Changelog for 2.387.1

Legend:

security fix
major bug fix
bug fix
major enhancement
enhancement

Community feedback:

no major issues
notable issues
required rollback

What's new in 2.387.1 (2023-03-08)

Changes since 2.387:

Important security fixes. (security advisory)
Move 'set node temporarily offline/online' buttons to app-bar to make them clickable again (regression in 2.385). (issue 70394)
Allow WebSocket agent connections to time out after 5m if a write never succeeds. (issue 70531)
Fix the TcpSlaveAgentListenerRescheduler functionality. TcpSlaveAgentListener is automatically restarted on failure. (issue 70334)
Add script-security update to LTS baseline. (issue 70487)
Do not submit empty telemetry data if an error occurred during data collection. (issue 70533)
Update bundled Apache Mina SSHD API plugins from 2.9.1-44.v476733c11f82 to 2.9.2-50.va_0e1f42659a_a. (CVE-2022-45047)
Limit the maximum number of search results.

Notable changes since 2.375.3:

Update to various UI elements. Modernize table display, page layout, and buttons. (pull 6843, pull 6995, issue 69339 , pull 7373, pull 7452, pull 7173, issue 70128 , pull 7556, issue 70112 , pull 7555, pull 7475, issue 70209 , pull 7425, issue 70117 , pull 7597, issue 70240 , pull 7314, pull 7203, pull 7171, pull 7364, issue 69517 , pull 7366, pull 7364, pull 7229, issue 69715 , pull 7352, pull 7367, pull 7368, pull 7399, issue 70036 , pull 7427, issue 70121 , pull 6511)
Add missing breadcrumb items in various locations. (pull 6912, pull 7487, pull 7488, pull 7489, pull 7490, pull 7491, pull 7492, pull 7493, pull 7494, pull 7495, pull 7496)
Update ANTLR2 grammars and code to ANTLR4. (pull 7293)
Update Spring Security from 5.7.4 to 5.8.0. This update includes several fixes and improvements. (Spring Security 5.7.5 release notes, Spring Security 5.8.0 release notes, CVE-2022-31690, CVE-2022-31692)
Set default file size rotation of AsyncPeriodicWork / AsyncAperiodicWork task logs to 10MB. (issue 64151)
Update appearance of tooltips and replace old library with Tippy.js. (pull 6408)
Several fixes and improvements for Websocket agents. (issue 70105 , pull 7309)
The minimum required Remoting version has been increased to 4.7 (released on February 16, 2021). (pull 7340)
Add telemetry related to distributed builds. (issue 70199)
Add telemetry for activation of permissions that are not enabled by default. (issue 70044)
Remove the notice in the plugin manager Updates tab about newer plugin versions not compatible with your current core version. Limit the display of updates to plugin versions actually being offered by the update center for your core version. (issue 62332)
Show recommended actions, such as "update affected plugins", in security warnings popup. (pull 7046)
Jenkins no longer bundles a patched version of the deprecated Commons HttpClient 3.x library for use by plugins. Plugins should be migrated to the native Java 11 HTTP client or updated to depend on the legacy Commons HttpClient 3.x API plugin. (Commons HTTP Client, Apache HTTP Client)
Remove the deprecated Multijob plugin from the setup wizard. (pull 7413)
Remove the deprecated WMI Windows Agents plugin from the setup wizard. (pull 7414)
Do not report implied dependencies for WMI Windows Agents plugin. (issue 70301)
Avoid unnecessary configuration save when reloading configuration from disk. (pull 7305)
Robustness improvement regarding build number collisions. (issue 23152)
Remove support for log rotation via SIGALRM. The command-line argument --daemon has been removed. (pull 7256)
Improve tooltip performance. (issue 70178)
Fix the update of disabled plugins. (issue 69183)
Close connection on the agent if the agent's liveness ping receives no response. (issue 70414)
Delay initialization of cryptography needed for TCP inbound agents unless and until such an agent is connected. (pull 7514)
Delete .disabled files when uninstalling a plugin. (issue 68194)
Fix a race condition affecting the launch of inbound agents. (pull 7378)
Upgrade XStream from 1.4.19 to 1.4.20. This maintenance release addresses the security vulnerabilities CVE-2022-40151 and CVE-2022-41966, causing a Denial of Service by raising a stack overflow. It also provides new converters for Optional and Atomic types. (XStream 1.4.20 release notes, CVE-2022-40151, CVE-2022-41966)
Upgrade Guice from 5.0.1 to 5.1.0. Guice 5.1.0 contains eight fixes and improvements. (Guice 5.1.0 release notes)
Upgrade Spring Framework from 5.3.23 to 5.3.24. (Spring Framework 5.3.24 release notes)