Changelog

Legend:

security fix
major bug fix
bug fix
major enhancement
enhancement

Community feedback:

no major issues
notable issues
required rollback

RSS

What's new in 2.340 (2022-03-22)

Update icons. (pull 6307)
Run core test suite on Java 17. (pull 6364)
Vertically align the checkbox with the button in the new item page. (issue 68037)
Update link and breadcrumb dropdowns. (issue 67396)
Fix bad encoding of security warnings in French showing special characters. (pull 6382)
Fail fast when the frontend sends an invalid class name. Upgrade Stapler from 1642.ve454c4518974 to 1666.v0275e61a_9874. (pull 6376, pull 322, Stapler 1666.v0275e61a_9874 changelog)
Move Polling Log "View as plain text" link to side panel. (issue 67713)

What's new in 2.339 (2022-03-15)

Winstone 5.24 - Add an option to write the listening port to a file. Remove automatic self signed certificate if TLS is specified but no keystore (pull 5928, issue 66379 , Winstone 5.23 changelog, Winstone 5.24 changelog)
Make "Unavailable" label in plugin manager theme-able (issue 67953)
Support Java 17 without --add-opens command-line options. (pull 6356)
Remove unnecessary log spam when starting Jenkins under systemd on Debian 11 (regression in 2.333 and 2.332.1). (issue 67995)
Prefer --httpPort from JENKINS_ARGS over HTTP_PORT when the two differ. (Packaging pull request 296)
Improve appearance of the changeset box (regression in 2.335). (pull 6343)
Prevent multiline letters from being cut off on the changeset view tab. (pull 6344)
Skip corrupted fingerprint files. (issue 67602)
Deprecate PosixException in favor of IOException. (pull 6345)

What's new in 2.338 (2022-03-08)

Use modern icons at the workspace view. (pull 6229)
Add Brazilian Portuguese translation property files. (pull 6319)
Remove the Java Native Runtime (JNR) library from Jenkins core. (pull 6323, Java Native Runtime project)
Stop overemphasizing console logs (regression in 2.335). (pull 6342)
Support focus state on checkboxes (regression in 2.335). (issue 67965)
Place icons at the same height as their associated text (regression in 2.335). (issue 67858)
Replace the "unavailable ionicon" icon by a smaller "x". (pull 6291)
Show only one console box when viewing the build log (regression in 2.335 and 2.226). (pull 6338)
Allow agent reconnects on Java 11 and websocket. Prevent infinite loop in case of a closed SSL connection. Upgrade from Remoting 4.12 to 4.13. (pull 6329, issue 66446 , issue 67928 , Remoting 4.13 changelog)
Ensure inbound agent restart logic is applied. (issue 66446)
Display log entries with missing logger names in the log viewer. (pull 6310)
Honor MSI installer parameter values for PORT and INSTALLDIR. (pull 287)
Developer: Add a --debug option to the translation tool to help in troubleshooting. Improve the readability of the translation tool command-line interface (CLI). (pull 6317)
Developer: Upgrade the Guava library from 31.0.1 (released September 27, 2021) to 31.1 (released February 28, 2022). (pull 6322, Guava 31.1 changelog)

What's new in 2.337 (2022-02-28)

Remove the 'cloud configuration has moved to a separate configuration page' notice. (pull 6298)
Update the appearance of the button bar at the bottom of forms. (pull 6295)
Persist changes made to boolean radio controls (regression in 2.336). (pull 6311)
Update bundled Display URL API plugin to prevent issues starting the mailer plugin for offline installations. (issue 67885)
Keep colors when interacting with ionicons as link icon. (pull 6296)
Developer: Upgrade Spring Security from 5.6.1 (released on December 20, 2021) to 5.6.2 (released on February 21, 2022). (pull 6297, Spring project spring-security 5.6.2 release notes)

What's new in 2.336 (2022-02-21)

Restore missing computer icon in the "System Information" view of an agent (regression in 2.335). (pull 6289)
Place text correctly on boolean radio controls (regression in 2.335). (issue 67847)
Don't add leading slash to foreign icons (regression in 2.335). (issue 67823)
Don't show build status on jobs that are not yet built (regression in 2.321). (pull 6287)
Use icon of the correct size in list of agents with a specific label (regression in 2.335). (issue 67837)
Don't prepend icon when it's already there. Resolves missing icons in some cases (regression in 2.335). (issue 67828)
Restore missing help icon (regression in 2.335). (pull 6280)

What's new in 2.335 (2022-02-15)

Modernise form components. (pull 5923)
Switch Linux installers from System V init to systemd. (issue 41218)
Winstone 5.22 - Update Jetty from 9.4.43.v20210629 to 9.4.45.v20220203. Append to log file rather than truncating it (Winstone PR-200). Write log file and access logs in UTF-8 encoding rather than default encoding (Winstone PR-200). (pull 6262, issue 66379 , Winstone 5.22 changelog, Jetty 9.4.45 changelog, Winstone PR-200)
Update "Manage Jenkins" icons and controls. The plugins icon now shows how many updates are available. (pull 6273)
Replace the computer-flash GIF icon with the hourglass icon. (issue 67742)
Remove support for RoleChecker#check(RoleSensitive) calls which were added again in Jenkins 2.319. All remoting Callable implementations need to perform an actual role check as documented. (pull 5901, Remoting callables documentation)
Several icons across Jenkins have been updated - the build icon, the delete icon, the settings icon, the about icon and the plugin icon. (pull 6186)
Use modern table design for "Recorded Fingerprints" and "Legacy API Tokens" tables. (pull 6247)
Minor form and spacing changes. (pull 6259)
Update table styling and spacing with small table UI tweaks. (pull 6248)
Startup completion notification is available with systemd(1). (pull 6228)
Update the Korean internationalization for build icon descriptions. (pull 6241)
Extend startup notification timeout as each initialization milestone is attained. (pull 6237)
Update remoting from 4.11.2 to 4.12 to allow Java web start agents to connect (regression in 2.318). (pull 5983, issue 67000 , Remoting 4.12 changelog)
Overwrite grey balls icon with the modern "not built" status. (issue 67753)
Link the log recorder configure button to the associated log recorder (regression in 2.322). (pull 6245)
Render the question mark on the new help button only once so that it is not shown twice, even while using different themes. (pull 6233)
Truncate long build names again (regression in 2.332). (issue 67689)
Return zero from RPM init script on successful stop. (issue 31656)
Do not print Java version message from Debian installer when correct Java version is detected. (issue 55696)
Restart systemd service when the controller exits unexpectedly. (issue 56219)
Restart the Jenkins service after plugin updates on Debian 11 (bullseye). (issue 65809)
Do not fail startup with timeout on systems with slow DNS resolution. Rely on the Jenkins process to check for port availability rather than using a separate shell function. (issue 67404)
Correctly report startup result on Amazon Linux 2 installed with the rpm package. (issue 67487)

What's new in 2.334 (2022-02-09)

Security fix. (security advisory)

What's new in 2.333 (2022-01-31)

Startup completion notification is available with systemd(1). (pull 6228)
Update the bundled Mailer Plugin from 1.32.1 to 408.vd726a_1130320. (pull 6180, issue 67674 , 2022-01-12 security advisory)
Update the bundled Matrix Project Plugin from 1.18 to 1.20. (pull 6180, issue 67674 , 2022-01-12 security advisory)
Remove images from core that have been replaced by SVG images. (pull 5778)
Update site warnings can now be configured with Configuration as Code. (issue 56057)
Remove support for plugins written in Ruby. (Deprecating non-Java plugins blog post)
Launch only one agent to satisfy cloud agent requests that use label expressions. (issue 67635)
Run cleanup before terminating the controller process due to a Unix TERM signal. (pull 6230)
Correctly render expandable text boxes into multiple lines (regression in 2.197 and 2.176.4). (issue 67627)
Keep the same height when dragging and dropping a component (regression in 2.277). (issue 67496)
Show correct feature name in tooltips of help links (regression in 2.179). (issue 67662)
Support group names with spaces in the deb package. (issue 56911 , pull 268 (packaging))
Remove requirement for daemon in deb packages. (pull 261 (packaging))
Remove requirement for daemonize in RPM packages. (pull 248 (packaging))
Upgrade the XStream library from 1.4.18 to 1.4.19. Addresses the CVE-2021-43859 security vulnerability when unmarshalling highly recursive collections or maps causing a Denial of Service. (pull 6231, XStream 1.4.19 changelog, XStream CVE-2021-43859)

What's new in 2.332 (2022-01-24)

Restore the location of the build progress bar (regression in 2.321). (pull 6199)

What's new in 2.331 (2022-01-21)

Increase width of job configuration form on wide screens. (issue 67198)
Unify labels in plugin manager. Remove deprecated terminology labels from the Plugin Manager. (pull 6151)
The JavaMail and JavaBeans Activation Framework (JAF) libraries have been detached from Jenkins core into dedicated plugins. (pull 6165, JavaMail, JavaBeans Activation Framework (JAF))

What's new in 2.330 (2022-01-12)

Security fix. (security advisory)

What's new in 2.329 (2022-01-08)

Fix ClassNotFoundException: io.jenkins.cli.shaded.org.w3c.dom.Node when using JAXB. (issue 67470)
Fix vertical icon alignment for build status in medium (M) and small (S) icon sizes. (issue 67515)
Developer: The javax.annotation.Generated, javax.annotation.ManagedBean, javax.annotation.PostConstruct, javax.annotation.PreDestroy, javax.annotation.Priority, javax.annotation.Resource, javax.annotation.Resources, javax.annotation.security.DeclareRoles, javax.annotation.security.DenyAll, javax.annotation.security.PermitAll, javax.annotation.security.RolesAllowed, javax.annotation.security.RunAs, javax.annotation.sql.DataSourceDefinition, and javax.annotation.sql.DataSourceDefinitions annotations have been deprecated in favor of the equivalent classes in the jakarta.annotation package. Plugin developers should migrate to the Jakarta Annotations version of each of the above annotations. (pull 6161)

What's new in 2.328 (2022-01-03)

Use SVG icons for agent context menu and executor status. (pull 6146)
Modernise the "About Jenkins" page. Update the table and tab design to use normal cased text. (pull 6055)
Ensure that loggers exist before setting their log levels. In rare cases, setting the log level of a logger may have had no effect. (pull 6143)

What's new in 2.327 (2021-12-27)

JRuby support has been removed from the Stapler web framework used in Jenkins core. A small number of JRuby-based plugins are affected; see the blog post for migration notes. (pull 6103, JEP-7: Deprecation of Ruby and Python plugin runtimes, Deprecating non-Java plugins (blog post), Stapler repository, JRuby project)
Remove support for setting the Jenkins home directory via Java Naming and Directory Interface (JNDI). (pull 6111)
Improve visualization of the Environment Variables page. (pull 6096)
Ensure that links from inline help (shown after clicking "?" icons) always open in new windows. (pull 6095)
Include plugin short names in some error messages. (pull 6077)
Developer: Bump spring-security-bom from 5.6.0 to 5.6.1. (pull 6089, Spring project spring-security 5.6.1 release notes)

What's new in 2.326 (2021-12-20)

The agent-to-controller security subsystem is now always enabled. The admin-customizable allowlists for callables and file paths have been removed. The ability to access some files on the controller from agents has been removed. Some plugins are incompatible with this change and may need to be updated. (pull 5885, issue 67173 , the issue tracker)
Add missing SVG for parameterized job icon. (pull 5905)
Add "Report an issue" link to plugins in the plugin manager. (issue 65113)
Upgrade Groovy from 2.4.12 to 2.4.21. (pull 5939, Groovy 2.4.13 changelog, Groovy 2.4.14 changelog, Groovy 2.4.15 changelog, Groovy 2.4.16 changelog, Groovy 2.4.17 changelog, Groovy 2.4.18 changelog, Groovy 2.4.19 changelog, Groovy 2.4.20 changelog, Groovy 2.4.21 changelog, Groovy language site)
- Restore support for symbolic links in the Jenkins home directory (regression in 2.325). (issue 67372)
Developer: Stapler now returns an informative error message when a request is made for an invalid adjunct. (pull 6066)
Developer: Deprecate SlaveToMasterFileCallable. (issue 67173)

What's new in 2.325 (2021-12-14)

Modernise the appearance of the plugin manager. (pull 5916)
More reliably estimate plugin download progress. (pull 6038)
Newly created items are again automatically made accessible to their creators to fix a regression in the matrix-auth plugin (regression in 2.324). (issue 21224)
- Fix a resource leak when shutting down Jenkins. (pull 6034)
- Fix a resource leak when a plugin fails to load. (pull 6030)
Filtering now hides unavailable updates on "Updates" tab in Plugin Manager. (issue 65084)
An agent-to-controller security measure failed to persist configuration. (pull 5888)
Custom log records with large record parameters no longer interfere with garbage collection. (pull 6018)
Developer: Add FilePath#validateAntFileMask(String, boolean) overload for convenience. (pull 6033)
Developer: The option -Dhudson.ClassicPluginStrategy.useAntClassLoader=false allows experiments with plugin-first class loading alternatives. (pull 5970)

What's new in 2.324 (2021-12-06)

Improve logging for termination of cloud agents. (pull 6010)
Fix appearance of table tooltips. (issue 67154)
Developer: Plugins now have their Guice dependencies aligned with core. (pull 6014)
Introduced Listeners.notify utility method to encourage safe listener notification. (issue 21224)
Developer: Disable form element path in unit tests by default. (pull 6004)
Deprecate FingerprintStorage.getFileFingerprintStorage. Developers should use FingerprintStorage Extension API instead. (pull 5423, FingerprintStorage.getFileFingerprintStorage javadoc, FingerprintStorage Extension API)

What's new in 2.323 (2021-11-30)

Add configuration-as-code support for managing log recorders. (issue 61278)
Add path to form elements giving stable selectors for UI testing. (pull 5926)
Update remoting from 4.11.1 to 4.11.2 to fix code signing. (pull 5983, issue 67227 , Remoting 4.11.2 changelog)
Improve performance by lazy loading build records from the run list. (pull 5942)
"View as plain text" shows correctly in polling log page. (issue 67193)
Developer: New extension point Header as an interface that provides capabilities to render a specific header and a default implementation of that, named JenkinsHeader that is enabled by default. (pull 5909, JEP-234: Customizable Jenkins header)

What's new in 2.322 (2021-11-23)

Issue a warning to the system log when using agent-to-controller file manipulation idioms considered for deprecation, and collect telemetry about this as well. (pull 5890)
Add descriptions of built-in administrative alerts to the global configuration alert selection page. (pull 5937)
Modernise System Info and Log Recorder pages. (pull 5925)
Jenkins startup could hang due to a deadlock in class loading. (issue 67188)
Display full user name, rather than id, in securityRealm page when using the built-in security realm (regression since 2.243). (pull 5925)
Display the "Configure System" icon in the drop down menu. (issue 67033)
Developer: Register UberClassLoader as parallel-capable. (pull 5931)

What's new in 2.321 (2021-11-16)

Modernise the table design and add support for Ionicons. (pull 5851)
Remove superfluous user interface elements, including images, mask-icon, and unnecessary resize handles. (pull 5777)
Only apply trimLabels operation to affected nodes when adding or removing them. (issue 67099)
Maven tool configuration works again (regression in 2.320). (issue 67109)
Show ongoing first build in build history (regression in 2.314). (issue 66969)
Fix filtering in update tab of plugin manager (regression in 2.320). (pull 5908)
Permit additional safe types in agent to controller access control (regression in 2.320). (issue 67105)
Developer: Upgrade the Guice library from 4.0 (released April 28, 2015) to 5.0.1 (released March 2, 2021). (pull 5858, Guice library, Guice 5.0.1 release notes)
Developer: Bump spring-security-bom from 5.5.3 to 5.6.0. (pull 5921, Spring project spring-security 5.6.0-RC1 release notes, Spring project spring-security 5.6.0 release notes)

What's new in 2.320 (2021-11-09)

Upgrade the Guava library from 11.0.1 (released on January 9, 2012) to 31.0.1 (released on September 27, 2021). Plugins have already been prepared to support the new version of Guava; use the Plugin Manager to upgrade all plugins before and after upgrading Jenkins. (pull 5707, issue 36779 , JEP-233, Guava web site, Guava 31.0.1 changelog)
Modernise the 'New view' and 'New node' pages. (pull 5842)
Improve artifact list readability in dark theme. (pull 5889)
Use CSS animation for console progress. (pull 5871)
Allow plugin upload by URL in addition to file name. (issue 4814)
Update bundled version of Bouncy Castle API plugin from 2.20 to 2.25. (pull 5898, Bouncy Castle release notes)
Prevent LinkageError during class loading (regression in 2.309). (issue 66993)
Do not attempt to canonicalize tar entries when untaring, as the result may be unexpected for symlinks. (issue 67063)
Fix form submission for file access rules of agent to controller security subsystem (regression in 2.111). (pull 5881, issue 67061 , Upgrade guide - Agent to controller path filter security fixes)
Avoid false positives in plugin search (installed tab). (pull 5870)
Fix missing hyperlink in build history (regression in 2.314). (issue 67028)
Add space between icon and project name (or build number) in all links to builds. (pull 5887)
Add space between icon and project name in upstream & downstream section of project page. (issue 66749)
Replace outdated URLs with working redirects. (issue 67032)
An exception thrown by a RestartListener no longer leaves Jenkins in a zombie-like state. (issue 67002)
Display the time zone of the user when an administrator updates a user account. (issue 66845)
Developer: Provide a stable version of ObjectWebASM (currently 9.1) on the classpath. (pull 5524, ObjectWebASM web site)
Developer: Use the upstream version of AntClassLoader without custom patches. (pull 5856)

What's new in 2.319 (2021-11-04)

Important security fixes. (security advisory)
Security hardening: Require role check for remoting callables. (LTS upgrade guide, developer documentation)
Always allow configuring agent-to-controller security subsystem.

What's new in 2.318 (2021-10-26)

Add XStream2 constructor matching super. (issue 66955)
Remove deprecated, unsafe classes previously copied from Apache Ant. Docker Slaves plugin is incompatible with this change. (issue 66930)
ExecutorListener may now be implemented as a static extension. (issue 66947)
Update tooltips to be consistent across Jenkins. (pull 5763)

What's new in 2.317 (2021-10-19)

Screen Resolution cookie now has the secure flag set when Jenkins is running on HTTPS. (issue 49675)
Deprecate the -cp option in the remoting agent.jar command line. Upgrade from Remoting 4.10 to Remoting 4.11. (pull 5821, issue 64831 , Remoting 4.11 changelog)
Display ongoing build in build history (regression in 2.314). (issue 66753)
Fix agent handshake when connecting over Websocket on Java 11. Upgrade from Remoting 4.10 to Remoting 4.11. (pull 5821, issue 61212 , Remoting 4.11 changelog)
Reduce the amount of disk writes to logs/tasks/*.log when nothing interesting is happening. (issue 66854)

What's new in 2.316 (2021-10-11)

Update the French translation in the legend. (issue 66681)
Display full plugin name and link when a plugin fails to load. (issue 66776)
Improve error reporting for certain kinds of bugs in computer listeners. (pull 5755)
Update bundled versions of Pipeline: API, Pipeline: Step API, SCM API, and Structs plugins. (pull 5773, Pipeline: API plugin, Pipeline: Step API plugin, SCM API plugin, Structs plugin)
Developer: Fix XStream2 support of unmarshalling implicit collections. (pull 5757)

What's new in 2.315 (2021-10-06)

Security fixes. (security advisory)
Security hardening: The "short description" of build causes is now defined as plain text instead of HTML. (related LTS upgrade guide entry, related developer documentation)

What's new in 2.314 (2021-09-28)

Modernise the "Build History" search bar (pull 5692)
Show new status icons in build history (issue 66659)
Modernise the "Manage Jenkins" screen (pull 5693)

What's new in 2.313 (2021-09-21)

Allow a plugin to dynamically insert a JAR file into its classpath. (issue 66563)
Remove the --daemon argument from Jenkins command line arguments. Replace Akuma library from Jenkins core with simpler implementations using ProcessTree capabilities (pull 5561)
Allow Jenkins to start when the JCasC configuration defines view-related permissions (regression in 2.302). (issue 66470)
Correction of Label expression including a "implies" relationship without spaces around. (issue 66613)
WebSocket connections now work when the Jenkins controller is running Java 11 and using self-terminated TLS. (issue 61212)

What's new in 2.312 (2021-09-14)

Update executable war from 1.45 to 2.0 (pull 5706)
Replace the old icons with the new SVG icons in the job trend page. (issue 65928)

What's new in 2.311 (2021-09-09)

Fix wrong parameter type for Text Parameter when triggering a build via the buildWithParameters API call. (pull 5704)
Graphs now scale correctly on high resolution screens. (pull 5697)
The checkbox labeled "Enable Agent → Controller Access Control" in the form "Configure Global Security" would always start out as disabled. Submitting the form without checking it would then cause a configuration change (regression in 2.307). (pull 5694)
Load classes from plugins in parallel for faster startup on multicore machines. (issue 23784)
Internal: Experimental support for URLClassLoader can be enabled by setting hudson.ClassicPluginStrategy.useAntClassLoader=false. (pull 5698)

Changelogs of historical releases can be found in the changelog archive.