Remoting-based CLI removed from Jenkins

Close to two years ago, we announced in New, safer CLI in 2.54 that the traditional “Remoting” operation mode of the Jenkins command-line interface was being deprecated for a variety of reasons, especially its very poor security record. Today in Jenkins 2.165 support for this mode is finally being removed altogether, in both the server Read more about Remoting-based CLI removed from Jenkins[…]

Java 11 Support Preview is available in Jenkins 2.155+

This is a joint blogpost prepared by the Java 11 Support Team. On Dec 18 (4PM UTC) we will be also presenting the Java 11 Preview Support at the Jenkins Online Meetup (link) Jenkins, one of the leading open-source automation servers, still supports only Java 8. On September 25 OpenJDK 11 was released. This is Read more about Java 11 Support Preview is available in Jenkins 2.155+[…]

Important security updates for Jenkins

We just released security updates to Jenkins, versions 2.146 and 2.138.2, that fix multiple security vulnerabilities. For an overview of what was fixed, see the security advisory. For an overview on the possible impact of these changes on upgrading Jenkins LTS, see our LTS upgrade guide. Further improvements In addition to the security fixes listed Read more about Important security updates for Jenkins[…]

Improving Jenkins Release Quality using Uplink Telemetry

One of the major strengths of Jenkins is its customizability and extensibility. With its plugin ecosystem and long list of (possibly hidden) options, Jenkins can be used for a wide range of use cases. The downside of all this flexibility is that, not knowing how people use Jenkins, we mostly rely on issues filed in Read more about Improving Jenkins Release Quality using Uplink Telemetry[…]

Jenkins 2.121.3 and 2.138 security updates

We just released security updates to Jenkins, versions 2.138 and 2.121.3, that fix multiple security vulnerabilities. For an overview of what was fixed, see the security advisory. For an overview on the possible impact of these changes on upgrading Jenkins LTS, see our LTS upgrade guide. Subscribe to the jenkinsci-advisories mailing list to receive important Read more about Jenkins 2.121.3 and 2.138 security updates[…]

Security Hardening: New API token system in Jenkins 2.129+

About API tokens Jenkins API tokens are an authentication mechanism that allows a tool (script, application, etc.) to impersonate a user without providing the actual password for use with the Jenkins API or CLI. This is especially useful when your security realm is based on a central directory, like Active Directory or LDAP, and you Read more about Security Hardening: New API token system in Jenkins 2.129+[…]

New design, UX and extensibility digest for login page et. al.

This blog post gives an introduction to the new design for the login and signup forms and Jenkins is (re)starting pages introduced in Jenkins 2.128. The first part of the blog post is an introduction to the new design and UX for Jenkins users. The later part is talking about extensibility in a more technical Read more about New design, UX and extensibility digest for login page et. al.[…]