Changelog

Legend:

security fix
major bug fix
bug fix
major enhancement
enhancement

Community feedback:

no major issues
notable issues
required rollback

RSS

What's new in 2.428 (2023-10-16)

Important security fix. (2023-10-18 security advisory)
Add missing *_fr.properties in win32errors and hudson, lib, and Jenkins resources. Translate hudson/Messages.properties, hudson/model/Messages.properties, and jenkins/model/Messages.properties into French. (pull 8594, pull 8595, pull 8578, pull 8577)
Add telemetry for Jenkins uptime. (pull 8596)
Upgrade Winstone from 6.12 to 6.14. This includes the upgrade of Jetty from 10.0.15 to 10.0.17. The Jetty upgrade includes fixes for several CVEs. (Winstone 6.13 changelog, Winstone 6.14 changelog, Jetty 10.0.16 changelog, Jetty 10.0.17 changelog, CVE-2023-44487)
Fix multibranch Pipeline Add source and other uses that mix inputs and buttons (regression in 2.422). (issue 72170)
Allow clouds to be reordered. This was previously possible, but disappeared when the cloud management was moved to a separate page (regression in 2.403). (issue 72020)
Developer: Formalize an interface for objects that can be loaded from disk. (issue 72107)
Developer: Allow plugins to define a custom Lifecycle. (issue 72111)

What's new in 2.427 (2023-10-10)

Fix agent allocation due to label issue detected by vSphere Cloud plugin (regression in 2.421). (issue 71937)
Show form validation results for form elements that are initially hidden. (regression in 2.355). (issue 71252)
Remove previous form validation errors when the form validation is updated with new content. (regression in 2.355). (issue 71252)
Disable anonymous usage statistics when run in FIPS mode. (pull 8483, JEP-237)
Developer: HudsonPrivateSecurityRealm objects are now serializable. (issue 72114)
Developer: Add extension point to notify about in-process scripting events. (issue 41516)
Developer: Optionally support a FIPS140 compliant algorithm in the Jenkins' own user database. (issue 71971 , pull 8393, JEP-237)

What's new in 2.426 (2023-10-03)

Remove outdated Prototype.js library. (issue 70906 , pull 7781, blog post)
Use Java 17 as the default Java version in container images that do not specify a Java version in the container label. (Docker pull request 1724)
Automate the display of an administrative monitor when approaching Java end of life (EOL) dates. (pull 8526)
Optimized project deletion. (pull 8528)
Stop shipping net.sf.kxml:kxml2 because Jenkins no longer depends on it. (pull 8503)
Reduce high memory usage from XStream2.AssociatedConverterImpl (regression in 2.405). (issue 72067)
Developer: Added setters for View#filterExecutor and View#filterQueue. Fix missing help sections for view filter executor and queue fields. (pull 8511)
Developer: introduce FIPS property for JEP-237 (Jenkins Enhancement Proposal 237)

What's new in 2.425 (2023-09-26)

Allow alternate values for "Build with Parameters" and the "Build" button on the parameters page. (issue 71866)
Small speculative optimization in build loading. (pull 8494)
The minimum required Remoting version has been increased to 4.13 (released on March 4, 2022). (pull 8484)
Prevent log spam when using the Jenkins security database and users signup. (pull 8474)
Show a confirmation popup when triggering l:task action from context menu. (issue 71880)
Restore context menus of model links in build history views and in administrative monitors. (regression in 2.402). (issue 71890)
Hide the delete button from the only repeatable element in configuration forms when at least one element is expected (regression in 2.344). (issue 72018)
Do not create a large number of threads when making numerous HTTP requests. (issue 72016)
Developer: Provide programmatic deletion support for LogRecorder. (pull 8489)

What's new in 2.424 (2023-09-20)

Important security fixes. (security advisory)

What's new in 2.423 (2023-09-12)

Move node monitoring option to app bar. (pull 8381)
Symbols display in breadcrumbs now. (issue 71983)
Developer: make branding an extension via SimplePageDecorator. (pull 8462)

What's new in 2.422 (2023-09-05)

Prevent incorrect readResolve implementations from breaking agent label parsing. (pull 8448)
Update several buttons and menus to replace YahooUI in more locations. (pull 8418)
List plugins in deterministic order to improve diagnosability of plugin linkage errors. (issue 71950)
Add telemetry collecting basic information about the security configuration. (pull 8440)
Update Turkish localization for the new job page. (pull 8446)
Upgrade to Winstone 6.13 to include Jetty 10.0.16. (Winstone 6.13 release notes, Jetty 10.0.16 changelog)
Developer: Initialize default view slightly earlier in the initialization process. (pull 8413)

What's new in 2.421 (2023-08-29)

Add a nicer 404 error page. (issue 71087)
Add appearance system configuration page. (pull 8403)
Optimize performance of label parsing. (pull 8395)
Fix invalid CSS which caused some buttons to become invisible on hover. (issue 71479)
Message no longer appears twice when the agentLog option is used. (issue 38520)

What's new in 2.420 (2023-08-22)

Move plugins page title into sidebar so that plugins app bar is at the top of the page. (pull 8376)
Remove eval call in hudsonbehavior.js. (issue 71514)
Update Turkish localizations for the job configuration page. (pull 8368)
Refresh link design. (pull 8375)
Display a notice when plugin updates are available or when there are no plugins installed. (pull 8208)
Update the design of the content blocks. (pull 8363)
Remove the unnecessary hashelp class additions from hudsonbehaviour.js. (pull 8355)
Hide administrative monitors icons/popup in the header of Manage Jenkins, as they're shown directly on the page. (issue 71848)
The plain text console log will still be printed even if some console annotations are corrupt. (issue 61452)
Fix link to job in the message informing administrators of trigger computations that run for an unusually long time. (issue 71833)
Deprecate findAncestor and findAncestorClass in hudsonbehaviour.js. (pull 8357)

What's new in 2.419 (2023-08-14)

Remove the addition of the 'has-help' class from hudson-behaviour.js. (pull 8355)
Display a notice when there are plugins installed or updates available. (pull 8208)
Update the design of the content blocks. (pull 8363)
Use standard size node icon even with long node names. (pull 8089)
Deprecate findAncestor and findAncestorClass in hudson-behaviour.js. (pull 8357)

What's new in 2.418 (2023-08-08)

New login page breaks login theme plugin. (issue 71238)
Fix "Manage Jenkins" context menu (regression in 2.415). (issue 71744)
Fix mistranslation of Japanese message in mailing list reference. (pull 8324)

What's new in 2.417 (2023-08-01)

Small optimization in computer list. (pull 8299)
Remove the treeview option for artifactList. (issue 71054)
Remove a workaround that was only necessary for OpenJDK 11.0.16 and earlier. (pull 8193)
Use new jenkins-button styling for 'expandableTextbox' button. (pull 8180)
Log agent usage by job. (pull 8283)
Make tab panes accessible via keyboard. (issue 71496)
Remove System V initialization scripts from RPM based installers. The System V initialization scripts were replaced in March 2022 with systemd initialization. RPM users with a custom log directory no longer have a logrotate(8) configuration out-of-the-box. (pull 409 (packaging), Linux install packages migrated from System V init to systemd)
Add allow-same-origin to the sandbox ContentSecurityPolicy directive of workspace and artifact browsers if the Resource Root URL feature is not used. Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests. (issue 71366)
Add the X-Content-Type-Options HTTP header to the response from the agent listener. Silence security scanners that incorrectly report an issue when the HTTP header is missing. (issue 71186)
Only disable the plugin manager "install" button if no plugins are selected (regression in 2.414). (issue 71698)

What's new in 2.416 (2023-07-26)

Important security fix. (security advisory)

What's new in 2.415 (2023-07-18)

Replace browser confirm with modal dialogs in many places. (issue 71438)
Add last build status to job page. (pull 8129)
Remove the rebuild plugin from the setup wizard plugin selection. (pull 8258)
Estimate project duration accurately in more cases (regression in 2.407). (pull 8233)
Developer: API for alert, confirm, prompt, modal and form dialogs (issue 71438)
Remove long deprecated hudson.util.IOUtils#DIR_SEPARATOR, hudson.util.IOUtils#DIR_SEPARATOR_WINDOWS, hudson.util.IOUtils#DIR_SEPARATOR_UNIX, hudson.util.IOUtils#LINE_SEPARATOR, hudson.util.IOUtils#LINE_SEPARATOR_WINDOWS, and hudson.util.IOUtils#LINE_SEPARATOR_UNIX which are available from org.apache.commons.io.IOUtils. (pull 7641)

What's new in 2.414 (2023-07-11)

Allow cancelling the quiet down mode of a safe restart with an optional custom message for safe restarts (with new default message). Use a less dangerous color for the safeRestart banner. Allow setting the full prepareShutdown message instead of only the reason. Show a hint on the "Jenkins Unavailable" page about safe restarts. (issue 70059)
Move the 'Update' and 'Install' buttons to the app bar. (pull 8025)
Improve CSP compatibility by uninlining javascript code. (issue 71034)
Make the style of the legacy API token revoke button consistent with other buttons. (pull 8210)

What's new in 2.413 (2023-07-04)

Update appearance of buttons for password and secretTextarea matching 'jenkins-button's. (pull 8179)
Display a notice in the log manager page when no logs are available. (pull 8186)
Restore missing build history for external jobs (regression in 2.409). (issue 71553)

What's new in 2.412 (2023-06-27)

Improve CSP compatibility. (issue 71042)
Add or update MIME types for JavaScript files, JavaScript module files, AV1 Image File (AVIF) files, Web Open Font Format (WOFF) files, and WebAssembly files. (Winstone 6.12 release notes)
Improve CSP compatibility by removing inline JS event handlers. (issue 71040)
Use CSS variables for logger colours. (pull 8164)

What's new in 2.411 (2023-06-20)

Update the Log Recorders interface. (pull 8087)
Add Japanese translation of Apply. (pull 8140)
Switch the doublelaunch checker to a regular administrative monitor. (pull 8127)
Remove animations on login page causing high CPU usage in some cases. (issue 71246)

What's new in 2.410 (2023-06-13)

Improve sign in/register screens appearance on mobile. (pull 7995)
Allow user deletion from the trash can icon (regression in 2.405). (issue 71429)
Fix a bug when searching for matching form elements (regression in 2.406). (issue 71383)
Developer: plugins can now contribute widgets for Computer, ComputerSet, View, Job. (pull 7932)

What's new in 2.409 (2023-06-06)

Use jenkins-button for repeatable buttons. (pull 7717)
Do not show Fedora 38 as an end of life operating system before actual end of life in 2024. (issue 71394)
Hide the arrow next to the restart checkbox if the environment doesn't support it. (pull 8076)
Use correct update center proxy configuration hyperlink in error messages. (issue 71244)
Add support for jakarta.inject annotations. (pull 8065)

What's new in 2.408 (2023-06-06)

Jenkins 2.408 was not packaged or delivered. All changes planned for 2.408 are included in 2.409.

Jenkins 2.408 was not placed in the artifact repository or on the download site.

What's new in 2.407 (2023-05-29)

Warn administrators when their Linux operating system is approaching end of life. (pull 7913)
Announce early end of life for Red Hat Enterprise Linux 7 and its derivatives (like CentOS Linux 7, Scientific Linux 7, and Oracle Linux 7). (pull 7913)
Minor footer appearance tweaks. (pull 7989)
Reduce the circumstances under which recent old builds will be loaded when starting new builds. (pull 7998)
Developer: Make Cloud#reconfigure method public. (pull 8053)

What's new in 2.406 (2023-05-23)

Replace disconnect and system info symbols for agents. (pull 8015)
Prefix the name of input elements of ListView to prevent form submission issues when an Item (job) is named elements. (issue 71200)
Developer: Expose UserSeedChangeListener extension point. (pull 7997)
Developer: do not call SaveableListener.fireOnChange anymore when reloading an AbstractItem. (pull 7984)
Developer: Support searches for matching form elements without the use of the Prototype JavaScript framework. (pull 8008)
Developer: Added a utility HttpServletFilter to the API. (pull 7892)

What's new in 2.405 (2023-05-16)

Adjust form label padding. (pull 7962)
Use dialogs to delete computers, views, clouds, users and logrecorders. (issue 13545)
Improve class loading behavior looking up special formatters for XML configuration files. (pull 7976)
Upgrade from Guice 5 to 6. (pull 7990, Guice 6.0.0 release notes)
Restore support for ECharts API plugin (regression in 2.404). (issue 71236)
Make "Skip to content" link visible through keyboard navigation. (pull 7956)
Fix support of clouds without a config.jelly file. (pull 7972)
Developer: Queue items elements are now formalized using jenkins.model.queue.QueueItem. (pull 7926)

What's new in 2.404 (2023-05-09)

Revamp the sign-in and register pages. Add support for browser-native themes like darkmode. (pull 7872)
Make title sticky in legend. (issue 71177)
Move plugins refresh button to app bar. (pull 7770)
Fix the writing of emojis to XML (regression in 2.403). (issue 71182)
Allow parameter positions to be reordered in job definitions (regression in 2.402). (issue 71089)
Add a user experimental flag to run Jenkins without Prototype.js. Plugin authors should enable this flag and fix any issues that result from the removal of Prototype.js. In the future Prototype.js will be removed from Jenkins core. (pull 7948)

What's new in 2.403 (2023-05-02)

Remove support for WebSocket agents when running inside Jetty 9. (pull 7101)
Align source code text and line numbers in views that render source code with the Prism plugin. (issue 70805)
Rework clouds management into multiple pages to better scale to a large numbers of clouds. Users of EC2 Plugin should update it to version 2.0.7 or newer for compatibility. (issue 70729)
Show full width filter field for builds on pages less than 970 pixels wide. (issue 71115)
Do not write NUL values to XML files. A technically illegal #x0 (NUL) could be written to Jenkins XML files but could no longer be read. Now the write will fail as well (regression in 2.398). (issue 71139)
Fix the warning icon in the workspaces temporary directory message. (issue 71160)
Do not display a list of page sections on the System page breadcrumb. (issue 71152)
Add padding to the right side of the full width side panel. (issue 70115)
Developer: The experimental projectViewNested view has been removed without replacement. (issue 70927)

What's new in 2.402 (2023-04-25)

Update appearance and framework for link dropdown menus. (pull 7474)
Remove duplicate section headers from the Tools page. Remove border at the top of the Tools page for consistency with other pages. (pull 7716)
Hide the filter field when there's no build in Build History Widget. (issue 70220)
Restore conditional rendering of headers in some pages and remove non-functional drag handle from some headers (regression in 2.335). (issue 71089)
Upgrade Winstone from 6.10 to 6.11. This includes the upgrade of Jetty from 10.0.13 to 10.0.15. (Winstone 6.11 release notes, Jetty 10.0.14 changelog, Jetty 10.0.15 changelog)

What's new in 2.401 (2023-04-17)

Add updates count badge to Updates sidebar item. (pull 7084)
Simplify loading of JavaScript and CSS. Users of OWASP DependencyTrack must upgrade to 4.3.1 or later, and users of ServiceNow CI/CD must upgrade to 2.1 or later. (pull 7827)
Properly iterate over class names in heterogeneous lists (regression in 2.400). (pull 7845)
Upgrade Spring Framework from 5.3.26 to 5.3.27. (Spring Framework 5.3.27 release notes)

What's new in 2.400 (2023-04-11)

Important security fix. (2023-06-14 security advisory)
Fix radio buttons in repeated blocks in configuration forms (regression in 2.391). (issue 70988)
Fix null pointer exception on the "Manage Jenkins" page when HTTP/2 is enabled. (issue 70630)

What's new in 2.399 (2023-04-04)

Sign WAR file and Windows installer with new code signing certificate. (pull 358)

Changelogs of historical releases can be found in the changelog archive.