The Jenkins Blog

upgrade

Back of the Napkin Guide to Updating Jenkins, for the uninitiated

. Prologue Here’s a brief account of my journey to update my Jenkins Servers. Think of this as a "back of the napkin" guide that I used to research and upgrade my Jenkins Servers, which had been left unattended for far too long. I know many of you are seasoned experts - I wasn’t. I’ve included references that I found useful in my research, but...

Marc Phillips October 31, 2023
Why can't I install the latest plugin on my Jenkins LTS?

I regularly go, as all Jenkins admin do, to my system’s Plugin Management page to see what plugins can be upgraded. Although I am running the latest LTS version, I can’t update some key plugins (for example the JUnit plugin). This is even more intriguing as some are part of the plugins installed by default by the setup wizard. No "install" tick box...

Jean-Marc Meessen February 10, 2022
Security Hardening: New API token system in Jenkins 2.129+

About API tokens Jenkins API tokens are an authentication mechanism that allows a tool (script, application, etc.) to impersonate a user without providing the actual password for use with the Jenkins API or CLI. This is especially useful when your security realm is based on a central directory, like Active Directory or LDAP, and you don’t want to store your password in scripts. Recent versions...

Wadeck Follonier July 2, 2018
Security hardening: Jenkins LTS 2.107.1 switches XStream / Remoting blacklists to whitelists (JEP-200)

This is a post about a major change in Jenkins, which is available starting from Jenkins 2.102 and Jenkins LTS 2.107.1. This is a change with a serious risk of regressions in plugins. If you are a Jenkins administrator, please read this blogpost and upgrade guidelines BEFORE upgrading. I would like to provide some heads-up about the JEP-200 change, which is included into the new Jenkins LTS 2.107.x...

Oleg Nenashev March 15, 2018
Overhaul of Manage Jenkins page

Overview Recently some UI improvements around the Manage Jenkins page have been introduced. The visual changes are very subtle but behind them, there are interesting benefits. Some of the goals that we have tried to achieve: Applying a semantic HTML Removing the <table> tag usage for implementing layouts and content structures. Read this article if you want to know reasons and/or arguments. Small re-styling focused...

Manuel Recena January 21, 2018
JEP-200: Remoting / XStream whitelist integrated into Jenkins core

There is a newer version of the announcement for Jenkins administrators. Please see this blogpost. Overview JEP-200 has been integrated into Jenkins weekly builds and (if all goes well) will be a part of the next LTS line. In a nutshell, this change is a security hardening measure to be less permissive about deserializing Java classes defined in the Java Platform or libraries bundled with Jenkins. For...

Jesse Glick January 13, 2018
Remoting Update. Protocols deprecation, Java 8 requirement and plans

Updated on Jan 10, 2019: The deprecated protocols were removed in Remoting 3.40+ and Jenkins 2.214+. See JENKINS-60381: Remove old for more information and links. There are upcoming changes in Jenkins "core" which may require extra steps when upgrading Jenkins. If you use configuration management for Jenkins agents, please read this announcement carefully. If you have ever seen messages like "Channel is already closed"...

Oleg Nenashev August 11, 2017
Jenkins Upgrades To Java 8

In the next few months, Jenkins will require Java 8 as its runtime. Back in last November, we discussed interesting statistics showing that Jenkins was now running Java 8 on a majority of its running instances. Timeline Here is how we plan to roll that baseline upgrade in the next few months. Now: Announce the intention publicly. April, 2017: Drop support for Java 7 in Jenkins weekly. With the...

Baptiste Mathus January 17, 2017