Key Takeaways
Jenkins project reports growth of 79% in Jenkins Pipeline, used to propel software delivery.
Contributed by: Wadeck Follonier
Andrea Chiera completed his 3 months internship within the Security team, auditing 100 plugins and finding 20+ vulnerabilities.
Thank you very much for your involvement and also to the team for mentoring him.
A Plugin security advisory was published on July 12
This included four high score vulnerabilities and several medium or lower vulnerabilities.
A total of 13 plugins were affected.
The Security team is progressing on the CSP compliance project for Jenkins Core, encountering interesting corner cases that have to be covered.
Contributed by: Mark Waite
Voter registration and candidate nomination for Jenkins elections will begin in September. The blog post contains more details.
The ten year old Prototype.js JavaScript library will be removed from Jenkins core beginning with the weekly release October 3, 2023. Special thanks to Basil Crow and Tim Jacomb for their work preparing Jenkins core and Jenkins plugins for a successful removal of that outdated library.
Contributed by: Damien Duportal
JDK21 (Early Access Temurin Edition) and Maven 3.9.4 are generally available for developers on ci.jenkins.io.
JDK17 is the default for all Jenkins controllers and agents on the Jenkins public infrastructure.
Migration of the last two VMs to a new IPv6-enabled network removed a monthly cost of $1000 for unused cloud resources.
Contributed by: Mark Waite
The Jenkins user experience continues to improve. Jenkins 2.414.1 include significant updates to many UI elements, including form and page modernization.
Dropdown links have been improved and are now part of a common framework
Log recorder administration has been updated to be consistent with other pages
Sign-in page has been modernized and simplified
Many delete dialogs have been standardized and prepared for future improvements
Builds widget has a better layout
Contributed by: Bruno Verachten
There has been an issue with Docker Images republishing unexpectedly, causing old tags to be rebuilt. This is now solved.
JDK21:
Work is ongoing to keep JDK21 updated to an early access version in Jenkins’ infrastructure.
Jenkins can run on JDK21 since version 2.419.
A proposal from Mark Waite regarding Java 11, Java 17, and Java 21 adoption roadmap in Jenkins is being considered.
Docker agents and controller:
Ssh-agent: breaking change in 5.10.0 with the replacement of bullseye in favor of bookworm.
Controller:
2.414.1 brought a breaking change: update debian images to bookworm
Windows:
Windows agent images are now using a Windows server image, which is a breaking change.
Windows 2022 images are being considered due to Windows 2019 reaching end-of-life.
Instructions for Java 17 are still to be updated in the Windows docs.
Contributed by: Kevin Martens
Over the course of August, there were seven blog posts published by a combination of 12 different authors. This included updates from the Google Summer of Code participants, a retrospective on a Jenkins security internship, considering what the future holds for Jenkins, and notices regarding bandwidth reduction, Linux containers, and Java 17 use in the Jenkins documentation.