Changelog for 2.73.1

Legend:

security fix
major bug fix
bug fix
major enhancement
enhancement

Community feedback:

no major issues
notable issues
required rollback

What's new in 2.73.1 (2017-09-13)

Two regressions since the previous LTS release have been identified in 2.73.1. One involved Remoting (agent) connections and the other concerns failures to use passphrase-protected ed25519 SSH keys. Please see the LTS upgrade guide for 2.73.1 for more information.

Changes since 2.73:

Update Windows service wrapper from 2.1.0 to 2.1.2 and Windows Agent Installer from 1.9 to 1.9.1. (Windows service wrapper changelog, Windows agent installer changelog, pull 2987, issue 46282 )
Log name of the executor thread that died to improve diagnosability. (issue 42376)
Prevent caching of the item categories list by the browser to prevent stale data. (issue 43848)
Improve robustness of the reverse build trigger ("Build after other projects are built"). (issue 45909)
Include culprits in XML and JSON API again. (regression in 2.60) (issue 46082)
Button to validate proxy configuration in Manage Plugins now works correctly with NTLM authorization. (issue 46288)

Notable changes since 2.60.3:

Upgrade Groovy from 2.4.8 to 2.4.11. (Groovy 2.4.9 changelog, Groovy 2.4.10 changelog, Groovy 2.4.11 changelog)
Integration of Winstone 4: Upgrade bundled Jetty from 9.2.15.v20160210 to 9.4.5.v20170502. This removes support for the deprecated SPDY protocol. The --spdy parameter has been removed accordingly and Jenkins may refuse to start if it's set. (full changelog)
Jetty 9.4.5: Prevent the 400 Bad Host header error for HttpChannelOverHttp when operating behind reverse proxy. (issue 40693 , corresponding Jetty issue)
Winstone 4.1: Add Jetty HTTP/2 connector and corresponding options for Winstone-Jetty. (issue 45438 , enabling HTTP/2 support in Winstone-Jetty)
Update Remoting from 3.7 to 3.10 adding opt-in support for work directories and improving logging in Jenkins agents. (work directory documentation, logging documentation, remoting changelog, issue 39370 )
Enable Remoting work directories by default for newly created agents launched via JNLP (Java Web Start Launcher). (issue 44112 , feature documentation)
SSHD Module 2.0: Update from SSHD Core 0.14.0 to Apache MINA SSHD 1.6.0 in Jenkins core and Jenkins CLI. (changelog, plugin compatibility notice, issue 43668 )
SSHD Module 2.0: Enable aes192ctr and aes256ctr ciphers if JVM supports unlimited-strength encryption. (issue 39738)
Update WinP from 1.24 to 1.25 to improve performance and diagnostics of issues like JENKINS-30782. (full changelog)
Update jnr-posix from 3.0.1 to 3.0.41 to pick up improvements and fixes in the POSIX platforms support. (pull 2904)
Freestyle projects may now list Pipeline jobs as downstream and trigger them, without needing to use the Parameterized Trigger plugin or reverse triggers ("Build after other projects are built"). (issue 28113)
Internal: Define enabling/disabling in ParameterizedJob rather than AbstractProject. (issue 27299)
Fixed Pipeline compatibility for a number of CLI commands (delete-builds, list-changes, console, set-build-description, and set-build-display-name), as well as some issues affecting error reporting in other commands when used with Pipeline. (issue 30785 , issue 41527 )
Enable simpler syntax for upstream build trigger in pipelines. (issue 34464)
Minor optimization to queue maintenance routines and printing of console notes, mainly for the benefit of Pipeline node blocks. (issue 45553)
If you have the Authorize Project plugin installed and configured, its configuration will now be treated as final with respect to the behavior of Job/Build checks from Build other projects and Build after other projects are built. Formerly, if a Per-project configurable Build Authorization was enabled globally but some projects did not specify an Authorization, the two aforementioned checks would automatically fall back to checking as anonymous (typically denying build permission). To restore the former behavior, explicitly configure a Project default Build Authorization to be Run as anonymous. Note that this will affect all build-scoped permission checks, including for example Agent/Build. (issue 22949)
Internal API: Tasks.getAuthenticationOf now honors authentication contributed by QueueItemAuthenticatorProvider extensions. (pull 2880)
Moved agent port and protocol configuration out of "security" (authentication and authorization) block in Configure Global Security. (issue 4478)
Don't reload user records from disk unless explicitly requested to improve performance of user record access. (issue 45737)
Plugin Development: Jenkins now no longer publishes a war-for-test artifact. Plugins using 2.64 or a later version of Jenkins (including 2.73.1) as baseline need to use plugin parent POM 2.30 or later. (issue 24064)