LTS Changelog

Changelog
Legend: major RFEmajor enhancement RFEenhancement major bugmajor bug fix bugbug fix xxxxx
Upcoming changes Community ratings

What's new in 1.565.2 (2014/09/03)

  • Jenkins needs to check whether the war's directory is writeable before offering to upgrade (issue 23683)
  • AbstractLazyLoadRunMap.iterator() calls .all() (issue 18065)
  • Jenkins no longer kills running processes after job fails (issue 22641)
  • HTTP error 405 when trying to restart ssh host (issue 23094)
  • Run.delete (from LogRotator) failing with "...looks to have already been deleted" (issue 22395)
  • file name encoding broken in zip archives (issue 20663)
  • Kill win32 processes from win64 JVMs (issue 23410)

What's new in 1.565.1 (2014/07/30)

  • Queue.maintain does disk I/O via PeepholePermalink.resolve (issue 22822)
  • “Form too large” errors submitting view configurations with many jobs (issue 20327)
  • NPE on plugin install (issue 20031)
  • Link to the console output missing in popup when log >200Kb (issue 14264)
  • Parameters: NPE in canTake() procedures may kill all executors (issue 15094)
  • NPE from AbstractBuild$AbstractBuildExecution.run (issue 23277)
  • broken ProjectNamingStrategy Extension (issue 23127)
  • Move DecoratedLauncher from the custom-tools plugin to the Jenkins Core (issue 19454)
  • hudson.Launcher:ProcStarter::envs() may throw NPE (issue 20559)
  • Resource leak in hudson.model.FileParameterValue (issue 22693)
  • ReverseBuildTrigger.threshold not consistently saved (issue 23191)
  • AccessRestriction on SecurityListener methods (issue 23417)
  • After deleting folder, get 404 (issue 23375)
  • email-ext plugin doesn't handle tokens when slave has gone offline: IAE from AbstractProject.getEnvironment (issue 23517)
  • Jenkins cannot restart Windows service (issue 22685)
  • Rules for showing/hiding SCMTrigger.pollingThreadCount option are broken (issue 22934)

What's new in 1.554.3 (2014/06/30)

  • Queue.maintain does disk I/O via PeepholePermalink.resolve (issue 22822)
  • Non-recursive ListViews unnecessarily call owner.getAllItems in getItems (issue 22720)
  • SSH slave connections die after the slave outputs 4MB of stderr, usually during findbugs analysis (issue 22938)
  • Jenkins cannot restart Windows service (issue 22685)

What's new in 1.554.2 (2014/05/30)

  • Don't ask for confirmation when it doesn't make any sense (issue 21720)
  • On a configure screen that has multiple groups of radio buttons, clicking the apply button clears all but the last radio group selection (issue 22570)
  • Optimize creation of relative links to jobs (issue 18364)
  • Jenkins asks for confirmation before leaving edited 'View Configuration' page (issue 20597)
  • OutOfOrderBuildMonitor fails to correct builds with duplicate number (issue 22631)
  • Computer does not exist returns NPE (issue 21999)
  • Last build of project reloaded when project asked for later build (issue 22681)
  • After clicking 'Apply' at least once, 'Save' opens a new window (issue 20245)
  • hetero-radio should work with multiple instances of the same ui (issue 22583)
  • Cannot submit configuration after removing groovy step (issue 22582)
  • No autocompletion and NullPointerException when using 'Copy Existing Job' (issue 22142)

What's new in 1.554.1 (2014/04/30)

  • NPE if trying to install a plugin from the update center and either the update source or the plugin contains a '.' in its name (issue 22080)
  • Download update center from master by default (issue 19081)
  • OutOfMemory due to unbounded storage in OldDataMonitor (issue 19544)
  • Very slow resource loading from UberClassLoader (issue 21579)
  • Jetty exploding war to /tmp is a bad idea (issue 22442)
  • Performance issue with search box (issue 21969)
  • ArrayIndexOutOfBoundsException during Jenkins.doConfigSubmit; need XStream 1.4.6 (issue 18537)
  • NullPointerException when trying to mark slave temporarily offline (issue 21875)
  • Build queue is not filtered after progress updated (issue 20500)
  • copy-job permission checks wrong (issue 22262)

What's new in 1.532.3 (2014/04/11)

  • Replace description in error dialog instead of appending (issue 21457)
  • NPE from xstream.core.JVM.isOpenJDK (issue 21183)
  • WorkspaceCleanupThread does not handle folders (issue 21023)
  • Copy Artifact's fingerprinting creates second hudson.tasks.Fingerprinter_-FingerprintAction section with just the artifacts copied (issue 17606)
  • /login offers link to /opensearch.xml which anonymous users cannot retrieve (issue 21254)
  • Miscellaneous exceptions in config.xml can prevent entire job from loading (issue 21024)
  • Jobs named "." can be created, but not built, configured, accessed, ... (issue 21639)
  • DirectoryBrowserSupport.buildChildPaths does quadratic number of calls to check whether entries are directories (issue 21780)
  • ZIP file download generates corrupt zip file (issue 20345)
  • Update credentials plugin to 1.9.4 (issue 21820)
  • Apply button does not work in IE Compat View (issue 19826)
  • Deadlock while parallel deletion/rename of jobs (issue 19446)

What's new in 1.532.2 (2014/02/14)

  • CannotResolveClassException breaks loading of entire containing folder, not just one job (issue 20951)
  • Default markup formatter permits offsite-bound forms (SECURITY-88)
  • Using jenkins-cli connecting to HTTPS port fails due to hostname mismatch in certificate (issue 12629)
  • ApiTokenFilter does not check that the user actually exists (SECURITY-89)
  • HTTP two-way remoting does not work (jenkins-cli.jar without JNLP) (issue 20128)
  • Slave launcher fails after NoClassDefFoundError: Could not initialize class jenkins.model.Jenkins$MasterComputer (issue 19453)
  • StreamCorruptedException (issue 8856)
  • UI Redressing/ClickJacking (SECURITY-80)
  • Fail to run 'groovysh' in CLI due to insufficient permission (issue 17929)
  • Loading projects too slow because of File.isDirectory calls (issue 21078)
  • HTML metacharacters not escaped in log messages (issue 20800)
  • Channel's executorService's pool should have a name (issue 19004)
  • ListView.expand throws ClassCastException: … cannot be cast to hudson.model.TopLevelItem (issue 20415)
  • Stored XSS (SECURITY-74)
  • Session Fixation (SECURITY-75)
  • /heapDump offered to anyone with ADMINISTER (SECURITY-73)
  • Username Guessing/Enumeration (SECURITY-79)
  • RingBufferLogHandler throws ArrayIndexOutOfBoundsException after int-overflow (issue 9120)
  • Iframe Injection (SECURITY-76)
  • Reflected XSS in Cookie (SECURITY-77)
  • l:breakable mishandles HTML metacharacters (issue 20928)
  • Start JNLP slave ignores jar-cache flag (issue 20093)
  • Stored passwords can be read out from UIs with password fields (SECURITY-93)
  • Too many open files upon HTTP listener init or shutdown (issue 14336)
  • Extension point for secure users of Api (issue 16936)
  • 'Apply' error screens don't work (issue 20772)
  • Workspaces seem to be removed prematurely on concurrent jobs (issue 10615)
  • Job creators are able to edit or destroy the system configuration via the CLI (SECURITY-108)
  • Disable\Delete "Remember me on this computer" check box in login screen (issue 15757)
  • SECURITY-55 fails if downstream project not visible (SECURITY-109)
  • Builds disappear some time after renaming job (issue 18678)
  • Use RunAction2 from TestResultAction (issue 18410)
  • java.lang.NoClassDefFoundError: sun/net/www/protocol/jar/JarURLConnection (issue 20163)
  • Remote code execution via xstream deserialization in XML API (SECURITY-105)
  • Jenkins on winstone vulnerable to session hijacking (SECURITY-106)
  • Jenkins allows anonymous access if the Authorization Strategy can't be loaded (SECURITY-107)
  • you cannot use the cli without giving Overall read to Anonymous (issue 8815)

What's new in 1.532.1 (2013/11/25)

  • Collecting findbugs analysis results occasionally causes ssh slave to go offline causing job to abort (issue 19619)
  • Bytecode compatibility transformer mistakenly corrupts org.apache.ivy.core.settings.IvySettings.triggers (issue 19383)
  • Functions.globalIota overflow (issue 20085)
  • Upgrade bundled versions of credentials, ssh-credentials and ssh-slaves plugins (issue 19945)
  • /me/my-views/editDescription may be used by any user to set global description (issue 18633)
  • Missing base directory in ZIP from .../artifact/dir/subdir/*zip*/subdir.zip (issue 19947)
  • After deleting last build, next build of last build is zombie (issue 19920)
  • Upgrade error to 1.531: PROXY_HEADER is null (issue 19613)
  • Upgrade bundled versions of credentials and ssh-slaves so we can assume available (issue 20071)
  • Collecting finbugs analysis results randomly fails with exception (issue 18879)
  • ViewJobFilter.filter expect "All jobs that are possible." but don't get recursive ones (issue 20143)
  • Download build artifacts as zip generates a corrupted file (issue 19752)
  • Jenkins redirecting from https to http (issue 10675)
  • java.io.IOException: Unexpected termination of the channel (issue 18836)
  • When installing a plugin and the needed dependencies have compatibility issues, warn the user (issue 19739)
  • Installing a plugin with optional dependencies doesn't upgrade the optional dependencies when needed (issue 19736)
  • After upgrade from 1.519 to 1.526 -> NumberFormatException occurs during maven 3 build (issue 19251)

What's new in 1.509.4 (2013/10/09)

  • Configurable loggers should capture messages on slaves (issue 18274)
  • @RequirePOST and similar should send a 405 (issue 16918)
  • Using jenkins-cli connecting to HTTPS port fails due to hostname mismatch in certificate (issue 12629)
  • [XStream] ConcurrentModificationException from DefaultConverterLookup (issue 18775)
  • @QueryParameter with @RelativePath broken (issue 18776)
  • fingerprint are truncated (issue 19515)
  • Environment variable replacement/resolving (issue 16660)
  • failed to archive slave artifacts. Unexpected end of ZLIB input stream (issue 19473)
  • winstone.ClientSocketException: Failed to write to client (issue 10524)
  • /log/all polluted with FINE* messages from other loggers (issue 18959)
  • Incorrect redirect after editing view with Unicode name (issue 18373)
  • Flyweight jobs and zero executors (issue 7291)
  • ERR_CONTENT_DECODING_FAILED on Custom Views with Project-based Matrix Authorization (issue 15437)
  • Buttons do not work in IE 11 (issue 19171)
  • CLI login command fails on Windows (issue 19192)
  • Problems with "Latest Test Result" and "Aggregated Test Result" links (issue 9637)
  • Exception while trigger downstream projects (issue 17247)
  • Maven 2 jobs fail (exception in MavenFingerprinter) (issue 18441)
  • Outdated JRuby libs (issue 14351)
  • Deadlock (issue 18589)
  • When copying folder, display names of contained jobs are gratuitously cleared (issue 18074)
  • Incorrect redirection after delete of job in folder in view (issue 17575)
  • Javadoc project action yields HTTP 404 (issue 19168)
  • Memory exhaustion parsing large test stdio from Surefire (issue 15382)
  • With lazy-build loading estimated build duration may become expensive (issue 18196)
  • Can't build using maven 3.1.0 (issue 15935)
  • Cannot create a custom logger matching any namespace (issue 17983)
  • Clean up fingerprint records that correspond to the deleted build recods (issue 18417)
  • "projects tied to slave" shows unrelated maven module jobs (issue 17451)
  • hudson.security.AccessDeniedException2: anonymous is missing the Administer permission (issue 15578)
  • ”My Views" links leads to 404 Not Found (issue 17317)
  • Some jobs not loaded after jenkins restart: java.lang.NoSuchFieldError: triggers (issue 18677)
  • New lazy loading permalinks can break job.lastStableBuild != null => job.lastSuccessfulBuild != null (issue 18846)

What's new in 1.509.3 (2013/09/09)

  • Standalone install does not work with Apache + mod_proxy_ajp + SSL (issue 5753)
  • Reload configuration from disk no longer works after upgrade to Jenkins 1.512. (issue 17977)
  • Build Now link on MultiJob page doesn't work (issue 16974)
  • Add descriptions for custom tools (issue 18771)
  • Lazy loading causes massive delays after a period of inactivity when loading dashboard (issue 16023)
  • NPE running matrix job (issue 18024)
  • LastSuccessful and LastStable symlinks are invalid under Windows (issue 17681)
  • IllegalStateException from MavenProject.getParent can break MavenFingerprinter.recordParents (issue 17775)
  • NPE (isEmpty) from main.groovy (issue 15309)
  • DependencyClassLoader#getTransitiveDependencies returns disabled plugins (issue 18654)
  • parameter description don't use MarkupFormatter (issue 18427)
  • Incompatible signature change in 1.489: AbstractProject.doBuild (issue 18356)
  • Display Name is not shown (issue 17715)
  • Fingerprint throws exceptions on 1.518 (issue 18337)
  • FingerprintAction deserialization leads to NPE (issue 17125)
  • update view via REST API doesn't work (issue 17302)
  • MavenModuleSetBuild.getResult is expensive (issue 18895)
  • Builds disappear from jobs - hudson.util.IOException2: Invalid directory name - java.text.ParseException: Unparseable date: "39" (issue 15587)
  • Outdated JRuby libs (issue 14351)
  • Fingerprint performance (issue 16301)
  • 10,000+ jobs tied to a label make Node index page unusably unresponsive (issue 18660)
  • "Delete Project" link fails with 403 Exception: No valid crumb was included in the request (issue 18032)
  • Manually uploaded plugins are incorrectly unpacked (issue 4543)
  • Decorated Launcher Does Not Maintain "isUnix" for RemoteLauncher (issue 18368)
  • Test harness packs copies of Maven into plugin archive (issue 18918)
  • All Maven 2 builds fail with java.lang.NoSuchMethodError DigestUtils.md5Hex (issue 18178)

What's new in 1.509.2 (2013/06/27)

  • Quoting Issue with JDK Installer with Windows Slave (issue 5408)
  • /about no longer shows third-party licenses (issue 17724)
  • Failed to instantiate class hudson.plugins.copyartifact.CopyArtifact (issue 17402)
  • ArrayIndexOutOfBoundsException from AbstractLazyLoadRunMap.search (issue 15652)
  • Dashboard web pages don't render correctly in Chrome because of bad cache/session (issue 17684)
  • NPE from MatrixConfiguration.newBuild (issue 17728)

What's new in 1.509.1 (2013/05/01)

  • FilePath.installIfNecessaryFrom routes download over remoting channel (issue 17330)
  • Add 'Are you sure' on Reload configuration from disk (issue 15340)
  • MavenAbstractArtifactRecord.doRedeploy should require POST (SECURITY-69)
  • Hover-over "Build Now" broken for parameterized jobs: "This page expects a form submission" (issue 17110)
  • XSS issue, where an internal attacker can cause a remote stylesheet to be loaded and containing scripts executed. (SECURITY-67)
  • CVE-2013-1808 stapler-adjunct-zeroclipboard: XSS via copying XSS payload into buffer (SECURITY-71)
  • Jenkins.doEval checks ADMINISTER rather than RUN_SCRIPTS; doScript CSRF (SECURITY-63)
  • Jenkins is no more WinXP compliant : CreateSymbolicLinkW is not available (issue 17343)

What's new in 1.480.3 (2013/02/15)

  • "Remember me on this computer" does not work, cookie is not accepted in new session (issue 16278)
  • Slow/hung web UI in 1.483+ (stuck in parseURI) (issue 16474)
  • Failure to delete old config files during rekeying on Windows (issue 16319)
  • NoClassDefFoundError on Base64 when launching an headless slave with -jnlpCredential option (issue 9679)
  • Loading asynchPeople calls (synch) People constructor (issue 16397)
  • Jenkins briefly displays build queue and then it disappears until the page is reloaded (issue 15335)
  • View.hasPeople too slow to use in sidepanel.jelly (issue 16244)
  • XSS (SECURITY-46)
  • File parameter causing data lost after Jenkins restart (issue 13536)

What's new in 1.480.2 (2013/01/06)

  • The master key that was protecting all the sensitive data in $JENKINS_HOME was vulnerable. (SECURITY-49)

What's new in 1.480.1 (2012/11/17)

  • FilePath.validateAntFileMask too slow for /configure (issue 7214)
  • java.io.InvalidClassException (issue 14667)
  • Log recorders do not work reliably (issue 15226)
  • Invalid JSON is produced during remote api operations when a changeSet contains duplicate keys. (issue 13336)
  • Header manipulation (CrLf) – open redirect vulnerability in "j_acegi_security_check" (SECURITY-44)
  • Memory exhaustion parsing large test stdio from Surefire (issue 15382)
  • Persistence XSS vulnerability in build's decription (SECURITY-43)
  • Header manipulation (CrLf) – open redirect vulnerability in Work Space (SECURITY-45)

What's new in 1.466.2 (2012/09/13)

What's new in 1.466.1 (2012/07/23)

  • A current active build in the build history is lost if the job configuration XML uploaded (issue 12318)
  • UnprotectedRootAction doesn't work for /github-webhook/ (issue 14113)
  • ERR_CONTENT_DECODING_FAILED returned on testResults and console output after Jenkins reload (issue 13625)
  • Cannot parse coverage results Premature end of file. (issue 11251)

What's new in 1.447.2 (2012/06/11)

  • Guice injector failure can cause failure of whole Jenkins (issue 13448)
  • Jenkins runs out of file descriptors (winstone problem) (issue 9882)
  • Parsing of POM happens before SNAPSHOT-Parents are updated (issue 8663)
  • Loading All Build History Fails (issue 13238)

What's new in 1.447.1 (2012/03/28)

  • File handle leak in serving static files (issue 13097)
  • LDAP config error (issue 8152)
  • jenkins running in Tomcat doesn't initalize slf4j properly (issue 12650)
  • java.lang.NoClassDefFoundError: org.slf4j.impl.StaticLoggerBinder (issue 12446)
  • Remote call on CLI channel from [ip] failed (issue 12302)
  • jenkins does not start in jboss container (issue 12334)

What's new in 1.424.6 (2012/03/06)

What's new in 1.424.5 (2012/03/05)

What's new in 1.424.4 (2012/03/05)

What's new in 1.424.3 (2012/02/27)

What's new in 1.424.2 (2012/01/10)

  • Viewing large console logs with timestamper plugin cause Jenkins to crash (issue 9349)
  • Maven3 parallel build fails with java.util.ConcurrentModificationException in Jenkins (issue 11256)
  • Jenkins PID changes after restart (issue 11742)
  • Running Jenkins with the bundeled Winstone is succeptible to the hash table attack http://www.ocert.org/advisories/ocert-2011-003.html (SECURITY-22)

What's new in 1.424.1 (2011/11/30)

  • JDKInstaller fails with OutOfMemory exception (issue 10689)
  • XSS in Winstone (SECURITY-17)
  • Tools download does not appear to respect proxy settings (issue 5271)
  • Builds fail in JUnit test archiving (since 1.416) if specifying JDK other than the container (issue 10030)
  • Update Json File Signature Error (issue 11110)
  • SSH public key based CLI authentication added in 1.419 is broken in 1.421+ (issue 10647)
  • JSONException (issue 7034)
  • Jenkins 1.427 doesn't work on AIX (issue 10810)
  • Maven assembly plugin fails (issue 8837)
  • SNAPSHOT dependency detection not working for plugins anymore (issue 10530)
  • Proxy settings arent used by JDK-downloader (issue 10634)

What's new in 1.409.3 (2011/11/08)

  • XSS in Winstone (SECURITY-17)

What's new in 1.409.2 (2011/09/12)

  • Failure in test class constructor or @Before method is not reported (was: Maven plugin doesn't set build to unstable on SurefireExecutionException) (issue 6700)
  • truncation or corruption of zip workspace archive from slave (issue 9189)
  • testSaturation-fork remoting test hangs (issue 8703)
  • Race condition in creating fingerprints for artifacts (issue 10346)
  • Slave-Squatter + Heavy-Job plugin causes many executor threads to die (issue 8882)
  • Auto Install JDK asks for Oracle account, but the link goes 404 (issue 10556)

What's new in 1.409.1 (2011/06/06)

  • Deadlock when upstream and downstream jobs are blocked on each other (issue 8929)
  • sporadic : ClassCastException for Maven Pom parsing phase on node (issue 9017)
  • Jenkins 1.399: java.lang.UnsupportedClassVersionError: Bad version number in .class file using JmDNS 3.4.0 (issue 8914)
  • Raw HTML codes are displayed since 1.407 (issue 9426)
  • Access to api/json on second level view fails (issue 9367)
  • NULLPOINTER exception on build 1.395 when saving configuration (issue 8866)
  • "java.io.IOException: Bad file descriptor" when file copied from slave (issue 7871)
  • Block when Downstream breaks Block when Upstream (issue 8968)
  • Remember me box doesn't work with unix groups (issue 9094)
Tags: