)

  • Make Cloud.PROVISION permission independent from Jenkins.ADMINISTER. (issue 37616)
  • Allow the use of custom JSON signature validator for Update Site metadata signature checks. (issue 36537)
  • Do not process null CRON specifications in build triggers. (issue 36748, enhances fix in 2.15)
  • Setup wizard now checks if the restart is supported on the system before displaying the restart button. (issue 33374)
  • Test Windows junctions before Java 7 symlink in symbolic link checks. (issue 29956)
  • Fixed background color in the ComboBoxList element in order to make options visible. (issue 37549)
  • Fixed editing default view description with automatic refresh. System message is not being displayed instead of the view description. (issue 37360)
  • Fixed process tree management logic on Solaris with 64-bit JVMs. (issue 37559)

What's new in 2.19 (2016/08/21)

  • Prevent File descriptor leaks when reading plugin manifests. It causes failures during the upgrade of detached plugins on Windows. (issue 37332, regression in 2.16)
  • Prevent resource leaks in AntClassLoader being used in the core. (issue 37561)
  • Fix the wrong message about empty field in the case duplicate item name in the New Item dialog. (issue 34532)
  • Allow invoking Upgrade Wizard when Jenkins starts up. It can be done by placing an empty jenkins.install.InstallUtil.lastExecVersion file in JENKINS_HOME. (issue 37438)
  • Replace repetitious "website" and "dependencies" text in the Setup Wizard by icons. (issue 37523)
  • Expose Job name to system logs when Jenkins fails to create a new build with IllegalStateException. (issue 33549)
  • Downgrade Queue#maintain() message for dead executors during task mapping from INFO to FINE. (PR #2510)

What's new in 2.18 (2016/08/15)

  • Better diagnostics and robustness against old ChangeLogAnnotator API usage in plugins. Enhances JENKINS-23365 fix in 1.569. (issue 36757)
  • Prevent open file leak when the agent channel onClose() listener writes to the already closed log. (issue 37098)
  • Stop A/B testing of the remoting JNLP3 protocol due to the known issues. The protocol can be enabled manually via the jenkins.slaves.JnlpSlaveAgentProtocol3.enabled system property. (issue 37315)
  • When checking Update Center, append ?uctest parameter to HTTP and HTTPS URLs only. (issue 37189)
  • Incorrect formatting of messages in the Update Center and Setup Wizard. (issue 36757)
  • Massive cleanup of issues reported by FindBugs. User-visible issues - wrong log message formatting bugs in the Update Center and user creation logic. (issue 36717, PR #2459)
  • Remoting 2.61: JNLP Slave connection issue with JNLP3-connect when the generated encrypted cookie contains a newline symbols. (issue 37140)
  • Remoting 2.61: Retry loading classes when remote classloader gets interrupted. (issue 36991)
  • Remoting 2.61: Improve diagnostics of Local Jar Cache write errors. (remoting PR #91)
  • Remoting 2.62: Be robust against the delayed EOF command when unexporting input and output streams. (issue 22853)
  • Remoting 2.62: Cleanup of minor issues discovered by FindBugs. (remoting PR #96)
  • Remoting 2.62: Improve class filtering performance in remote invocations. (issue 37218)
  • Remoting 2.62: TCP agent connection listener now publishes a list of supported agent protocols to speed up the connection setup. (issue 37031)
  • Improve German, Lithuanian and Bulgarian translations. (PR #2473, PR #2470, PR #2498 )

What's new in 2.17 (2016/08/05)

  • Don't load all builds to display the paginated build history widget. (issue 31791)
  • Add diagnostic HTTP response to TCP agent listener. (issue 37223)
  • Internal: Invoke FindBugs during core build. (issue 36715)

What's new in 2.16 (2016/07/31)

  • Fix plugin dependency resolution. Jenkins will now refuse to load plugins with unsatisfied dependencies, which resulted in difficult to diagnose problems. This may result in errors on startup if your instance has an invalid plugin configuration., check the Jenkins log for details. (issue 21486)
  • Decouple bouncycastle libraries from Jenkins into bouncycastle-api plugin. (issue 36923)
  • Upgrade to instance-identity module 2.1. (issue 36922)
  • Hide the Java Web Start launcher when the TCP agent port is disabled. (issue 36996)
  • Allow admins to control the enabled agent protocols on their instance from the global security settings screen. (issue 37032)
  • Make sure that the All view is created. (issue 36908)
  • Remove trailing space from Hudson.DisplayName in Spanish, which resulted in problems with Blue Ocean. (issue 36940)
  • Honor non-default update sites in setup wizard. (issue 34882)
  • Display delete button only when build is not locked. (pull 2483)
  • Use build start times instead of build scheduled times in build timeline widget. (issue 36732)
  • Ensure that detached plugins are always at least their minimum version. (issue 37041)
  • Internal: Move CLI commands wait-node-online/wait-node-offline from core to CLI module. (issue 34915)
  • Internal: Allow accessing instance identity from core. (issue 36871)
  • Internal: Fix the default value handling of ArtifactArchiver.excludes. (issue 29922)

What's new in 2.15 (2016/07/24)

  • Tell browsers not to cache or try to autocomplete forms in Jenkins to prevent problems due to invalid data in form submissions. From now on, only select form fields (e.g. job name) will offer autocompletion. (issue 18435)
  • Add a cache for user information to fix performance regression due to SECURITY-243. (issue 35493)
  • Prevent null pointer exceptions when not entering a cron spec for a trigger. (issue 36748)
  • Defend against some fatal startup errors. (issue 36666)
  • Use the icon specified by the computer implementation on its overview page. (issue 36775)
  • Internal: Extract the CLI command offline-node from core. (issue 34468)

What's new in 2.14 (2016/07/17)

  • Minor optimization in calculation of recent build stability health report. (issue 36629)
  • Underprivileged users were unable to use the default value of a password parameter. (issue 36476)
  • Allow keeping builds forever with custom build retention strategies. (issue 26438)
  • Properly handle exceptions during global configuration form submissions when SCM Retry Count field is empty. (issue 36387)
  • When a user aborts the build, this user may be restored after its deletion. (issue 36594)
  • Prevent potential NullPointerException in the BlockedBecauseOfBuildInProgress build blockage cause visualization. (issue 36592)
  • CLI commands quiet-down and cancel-quiet-down were extracted from the core to CLI. (issue 35423)
  • Developer API: Extract listing of computer names to the ComputerSet#getComputerNames() method. (issue 35423)
  • Developer API: Add a try with resources form of impersonation. (issue 36494)
  • Developer API: Usage of ItemCategory#MIN_TOSHOW in external plugins is now restricted. (issue 36593)

What's new in 2.13 (2016/07/10)

  • IllegalStateException under certain conditions when reloading configuration from disk while jobs are in the queue. (issue 27530)
  • Eliminate “dead executor” UI appearing after certain errors, such as JENKINS-27530. (PR 2440)
  • Make setup wizard installation panel usable on small screens. (issue 34668)

What's new in 2.12 (2016/07/05)

  • Enable the DescriptorVisibilityFilters for ComputerLauncher, RetentionStrategy and NodeProperty. (issue 36280)
  • Before starting a process, ensure that its working directory exists. (issue 36277)
  • Prevent NullPointerException during SCM polling if SCMDecisionHandler returns null veto. (issue 36232, regression in 2.11)
  • Ensure that SCMDescriptor.newInstance overrides are honored when creating new SCM entries. (issue 36043, issue 35906 , regression in 2.10)
  • Performance: Improve configuration page load times by removing the CodeMirror reloading cycle. (issue 32027)
  • Fix optional plugin dependency version resolution. (issue 21486)
  • When creating a tar file, ensure that the final size does not exceed the value in header in the case of growing files. (Issue 20187)
  • Do not inject build variables into Maven process by default for new projects. (issue 25416, issue 28790)
  • Update BUILD_TAG environment variable description to mention the replacement of slashes with dashes. (PR #2417)
  • Internal API: Make BulkChange auto-closeable. (PR #2428)

What's new in 2.11 (2016/06/26)

  • Provide an extension point for SCM decisions such as whether to poll a specific job's backing repository for changes. (issue 36123)

What's new in 2.10 (2016/06/19)

  • Better exception message if a SecurityRealm returns null when loading a user. (PR #2407)
  • Prevent NullPointerException in user registration if user ID is not specified. (issue 33600)
  • Internal: It was impossible to build Jenkins on 32-bit Linux machine. (issue 36052, regression from 2.0)

What's new in 2.9 (2016/06/13)

  • Always send usage statistics over HTTPs to the new usage.jenkins.io hostname. (issue 35641)
  • Performance: Disable AutoBrowserHolder by default to improve the changelog rendering performance. (issue 35098)
  • Remoting 2.60: Make the channel reader tolerant against Socket timeouts. (issue 22722)
  • Remoting 2.60: Proper handling of the no_proxy environment variable. (issue 32326)
  • Remoting 2.60: Do not invoke PingFailureAnalyzer for agent=>master ping failures. (issue 35190)
  • Remoting 2.60: hudson.Remoting.Engine#waitForServerToBack now uses credentials for connection. (issue 31256)
  • Remoting 2.60: Fix potential file handle leaks during the build agent (FKA slave) startup. issue 35190)
  • Internal: Upgrade Groovy to 2.4.7 to finalize the fix in Jenkins 2.7. (issue 34751)
  • API: Allow delegating TaskListener creation to build agent implementations. (issue 34923)
  • API: Restrict external usages of jenkins.util.ResourceBundleUtil. (issue 35381)
  • API: Make it easier for UpdateSites to tweak the InstallationJob. (issue 35402)

What's new in 2.8 (2016/06/05)

  • Explicitly declare compatibility of Windows build agent service with .NET Framework 4. (PR #2386)
  • API: Introduce new listener extension point for slave creation/update/deletion. (issue 33780)
  • Lossless optimization sizes of PNG images in Jenkins. (PR #2379)
  • Fix the repeatable item delete button layout in Safari. Addresses Build Steps and other such configuration items. (issue 35178)
  • Installation Wizard: Do not offer creating new admin user if the security is preconfigured. (issue 34881)
  • Prevent NullPointerException on startup after update from Jenkins 2.5. (issue 35206)
  • Honor noProxy settings from "Manage Jenkins > Manage Plugins > Advanced". (issue 31915)
  • Add NTLM support to the proxy validation logic. (PR #1955)

What's new in 2.7 (2016/05/29)

  • Prevent stack overflow when using classes with complex generic type arguments (e.g. hudson.model.Run or hudson.model.Job). Regression in Groovy 2.4, see GROOVY-7826 for more info. (issue 34751)
  • Do not invoke PingFailureAnalyzer for agent=>master ping failures. (issue 35190)
  • Fix keyboard navigation in setup wizard. (issue 33947)
  • Cleanup of Javascript issues discovered by the JSHint static analysis tool. (issue 35020)
  • DelegatingComputerLauncher now accepts child classes in its hooks (pre-offline, pre-connect, etc.). (issue 35198)
  • Internal: Activate JSHint in Jenkins js-builder component during the core build. (issue 34438)
  • Internal: Add symbol annotation for SystemInfoLink. (PR #2375)
  • Internal: NodeJS build was malfunctioning on Win x64. (issue 35201)

What's new in 2.6 (2016/05/22)

  • Adapt the Setup Wizard GUI to provide a similar user experience when upgrading Jenkins. (issue 33663)
  • Improve extensibility of the Setup Wizard GUI: InstallState and InstallStateFilter extension points. (PR 2281 as supplementary change for issue 33663)
  • Improve User Experience in the New Item form. Submit button is always visible. (issue 34244)
  • Allow passing a list of safe job parameters in ParametersAction. It simplifies fixing of plugins affected by SECURITY-170 fix. (PR 2353)
  • Added Symbol annotations for ParametersDefinition and BuildDiscarder properties. (PR 2358)
  • Extended the online-node CLI command for accepting multiple agents. (issue 34531)
  • Listed Parameters should reflect what was used when the build ran (filtering of unsafe parameters). (issue 34858)
  • Scalability: Fix performance issues in the XML unmarshalling code. (issue 34888)
  • Support the legacy icon size specification approach in the Status Ball visualization. (issue 25220, regression in 1.586)
  • Migrate the leftover system properties to the new engine introduced in 2.4. (issue 34854)
  • Do not show warnings about a missing Tool Installer if it is present in at least one Update Site. (issue 34880)
  • Prevent hanging of the installation wizard due to the plugin status update issue. (issue 34708)
  • Internal: CLI command connect-node was extracted from the core to CLI. (issue 31417)

What's new in 2.5 (2016/05/16)

  • Do not throw exceptions if Jenkins.getInstance() returns null instance. It was causing failures on Jenkins agents in the case of unexpected API usage by agents. (issue 34857, regression in 2.4)
  • Replace jenkins.model.Jenkins.disableExceptionOnNullInstance by jenkins.model.Jenkins.enableExceptionOnNullInstance to address the behavior change. (issue 34857)

What's new in 2.4 (2016/05/15)

  • Internal/build: jenkins-ui (NPM module) is private, used only internally. (issue 34629)
  • Do not print stack trace during a plugin installation if it is missing its dependencies. (issue 34683)
  • Allow specifying custom AbortExceptions. (pull 2288)
  • Add a hudson.model.UpdateCenter.defaultUpdateSiteId system property, which allows specifying an alternate default Update Site ID. (issue 34674)
  • Allow setting of properties from context.xml and web.xml in addition to setting system properties from the command line. (issue 34755)
  • Remove the historical initialization of CVS changelog parser for jobs without explicit SCM definition. Warning! This change may potentially cause a regression if a Jenkins plugin depends on this default behavior and injects changelogs without SCM. (issue 4610)
  • Add the JOB_BASE_NAME environment variable to builds (job name without path). (issue 25164)
  • Allow overriding Jenkins UpdateCenter by a custom implementation. (issue 34733)
  • Allow overriding Jenkins PluginManager by a custom implementation. (issue 34681)
  • Installation Wizard: Allow altering the list of suggested plugins from update sites. (issue 34833)
  • Prevent hanging of the Installation Wizard if the default Update Site ID cannot be resolved. In such case an error message will be displayed. (issue 34675)
  • Prevent hanging of the Installation Wizard if the internet check is skipped for the default update site. (issue 34705)
  • Do not fail with error when enabling a plugin, which has been already enabled. It prevents errors in the new Installation Wizard, which installs plugins in parallel. (issue 34710)
  • Plugin Manager was building incorrect list of bundled plugins for nested dependencies. (issue 34748)
  • Prevent fatal failure of the updates check PeriodicWork if update site certificate is missing. (issue 34745)
  • Pick up missing Downloadable items on restart if all update centers are up to date. (issue 32886)
  • Allow starting non-AbstractProject (e.g. Pipeline) jobs from CLI. (issue 28071)
  • Disable JSESSIONID in URLs when running in the JBoss web container. It prevents Error 404 due to invalid links starting from Jenkins 1.556. More info: WFLY-4782 (issue 34675)
  • Prevent RSS ID collisions for items with same name in different folders. (issue 34767)
  • Prevent NoSuchMethodException in loginLink.jelly when attempting to start a job using REST API. (issue 31618)
  • Make ToolInstallers to follow HTTP 30x redirects. (issue 23507)
  • Prevent NullPointerException in the parameter definition job property if it gets initialized incorrectly. (issue 34370)
  • Bundle Font Awesome and Google Fonts: Roboto dependencies to prevent failures in the offline mode. (issue 34628)
  • Internal: CLI commands disconnect-node and reload-configuration were extracted from the core to CLI. (issue 34328 and issue 31900)
  • Internal: Support latest source version to avoid compile time warnings with JDK7. annotation-indexer and sezpoz have been updated to 1.11. (issue 32978)
  • Developer API: Switch Jenkins.getInstance() to @Nonnull. (new system property) (pull 2297)
  • Remoting, scalability: Ensure that the unexporter cleans up whatever it can each GC sweep. (issue 34213)
  • Remoting: Force class load on UserRequest to prevent deadlocks on Windows nodes agents in the case of multiple classloaders. (Controlled by hudson.remoting.RemoteClassLoader.force) (issue 19445)
  • Remoting: Allow Jenkins admins to adjust the socket timeout. (Controlled by hudson.remoting.Engine.socketTimeout) (issue 34808)
  • Remoting: Allow disabling the remoting protocols individually. Allows working around compatibility issues like JENKINS-34121. (Controlled by PROTOCOL_CLASS_NAME.disabled) (issue 34819)

What's new in 2.3 (2016/05/11)

  • Important security fixes (see the security advisory for details and plugin compatibility issues)

What's new in 2.2 (2016/05/08)

  • Add symbol annotations on core. (pull 2293)
  • Upgrade Stapler to 1.243. (pull 2298)
  • Internal/build: Enable JSHint during build. (issue 34438)
  • Workaround for unpredictable Windows file locking. (issue 15331)
  • Improved Lithuanian translation. (pull 2309)
  • Improved French translation. (pull 2308)
  • Restrict access to URLs related to plugin manager. (issue 31611)
  • API: New HttpSessionListener extension point. (pull 2303)
  • Don't go through init sequence twice. (pull 2177)
  • Create Item form can be navigated using keyboard again. (issue 33822)
  • Fix inline help for node name field. (issue 34601)

What's new in 2.1 (2016/05/01)

  • Enable disabled dependencies during plugin installations. (issue 34494)
  • Force ordering between GPG and jarsigner to ensure correct GPG signature. (pull 2285)
  • Secured Jenkins installations didn't properly save the queue on shutdown. (issue 34281)
  • Add dependency resolution to manually uploaded plugins. (issue 15057)
  • Show Jenkins version on setup wizard. (issue 33535)
  • Update remoting to 2.57. (issue 33999)
  • Allow retrying plugin downloads in setup wizard. (issue 33244)
  • Add links to homepage of plugins and dependencies in setup wizard. (issue 33936, issue 33937)
  • Improved handling of the 'close' button during setup wizard. (issue 34137)
  • Wrong spacing in flat mode of 'Create Item' screen. (issue 31162)
  • Add timestamp to the jarsigner signature. (pull 2284)
  • Improved French translation. (pull 2267)
  • Improved Lithuanian translation. (pull 2286)
  • Improved Brazilian Portuguese translation. (pull 2273)
  • Prevent errors when hiding management links. (issue 33683)
  • Internal: Make logger field private. (issue 34093)
  • Shorter timeout for plugin downloads to prevent setup wizard from hanging. (issue 34174)
  • Check if job is buildable before showing 'Build with parameters' page. (issue 34146)
  • Fixed race condition in slave offline cause. (issue 34448)
  • Allow enabling disabled dependencies in the plugin manager to fix broken configurations. (issue 32340)
  • Always display clicked scrollspy items as active in setup wizard. (issue 33948)
  • Prevent multiple installations of the same dependency. (issue 33950)

What's new in 2.0 (2016/04/20)

More detailed information about the new features in Jenkins 2.0 on the overview page.
  • New password-protected setup wizard shown on first run to guide users through installation of popular plugins and setting up an admin user. (issue 30749, issue 9598)
  • Plugin bundling overhaul: Bundled plugins are only installed if necessary when upgrading, all plugins can be uninstalled. (issue 20617)
  • Redesigned job configuration form makes it easier to understand the option hierarchy, and to navigate the form. (issue 32357)
  • Richer 'Create Item' form with job icons and job categories (once a threshold of three categories has been reached). (issue 31162)
  • Upgrade wizard encourages installation of Pipeline related plugins when upgrading from 1.x. (issue 33662)
  • Jenkins now requires Servlet 3.1. Upgraded embedded Winstone-Jetty to Jetty 9 accordingly. This removes AJP support when using the embedded Winstone-Jetty container. (issue 23378)
  • Bundled Groovy updated from 1.8.9 to 2.4.6. (issue 21249)
  • Added option to prohibit anonymous access to security realm "Logged in users can do anything", enable by default. (issue 30749)
  • Renamed 'slave' to 'agent' on the UI. (issue 27268)
  • Improvements to inline documentation of numerous form fields in Jenkins global and job configuration. (issue 33364)
  • Change default CSRF protection crumb name to Jenkins-Crumb for nginx compatibility. (issue 12875)
  • Enforce correct icon size in list view. (issue 33799)
  • CLI: Fixed NPE when non-existent run is requested. (issue 33942)

Older changelogs can be found in a separate file