Jenkins 2023 Recap

Contributed by: Wadeck Follonier The Jenkins Security team has multiple missions, with the most visible to users being the publication of advisories. In 2023, the team published 17 advisories: 4 included Jenkins core, and 13 were solely about plugins. In total, 211 vulnerabilities were announced. In terms of reporting trends, we have seen an increase Read more about Jenkins 2023 Recap[…]

Jenkins November 2023 Newsletter

Key Takeaways Basil Crow joins the Jenkins Governance Board. A Jenkins Contributor Summit will be held prior to FOSDEM. The Contributor Spotlight site is now live. Contributed by: Mark Waite Basil Crow joins the Jenkins governance board in December 2023. He’ll serve for a two-year term. Thanks to Basil for his willingness to serve. More Read more about Jenkins November 2023 Newsletter[…]

Log from Jenkins Jobs to GitHub Pull Requests as Checks

You have a GitHub repo and a Jenkins server. The Jenkins server has jobs for running unit tests, computing code coverages, and executing static analyses. Every time someone opens a PR to your repo, you ask them to run those jobs, take screenshots of the results, and paste these screenshots to the PR description as Read more about Log from Jenkins Jobs to GitHub Pull Requests as Checks[…]

Jenkins October 2023 Newsletter

Key Takeaways JDK21 is available on the infrastructure and in official Docker images too. 💥Breaking change: set Java 17 as default for LTS. Prototype has been removed as of weekly 2.426 Contributed by: Wadeck Follonier Core security advisory published on October 18 https://jenkins.io/security/advisory/2023-10-18/ Includes an essential Jetty update that provided multiple fixes. Plugin security advisory Read more about Jenkins October 2023 Newsletter[…]

Introducing the 2 + 2 + 2 Java support plan

Summary tl;dr Jenkins 2.426.1 LTS will support Java 11, 17, and 21. In Fall 2024, Jenkins will require Java 17 or 21 and drop support for Java 11. Thereafter, Jenkins will support each Java LTS release for approximately four years; i.e., Jenkins will support two Java LTS releases at any given time. Background Java’s historically Read more about Introducing the 2 + 2 + 2 Java support plan[…]

Back of the Napkin Guide to Updating Jenkins, for the uninitiated

. Prologue Here’s a brief account of my journey to update my Jenkins Servers. Think of this as a “back of the napkin” guide that I used to research and upgrade my Jenkins Servers, which had been left unattended for far too long. I know many of you are seasoned experts – I wasn’t. I’ve Read more about Back of the Napkin Guide to Updating Jenkins, for the uninitiated[…]

What is the plugin health score?

Short story long As of October 24th, there is a new tab named Health Score on each plugin page of plugins.jenkins.io. This new tab provides the plugin’s health score, along with every aspect that contributed to its score. The score is meant to be unbiased and all plugins are evaluated the same way. Here is Read more about What is the plugin health score?[…]

Jenkins September 2023 Newsletter

Key Takeaways JDK21 is around the corner Contributed by: Wadeck Follonier A plugin security advisory was published on September 6. Security Advisory 2023-09-06 This included multiple high score vulnerabilities in various plugins. A core security advisory was published on September 20. Security Advisory 2023-09-20 Multiple vulnerabilities were corrected in core. This advisory also included fixes Read more about Jenkins September 2023 Newsletter[…]

Prototype removed from Jenkins 2.426

Following up on my previous post about removing Prototype from Jenkins, Prototype has been removed from the 2.426 weekly release and will be removed from the November LTS release. This removal required changes in about 60 plugins. Use the Plugin Manager to upgrade all plugins before and after upgrading to Jenkins 2.426. A migration of Read more about Prototype removed from Jenkins 2.426[…]

Supercharge Your Jenkins Workflow with Mergify

Introduction In the modern software development landscape, continuous integration (CI) and continuous deployment (CD) are no longer just trendy buzzwords. They are vital components of the development cycle. Two tools that are often associated with these operations are Jenkins and Mergify. Jenkins, an open-source automation server, is used to automate parts of the development process, Read more about Supercharge Your Jenkins Workflow with Mergify[…]