Changelog

What's new in 2.414 (2023-07-10)

• Allow cancelling the quiet down mode of a safe restart with an optional custom message for safe restarts (with new default message). Use a less dangerous color for the safeRestart banner. Allow setting the full prepareShutdown message instead of only the reason. Show a hint on the "Jenkins Unavailable" page about safe restarts. (issue 70059)
• Move the 'Update' and 'Install' buttons to the app bar. (pull 8025)
• Improve CSP compatibility by uninlining javascript code. (issue 71034)
• Make the style of the legacy API token revoke button consistent with other buttons. (pull 8210)

What's new in 2.413 (2023-07-04)

• Update appearance of buttons for password and secretTextarea matching 'jenkins-button's. (pull 8179)
• Display a notice in the log manager page when no logs are available. (pull 8186)
• Restore missing build history for external jobs (regression in 2.409). (issue 71553)

What's new in 2.412 (2023-06-27)

• Improve CSP compatibility. (issue 71042)
• Add or update MIME types for JavaScript files, JavaScript module files, AV1 Image File (AVIF) files, Web Open Font Format (WOFF) files, and WebAssembly files. (pull 8173)
• Improve CSP compatibility by removing inline JS event handlers. (issue 71040)
• Use CSS variables for logger colours. (pull 8164)

What's new in 2.411 (2023-06-20)

• Update the Log Recorders interface. (pull 8087)
• Add Japanese translation of Apply. (pull 8140)
• Switch the doublelaunch checker to a regular administrative monitor. (pull 8127)
• Remove animations on login page causing high CPU usage in some cases. (issue 71246)

What's new in 2.410 (2023-06-13)

• Improve sign in/register screens appearance on mobile. (pull 7995)
• Allow user deletion from the trash can icon (regression in 2.405). (issue 71429)
• Fix a bug when searching for matching form elements (regression in 2.406). (issue 71383)
• Developer: plugins can now contribute widgets for Computer, ComputerSet, View, Job. (pull 7932)

What's new in 2.409 (2023-06-06)

• Use jenkins-button for repeatable buttons. (pull 7717)
• Do not show Fedora 38 as an end of life operating system before actual end of life in 2024. (issue 71394)
• Hide the arrow next to the restart checkbox if the environment doesn't support it. (pull 8076)
• Use correct update center proxy configuration hyperlink in error messages. (issue 71244)
• Add support for jakarta.inject annotations. (pull 8065)

What's new in 2.408 (2023-06-06)

• Jenkins 2.408 was not placed in the artifact repository or on the download site.

What's new in 2.407 (2023-05-29)

• Warn administrators when their Linux operating system is approaching end of life. (pull 7913)
• Announce early end of life for Red Hat Enterprise Linux 7 and its derivatives (like CentOS Linux 7, Scientific Linux 7, and Oracle Linux 7). (pull 7913)
• Minor footer appearance tweaks. (pull 7989)
• Reduce the circumstances under which recent old builds will be loaded when starting new builds. (pull 7998)
• Developer: Make Cloud#reconfigure method public. (pull 8053)

What's new in 2.406 (2023-05-23)

• Replace disconnect and system info symbols for agents. (pull 8015)
• Prefix the name of input elements of ListView to prevent form submission issues when an Item (job) is named elements. (issue 71200)
• Developer: Expose UserSeedChangeListener extension point. (pull 7997)
• Developer: do not call SaveableListener.fireOnChange anymore when reloading an AbstractItem. (pull 7984)
• Developer: Support searches for matching form elements without the use of the Prototype JavaScript framework. (pull 8008)
• Developer: Added a utility HttpServletFilter to the API. (pull 7892)

What's new in 2.405 (2023-05-16)

• Adjust form label padding. (pull 7962)
• Use dialogs to delete computers, views, clouds, users and logrecorders. (issue 13545)
• Improve class loading behavior looking up special formatters for XML configuration files. (pull 7976)
• Upgrade from Guice 5 to 6. (pull 7990, Guice 6.0.0 release notes)
• Restore support for ECharts API plugin (regression in 2.404). (issue 71236)
• Make "Skip to content" link visible through keyboard navigation. (pull 7956)
• Fix support of clouds without a config.jelly file. (pull 7972)
• Developer: Queue items elements are now formalized using jenkins.model.queue.QueueItem. (pull 7926)

What's new in 2.404 (2023-05-09)

• Revamp the sign-in and register pages. Add support for browser-native themes like darkmode. (pull 7872)
• Make title sticky in legend. (issue 71177)
• Move plugins refresh button to app bar. (pull 7770)
• Fix the writing of emojis to XML (regression in 2.403). (issue 71182)
• Allow parameter positions to be reordered in job definitions (regression in 2.402). (issue 71089)
• Add a user experimental flag to run Jenkins without Prototype.js. Plugin authors should enable this flag and fix any issues that result from the removal of Prototype.js. In the future Prototype.js will be removed from Jenkins core. (pull 7948)

What's new in 2.403 (2023-05-02)

• Remove support for WebSocket agents when running inside Jetty 9. (pull 7101)
• Align source code text and line numbers in views that render source code with the Prism plugin. (issue 70805)
• Rework clouds management into multiple pages to better scale to a large numbers of clouds. Users of EC2 Plugin should update it to version 2.0.7 or newer for compatibility. (issue 70729)
• Show full width filter field for builds on pages less than 970 pixels wide. (issue 71115)
• Do not write NUL values to XML files. A technically illegal #x0 (NUL) could be written to Jenkins XML files but could no longer be read. Now the write will fail as well (regression in 2.398). (issue 71139)
• Fix the warning icon in the workspaces temporary directory message. (issue 71160)
• Do not display a list of page sections on the System page breadcrumb. (issue 71152)
• Add padding to the right side of the full width side panel. (issue 70115)
• Developer: The experimental projectViewNested view has been removed without replacement. (issue 70927)

What's new in 2.402 (2023-04-25)

• Update appearance and framework for link dropdown menus. (pull 7474)
• Remove duplicate section headers from the Tools page. Remove border at the top of the Tools page for consistency with other pages. (pull 7716)
• Hide the filter field when there's no build in Build History Widget. (issue 70220)
• Restore conditional rendering of headers in some pages and remove non-functional drag handle from some headers (regression in 2.335). (issue 71089)
• Upgrade Winstone from 6.10 to 6.11. This includes the upgrade of Jetty from 10.0.13 to 10.0.15. (Winstone 6.11 release notes, Jetty 10.0.14 changelog, Jetty 10.0.15 changelog)

What's new in 2.401 (2023-04-17)

• Add updates count badge to Updates sidebar item. (pull 7084)
• Simplify loading of JavaScript and CSS. Users of OWASP DependencyTrack must upgrade to 4.3.1 or later, and users of ServiceNow CI/CD must upgrade to 2.1 or later. (pull 7827)
• Properly iterate over class names in heterogeneous lists (regression in 2.400). (pull 7845)
• Upgrade Spring Framework from 5.3.26 to 5.3.27. (Spring Framework 5.3.27 release notes)

What's new in 2.400 (2023-04-11)

• Important security fix. (2023-06-14 security advisory)
• Fix radio buttons in repeated blocks in configuration forms (regression in 2.391). (issue 70988)
• Fix null pointer exception on the "Manage Jenkins" page when HTTP/2 is enabled. (issue 70630)

What's new in 2.399 (2023-04-04)

• Sign WAR file and Windows installer with new code signing certificate. (pull 358)

What's new in 2.398 (2023-04-04)

• Use a card layout instead of a table for the dashboard on mobile. (pull 7581)
• Refresh the Build with Parameters interface. (pull 7748)
• Support emoji in Job DSL scripts. (issue 69129)

What's new in 2.397 (2023-03-28)

• Add missing Turkish translations for plugins management page. (pull 7767)
• Add missing Turkish translations for tools management page. (pull 7762)
• Don't remove id inside symbol. (issue 70730)
• Fix "delete build" button text overflow. (issue 70809)
• Upgrade Spring Framework from 5.3.25 to 5.3.26. (Spring framework BOM 5.3.26 release notes, pull 7760)

What's new in 2.396 (2023-03-21)

• Revamp icon legend as a modal. (pull 7718)
• Remove the expand-button component as it's no longer used. (pull 7732)
• Refresh the design of the About Jenkins page. (pull 7712)
• Hide the Restart Jenkins checkbox in the update center if the controller doesn't support it. (issue 69489)
• Restore the New Node button in computer overview for users with node creation permission. (issue 70820)
• Suppress some noisy stack traces from ProcessTree. (pull 7681)
• Avoid a ClassCastException from TokenBasedRememberMeServices2 (not known to occur in realistic environments). (pull 7724)
• SlaveRestarter implementations are now only installed on static agents. Use Djenkins.slaves.restarter.JnlpSlaveRestarterInstaller.forceInstall=true to fall back to the previous behaviour in case of any issue. (pull 7693)

What's new in 2.395 (2023-03-14)

• Introduce user experimental flags. (issue 69853)
• The stopbuilds command did nothing if the last build of the job was already finished, even while earlier builds were running. (pull 7679)
• Add copy button to Jenkins home directory. (pull 7678)
• Simplify the names of the settings in Manage Jenkins. (pull 7661)
• Adjust websocket idle timeout to 60s seconds by default to avoid "WebSocketTimeoutException: Connection Idle Timeout" issues. Idle timeout is configurable via jenkins.websocket.idleTimeout=<timeoutInSeconds>. (issue 69955)

What's new in 2.394 (2023-03-08)

• Important security fixes. (security advisory)
• Limit the maximum number of search results.

What's new in 2.393 (2023-02-28)

• Disable unwanted browser form validation. (issue 70662)
• Restore installNecessaryPlugins redirect destination. (issue 70599)
• Warn user that copy button requires HTTPS. (issue 21052)

What's new in 2.392 (2023-02-21)

• Add a copy button for the code snippets that start agents. (pull 7625)
• Update bundled plugins to include fixes announced in 20230124 and 20230215 Jenkins security advisories. (pull 7651, 2023-01-24 security advisory, 2023-02-15 security advisory)
• Developer: Ensure required Jelly arguments are correctly labeled as required. (pull 7644)

What's new in 2.391 (2023-02-14)

• The default connection mode for the Java CLI client is now webSocket. You can specify http to continue to use the former default (for example because you are running Jenkins in a servlet container other than the recommended builtin Jetty, or because you are running an unusual reverse proxy which does not support WebSocket). You can also continue to specify ssh to use SSH transport (for example because you prefer to authenticate with a private key rather than an API token), or use a native SSH client. (pull 7605)
• Correct responsive behavior on resize of the 'About Jenkins' page. (issue 70191)
• Fix the behaviour of filtering in Build History Widget. (issue 70438)
• Fix behaviour of booleanRadio in a repeatable section. (issue 70139)
• Fix computer links navigation consistency. (pull 7608)
• Upgrade bundled Winstone from 6.7 to 6.10. Add the excludeProtocols option. Improve logging during shutdown. (pull 7632, Winstone 6.10 changelog, Winstone 6.9 changelog, Winstone 6.8 changelog)

What's new in 2.390 (2023-02-07)

• Running pipeline build logs can now be displayed across controller restarts without reloading in some environments. (pull 7614)
• Update bundled Apache Mina SSHD API plugins from 2.9.1-44.v476733c11f82 to 2.9.2-50.va_0e1f42659a_a. Include fix for unsafe deserialization in SimpleGeneratorHostKeyProvider. (pull 7623, issue 70554, CVE-2022-45047)
• Do not submit empty telemetry data if an error occurred during data collection. (issue 70533)
• Allow WebSocket agent connections to time out after 5m if a write never succeeds. (issue 70531)

What's new in 2.389 (2023-01-31)

• Move set node temporarily offline/online buttons to appbar. (issue 70394)
• Encode cloud name in Cloud#getUrl. (pull 7573)
• Developer: Agent log location honors system property hudson.triggers.SafeTimerTask.logsTargetDir. (pull 7595)
• Developer: Introduced an API SubTask.getOwnerExecutable to be implemented in Pipeline. (pull 7599)

What's new in 2.388 (2023-01-24)

• Fix the TcpSlaveAgentListenerRescheduler functionality. TcpSlaveAgentListener is automatically restarted on failure. (issue 70334)
• Upgrade Spring Framework from 5.3.24 to 5.3.25. Spring Framework 5.3.25 includes 18 fixes and documentation improvements. (Spring Framework 5.3.25 release notes)

What's new in 2.387 (2023-01-17)

• Remove the notice in the plugin manager "Updates" page for newer plugin versions that are not compatible with your current core version. Limit the display of updates to plugin versions actually being offered by the update center for your core version. (issue 62332)
• Add missing breadcrumb items in various locations. (issue 70169)
• Close connection on the agent if the agent's liveness ping receives no response. (issue 70414)

What's new in 2.386 (2023-01-10)

• Do not report implied dependencies for WMI Windows Agents plugin. (issue 70301)
• Developer: f:file now uses the morph tag library, all unknown attributes will be copied to the element. (pull 7562)

What's new in 2.385 (2023-01-03)

• Allow HTML syntax for node descriptions. (pull 6511)
• Hide values in tables showing potentially sensitive system properties and environment variables by default. (pull 6843)
• Add support for badge icons in Management links. (issue 69339)
• Add tabs to System Information page. (pull 7373)
• Add missing breadcrumb items for agents. (issue 70169)
• Restyle file uploads to match modern forms UI. (pull 7452)
• Add missing breadcrumb items in logging views. (issue 70169)
• Add missing breadcrumb items in builds. (issue 70169)
• Add missing breadcrumb items for agents. (issue 70169)
• Add missing breadcrumb items in Views. (issue 70169)
• Add missing breadcrumb items in abstract classes. (issue 70169)
• Add missing breadcrumb items in User page. (issue 70169)
• Add missing breadcrumb items in system information page. (issue 70169)
• Update the design of the 'Advanced' button. (pull 7173)
• Upgrade XStream from 1.4.19 to 1.4.20. This maintenance release addresses two security vulnerabilities that can cause a denial of service by raising a stack overflow in affected applications. It also provides new converters for Optional and Atomic types. (pull 7548, XStream 1.4.20 changelog, XStream CVE-2022-40151, XStream CVE-2022-41966)
• Revert "Label 'Dismiss' buttons red." that was introduced in 2.378. (issue 70128)
• Do not prompt the user that changes may not have been saved after apply has been clicked. (issue 70112)
• Remove negative letter spacing to improve legibility in some languages and fonts. (pull 7475)
• Align table headers with columns. (issue 70117)