LTS Changelog

Upgrade Guide

2.479.2

November 27, 2024
Security
Enhancement
Bug fix
  • Upgrade XStream to 1.4.21. XStream 1.4.21 includes a fix for CVE-2024-47072. JENKINS-74826
  • Do not add jobs created via the REST API to the default view (regression in 2.475). JENKINS-74795
  • Allow context classloaders to be defined without making explicit reference to the calling class. JENKINS-74814

2.479.1

October 30, 2024
Changes since 2.479
Major bug fix
Bug fix
  • Restore compatibility with plugins calling Jenkins#doSafeRestart(StaplerRequest, String). JENKINS-73838
  • Restore compatibility with plugins contributing new views with custom XML, such as the Nested Views plugin. JENKINS-73801
  • Wrap long lines in the build history. JENKINS-73437
  • Prevent an old version of ASM from appearing as a managed dependency in plugin builds. JENKINS-73867
  • Update ASM to 9.7.1 to match the most recent release of the ASM API and Jenkins ASM API plugin. JENKINS-73917
  • Do not allow builds to be deleted while they are still building. Ensure build discarders only process builds which have fully completed. JENKINS-73835
  • Allow null to be passed as the first argument to doSafeRestart. pull 9882
Notable changes since 2.462.3
Major enhancement
Major bug fix
Enhancement
  • Enhancements and refinements for the appearance of several pages in Jenkins. pull 9521pull 9707pull 9461pull 9411pull 9393pull 9381
  • Refinements and modernizations to sections of the Jenkins UI. pull 9453pull 9380pull 9365pull 9395pull 9641
  • User properties are now categorized in different pages. JENKINS-69869
  • Update the design of the build history widget. pull 9148
  • Use Notice component for views lacking jobs. pull 9724
  • Do not edit unrelated checkboxes in rowSelectionController. JENKINS-73669
  • Improve display of HTTP handshake errors (such as authentication issues) from the CLI in -webSocket mode. pull 9591
  • Use webSocket in the inbound agent command line sample. pull 9665
  • Allow plugins to customize the maximum number of suggestions in autocomplete text fields. pull 9616
  • Remove obsolete RekeySecretAdminMonitor. JENKINS-73597
  • Use makeButton to create a jenkins-button on the fly instead of using YUI. JENKINS-73563
  • Clarify that the plugin incompatibility message applies to the current plugin. JENKINS-73495
  • Add end of life dates for Alpine 3.20, Ubuntu 24.04, and Fedora 40. Correct several end of life dates, including CentOS 8. pull 9501
  • Avoid unnecessary download of bundled plugins during the setup wizard. pull 9476
  • Scroll fields from the added hetero-list entry into the viewport. pull 9488
  • Modernize the build time trend page with a "time since" column and a link to the console, and allow the table to be resized. Remove the agent column for the Pipeline build trend. pull 9465
  • When using ExitLifecycle, exit the process immediately upon a boot failure. Also allow custom lifecycles to exit immediately. pull 9483
  • Display the source URL in logs when installing a plugin. pull 9449
  • Allow some administrative monitors to be displayed for users with Overall/MANAGE permission. pull 9437
  • Increase the minimum required Remoting version from 4.13 to 3107.v665000b_51092. pull 9440
  • Update Stapler from 1880.vb_6d94a_3b_05db_ to 1881.vd39f3ee5c629 and Winstone-Jetty from 6.19 to 6.20 to let Jetty handle HTTP response compression. A new command-line option --compression can be used to disable compression if desired. pull 9379Stapler 1881.vd39f3ee5c629 release notesWinstone-Jetty 6.20 release notes
  • Remove idle executors from the Build Executor widget. pull 9177
  • The latency for bringing up offline agents can be improved using a new global config option Computer Retention Check Interval and setting an In demand delay of zero on the agents. JENKINS-14789
Bug fix
  • Several bug fixes for the Jenkins UI. pull 9695JENKINS-73695pull 9667pull 9654JENKINS-73330pull 9649pull 9625pull 9658JENKINS-73302
  • Restore compatibility with plugins contributing new objects with context menus, such as the Nested Views plugin. JENKINS-73785
  • Make deserialization of Map fields in XML files more robust. JENKINS-73687
  • Restore compatibility with the OpenId Connect Authentication and Reverse Proxy Authentication plugins. pull 9696
  • Validate display name only against items in the same ItemGroup. JENKINS-72988
  • Correct the styling for plugins that can't be disabled in plugin manager when user has system read permission. pull 9463
  • Refresh the build history widget in all cases, including on background tabs or hidden tabs. JENKINS-73613
  • Fix IndexOutOfBoundsException in cloud management pages when the controller has no executors. pull 9519JENKINS-73554
  • Fix the hudson.slaves.SlaveComputer.allowUnsupportedRemotingVersions escape hatch, which was previously not working with inbound agents. JENKINS-73467

2.462.3

October 2, 2024
This is the last Jenkins LTS release to support Java 11. Future Jenkins LTS releases will require Java 17 or Java 21. More information is available in the Java support policy and the 2 + 2 + 2 Java support plan blog post
Security
Major bug fix
  • No longer printing verbose and uninformative messages to $JENKINS_HOME/logs/tasks/Periodic background build discarder.log. JENKINS-73692
Enhancement
Bug fix
  • Fix the appearance of the Plugin Manager actions dropdown. JENKINS-73668
  • Add escape hatch for Authenticated user access to Resource URL. JENKINS-73422

2.462.2

September 4, 2024
Enhancement
Bug fix
  • Change icon size in table when resizing the table. JENKINS-73453
  • Fix New Item page layout if no icon is defined for an item (regression in 2.453). JENKINS-73586

2.462.1

August 7, 2024
Changes since 2.462
Security
Enhancement
Notable changes since 2.452.4
Enhancement
  • Upgrade Commons FileUpload from 1.5 to 2.0.0-M2. Users of the SAML Single Sign On (SSO) (miniorange-saml-sp) plugin should upgrade to a compatible version in lockstep with upgrading Jenkins core. Users of the OpenText Application Automation Tools (hp-application-automation-tools-plugin) plugin should wait for a compatible version before upgrading Jenkins core. Apache Commons 2.0.0-M2 release notes
  • Refresh the 'New item' page. pull 9111
  • Move Add description to app bar. pull 9271
  • Add download option to Console output, move View as plain text and Copy buttons to app bar. pull 9169
  • Remove Disable project button from project view. pull 9287
  • Refresh the style of alerts. pull 9115
  • Improve the edit build information page. pull 9132
  • Avoid jumping layout due to tooltips. JENKINS-73158
  • Refine button appearances in sidebars, menus, pages and breadcrumbs. pull 9367
  • Adjust heading weights and sizes. pull 9366
  • Display how many users there are on the Users page. pull 9221
  • Improve the performance of JSON parsing. json-lib PR 30
  • Improve the performance of file compression and decompression. pull 9312
  • Improve startup performance when jobs have been created via REST API or command line interface. JENKINS-64356
  • Remove ASM dependencies from core. JENKINS-73046
  • The webappsDir argument to run Winstone with a directory full of WAR files has been removed without replacement. Winstone 6.19 changelog
  • Allow pipeline jobs to run when built-in node is offline. JENKINS-53958
Bug fix
  • Adjust side panel sizes for certain screens like iPad Pro. JENKINS-70246
  • Installed plugin view no longer jumps during first load. JENKINS-69588
  • Fix status icon animation display on Safari. JENKINS-72845
  • Remove tooltip when a widget is refreshed. JENKINS-72744
  • Honor readonly mode when displaying enumerations on pages. JENKINS-72854
  • After reconfiguring a static inbound agent in the GUI using fields such as WebSocket, deprecated in 2.440.x, the suggested launch instructions would incorrectly include tunnel (with no argument) even if that field had been left blank. JENKINS-73011
  • Fix the WorkspaceCleanupThread to consider workspaces with suffixes even if the original is nonexistent. Reduce the number of remoting calls made by WorkspaceCleanupThread. JENKINS-65829
  • Work around an upstream issue that could cause a hang in rare cases when two users load a configuration screen of the same type at the same time. JENKINS-60997
  • Handle svg cleanup via an xml document to avoid broken symbols. JENKINS-73156
  • Treat lines of text (mainly in build logs) as completed by a single carriage return in addition to a newline or carriage return plus newline, avoiding an out of memory error if a large number of such lines are printed in sequence. JENKINS-73090
  • Add new CSS classes to avoid conflicts with CSS classes from bootstrap. JENKINS-73114

2.452.4

August 7, 2024
Security

2.452.3

July 10, 2024
Major bug fix
  • Show help text in the correct locale even if user has an alternate language option defined in their browser (regression in 2.444). JENKINS-73246
  • Correctly highlight alerts (regression in 2.452.2). JENKINS-73301
Bug fix

2.452.2

June 12, 2024
Major bug fix
  • Rename CloudSet query parameter type to cloudDescriptorName to avoid conflicts in cloud plugin implementations. JENKINS-72622
Enhancement
Bug fix
  • Add new CSS classes to avoid conflicts with CSS classes from bootstrap. JENKINS-73114
  • Fix width of weather icons in Safari when zoomed. JENKINS-73047
  • Consistently notify job listeners when the job definition is updated from the REST API or command line interface. JENKINS-64553

2.452.1

May 15, 2024
Changes since 2.452
Major bug fix
  • After reconfiguring a static inbound agent in the GUI using fields such as WebSocket (deprecated in 2.440.x), the suggested launch instructions would incorrectly include -tunnel (with no argument), even if that field had been left blank. JENKINS-73011
Bug fix
  • If the variant plugin is installed at the same time as a plugin that has an OptionalExtension, these extensions would not be correctly discovered until the next scan for new Extensions. JENKINS-72998
Enhancement
Notable changes since 2.440.3
Major enhancement
  • Remove the People view. Administrators can install the new People View plugin to restore this functionality. JENKINS-18884pull 9060People View plugin
  • Add specific temporary files to the Debian package for better support of Unix domain sockets. Require Debian 10 and Ubuntu 20.04 as the minimum supported versions for Debian packages. pull 456 (packaging)Packaging issue 455
  • Allow recursive remote file copy even if the local and remote nodes have incompatible character sets at binary level such as ISO-8859-1 and CP-1047. JENKINS-72540
Enhancement
  • Modernize progress bar UI in various locations. JENKINS-69113
  • Add components for dropdown items. Refer to the new Design Library Dropdowns page for implementation details. pull 8827
  • Use the symbol for parameters in the build history of pending jobs. pull 8977
  • Add a "copy to clipboard" button to the build console output. pull 8960
  • Enable readonly mode for dropdown menus when using the Extended Read Permission plugin. pull 8955
  • Remove the extra margin when viewing in read only mode. pull 8938
  • Add a computer icon legend and a new icon for agents that are not accepting tasks. JENKINS-69191
  • Remove unused material icons. pull 8831
  • Localize the Appearance link and plain text Markup Formatter for Turkish. pull 9067pull 9062
  • Make the Agent/Provision permission available in the global Security configuration when using matrix-based authorization strategies. JENKINS-72637
  • Do not configure an authenticator during proxy configuration via the GUI if the proxy username is blank. pull 8990
  • Add ability for custom update centers to override the suggested plugin list. pull 8951
  • Create an index page for heap dump creation. pull 8929
  • Non-Pipeline builds interrupted by a controller restart will now be marked as aborted rather than failed. pull 8986
  • Prevent authenticated access to Resource Root URL. JENKINS-72636
  • Update operating system end of life data for Amazon Linux, Alpine Linux, and Fedora Linux. pull 8864
  • Use jlink to reduce Java size on Windows as we've done previously for Java on Linux. pull 1848 (Docker)
  • Support Session ID for External Job Monitor to avoid HTTP 503 response. pull 8825
Bug fix
  • Do not attempt to self-restart on operating systems where this is not supported. JENKINS-72833
  • Fix a crash when restarting Jenkins on macOS. JENKINS-65911
  • Set the correct owner for Jenkins.clouds after Jenkins.load(). pull 8976
  • Improve locale parsing for loading of localised help files. JENKINS-72627
  • Support noCertificateCheck with webSocket on the CLI. JENKINS-72532
  • Show an error message in progressive logs on 4xx status codes. JENKINS-72509
  • Avoid a stack trace from ArtifactArchiver when no artifacts are found. JENKINS-71700
  • Restore performance displaying build artifacts when using remote artifact managers such as in S3. A security fix in 2.394 caused a substantial slowdown that is now resolved. pull 8874
  • Adjust heap dump file name for compatibility with OpenJDK file suffix requirements. JENKINS-72579
  • Fix build button rendering for Dashboard View plugin. pull 8854
  • Change focus in the new item page only if from has a valid job name. JENKINS-66530

2.440.3

April 17, 2024
Security
Bug fix
  • Ensure threads in the Computer.threadPoolForRemoting executor service always have the Jenkins webapp ClassLoader set as the context ClassLoader to prevent random class loading issues when code is running in this ExecutorService. JENKINS-72796
  • Customization of agent log files did not work for inbound agents. JENKINS-72799
Enhancement

2.440.2

March 20, 2024
Security
Enhancement
Bug fix
  • Restore progress animation in build history and build time trend views (regression in 2.434). JENKINS-72711

2.440.1

February 21, 2024
Changes since 2.440
Security
Major bug fix
Bug fix
  • Update the bundled Matrix Project Plugin from 818.v7eb_e657db_924 to 822.824.v14451b_c0fd42. JENKINS-72603
  • Find selected radio option when validating instead of the last one used. JENKINS-72505
Notable changes since 2.426.3
Major enhancement
Enhancement
  • Add telemetry for basic Java system properties describing the environment. pull 8787
  • Turkish localization fixes for build, login, and user management pages. pull 8631
  • Fix a minor memory leak in a Remoting log statement. Add forward proxy support for WebSocket. Support custom certificate options for WebSocket. pull 8643
  • Remove build timeline widget from the build history pages of views, jobs, and agents. JENKINS-60866
  • More consistently report errors launching outbound agents. pull 8675
  • Stop recommending JNLP URL in agent launch instructions. pull 8639
  • Deprecate all configurable options in Launch agent by connecting it to the controller (inbound in JCasC), as these are only useful in conjunction with the deprecated jnlpUrl mode. pull 8762
  • The jnlpUrl ${JENKINS_URL}/computer/${AGENT_NAME}/jenkinsagent.jnlp argument to the agent JAR has been deprecated. Use url ${JENKINS_URL} and name ${AGENT_NAME} instead, potentially also passing in webSocket, tunnel, and/or work directory options as needed. pull 8773
  • Removed deprecated and unused class UserProperties. pull 8679
  • Deactivate the administrative monitor when all previously offline agents are again online. JENKINS-72159
  • Prepare node monitors to work with configuration as code. JENKINS-64816
  • Rework node monitor configuration. JENKINS-72371
  • Allow configuration of disk thresholds globally and for each agent. Improve the warning when disk space is too low. Ensure agents are taken offline when disk space is low. JENKINS-72009
  • Fail fast when attempting to load a broken plugin that contains the Jenkins test harness in production. pull 8714
  • Add packaging support for Unix domain sockets. pull 442 (packaging)
  • Accept all 2xx and 3xx status codes to validate proxy in HTTP Proxy Configuration. JENKINS-72343
  • Ensure uptime is independent of system clock. JENKINS-72157
  • Show monitoring data on agent page. pull 8725
  • Use a notification and Jenkins modal for 'Apply' button failures. pull 8394
  • BootFailure subclasses can now override the Jenkins startup failure page. pull 8442
  • Reduce the window of time during which a crash may lead to an inconsistent state on Linux. pull 8815
Bug fix
  • Restore printing output from println and similar methods for the groovy CLI command (regression in 2.427). JENKINS-72181
  • Refer to the correct option in the security configuration help text. JENKINS-72222
  • Restore security configuration help text and remove obsolete help text. pull 8630
  • Some agent-related objects could be kept in memory after being disconnected and removed from the computer list. pull 8640
  • Avoid incorrect styling when deleting the first of two shell steps in a job definition. JENKINS-72196
  • Prevent a deadlock that can occur when loading PermalinkProjectAction.Permalink. pull 8736
  • Display strings consistently in the requested language when running Jenkins in a JVM with a non-english locale. JENKINS-72449
  • Fix nested job link in mobile view. JENKINS-72288
  • Do not show option to copy items when there are no items visible. JENKINS-72443
  • Display correct time zone in build history. JENKINS-71965
  • The tunnel property on an inbound agent was inadvertently broken for JCasC usage in 2.437. It remains deprecated and usages should be deleted (regression in 2.437). pull 8793
  • Fix SimpleScheduledRetentionStrategy on inbound agents. Allow suspended inbound agents to again accept tasks when they are reconnected and the configured scheduling policy is enabled. JENKINS-72370
  • Remove code that may have caused an agent-side hang under a rare race condition. Remoting PR 713
  • Reduce the likelihood of thread creation errors on agents. Remoting PR 717

2.426.3

January 24, 2024
Security
Bug fix

2.426.2

December 13, 2023
Enhancement
  • Warn users at 12 months prior to end of Java support and again at 3 months prior to end of Java support. pull 8661
Bug fix

2.426.1

November 15, 2023
Short container image tags (without "jdk" in them) such as jenkins/jenkins:2.426.1 are now using Java 17. If you need to continue using Java 11, use tags like jenkins/jenkins:2.426.1-jdk11. The Windows container images of this release switch from a windowsservercore-1809 Temurin base image to a windowsservercore-ltsc2019 Microsoft base image. Note also that a proper set of tags is now published for these Windows images and they include "ltsc2019" instead of only "2019".
Changes since 2.426
Major bug fix
  • Show form validation results for form elements that are initially hidden. Remove previous form validation errors when the form validation is updated with new content (regression in 2.355). JENKINS-71252JENKINS-70793
  • Fix multibranch Pipeline Add source and other uses that mix inputs and buttons (regression in 2.422). JENKINS-72170
  • Add sleep call when -noReconnect is not specified for Kubernetes agents. Remoting PR 675
  • Add proxy support for Remoting. JENKINS-65368
  • Fix agent allocation due to label issue detected by vSphere Cloud plugin (regression in 2.421). JENKINS-71937
  • Fix drag and drop handle for existing repeatables (regression in 2.335). JENKINS-72189
Enhancement
Bug fix
  • Show the description of boolean build parameter values on the Parameters view (regression in 2.179). JENKINS-72179
  • Allow clouds to be reordered. This was previously possible, but disappeared when the cloud management was moved to a separate page (regression in 2.403). JENKINS-72020
  • Update SnakeYAML plugin to 2.2 to silence security scanners. JENKINS-70994
Notable changes since 2.414.3
Major enhancement
Major bug fix
  • Prevent incorrect readResolve implementations from breaking agent label parsing. pull 8448
Enhancement
  • Automate the display of an administrative monitor when approaching Java end of life (EOL) dates. pull 8526
  • Remove System V initialization scripts from RPM based installers. The System V initialization scripts were replaced in March 2022 with systemd initialization. RPM users with a custom log directory no longer have a logrotate(8) configuration out-of-the-box. pull 409 (packaging)Linux install packages migrated from System V init to systemd
  • Add a nicer 404 error page. JENKINS-71087
  • The minimum required Remoting version has been increased from 4.7 to 4.13. pull 8503
  • List plugins in deterministic order to improve diagnosability of plugin linkage errors. JENKINS-71950
  • Display a notice when plugin updates are available or when there are no plugins installed. pull 8208
  • Remove the treeview option for artifactList. JENKINS-71054
  • Log agent usage by job. pull 8283
  • Make tab panes accessible via keyboard. JENKINS-71496
  • Add allow-same-origin to the sandbox ContentSecurityPolicy directive of workspace and artifact browsers if the Resource Root URL feature is not used. Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests. JENKINS-71366
  • Updates to Turkish localization for jobs. pull 8368
  • Remove the rebuild plugin from the setup wizard plugin selection. pull 8258
  • Stop shipping net.sf.kxml:kxml2 because Jenkins no longer depends on it. pull 8503
Bug fix
  • Prevent log spam when using the Jenkins security database and users signup. pull 8474
  • Show a confirmation popup when triggering a task action from a context menu. JENKINS-71880
  • Hide the delete button from the only repeatable element in configuration forms when at least one element is expected. JENKINS-72018
  • Symbols display in breadcrumbs now. JENKINS-71983
  • Message no longer appears twice when the agentLog option is used. JENKINS-38520
  • Hide administrative monitors icons/popup in the header of Manage Jenkins, as they're shown directly on the page. JENKINS-71848
  • Fix link to job in the message informing administrators of trigger computations that run for an unusually long time. JENKINS-71833
  • Use standard size node icon even with long node names. pull 8089
  • Add the X-Content-Type-Options HTTP header to the response from the agent listener. Silence security scanners that incorrectly report an issue when the HTTP header is missing. JENKINS-71186
  • Estimate project duration accurately in more cases. pull 8233

2.414.3

October 18, 2023
Short tags (without "jdk" in them) such as jenkins/jenkins:2.414.3-alpine are using Java 17 and not Java 11 like previously. If you need to keep using Java 11, use tags like jenkins/jenkins:2.414.3-jdk11. Also note that two new tags (2.414.3-alpine-jdk17 & 2.414.3-slim-jdk17) have been published without any content change a week later than the original ones.
Security
Major enhancement
Major bug fix
  • Do not create a large number of threads when making numerous HTTP requests. JENKINS-72016
  • Reduce high memory usage from XStream2.AssociatedConverterImpl (regression in 2.405). JENKINS-72076
Enhancement
Bug fix
  • Restore context menus of model links in build history views and administrative monitors (regression in 2.402). JENKINS-71890

2.414.2

September 20, 2023
Security
Major enhancement
  • Add allow-same-origin to the sandbox Content-Security-Policy directive of workspace and artifact browsers if the Resource Root URL feature is not used. Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests. JENKINS-71366
Major bug fix
  • The plain text console log will still be printed even if some console annotations are corrupt. JENKINS-61452
Bug fix
  • New login page breaks login-theme-plugin (regression in 2.404). JENKINS-71238
  • Fix invalid CSS which caused some buttons to become invisible on hover (regression in 2.402). JENKINS-71238

2.414.1

August 23, 2023
Changes since 2.414
Security
Major enhancement
Enhancement
  • Add last build status to job page. pull 8129
Bug fix
  • Remove rebuilder plugin from the setup wizard plugin selection. JENKINS-71630
  • Only disable the plugin manager "install" button if no plugins are selected (regression in 2.414). JENKINS-71698
Notable changes since 2.401.3
Major enhancement
Major bug fix
  • Prefix the name of input elements of ListView to prevent form submission issues when an Item (job) is named elements. JENKINS-71200
Enhancement
Bug fix
  • Fix update center proxy configuration hyperlink in error messages. JENKINS-71244
  • Fix support of clouds without a config.jelly file. pull 7972

2.401.3

July 26, 2023
Security
Bug fix
  • Remove incorrect text from JENKINS_HOME help. pull 8161

2.401.2

June 28, 2023
Major enhancement
Enhancement

2.401.1

May 31, 2023
Changes since 2.401
Security
Bug fix
  • Fix the writing of emojis to XML (regression in 2.403). JENKINS-71182
  • Do not write NUL values to XML files. A technically illegal #x0 (NUL) could be written to Jenkins XML files but could no longer be read. Now the write will fail as well (regression in 2.398). JENKINS-71139
  • Remove "undefined" trailing text from system dropdown menu. JENKINS-71345
  • Fix the warning icon in the workspaces temporary directory message. JENKINS-71160
  • Show full width filter field for builds on pages less than 970 pixels wide. JENKINS-71115
Notable changes since 2.387.3
Enhancement
  • Simplify the names of the settings in Manage Jenkins. pull 7661
  • Use a card layout instead of a table for the dashboard on mobile. pull 7581
  • Refresh the Build with Parameters interface. pull 7748
  • Revamp icon legend as a modal. pull 7718
  • Refresh the design of the About Jenkins page. pull 7712
  • Running pipeline build logs can now be displayed across controller restarts without reloading in some environments. pull 7614
  • Introduce user experimental flags. JENKINS-69853
  • Add a copy button for the code snippets that start agents and for the Jenkins home directory. Warn user that copy button requires HTTPS. pull 7625pull 7678pull 7665JENKINS-21052
  • The default connection mode for the Java CLI client is now webSocket. You can specify http to continue to use the former default (for example because you are running Jenkins in a servlet container other than the recommended builtin Jetty, or because you are running an unusual reverse proxy which does not support WebSocket). You can also continue to specify ssh to use SSH transport (for example because you prefer to authenticate with a private key rather than an API token), or use a native SSH client. pull 7605
  • Simplify loading of JavaScript and CSS. Users of OWASP DependencyTrack must upgrade to 4.3.1 or later, and users of ServiceNow CI/CD must upgrade to 2.1 or later. pull 7827
  • Upgrade Spring Framework from 5.3.26 to 5.3.27. Spring Framework 5.3.27 release notes
  • Upgrade bundled Winstone from 6.7 to 6.10. Add the excludeProtocols option. Improve logging during shutdown. pull 7632Winstone 6.10 changelogWinstone 6.9 changelogWinstone 6.8 changelog
Bug fix
  • Fix null pointer exception on the "Manage Jenkins" page when HTTP/2 is enabled. JENKINS-70630
  • Hide the Restart Jenkins checkbox in the update center if the controller doesn't support it. JENKINS-69489
  • Move set node temporarily offline/online buttons to appbar. JENKINS-70394

2.387.3

May 3, 2023
Bug fix
  • Restore New Node button in computer overview for users with node creation permission. JENKINS-70820
  • Fix Delete Build button text overflow. JENKINS-70809
  • Hide Restart Jenkins checkbox in the update center if the controller doesn't support it. JENKINS-69489
  • Support emojis in Job DSL scripts. JENKINS-69129

2.387.2

April 5, 2023
A new GPG signing key is used for the Jenkins long term support package repositories. Follow the instructions in the upgrade guide to install the new public key on your computer.
Major bug fix
  • Adjust WebSocket idle timeout to 60 seconds by default, to avoid "WebSocketTimeoutException: Connection Idle Timeout" issues. JENKINS-69955
Bug fix
Enhancement
  • Sign WAR file and Windows installer with new code signing certificate. pull 358

2.387.1

March 8, 2023
Changes since 2.387
Security
Major bug fix
  • Move 'set node temporarily offline/online' buttons to app-bar to make them clickable again (regression in 2.385). JENKINS-70394
  • Allow WebSocket agent connections to time out after 5m if a write never succeeds. JENKINS-70531
  • Fix the TcpSlaveAgentListenerRescheduler functionality. TcpSlaveAgentListener is automatically restarted on failure. JENKINS-70334
Bug fix
  • Add script-security update to LTS baseline. JENKINS-70487
  • Do not submit empty telemetry data if an error occurred during data collection. JENKINS-70533
  • Update bundled Apache Mina SSHD API plugins from 2.9.1-44.v476733c11f82 to 2.9.2-50.va_0e1f42659a_a. CVE-2022-45047
Enhancement
  • Limit the maximum number of search results.
Notable changes since 2.375.3
Major enhancement
Major bug fix
Enhancement
  • The minimum required Remoting version has been increased to 4.7 (released on February 16, 2021). pull 7340
  • Add telemetry related to distributed builds. JENKINS-70199
  • Add telemetry for activation of permissions that are not enabled by default. JENKINS-70044
  • Remove the notice in the plugin manager Updates tab about newer plugin versions not compatible with your current core version. Limit the display of updates to plugin versions actually being offered by the update center for your core version. JENKINS-62332
  • Show recommended actions, such as "update affected plugins", in security warnings popup. pull 7046
  • Jenkins no longer bundles a patched version of the deprecated Commons HttpClient 3.x library for use by plugins. Plugins should be migrated to the native Java 11 HTTP client or updated to depend on the legacy Commons HttpClient 3.x API plugin. Commons HTTP ClientApache HTTP Client
  • Remove the deprecated Multijob plugin from the setup wizard. pull 7413
  • Remove the deprecated WMI Windows Agents plugin from the setup wizard. pull 7414
  • Do not report implied dependencies for WMI Windows Agents plugin. JENKINS-70301
  • Avoid unnecessary configuration save when reloading configuration from disk. pull 7305
  • Robustness improvement regarding build number collisions. JENKINS-23152
  • Remove support for log rotation via SIGALRM. The command-line argument --daemon has been removed. pull 7256
  • Upgrade XStream from 1.4.19 to 1.4.20. This maintenance release addresses the security vulnerabilities CVE-2022-40151 and CVE-2022-41966, causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types. XStream 1.4.20 release notesCVE-2022-40151CVE-2022-41966
  • Upgrade Guice from 5.0.1 to 5.1.0. Guice 5.1.0 contains eight fixes and improvements. Guice 5.1.0 release notes
  • Upgrade Spring Framework from 5.3.23 to 5.3.24. Spring Framework 5.3.24 release notes
Bug fix
  • Improve tooltip performance. JENKINS-70178
  • Fix the update of disabled plugins. JENKINS-69183
  • Close connection on the agent if the agent's liveness ping receives no response. JENKINS-70414
  • Delay initialization of cryptography needed for TCP inbound agents unless and until such an agent is connected. pull 7514
  • Delete .disabled files when uninstalling a plugin. JENKINS-68194
  • Fix a race condition affecting the launch of inbound agents. pull 7378
The changelog of historical releases can be found in the LTS changelog archive.