The Jenkins Blog

Mark Waite

Mark is a member of the Jenkins governing board, a long-time Jenkins user and contributor, a core maintainer, and maintainer of the git plugin, the git client plugin, the platform labeler plugin, the embeddable build status plugin, and several others. He is one of the authors of the "Improve a plugin" tutorial.

She Code Africa Contributhon 2022!

The She Code Africa Contributhon started April 5, 2022. The She Code Africa Contributhon is a boot camp where African women are paid to work with open source organizations on selected projects with dedicated mentors. This program aims to create a more diverse, inclusive, and innovative culture within the African open source ecosystem by matching African women in technology with sponsor and...

Mark Waite April 11, 2022
Spring Framework RCE, CVE-2022-22965

A remote code execution vulnerability has been identified in the Spring Framework. This vulnerability is identified as CVE-2022-22965. Spring officially reacted early in an early announcement. SpringShell in Jenkins Core and Plugins The Jenkins security team has confirmed that the Spring vulnerability is not affecting Jenkins Core. There is no impact because we are using Stapler as a servlet, and neither Spring MVC nor Spring...

Wadeck Follonier
Damien DUPORTAL
Mark Waite March 31, 2022
Happy New Year! 2022 edition

Special thanks from the Jenkins project to users and contributors with the New Year! Let’s take a look at some changes this year. Highlights Major events including Google Summer of Code, Hacktoberfest, She Code Africa Contributhon, and three Contributor Summits Strong support from new and continuing Sponsors Core features for configuration form modernization, upgrades to key dependencies, continuous delivery for plugins, and Java 11 as...

Mark Waite January 14, 2022
Deprecating non-Java plugins

10 years ago, the Jenkins ruby-runtime was first released. It was an experiment to let plugins be written in ruby but still get integrated into the main Java Virtual Machine runtime with help of JRuby. A similar extension was made to allow plugins to be written in Python but still integrated into the Java Virtual Machine with Jython. Over the years though, the experiments...

Gavin Mogan
Oleg Nenashev
Mark Waite December 22, 2021
Apache Log4j 2 vulnerability CVE-2021-44228

A critical security vulnerability has been identified in the popular "Apache Log4j 2" library. This vulnerability is identified as CVE-2021-44228. Log4j in Jenkins The Jenkins security team has confirmed that Log4j is not used in Jenkins core. Jenkins plugins may be using Log4j. You can identify whether Log4j is included with any plugin by running the following Groovy script in the Script Console: org.apache.logging.log4j.core.lookup.JndiLookup.class.protectionDomain.codeSource If this results...

Wadeck Follonier
Daniel Beck
Hervé Le Meur
Mark Waite December 10, 2021
Jenkins in Hacktoberfest 2021

Hacktoberfest 2021 made great contributions to the Jenkins project. We thank all the Hacktoberfest contributors and the maintainers who reviewed the submitted pull requests. We received contributions in artwork, translation, documentation, security, and general purpose improvements. The contributions included software improvements, documentation updates, and video tutorials. Translations and Artwork Duchess France provided significant improvements to the French localization of Jenkins. The changes included new translations of...

Mark Waite October 31, 2021
Use Just Enough Pipeline

Jenkins Pipeline (or simply Pipeline with a capital P) is a suite of plugins that supports implementing and integrating continuous delivery pipelines into Jenkins. This allows you to automate the process of getting software from version control through to your users and customers. Pipeline code works beautifully for its intended role of automating build, test, deploy, and administration tasks. But, as it is...

Mark Waite
Darin Pope October 26, 2021
Jenkins Election 2021

Voter registration is now open for the 2021 Jenkins project elections. Two members of the governing board are up for election. Five officers are up for election. How Do I Register to Vote? Click the "Register Here" button above or open https://community.jenkins.io/g/election-voter in your browser. You will need to register with community.jenkins.io either using an existing account (like a GitHub account) or by creating a...

Mark Waite October 25, 2021
Jenkins project Confluence instance attacked

Earlier this week the Jenkins infrastructure team identified a successful attack against our deprecated Confluence service. We responded immediately by taking the affected server offline while we investigated the potential impact. At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected. Thus far in our investigation, we have learned that the Confluence CVE-2021-26084...

Mark Waite
R. Tyler Croy September 4, 2021