Changelog for 2.89.1

Legend:

security fix
major bug fix
bug fix
major enhancement
enhancement

Community feedback:

no major issues
notable issues
required rollback

What's new in 2.89.1 (2017-12-06)

Upgrading to Jenkins 2.89.1 does not install the Command Launcher plugin (see below) as it should. If you're using the Launch agent via execution of command on the master launch method for agents, or cloud provider plugins, make sure to manually install the plugin after upgrading, and restart Jenkins afterwards.

Changes since 2.89:

Recover from legacy user configuration folders with $ characters that are not part of hex escape sequences. (regression in 2.89) (issue 47909)
Fix Download from java.sun.com installation method for JDK for downloads requiring an Oracle login after change to the Oracle site. (issue 47448)
Update Remoting from 3.13 to 3.14 in order to apply various performance and stability improvements. (full changelog, issue 37566 , issue 45294 , issue 47425 , issue 47901 , issue 47942 )
Update Windows Agent Installer from 1.9.1 to 1.9.2: Do not try to update jenkins-slave.exe on Unix agents when they connect. (full changelog, issue 47015 )
Prevent caching of captcha on the login form. (issue 43852)

Notable changes since 2.73.3:

Launch agent via execution of command on the master has been moved to a new Command Launcher plugin and integrated with the Script Security plugin. (issue 47393 , Command Launcher plugin site entry, related security advisory)
Prevent core or plugin code from mistakenly attempting to serialize jobs, builds, and users except in their intended top-level XML file positions, preventing a class of serious deserialization-related errors. (issue 45892)
Developer: Fix TimeDuration time unit handling and its incorrect usage. TimeDuration uses milliseconds as the default unit. It was supposed to parse sec or secs suffix to interpret the number as seconds, but that never worked. (issue 44052)
Upgrade Stapler library from 1.250 to 1.253. (pull 2956, Stapler changelog)
Stapler 1.252: Prevent file handle leak in LargeText#GzipAwareSession. (issue 45903)
Stapler 1.252: Restore ability to attach views to interfaces. (regression in 2.46) (issue 43715)
Stapler 1.253: Servlet 3.1 support, improved Blue Ocean performance and changes of interest to plugin developers. (issue 37062 , Stapler changelog)
Update Remoting to improve stability and diagnosability. (issue 37567 , issue 43985 , issue 45522 , issue 47132 , issue 38711 , full changelog)
Disable obsolete JNLP, JNLP2, and CLI protocols on new Jenkins installations during Setup Wizard. (issue 45841 , announcement blog post)
Restart agent communication related threads on both controller and agents when encountering an unhandled exception, if possible, to improve stability. (issue 38711)
Default the built-in Jenkins Update Center URL to https://updates.jenkins.io instead of obsolete HTTP endpoint. This requires a JRE compatible with Let's Encrypt, e.g. Oracle JRE 8u101. (pull 2996)
Moved Jenkins agent runtime to agent.jar file name, and deprecate (but still support) use of legacy slave.jar. Introduce the AGENTJAR_URL environment variable as replacement for SLAVEJAR_URL. (issue 35451)
Improve error reporting when failing to archive artifacts. (pull 2976)
Enable cc.xml to export jobs in folders recursively when accessed with a query parameter named recursive. (issue 36282)
Add new administrative monitor warning users about disabled CSRF protection. (issue 47372)
Commons Codec library upgraded from 1.8 to 1.9. (pull 3033)
Agents JVM must be 1.8+ and a clear message is shown in connection logs if it is not. (issue 44851)
Add sidebar link to create new view. (issue 6290)