Changelog

What's new in 2.442 (2024-01-24)

• Important security fixes. (security advisory)

What's new in 2.441 (2024-01-16)

• Update operating system end of life data for Amazon Linux, Alpine Linux, and Fedora Linux. (pull 8864)
• Remove unused material icons. (pull 8831)
• Fix build button rendering for Dashboard View plugin. (pull 8854)
• Change focus in the new item page only if from has a valid job name. (issue 66530)

What's new in 2.440 (2024-01-09)

• Add an Appearance category to the setup wizard. (pull 8822)
• BootFailure subclasses can now override the Jenkins startup failure page. (pull 8442)
• Reduce the window of time during which a crash may lead to an inconsistent state on Linux. (pull 8815)
• Update the appearance of controls in header. (pull 8791)
• Allow icon size to be changed in the node overview table. (pull 8802)
• Remove code that may have caused an agent-side hang under a rare race condition. (Remoting PR 713)
• Reduce the likelihood of thread creation errors on agents. (Remoting PR 717)

What's new in 2.439 (2024-01-02)

• Avoid repeated tool downloads from misconfigured HTTP servers. (issue 72469)
• Fix SimpleScheduledRetentionStrategy on inbound agents. Allow suspended inbound agents to again accept tasks when they are reconnected and the configured scheduling policy is enabled. (issue 72370)

What's new in 2.438 (2023-12-25)

• Update the appearance of the stop button. (pull 8780)
• Use a notification and Jenkins modal for 'Apply' button failures. (pull 8394)
• Display correct time zone in build history. (issue 71965)
• The tunnel property on an inbound agent was inadvertently broken for JCasC usage in 2.437. It remains deprecated and usages should be deleted (regression in 2.437). (pull 8793)

What's new in 2.437 (2023-12-19)

• Add telemetry for basic Java system properties describing the environment. (pull 8787)
• Restyle widget panes. (pull 8761)
• Rework node monitor configuration. (issue 72371)
• Ensure uptime is independent of system clock. (issue 72157)
• Show monitoring data on agent page. (pull 8725)
• Deprecate all configurable options in **Launch agent by connecting it to the controller** (inbound in JCasC), as these are only useful in conjunction with the deprecated jnlpUrl mode. (pull 8762)
• The jnlpUrl ${JENKINS_URL}/computer/${AGENT_NAME}/jenkinsagent.jnlp argument to the agent JAR has been deprecated. Use url ${JENKINS_URL} and name ${AGENT_NAME} instead, potentially also passing in webSocket, tunnel, and/or work directory options as needed. (pull 8773)
• Display strings consistently in the requested language when running Jenkins in a JVM with a non-english locale. (issue 72449)
• Fix nested job link in mobile view. (issue 72288)
• Do not show option to copy items when there are no items visible. (issue 72443)
• Developer: Allow replacing onclick attributes containing inline JS on l:task with datacallback. (issue 60866)
• Allow users to make side panel sticky. (issue 71578)

What's new in 2.436 (2023-12-12)

• Prevent a deadlock that can occur when loading PermalinkProjectAction.Permalink. (pull 8736)

What's new in 2.435 (2023-12-05)

• Accept all 2xx and 3xx status codes to validate proxy in HTTP Proxy Configuration (issue 72343)
• Tweak font styling to remove anti-aliasing. (pull 8689)
• Make display name of HistoryWidget configurable for alternate text. (pull 8740)
• Move the proxy configuration form to its own screen. (pull 8693)
• Fix redirect when renaming a cloud. (issue 71737)
• Avoid incorrect styling when deleting the first of two shell steps in a job definition. (issue 72196)
• Developer: A new convenience method ExtensionList.lookupFirst allows retrieval of the first implementation of an extension point. (pull 8735)

What's new in 2.434 (2023-11-28)

• Refine build status icons. (pull 8705)
• FIPS mode now requires a minimum of 14 characters for a password. (pull 8694)
• Allow configuration of disk thresholds globally and for each agent. Improve warning when disk space is too low. Ensure agents are taken offline when disk space is low. (issue 72009)
• Fail fast when attempting to load a broken plugin that contains the Jenkins test harness in production. (pull 8714)
• Add support for Unix domain sockets. (pull 442 (packaging))

What's new in 2.433 (2023-11-21)

• Deactivate the administrative monitor when all previously offline agents are again online. (issue 72159)
• Prepare node monitors to work with configuration as code. (issue 64816)
• Introduce an API for build visualization plugins to serve alternative build console views and an API for plugins to produce links to the build console. (issue 71715)

What's new in 2.432 (2023-11-14)

• Stop recommending JNLP URL in agent launch instructions. (pull 8639)
• Removed deprecated and unused class UserProperties. (pull 8679)
• Some agent-related objects could be kept in memory after being disconnected and removed from the computer list. (pull 8640)

What's new in 2.431 (2023-11-07)

• Remove build timeline widget from the build history pages of views, jobs, and agents. (issue 60866)
• More consistently report errors launching outbound agents. (pull 8675)
• Warn users at 12 months prior to end of Java support and again at 3 months prior to end of Java support. (issue 72252)
• Add support for Unix Domain Sockets. Upgrade Jetty from 10.0.17 to 10.0.18. (issue 72266)

What's new in 2.430 (2023-10-31)

• Fix drag and drop handles for existing repeatables (regression in 2.335). (issue 72189)
• Refer to the correct option in the security configuration help text. (issue 72222)
• Restore security configuration help text and remove obsolete help text. (pull 8630)
• Turkish localization fixes for build, login, and user management pages. (pull 8651, pull 8631)
• Fix a minor memory leak in a Remoting log statement. Add forward proxy support for WebSocket. Support custom certificate options for WebSocket. (pull 8643)

What's new in 2.429 (2023-10-24)

• Prevent trimming HMAC codes (using HAMCConfidentialKey) when running in FIPS mode only. (pull 8612)
• Restore printing output from println and similar methods for the groovy CLI command (regression in 2.427). (issue 72181)
• Show the description of boolean build parameter values on the Parameters view (regression in 2.179). (issue 72179)

What's new in 2.428 (2023-10-17)

• Important security fix. (2023-10-18 security advisory)
• Add missing *_fr.properties in win32errors and hudson, lib, and Jenkins resources. Translate hudson/Messages.properties, hudson/model/Messages.properties, and jenkins/model/Messages.properties into French. (pull 8594, pull 8595, pull 8578, pull 8577)
• Add telemetry for Jenkins uptime. (pull 8596)
• Upgrade Winstone from 6.12 to 6.14. This includes the upgrade of Jetty from 10.0.15 to 10.0.17. The Jetty upgrade includes fixes for several CVEs. (Winstone 6.13 changelog, Winstone 6.14 changelog, Jetty 10.0.16 changelog, Jetty 10.0.17 changelog, CVE-2023-44487)
• Fix multibranch Pipeline Add source and other uses that mix inputs and buttons (regression in 2.422). (issue 72170)
• Allow clouds to be reordered. This was previously possible, but disappeared when the cloud management was moved to a separate page (regression in 2.403). (issue 72020)
• Developer: Formalize an interface for objects that can be loaded from disk. (issue 72107)
• Developer: Allow plugins to define a custom Lifecycle. (issue 72111)

What's new in 2.427 (2023-10-10)

• Fix agent allocation due to label issue detected by vSphere Cloud plugin (regression in 2.421). (issue 71937)
• Show form validation results for form elements that are initially hidden. (regression in 2.355). (issue 71252)
• Remove previous form validation errors when the form validation is updated with new content. (regression in 2.355). (issue 71252)
• Disable anonymous usage statistics when run in FIPS mode. (pull 8483, JEP-237)
• Developer: HudsonPrivateSecurityRealm objects are now serializable. (issue 72114)
• Developer: Add extension point to notify about in-process scripting events. (issue 41516)
• Developer: Optionally support a FIPS140 compliant algorithm in the Jenkins' own user database. (issue 71971, pull 8393, JEP-237)

What's new in 2.426 (2023-10-03)

• Remove outdated Prototype.js library. (issue 70906, pull 7781, blog post)
• Use Java 17 as the default Java version in container images that do not specify a Java version in the container label. (Docker pull request 1724)
• Automate the display of an administrative monitor when approaching Java end of life (EOL) dates. (pull 8526)
• Optimized project deletion. (pull 8528)
• Stop shipping net.sf.kxml:kxml2 because Jenkins no longer depends on it. (pull 8503)
• Reduce high memory usage from XStream2.AssociatedConverterImpl (regression in 2.405). (issue 72067)
• Developer: Added setters for View#filterExecutor and View#filterQueue. Fix missing help sections for view filter executor and queue fields. (pull 8511)
• Developer: introduce FIPS property for JEP-237 (Jenkins Enhancement Proposal 237)

What's new in 2.425 (2023-09-26)

• Allow alternate values for "Build with Parameters" and the "Build" button on the parameters page. (issue 71866)
• Small speculative optimization in build loading. (pull 8494)
• The minimum required Remoting version has been increased to 4.13 (released on March 4, 2022). (pull 8484)
• Prevent log spam when using the Jenkins security database and users signup. (pull 8474)
• Show a confirmation popup when triggering l:task action from context menu. (issue 71880)
• Restore context menus of model links in build history views and in administrative monitors. (regression in 2.402). (issue 71890)
• Hide the delete button from the only repeatable element in configuration forms when at least one element is expected (regression in 2.344). (issue 72018)
• Do not create a large number of threads when making numerous HTTP requests. (issue 72016)
• Developer: Provide programmatic deletion support for LogRecorder. (pull 8489)

What's new in 2.424 (2023-09-20)

• Important security fixes. (security advisory)

What's new in 2.423 (2023-09-12)

• Move node monitoring option to app bar. (pull 8381)
• Symbols display in breadcrumbs now. (issue 71983)
• Developer: make branding an extension via SimplePageDecorator. (pull 8462)

What's new in 2.422 (2023-09-05)

• Prevent incorrect readResolve implementations from breaking agent label parsing. (pull 8448)
• Update several buttons and menus to replace YahooUI in more locations. (pull 8418)
• List plugins in deterministic order to improve diagnosability of plugin linkage errors. (issue 71950)
• Add telemetry collecting basic information about the security configuration. (pull 8440)
• Update Turkish localization for the new job page. (pull 8446)
• Upgrade to Winstone 6.13 to include Jetty 10.0.16. (Winstone 6.13 release notes, Jetty 10.0.16 changelog)
• Developer: Initialize default view slightly earlier in the initialization process. (pull 8413)

What's new in 2.421 (2023-08-29)

• Add a nicer 404 error page. (issue 71087)
• Add appearance system configuration page. (pull 8403)
• Optimize performance of label parsing. (pull 8395)
• Fix invalid CSS which caused some buttons to become invisible on hover. (issue 71479)
• Message no longer appears twice when the agentLog option is used. (issue 38520)

What's new in 2.420 (2023-08-22)

• Move plugins page title into sidebar so that plugins app bar is at the top of the page. (pull 8376)
• Remove eval call in hudsonbehavior.js. (issue 71514)
• Update Turkish localizations for the job configuration page. (pull 8368)
• Refresh link design. (pull 8375)
• Display a notice when plugin updates are available or when there are no plugins installed. (pull 8208)
• Update the design of the content blocks. (pull 8363)
• Remove the unnecessary hashelp class additions from hudsonbehaviour.js. (pull 8355)
• Hide administrative monitors icons/popup in the header of Manage Jenkins, as they're shown directly on the page. (issue 71848)
• The plain text console log will still be printed even if some console annotations are corrupt. (issue 61452)
• Fix link to job in the message informing administrators of trigger computations that run for an unusually long time. (issue 71833)
• Deprecate findAncestor and findAncestorClass in hudsonbehaviour.js. (pull 8357)

What's new in 2.419 (2023-08-14)

• Remove the addition of the 'has-help' class from hudson-behaviour.js. (pull 8355)
• Display a notice when there are plugins installed or updates available. (pull 8208)
• Update the design of the content blocks. (pull 8363)
• Use standard size node icon even with long node names. (pull 8089)
• Deprecate findAncestor and findAncestorClass in hudson-behaviour.js. (pull 8357)

What's new in 2.418 (2023-08-08)

• New login page breaks login theme plugin. (issue 71238)
• Fix "Manage Jenkins" context menu (regression in 2.415). (issue 71744)
• Fix mistranslation of Japanese message in mailing list reference. (pull 8324)

What's new in 2.417 (2023-08-01)

• Small optimization in computer list. (pull 8299)
• Remove the treeview option for artifactList. (issue 71054)
• Remove a workaround that was only necessary for OpenJDK 11.0.16 and earlier. (pull 8193)
• Use new jenkins-button styling for 'expandableTextbox' button. (pull 8180)
• Log agent usage by job. (pull 8283)
• Make tab panes accessible via keyboard. (issue 71496)
• Remove System V initialization scripts from RPM based installers. The System V initialization scripts were replaced in March 2022 with systemd initialization. RPM users with a custom log directory no longer have a logrotate(8) configuration out-of-the-box. (pull 409 (packaging), Linux install packages migrated from System V init to systemd)
• Add allow-same-origin to the sandbox ContentSecurityPolicy directive of workspace and artifact browsers if the Resource Root URL feature is not used. Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests. (issue 71366)
• Add the X-Content-Type-Options HTTP header to the response from the agent listener. Silence security scanners that incorrectly report an issue when the HTTP header is missing. (issue 71186)
• Only disable the plugin manager "install" button if no plugins are selected (regression in 2.414). (issue 71698)

What's new in 2.416 (2023-07-26)

• Important security fix. (security advisory)

What's new in 2.415 (2023-07-18)

• Replace browser confirm with modal dialogs in many places. (issue 71438)
• Add last build status to job page. (pull 8129)
• Remove the rebuild plugin from the setup wizard plugin selection. (pull 8258)
• Estimate project duration accurately in more cases (regression in 2.407). (pull 8233)
• Developer: API for alert, confirm, prompt, modal and form dialogs (issue 71438)
• Remove long deprecated hudson.util.IOUtils#DIR_SEPARATOR, hudson.util.IOUtils#DIR_SEPARATOR_WINDOWS, hudson.util.IOUtils#DIR_SEPARATOR_UNIX, hudson.util.IOUtils#LINE_SEPARATOR, hudson.util.IOUtils#LINE_SEPARATOR_WINDOWS, and hudson.util.IOUtils#LINE_SEPARATOR_UNIX which are available from org.apache.commons.io.IOUtils. (pull 7641)

What's new in 2.414 (2023-07-11)

• Allow cancelling the quiet down mode of a safe restart with an optional custom message for safe restarts (with new default message). Use a less dangerous color for the safeRestart banner. Allow setting the full prepareShutdown message instead of only the reason. Show a hint on the "Jenkins Unavailable" page about safe restarts. (issue 70059)
• Move the 'Update' and 'Install' buttons to the app bar. (pull 8025)
• Improve CSP compatibility by uninlining javascript code. (issue 71034)
• Make the style of the legacy API token revoke button consistent with other buttons. (pull 8210)

What's new in 2.413 (2023-07-04)

• Update appearance of buttons for password and secretTextarea matching 'jenkins-button's. (pull 8179)
• Display a notice in the log manager page when no logs are available. (pull 8186)
• Restore missing build history for external jobs (regression in 2.409). (issue 71553)