Damien DUPORTAL
Damien is the Jenkins Infrastructure officer and a software engineer at CloudBees working as a Site Reliability Engineer for the Jenkins Infrastructure project. Not only he is a decade-old Hudson/Jenkins user but also an open-source citizen who participates in Updatecli, Asciidoctor, Traefik and many others.
The Jenkins project packages and plugins are hosted through a network of mirror servers (provided by our sponsors) close to your location. It provides a "HTTP redirector" service hosted behind the get.jenkins.io, mirrors.jenkins.io and mirrors.jenkins-ci.org domains, with a new public IP: `20.119.232.75` 20.7.178.24 (as per /blog/2023/07/12/jenkins-mirrors-postmortem-outage/) since the 12th of June 2023. The former redirector service and its previous IPv4 will be...
Key Takeaways Jenkins plugin updates released to fix security vulnerabilities, advisory published on May 16. JDK8 support has been dropped in favor of JDK11 as the default for running Jenkins agents. Ssh-agent release 5.0.0 introduces breaking changes. Contributed by: Wadeck Follonier A Security Policy was added for the Docker images of the project. Due to multiple reports about CVEs present in the Docker images the project...
Key Takeaways There was one security advisory this month announcing vulnerabilities regarding Jenkins plugins. Cloud Cost Controls with improved resource cleanups and VM usage optimization to face the increased rate of builds on ci.jenkins.io. Thanks to DigitalOcean for their continued support and ($8,400 credit) sponsorship of Jenkins. Ppc64le docker agent images are now available. Jenkins at cdCon + GitOpsCon! Contributed by: Wadeck Follonier In April, there was...
Highlights Jenkins 2.397 and 2.387.2 are both using new Linux repository signing keys. The Pipeline graph view plugin continues to evolve and improve as a Pipeline visualization replacement for Blue Ocean. The number of pull requests merged for jenkins.io crossed into triple digits this month (101). Contributed by: Mark Waite Jenkins' installers for Debian and Red Hat have all been signed with new PGP private...
Highlights FOSDEM 2023 insights Jenkins is a mentor organization for Google Summer of Code Several container image updates Jenkins Awards voting is now open Contributed by: Alyssa Tong FOSDEM 2023 Returning to FOSDEM for the first in-person event since COVID was both exciting and nostalgic for our Jenkins contributors. It was exciting to see the same crowd size and enthusiasm by attendees. Many thanks to the wonderful FOSDEM organizers...
Maintenance with downtime of JFrog Artifactory (repo.jenkins-ci.org) December 18, 2022 December 18, 2022: our sponsor JFrog will proceed to perform maintenance of our "jenkinsci" Artifactory instance. Expect a complete downtime of about 6 hours due to the nature of this maintenance. The maintenance involves cloud migration from Google Cloud to Amazon Web Services. Impacts Only Jenkins contributors will be impacted, as no releases or builds...
The Jenkins project provides Docker images for controllers (and more). Beginning with Jenkins 2.344 released April 18, 2022 and Jenkins 2.332.3 released May 04, 2022, the behavior of the "Exit" and "Restart" lifecycle of the controller image jenkins/jenkins changed. TL;DR; Ensure that you have a Container Restart Policy For quick readers: check the How to Add a Container Restart Policy section for immediate...
The Jenkins project provides a download mirror infrastructure allowing to download Jenkins packages and plugins from a download server close to your location. How Does it Work? When a download request is emitted to either mirrors.jenkins.io or get.jenkins.io, an HTTP redirect response to a mirror download server is answered. The Jenkins infrastructure uses a database of existing mirror servers provided by volunteers and...
A remote code execution vulnerability has been identified in the Spring Framework. This vulnerability is identified as CVE-2022-22965. Spring officially reacted early in an early announcement. SpringShell in Jenkins Core and Plugins The Jenkins security team has confirmed that the Spring vulnerability is not affecting Jenkins Core. There is no impact because we are using Stapler as a servlet, and neither Spring MVC nor Spring...