General

General bucket for non-specific content

Upcoming Events in June and early July

I've just added three events coming up in the next few weeks to the Jenkins calendar. Conveniently, they are all events I'll be attending while traveling around Western Europe!

  • The Cologne JUG is having a meetup on Saturday, June 25th, starting at 2pm. We'll be talking about Jenkins, maybe doing some coding, and then heading out for drinks and more talk! You can find more information and sign up at Xing.

  • A few days later, TNG Technology Consulting is generously hosting a meetup in Munich, on Wednesday, June 30th, starting at 3pm. I'll be giving a quick talk on the state of the Jenkins project, followed by Ullrich Haffner (the author of the static analysis plugins for Jenkins) giving a quick talk on how those plugins are used. After that, we'll be having a hackathon, and then more beer! Again, you can find more information and sign up at Xing.

  • A week later, the London CI meetup group is hosting a meetup as well, on Wednesday, July 6th, starting at 6:30pm. We'll be meeting up at the Royal Festival Hall for discussion and drinking. You can find more information and sign up at Meetup.

Do you have a Jenkins event you'd like to have added to our calendar? Let us know!

LTS Release Candidate

LTS Release candidate is the build intended for the upcoming LTS release of Jenkins. See Wiki for more about what it means.

Upcoming version: 1.554.1

Download multi-platform war file
Or native package

Release Candidate

Release candidate is the build intended for the upcoming release of Jenkins in a week. See Wiki for more about what it means.

LTS Changelog

Changelog
Legend: major RFEmajor enhancement RFEenhancement major bugmajor bug fix bugbug fix xxxxx
Upcoming changes Community ratings

What's new in 1.532.3 (2014/04/11)

  • Replace description in error dialog instead of appending (issue 21457)
  • NPE from xstream.core.JVM.isOpenJDK (issue 21183)
  • WorkspaceCleanupThread does not handle folders (issue 21023)
  • Copy Artifact's fingerprinting creates second hudson.tasks.Fingerprinter_-FingerprintAction section with just the artifacts copied (issue 17606)
  • /login offers link to /opensearch.xml which anonymous users cannot retrieve (issue 21254)
  • Miscellaneous exceptions in config.xml can prevent entire job from loading (issue 21024)
  • Jobs named "." can be created, but not built, configured, accessed, ... (issue 21639)
  • DirectoryBrowserSupport.buildChildPaths does quadratic number of calls to check whether entries are directories (issue 21780)
  • ZIP file download generates corrupt zip file (issue 20345)
  • Update credentials plugin to 1.9.4 (issue 21820)
  • Apply button does not work in IE Compat View (issue 19826)
  • Deadlock while parallel deletion/rename of jobs (issue 19446)

What's new in 1.532.2 (2014/02/14)

  • CannotResolveClassException breaks loading of entire containing folder, not just one job (issue 20951)
  • Default markup formatter permits offsite-bound forms (SECURITY-88)
  • Using jenkins-cli connecting to HTTPS port fails due to hostname mismatch in certificate (issue 12629)
  • ApiTokenFilter does not check that the user actually exists (SECURITY-89)
  • HTTP two-way remoting does not work (jenkins-cli.jar without JNLP) (issue 20128)
  • Slave launcher fails after NoClassDefFoundError: Could not initialize class jenkins.model.Jenkins$MasterComputer (issue 19453)
  • StreamCorruptedException (issue 8856)
  • UI Redressing/ClickJacking (SECURITY-80)
  • Fail to run 'groovysh' in CLI due to insufficient permission (issue 17929)
  • Loading projects too slow because of File.isDirectory calls (issue 21078)
  • HTML metacharacters not escaped in log messages (issue 20800)
  • Channel's executorService's pool should have a name (issue 19004)
  • ListView.expand throws ClassCastException: … cannot be cast to hudson.model.TopLevelItem (issue 20415)
  • Stored XSS (SECURITY-74)
  • Session Fixation (SECURITY-75)
  • /heapDump offered to anyone with ADMINISTER (SECURITY-73)
  • Username Guessing/Enumeration (SECURITY-79)
  • RingBufferLogHandler throws ArrayIndexOutOfBoundsException after int-overflow (issue 9120)
  • Iframe Injection (SECURITY-76)
  • Reflected XSS in Cookie (SECURITY-77)
  • l:breakable mishandles HTML metacharacters (issue 20928)
  • Start JNLP slave ignores jar-cache flag (issue 20093)
  • Stored passwords can be read out from UIs with password fields (SECURITY-93)
  • Too many open files upon HTTP listener init or shutdown (issue 14336)
  • Extension point for secure users of Api (issue 16936)
  • 'Apply' error screens don't work (issue 20772)
  • Workspaces seem to be removed prematurely on concurrent jobs (issue 10615)
  • Job creators are able to edit or destroy the system configuration via the CLI (SECURITY-108)
  • Disable\Delete "Remember me on this computer" check box in login screen (issue 15757)
  • SECURITY-55 fails if downstream project not visible (SECURITY-109)
  • Builds disappear some time after renaming job (issue 18678)
  • Use RunAction2 from TestResultAction (issue 18410)
  • java.lang.NoClassDefFoundError: sun/net/www/protocol/jar/JarURLConnection (issue 20163)
  • Remote code execution via xstream deserialization in XML API (SECURITY-105)
  • Jenkins on winstone vulnerable to session hijacking (SECURITY-106)
  • Jenkins allows anonymous access if the Authorization Strategy can't be loaded (SECURITY-107)
  • you cannot use the cli without giving Overall read to Anonymous (issue 8815)

What's new in 1.532.1 (2013/11/25)

  • Collecting findbugs analysis results occasionally causes ssh slave to go offline causing job to abort (issue 19619)
  • Bytecode compatibility transformer mistakenly corrupts org.apache.ivy.core.settings.IvySettings.triggers (issue 19383)
  • Functions.globalIota overflow (issue 20085)
  • Upgrade bundled versions of credentials, ssh-credentials and ssh-slaves plugins (issue 19945)
  • /me/my-views/editDescription may be used by any user to set global description (issue 18633)
  • Missing base directory in ZIP from .../artifact/dir/subdir/*zip*/subdir.zip (issue 19947)
  • After deleting last build, next build of last build is zombie (issue 19920)
  • Upgrade error to 1.531: PROXY_HEADER is null (issue 19613)
  • Upgrade bundled versions of credentials and ssh-slaves so we can assume available (issue 20071)
  • Collecting finbugs analysis results randomly fails with exception (issue 18879)
  • ViewJobFilter.filter expect "All jobs that are possible." but don't get recursive ones (issue 20143)
  • Download build artifacts as zip generates a corrupted file (issue 19752)
  • Jenkins redirecting from https to http (issue 10675)
  • java.io.IOException: Unexpected termination of the channel (issue 18836)
  • When installing a plugin and the needed dependencies have compatibility issues, warn the user (issue 19739)
  • Installing a plugin with optional dependencies doesn't upgrade the optional dependencies when needed (issue 19736)
  • After upgrade from 1.519 to 1.526 -> NumberFormatException occurs during maven 3 build (issue 19251)

What's new in 1.509.4 (2013/10/09)

  • Configurable loggers should capture messages on slaves (issue 18274)
  • @RequirePOST and similar should send a 405 (issue 16918)
  • Using jenkins-cli connecting to HTTPS port fails due to hostname mismatch in certificate (issue 12629)
  • [XStream] ConcurrentModificationException from DefaultConverterLookup (issue 18775)
  • @QueryParameter with @RelativePath broken (issue 18776)
  • fingerprint are truncated (issue 19515)
  • Environment variable replacement/resolving (issue 16660)
  • failed to archive slave artifacts. Unexpected end of ZLIB input stream (issue 19473)
  • winstone.ClientSocketException: Failed to write to client (issue 10524)
  • /log/all polluted with FINE* messages from other loggers (issue 18959)
  • Incorrect redirect after editing view with Unicode name (issue 18373)
  • Flyweight jobs and zero executors (issue 7291)
  • ERR_CONTENT_DECODING_FAILED on Custom Views with Project-based Matrix Authorization (issue 15437)
  • Buttons do not work in IE 11 (issue 19171)
  • CLI login command fails on Windows (issue 19192)
  • Problems with "Latest Test Result" and "Aggregated Test Result" links (issue 9637)
  • Exception while trigger downstream projects (issue 17247)
  • Maven 2 jobs fail (exception in MavenFingerprinter) (issue 18441)
  • Outdated JRuby libs (issue 14351)
  • Deadlock (issue 18589)
  • When copying folder, display names of contained jobs are gratuitously cleared (issue 18074)
  • Incorrect redirection after delete of job in folder in view (issue 17575)
  • Javadoc project action yields HTTP 404 (issue 19168)
  • Memory exhaustion parsing large test stdio from Surefire (issue 15382)
  • With lazy-build loading estimated build duration may become expensive (issue 18196)
  • Can't build using maven 3.1.0 (issue 15935)
  • Cannot create a custom logger matching any namespace (issue 17983)
  • Clean up fingerprint records that correspond to the deleted build recods (issue 18417)
  • "projects tied to slave" shows unrelated maven module jobs (issue 17451)
  • hudson.security.AccessDeniedException2: anonymous is missing the Administer permission (issue 15578)
  • ”My Views" links leads to 404 Not Found (issue 17317)
  • Some jobs not loaded after jenkins restart: java.lang.NoSuchFieldError: triggers (issue 18677)
  • New lazy loading permalinks can break job.lastStableBuild != null => job.lastSuccessfulBuild != null (issue 18846)

What's new in 1.509.3 (2013/09/09)

  • Standalone install does not work with Apache + mod_proxy_ajp + SSL (issue 5753)
  • Reload configuration from disk no longer works after upgrade to Jenkins 1.512. (issue 17977)
  • Build Now link on MultiJob page doesn't work (issue 16974)
  • Add descriptions for custom tools (issue 18771)
  • Lazy loading causes massive delays after a period of inactivity when loading dashboard (issue 16023)
  • NPE running matrix job (issue 18024)
  • LastSuccessful and LastStable symlinks are invalid under Windows (issue 17681)
  • IllegalStateException from MavenProject.getParent can break MavenFingerprinter.recordParents (issue 17775)
  • NPE (isEmpty) from main.groovy (issue 15309)
  • DependencyClassLoader#getTransitiveDependencies returns disabled plugins (issue 18654)
  • parameter description don't use MarkupFormatter (issue 18427)
  • Incompatible signature change in 1.489: AbstractProject.doBuild (issue 18356)
  • Display Name is not shown (issue 17715)
  • Fingerprint throws exceptions on 1.518 (issue 18337)
  • FingerprintAction deserialization leads to NPE (issue 17125)
  • update view via REST API doesn't work (issue 17302)
  • MavenModuleSetBuild.getResult is expensive (issue 18895)
  • Builds disappear from jobs - hudson.util.IOException2: Invalid directory name - java.text.ParseException: Unparseable date: "39" (issue 15587)
  • Outdated JRuby libs (issue 14351)
  • Fingerprint performance (issue 16301)
  • 10,000+ jobs tied to a label make Node index page unusably unresponsive (issue 18660)
  • "Delete Project" link fails with 403 Exception: No valid crumb was included in the request (issue 18032)
  • Manually uploaded plugins are incorrectly unpacked (issue 4543)
  • Decorated Launcher Does Not Maintain "isUnix" for RemoteLauncher (issue 18368)
  • Test harness packs copies of Maven into plugin archive (issue 18918)
  • All Maven 2 builds fail with java.lang.NoSuchMethodError DigestUtils.md5Hex (issue 18178)

What's new in 1.509.2 (2013/06/27)

  • Quoting Issue with JDK Installer with Windows Slave (issue 5408)
  • /about no longer shows third-party licenses (issue 17724)
  • Failed to instantiate class hudson.plugins.copyartifact.CopyArtifact (issue 17402)
  • ArrayIndexOutOfBoundsException from AbstractLazyLoadRunMap.search (issue 15652)
  • Dashboard web pages don't render correctly in Chrome because of bad cache/session (issue 17684)
  • NPE from MatrixConfiguration.newBuild (issue 17728)

What's new in 1.509.1 (2013/05/01)

  • FilePath.installIfNecessaryFrom routes download over remoting channel (issue 17330)
  • Add 'Are you sure' on Reload configuration from disk (issue 15340)
  • MavenAbstractArtifactRecord.doRedeploy should require POST (SECURITY-69)
  • Hover-over "Build Now" broken for parameterized jobs: "This page expects a form submission" (issue 17110)
  • XSS issue, where an internal attacker can cause a remote stylesheet to be loaded and containing scripts executed. (SECURITY-67)
  • CVE-2013-1808 stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer (SECURITY-71)
  • Jenkins.doEval checks ADMINISTER rather than RUN_SCRIPTS; doScript CSRF (SECURITY-63)
  • Jenkins is no more WinXP compliant : CreateSymbolicLinkW is not available (issue 17343)

What's new in 1.480.3 (2013/02/15)

  • "Remember me on this computer" does not work, cookie is not accepted in new session (issue 16278)
  • Slow/hung web UI in 1.483+ (stuck in parseURI) (issue 16474)
  • Failure to delete old config files during rekeying on Windows (issue 16319)
  • NoClassDefFoundError on Base64 when launching an headless slave with -jnlpCredential option (issue 9679)
  • Loading asynchPeople calls (synch) People constructor (issue 16397)
  • Jenkins briefly displays build queue and then it disappears until the page is reloaded (issue 15335)
  • View.hasPeople too slow to use in sidepanel.jelly (issue 16244)
  • XSS (SECURITY-46)
  • File parameter causing data lost after Jenkins restart (issue 13536)

What's new in 1.480.2 (2013/01/06)

  • The master key that was protecting all the sensitive data in $JENKINS_HOME was vulnerable. (SECURITY-49)

What's new in 1.480.1 (2012/11/17)

  • FilePath.validateAntFileMask too slow for /configure (issue 7214)
  • java.io.InvalidClassException (issue 14667)
  • Log recorders do not work reliably (issue 15226)
  • Invalid JSON is produced during remote api operations when a changeSet contains duplicate keys. (issue 13336)
  • Header manipulation (CrLf) – open redirect vulnerability in "j_acegi_security_check" (SECURITY-44)
  • Memory exhaustion parsing large test stdio from Surefire (issue 15382)
  • Persistence XSS vulnerability in build's decription (SECURITY-43)
  • Header manipulation (CrLf) – open redirect vulnerability in Work Space (SECURITY-45)

What's new in 1.466.2 (2012/09/13)

What's new in 1.466.1 (2012/07/23)

  • A current active build in the build history is lost if the job configuration XML uploaded (issue 12318)
  • UnprotectedRootAction doesn't work for /github-webhook/ (issue 14113)
  • ERR_CONTENT_DECODING_FAILED returned on testResults and console output after Jenkins reload (issue 13625)
  • Cannot parse coverage results Premature end of file. (issue 11251)

What's new in 1.447.2 (2012/06/11)

  • Guice injector failure can cause failure of whole Jenkins (issue 13448)
  • Jenkins runs out of file descriptors (winstone problem) (issue 9882)
  • Parsing of POM happens before SNAPSHOT-Parents are updated (issue 8663)
  • Loading All Build History Fails (issue 13238)

What's new in 1.447.1 (2012/03/28)

  • File handle leak in serving static files (issue 13097)
  • LDAP config error (issue 8152)
  • jenkins running in Tomcat doesn't initalize slf4j properly (issue 12650)
  • java.lang.NoClassDefFoundError: org.slf4j.impl.StaticLoggerBinder (issue 12446)
  • Remote call on CLI channel from [ip] failed (issue 12302)
  • jenkins does not start in jboss container (issue 12334)

What's new in 1.424.6 (2012/03/06)

What's new in 1.424.5 (2012/03/05)

What's new in 1.424.4 (2012/03/05)

What's new in 1.424.3 (2012/02/27)

What's new in 1.424.2 (2012/01/10)

  • Viewing large console logs with timestamper plugin cause Jenkins to crash (issue 9349)
  • Maven3 parallel build fails with java.util.ConcurrentModificationException in Jenkins (issue 11256)
  • Jenkins PID changes after restart (issue 11742)
  • Running Jenkins with the bundeled Winstone is succeptible to the hash table attack http://www.ocert.org/advisories/ocert-2011-003.html (SECURITY-22)

What's new in 1.424.1 (2011/11/30)

  • JDKInstaller fails with OutOfMemory exception (issue 10689)
  • XSS in Winstone (SECURITY-17)
  • Tools download does not appear to respect proxy settings (issue 5271)
  • Builds fail in JUnit test archiving (since 1.416) if specifying JDK other than the container (issue 10030)
  • Update Json File Signature Error (issue 11110)
  • SSH public key based CLI authentication added in 1.419 is broken in 1.421+ (issue 10647)
  • JSONException (issue 7034)
  • Jenkins 1.427 doesn't work on AIX (issue 10810)
  • Maven assembly plugin fails (issue 8837)
  • SNAPSHOT dependency detection not working for plugins anymore (issue 10530)
  • Proxy settings arent used by JDK-downloader (issue 10634)

What's new in 1.409.3 (2011/11/08)

  • XSS in Winstone (SECURITY-17)

What's new in 1.409.2 (2011/09/12)

  • Failure in test class constructor or @Before method is not reported (was: Maven plugin doesn't set build to unstable on SurefireExecutionException) (issue 6700)
  • truncation or corruption of zip workspace archive from slave (issue 9189)
  • testSaturation-fork remoting test hangs (issue 8703)
  • Race condition in creating fingerprints for artifacts (issue 10346)
  • Slave-Squatter + Heavy-Job plugin causes many executor threads to die (issue 8882)
  • Auto Install JDK asks for Oracle account, but the link goes 404 (issue 10556)

What's new in 1.409.1 (2011/06/06)

  • Deadlock when upstream and downstream jobs are blocked on each other (issue 8929)
  • sporadic : ClassCastException for Maven Pom parsing phase on node (issue 9017)
  • Jenkins 1.399: java.lang.UnsupportedClassVersionError: Bad version number in .class file using JmDNS 3.4.0 (issue 8914)
  • Raw HTML codes are displayed since 1.407 (issue 9426)
  • Access to api/json on second level view fails (issue 9367)
  • NULLPOINTER exception on build 1.395 when saving configuration (issue 8866)
  • "java.io.IOException: Bad file descriptor" when file copied from slave (issue 7871)
  • Block when Downstream breaks Block when Upstream (issue 8968)
  • Remember me box doesn't work with unix groups (issue 9094)

Building a software diamond with Jenkins

[Editor's Note: This is a guest post from Jenkins community member Tom Rini]

Alternatively: How to make your parallel jobs kick one last job at the end

Many of us have had occasion to think: "I could make this project build quicker if I could just run parts in parallel and then one final job to wrap it up."

Well, good news! Jenkins is here to help! With the Join Plugin you can do just that. Over on the confluence page it’s got a number of examples and fancy flow charts. But the take-away is that if you can describe the flow, you can make it happen. But you’re saying "wait, I need to pass information around between the jobs."

We’ve got that one covered for you too with the Parameterized Trigger Plugin. And here’s the best part, these two can work together! With both plugins installed you can follow the steps listed in the Build Parameters section of the Join Plugin.

Click to enlarge

And as they say, now you're cooking with gas!