Changelog

What's new in 2.332 (2022-01-24)

• Restore the location of the build progress bar (regression in 2.321). (pull 6199)

What's new in 2.331 (2022-01-21)

• Increase width of job configuration form on wide screens. (issue 67198)
• Unify labels in plugin manager. Remove deprecated terminology labels from the Plugin Manager. (pull 6151)
• The JavaMail and JavaBeans Activation Framework (JAF) libraries have been detached from Jenkins core into dedicated plugins. (pull 6165, JavaMail, JavaBeans Activation Framework (JAF))

What's new in 2.330 (2022-01-12)

• Security fix. (security advisory)

What's new in 2.329 (2022-01-08)

• Fix ClassNotFoundException: io.jenkins.cli.shaded.org.w3c.dom.Node when using JAXB. (issue 67470)
• Fix vertical icon alignment for build status in medium (M) and small (S) icon sizes. (issue 67515)
• Developer: The javax.annotation.Generated, javax.annotation.ManagedBean, javax.annotation.PostConstruct, javax.annotation.PreDestroy, javax.annotation.Priority, javax.annotation.Resource, javax.annotation.Resources, javax.annotation.security.DeclareRoles, javax.annotation.security.DenyAll, javax.annotation.security.PermitAll, javax.annotation.security.RolesAllowed, javax.annotation.security.RunAs, javax.annotation.sql.DataSourceDefinition, and javax.annotation.sql.DataSourceDefinitions annotations have been deprecated in favor of the equivalent classes in the jakarta.annotation package. Plugin developers should migrate to the Jakarta Annotations version of each of the above annotations. (pull 6161)

What's new in 2.328 (2022-01-03)

• Use SVG icons for agent context menu and executor status. (pull 6146)
• Modernise the "About Jenkins" page. Update the table and tab design to use normal cased text. (pull 6055)
• Ensure that loggers exist before setting their log levels. In rare cases, setting the log level of a logger may have had no effect. (pull 6143)

What's new in 2.327 (2021-12-27)

• JRuby support has been removed from the Stapler web framework used in Jenkins core. A small number of JRuby-based plugins are affected; see the blog post for migration notes. (pull 6103, JEP-7: Deprecation of Ruby and Python plugin runtimes, Deprecating non-Java plugins (blog post), Stapler repository, JRuby project)
• Improve visualization of the Environment Variables page. (pull 6096)
• Ensure that links from inline help (shown after clicking "?" icons) always open in new windows. (pull 6095)
• Include plugin short names in some error messages. (pull 6077)
• Developer: Bump spring-security-bom from 5.6.0 to 5.6.1. (pull 6089, Spring project spring-security 5.6.1 release notes)

What's new in 2.326 (2021-12-20)

• The agent-to-controller security subsystem is now always enabled. The admin-customizable allowlists for callables and file paths have been removed. The ability to access some files on the controller from agents has been removed. Some plugins are incompatible with this change and may need to be updated. (pull 5885, issue 67173, the issue tracker)
• Add missing SVG for parameterized job icon. (pull 5905)
• Add "Report an issue" link to plugins in the plugin manager. (issue 65113)
• Upgrade Groovy from 2.4.12 to 2.4.21. (pull 5939, Groovy 2.4.13 changelog, Groovy 2.4.14 changelog, Groovy 2.4.15 changelog, Groovy 2.4.16 changelog, Groovy 2.4.17 changelog, Groovy 2.4.18 changelog, Groovy 2.4.19 changelog, Groovy 2.4.20 changelog, Groovy 2.4.21 changelog, Groovy language site)
• - Restore support for symbolic links in the Jenkins home directory (regression in 2.325). (issue 67372)
• Developer: Stapler now returns an informative error message when a request is made for an invalid adjunct. (pull 6066)
• Developer: Deprecate SlaveToMasterFileCallable. (issue 67173)

What's new in 2.325 (2021-12-14)

• Modernise the appearance of the plugin manager. (pull 5916)
• More reliably estimate plugin download progress. (pull 6038)
• Newly created items are again automatically made accessible to their creators to fix a regression in the matrix-auth plugin (regression in 2.324). (issue 21224)
• - Fix a resource leak when shutting down Jenkins. (pull 6034)
• - Fix a resource leak when a plugin fails to load. (pull 6030)
• Filtering now hides unavailable updates on "Updates" tab in Plugin Manager. (issue 65084)
• An agent-to-controller security measure failed to persist configuration. (pull 5888)
• Custom log records with large record parameters no longer interfere with garbage collection. (pull 6018)
• Developer: Add FilePath#validateAntFileMask(String, boolean) overload for convenience. (pull 6033)
• Developer: The option -Dhudson.ClassicPluginStrategy.useAntClassLoader=false allows experiments with plugin-first class loading alternatives. (pull 5970)

What's new in 2.324 (2021-12-06)

• Improve logging for termination of cloud agents. (pull 6010)
• Fix appearance of table tooltips. (issue 67154)
• Developer: Plugins now have their Guice dependencies aligned with core. (pull 6014)
• Introduced Listeners.notify utility method to encourage safe listener notification. (issue 21224)
• Developer: Disable form element path in unit tests by default. (pull 6004)
• Deprecate FingerprintStorage.getFileFingerprintStorage. Developers should use FingerprintStorage Extension API instead. (pull 5423, FingerprintStorage.getFileFingerprintStorage javadoc, FingerprintStorage Extension API)

What's new in 2.323 (2021-11-30)

• Add configuration-as-code support for managing log recorders. (issue 61278)
• Add path to form elements giving stable selectors for UI testing. (pull 5926)
• Update remoting from 4.11.1 to 4.11.2 to fix code signing. (pull 5983, issue 67227, Remoting 4.11.2 changelog)
• Improve performance by lazy loading build records from the run list. (pull 5942)
• "View as plain text" shows correctly in polling log page. (issue 67193)
• Developer: New extension point Header as an interface that provides capabilities to render a specific header and a default implementation of that, named JenkinsHeader that is enabled by default. (pull 5909, JEP-234: Customizable Jenkins header)

What's new in 2.322 (2021-11-23)

• Issue a warning to the system log when using agent-to-controller file manipulation idioms considered for deprecation, and collect telemetry about this as well. (pull 5890)
• Add descriptions of built-in administrative alerts to the global configuration alert selection page. (pull 5937)
• Modernise System Info and Log Recorder pages. (pull 5925)
• Jenkins startup could hang due to a deadlock in class loading. (issue 67188)
• Display full user name, rather than id, in securityRealm page when using the built-in security realm (regression since 2.243). (pull 5925)
• Display the "Configure System" icon in the drop down menu. (issue 67033)
• Developer: Register UberClassLoader as parallel-capable. (pull 5931)

What's new in 2.321 (2021-11-16)

• Modernise the table design and add support for Ionicons. (pull 5851)
• Remove superfluous user interface elements, including images, mask-icon, and unnecessary resize handles. (pull 5777)
• Only apply trimLabels operation to affected nodes when adding or removing them. (issue 67099)
• Maven tool configuration works again (regression in 2.320). (issue 67109)
• Show ongoing first build in build history (regression in 2.314). (issue 66969)
• Fix filtering in update tab of plugin manager (regression in 2.320). (pull 5908)
• Permit additional safe types in agent to controller access control (regression in 2.320). (issue 67105)
• Developer: Upgrade the Guice library from 4.0 (released April 28, 2015) to 5.0.1 (released March 2, 2021). (pull 5858, Guice library, Guice 5.0.1 release notes)
• Developer: Bump spring-security-bom from 5.5.3 to 5.6.0. (pull 5921, Spring project spring-security 5.6.0-RC1 release notes, Spring project spring-security 5.6.0 release notes)

What's new in 2.320 (2021-11-09)

• Upgrade the Guava library from 11.0.1 (released on January 9, 2012) to 31.0.1 (released on September 27, 2021). Plugins have already been prepared to support the new version of Guava; use the Plugin Manager to upgrade all plugins before and after upgrading Jenkins. (pull 5707, issue 36779, JEP-233, Guava web site, Guava 31.0.1 changelog)
• Modernise the 'New view' and 'New node' pages. (pull 5842)
• Improve artifact list readability in dark theme. (pull 5889)
• Use CSS animation for console progress. (pull 5871)
• Allow plugin upload by URL in addition to file name. (issue 4814)
• Update bundled version of Bouncy Castle API plugin from 2.20 to 2.25. (pull 5898, Bouncy Castle release notes)
• Prevent LinkageError during class loading (regression in 2.309). (issue 66993)
• Do not attempt to canonicalize tar entries when untaring, as the result may be unexpected for symlinks. (issue 67063)
• Fix form submission for file access rules of agent to controller security subsystem (regression in 2.111). (pull 5881, issue 67061, Upgrade guide - Agent to controller path filter security fixes)
• Avoid false positives in plugin search (installed tab). (pull 5870)
• Fix missing hyperlink in build history (regression in 2.314). (issue 67028)
• Add space between icon and project name (or build number) in all links to builds. (pull 5887)
• Add space between icon and project name in upstream & downstream section of project page. (issue 66749)
• Replace outdated URLs with working redirects. (issue 67032)
• An exception thrown by a RestartListener no longer leaves Jenkins in a zombie-like state. (issue 67002)
• Display the time zone of the user when an administrator updates a user account. (issue 66845)
• Developer: Provide a stable version of ObjectWebASM (currently 9.1) on the classpath. (pull 5524, ObjectWebASM web site)
• Developer: Use the upstream version of AntClassLoader without custom patches. (pull 5856)

What's new in 2.319 (2021-11-04)

• Important security fixes. (security advisory)
• Security hardening: Require role check for remoting callables. (LTS upgrade guide, developer documentation)
• Always allow configuring agent-to-controller security subsystem.

What's new in 2.318 (2021-10-26)

• Add XStream2 constructor matching super. (issue 66955)
• Remove deprecated, unsafe classes previously copied from Apache Ant. Docker Slaves plugin is incompatible with this change. (issue 66930)
• ExecutorListener may now be implemented as a static extension. (issue 66947)
• Update tooltips to be consistent across Jenkins. (pull 5763)

What's new in 2.317 (2021-10-19)

• Screen Resolution cookie now has the secure flag set when Jenkins is running on HTTPS. (issue 49675)
• Deprecate the -cp option in the remoting agent.jar command line. Upgrade from Remoting 4.10 to Remoting 4.11. (pull 5821, issue 64831, Remoting 4.11 changelog)
• Display ongoing build in build history (regression in 2.314). (issue 66753)
• Fix agent handshake when connecting over Websocket on Java 11. Upgrade from Remoting 4.10 to Remoting 4.11. (pull 5821, issue 61212, Remoting 4.11 changelog)
• Reduce the amount of disk writes to logs/tasks/*.log when nothing interesting is happening. (issue 66854)

What's new in 2.316 (2021-10-11)

• Update the French translation in the legend. (issue 66681)
• Display full plugin name and link when a plugin fails to load. (issue 66776)
• Improve error reporting for certain kinds of bugs in computer listeners. (pull 5755)
• Update bundled versions of Pipeline: API, Pipeline: Step API, SCM API, and Structs plugins. (pull 5773, Pipeline: API plugin, Pipeline: Step API plugin, SCM API plugin, Structs plugin)
• Developer: Fix XStream2 support of unmarshalling implicit collections. (pull 5757)

What's new in 2.315 (2021-10-06)

• Security fixes. (security advisory)
• Security hardening: The "short description" of build causes is now defined as plain text instead of HTML. (related LTS upgrade guide entry, related developer documentation)

What's new in 2.314 (2021-09-28)

• Modernise the "Build History" search bar (pull 5692)
• Show new status icons in build history (issue 66659)
• Modernise the "Manage Jenkins" screen (pull 5693)

What's new in 2.313 (2021-09-21)

• Allow a plugin to dynamically insert a JAR file into its classpath. (issue 66563)
• Remove the --daemon argument from Jenkins command line arguments. Replace Akuma library from Jenkins core with simpler implementations using ProcessTree capabilities (pull 5561)
• Allow Jenkins to start when the JCasC configuration defines view-related permissions (regression in 2.302). (issue 66470)
• Correction of Label expression including a "implies" relationship without spaces around. (issue 66613)
• WebSocket connections now work when the Jenkins controller is running Java 11 and using self-terminated TLS. (issue 61212)

What's new in 2.312 (2021-09-14)

• Update executable war from 1.45 to 2.0 (pull 5706)
• Replace the old icons with the new SVG icons in the job trend page. (issue 65928)

What's new in 2.311 (2021-09-09)

• Fix wrong parameter type for Text Parameter when triggering a build via the buildWithParameters API call. (pull 5704)
• Graphs now scale correctly on high resolution screens. (pull 5697)
• The checkbox labeled "Enable Agent → Controller Access Control" in the form "Configure Global Security" would always start out as disabled. Submitting the form without checking it would then cause a configuration change (regression in 2.307). (pull 5694)
• Load classes from plugins in parallel for faster startup on multicore machines. (issue 23784)
• Internal: Experimental support for URLClassLoader can be enabled by setting hudson.ClassicPluginStrategy.useAntClassLoader=false. (pull 5698)

What's new in 2.310 (2021-09-07)

• Jenkins 2.310 was not placed in the artifact repository or on the download site.

What's new in 2.309 (2021-08-30)

• Fix missing settings/cog icon in Plugin Manager. Fix incorrect folder icon showing in projects (regression in 2.307). (pull 5690)
• Add ABORTED threshold to ReverseBuildTrigger. (pull 5542)
• Developer: Bump Java Native Access (jna) from 5.8.0 to 5.9.0. (pull 5682, JNA 5.9.0 changelog)
• Internal: AntClassLoader (and its subclass PluginFirstClassLoader) and MaskingClassLoader register themselves as parallel-capable. (pull 5687)
• Upgrade from xstream 1.4.17 to 1.4.18. (pull 5685, issue 66507, XStream 1.4.18)

What's new in 2.308 (2021-08-24)

• Use SVGs over PNGs for the sidebar when possible. Breadcrumb bar/logo/menu items are now correctly aligned on the left together. Move old war/images folder to webapp so they can be used in frontend - the SVGs are now in the webapp/images/svgs folder. (pull 5663)
• Update appearance for feed bar and description button to be modern and consistent. (pull 5664)
• When the buildWithParameter API is called, if the requests with the same parameters in the queue are merged, the http response code of the request uses a more appropriate 303(see other) instead of 201(created). (issue 66105)
• Warn about use of master in a label expression when that's no longer in use. (pull 5674)
• Use full URL character encoding for the generated inbound agent launch string. (pull 5636)
• Use the JVM's default keystore type for the Jenkins server when terminating TLS connections within Jenkins. Used if Jenkins is started with the --httpsPort argument. Winstone 5.21: Update Jetty from 9.4.42.v20210604 to Jetty 9.4.43.v20210629. (pull 5670, issue 66379, Winstone 5.20 changelog, Winstone 5.21 changelog, Jetty 9.4.43 changelog)
• Developer: Bump spring-security-bom from 5.5.1 to 5.5.2. (pull 5672, Spring project spring-security 5.5.2 release notes)

What's new in 2.307 (2021-08-17)

• Replace the term "master" with "controller" (for the main Jenkins application) or "built-in node" in user interface strings and documentation as appropriate. (pull 5425)
• Add migration code to change the node name (e.g. NODE_NAME environment variable) and label of the built-in node only after explicit migration by an administrator. New installations get the new node and label immediately. If a job definition, Pipeline definition, or tool installer reference must be tied to the built-in node, it should use the label "built-in". (Built-In Node Name and Label Migration)
• Add the system property jenkins.model.Jenkins.nodeNameAndSelfLabelOverride to specify a different node name and label for the built-in node (e.g. for Configuration as Code use cases) than the one otherwise determined. This will not affect other uses of the node name, such as the URL to the built-in node (now /computer/(built-in)/). (pull 5425)
• GDSL file in jenkins-core library no longer reports an IllegalStateException when used in IntelliJ IDEA. (pull 5662)
• Improve layout of console output header. (pull 5507)
• Use the SVG version of the Jenkins text logo instead of the PNG. (pull 5660)
• Developer: Jenkins now uses an updated version of the AntClassLoader class with fewer custom patches. (pull 5656)
• Removed: The Woodstox implementation of the StAX API has been removed from Jenkins core. Users of the Azure Artifact Manager, Azure Container Agents, Azure Storage, and Azure SDK API plugins must upgrade those plugins to the latest versions in lockstep with this core upgrade. Plugins that consume Woodstox should depend on it directly or via the Jackson 2 API plugin. (pull 5651, Woodstox implementation, StAX API, Azure Artifact Manager plugin, Azure Container Agents plugin, Azure Storage plugin, Azure SDK API plugin, Jackson 2 API plugin)

What's new in 2.306 (2021-08-10)

• Provide working "Help About" links for Jenkins CLI, Jenkins core, and Jenkins war. (issue 64666)
• Developer: AntClassloader will now ignore files that are part of the classpath but not zip files when scanning for resources. It used to throw an exception. (pull 5650)

What's new in 2.305 (2021-08-03)

• Show tooltips when users hover on the SVG icons. (issue 65923)
• Ability to disable Java 11 administrative monitor with a system property. (issue 66177)
• Developer: Make AntClassLoader multi-release JAR aware when it deals with java.util.jar.JarFile. (pull 5635)

What's new in 2.304 (2021-07-27)

• Fix an issue unzipping archives in a corner case when entries have the same path prefix as the target location. (issue 66094)
• Avoid polluting the log when usage statistics can not be sent. (issue 66139)
• Bump matrix-auth from 2.6.7 to 2.6.8. (pull 5630)
• Bump bundled Ant from 1.10.10 to 1.10.11. (pull 5620)
• Remove support for native JNR (Java Native Runtime) chmod(2) and stat(2) implementations as opposed to NIO (Java non-blocking I/O) via the hudson.Util.useNativeChmodAndMode system property. This system property no longer has any effect. (pull 5606)
• Developer: Allow consumers of XmlFile to disable fsync(2). (pull 5599)
• Internal: Terminology cleanup to fix build time trend's distributed builds. Only show the agent column when the controller has agents defined. (pull 5625)

What's new in 2.303 (2021-07-20)

• Bump commons-compress from 1.20 to 1.21. (pull 5624)
• Bump spring-security-bom from 5.5.0 to 5.5.1. (pull 5598, Spring project spring-security 5.5.1 release notes)