Quantcast
Channel: Jenkins Blog
Viewing all articles
Browse latest Browse all 1087

Jenkins May 2023 Newsletter

$
0
0

Jenkins May Newsletter

Key Takeaways

  • Jenkins plugin updates released to fix security vulnerabilities, advisory published on May 16.

  • JDK8 support has been dropped in favor of JDK11 as the default for running Jenkins agents.

  • Ssh-agent release 5.0.0 introduces breaking changes.

Security Update

Contributed by: Wadeck Follonier

  • A Security Policy was added for the Docker images of the project.

    • Due to multiple reports about CVEs present in the Docker images the project was publishing, we wanted to clarify the situation.

    • Most CVEs do not impact the final application and do not require publishing justifications about the lack of impact on numerous CVEs every week.

  • One plugin advisory was published on May 16:

    • This included at least one high vulnerability in a very popular plugin.

Governance Update

Contributed by: Mark Waite

Several significant initiatives are already in progress within the Jenkins project.

Thanks to those who are leading the initiatives and thanks to those who are assisting with initiatives like:

  • Prototype.js removal from Jenkins core and Jenkins plugins. Contributing guidelines are in the blog post. Detailed issue reports are available in the JENKINS-70906: Jira epic. Progress reports for affected plugins are available in the tracking sheet.

  • HTMLUnit 3 upgrade in the Jenkins test harness, Jenkins core, and many Jenkins plugins.

  • Guava 32 upgrade

We’re also excited to have additional efforts in:

  • Reducing the core pull request evaluation time (and cost) with Launchable.

  • Using GitHub autolink for easier references to Jenkins Jira tickets.

Infrastructure Update Contributed by: Damien Duportal

  • The Cloud Cost Controls effort has continued by optimizing resource usage, resulting in:

    • Decreased the AWS bill of $ 3,000 (14,000 → 11,000).

    • Decreased the Azure bill of $ 2,000 to (11,000 → 9,000) despite adding resources.

  • Launchable is now generally available for community developers on ci.jenkins.io.

  • Jenkins LTS 2.387.3 was deployed everywhere less than 24 hours after it was released.

  • Ubuntu 22.04 upgrade campaign (18.04 is end of life) continued (6 more VMs, 5 VMs left).

  • Build workload migration to ARM64: internal tools.

User Experience Update

Contributed by: Mark Waite

The user experience SIG continues to improve the look and feel and the accessibility of the Jenkins user interface.

The Prototype.js removal from Jenkins core and Jenkins plugins has already shown us that additional UI capabilities will be available as we remove that old library. Dr. Ullrich Hafner has created a prototype of one of those enhancements in the data tables plugin.

Cristina Pizzagalli and Jan Faracik have both been working on improving accessibility for Jenkins users with disabilities. We particularly thank the usability and accessibility team at Deutsche Telekom IT GmbH for their JENKINS-71153: accessibility assessment report.

Platform Modernization Update

Contributed by: Bruno Verachten

  • Deprecation

    • Red Hat Enterprise Linux 7 (and derivatives) early end of life

      • To ensure a smooth transition, we are implementing several measures to inform users when an operating system is approaching its end of life. These changes will be visible in upcoming releases and container images.

      • Key Dates:

  • Ongoing work

    • Damien Duportal is actively working on code factorization, specifically targeting a single repository for all agent images.

      • This will streamline maintenance tasks, such as fixing CVEs.

      • The first phase for JDK versions has already been completed, resulting in significantly reduced code size.

      • Additionally, efforts are underway to merge two agents, aiming for synchronized release cycles. This change should not impact end users, except for the transition of the repository into an archive.

    • We can provide more frequent updates on the development of Alpine images thanks to the use of updatecli.

    • There is an ongoing discussion in the pull request regarding the switch of the Alma Linux container from version 8 to version 9.

  • What has been done

    • Updates on Docker Images:

      • Significant progress has been made on ppc64le. Thank you, Kenneth, for your valuable contributions!

      • PRs for docker-agent, docker-ssh-agent, inbound-agent, and the controller have been successfully merged.

      • Ssh-agent release 5.0.0 introduces breaking changes.

        • JDK8 support has been dropped in favor of JDK11 as the default for running Jenkins agents.

Documentation Update Contributed by: Mark Waite

We’re pleased to welcome several new documentation contributions, including our Google Summer of Code contributors:

We’re very pleased that these new Jenkins contributors have seen the value of documentation and have submitted documentation improvements.

We also welcomed first-time documentation contributors in May and are pleased to have their additions. Thanks so much to our documentation contributors.

Outreach and advocacy Update

Contributed by: Alyssa Tong

image

Every year, the community nominates and votes for three outstanding difference makers in the Jenkins community: Most Valuable Advocate, Security MVP, and Most Valuable Contributor. Congratulations go to:

Read what makes them outstanding contributors.

Many THANKS and congratulations to all award nominees!

image

The Continuous Delivery Foundation (CDF) hosted its fourth flagship event, cdCon, on May 8 – 9, 2023 in Vancouver, Canada as cdCon + GitOpsCon, co-organized with the Cloud Native Computing Foundation (CNCF).

Sessions from the most widely used CI/CD and GitOps technologies, including the Jenkins community, were there with project updates along with various talks from community members and users.

In case you missed it, below are the recorded Jenkins sessions at cdCon:

image

Jenkins welcomed four Google Summer of Code contributors to the family. Each contributor will be working hand in hand with their dedicated mentors. We’d like to introduce you to the Jenkins in GSoC contributors and the projects they will be making a difference on:


Viewing all articles
Browse latest Browse all 1087

Trending Articles