Contributed by: Wadeck Follonier The Jenkins Security team has multiple missions, with the most visible to users being the publication of advisories. In 2023, the team published 17 advisories: 4 included Jenkins core, and 13 were solely about plugins. In total, 211 vulnerabilities were announced. In terms of reporting trends, we have seen an increase Read more about Jenkins 2023 Recap[…]

Key Takeaways Basil Crow joins the Jenkins Governance Board. A Jenkins Contributor Summit will be held prior to FOSDEM. The Contributor Spotlight site is now live. Contributed by: Mark Waite Basil Crow joins the Jenkins governance board in December 2023. He’ll serve for a two-year term. Thanks to Basil for his willingness to serve. More Read more about Jenkins November 2023 Newsletter[…]

Key Takeaways JDK21 is available on the infrastructure and in official Docker images too. 💥Breaking change: set Java 17 as default for LTS. Prototype has been removed as of weekly 2.426 Contributed by: Wadeck Follonier Core security advisory published on October 18 https://jenkins.io/security/advisory/2023-10-18/ Includes an essential Jetty update that provided multiple fixes. Plugin security advisory Read more about Jenkins October 2023 Newsletter[…]

Key Takeaways JDK21 is around the corner Contributed by: Wadeck Follonier A plugin security advisory was published on September 6. Security Advisory 2023-09-06 This included multiple high score vulnerabilities in various plugins. A core security advisory was published on September 20. Security Advisory 2023-09-20 Multiple vulnerabilities were corrected in core. This advisory also included fixes Read more about Jenkins September 2023 Newsletter[…]

Key Takeaways Jenkins project reports growth of 79% in Jenkins Pipeline, used to propel software delivery. Contributed by: Wadeck Follonier Andrea Chiera completed his 3 months internship within the Security team, auditing 100 plugins and finding 20+ vulnerabilities. Summer Internship in Jenkins security Thank you very much for your involvement and also to the team Read more about Jenkins August 2023 Newsletter[…]

Key Takeaways A Jenkins Core security advisory was published on July 26 The official documentation has migrated to Java 17 Operating system end of life notifications have been added Contributed by: Wadeck Follonier During July, there were two Security Advisories published: Plugin security advisory published on July 12 Multiple high-score vulnerabilities A total of 16 Read more about Jenkins July 2023 Newsletter[…]

Key Takeaways There was one security advisory this month announcing vulnerabilities regarding Jenkins plugins. Cloud Cost Controls with improved resource cleanups and VM usage optimization to face the increased rate of builds on ci.jenkins.io. Thanks to DigitalOcean for their continued support and ($8,400 credit) sponsorship of Jenkins. Ppc64le docker agent images are now available. Jenkins Read more about Jenkins April 2023 Newsletter[…]

Highlights Jenkins 2.397 and 2.387.2 are both using new Linux repository signing keys. The Pipeline graph view plugin continues to evolve and improve as a Pipeline visualization replacement for Blue Ocean. The number of pull requests merged for jenkins.io crossed into triple digits this month (101). Contributed by: Mark Waite Jenkins’ installers for Debian and Read more about Jenkins March 2023 Newsletter[…]

Highlights FOSDEM 2023 insights Jenkins is a mentor organization for Google Summer of Code Several container image updates Jenkins Awards voting is now open Contributed by: Alyssa Tong FOSDEM 2023 Returning to FOSDEM for the first in-person event since COVID was both exciting and nostalgic for our Jenkins contributors. It was exciting to see the Read more about Jenkins February 2023 Newsletter[…]

Highlights Jenkins in GSoC planning is in full steam ahead. General availability of new development tools on ci.jenkins.io: Maven, JDK, Playwright. 98 pull requests were merged from 38 different authors in January. Jenkins 2.375.2 released January 11, 2023. Over 350 positive ratings. A sandbox bypass vulnerability was corrected among 37 other vulnerabilities. The security team Read more about Jenkins January 2023 Newsletter[…]