|バージョン||2.229 2.228 2.227 2.226 2.225 2.224 2.223 2.222 2.221 2.220 2.219|
2020/03/30 ver 2.229
What's new in 2.229
Use the saved global build discarder configuration on restart.
Jenkins 2.221 through 2.228 ignore the saved global build discarder configuration when they restart.
Fix proxy form validation when a password is set (regression in 2.205).
Update .NET version checks to be more correct for modern .NET versions.
About Jenkins management link is now accessible to users with Overall/Manage or Overall/SystemRead (as well as the usual Overal/Administer).
Robustness: Don't throw a NullPointerException when trying to convert null to Secret.
Upgrade to Remoting 4.3 to fix an issue with large payloads over WebSockets.
Requires a matching agent.jar with remoting 4.3 or later.
(pull 4601, pull 4596, issue 61409, Remoting 4.3 changelog, WebSockets blog post, JEP-222)
Developer: Create symlinks atomically and log warning on failure.
Developer: Secret and ConfidentialKey implementations can now be used from unit tests without JenkinsRule.
2020/03/26 ver 2.228
What's new in 2.228
Important security fixes.
Security hardening related to request routing and CSRF protection.
(related upgrade guide)
2020/03/23 ver 2.227
What's new in 2.227
System Information management link is now accessible to users with Overall/Manage, showing only plugins and memory usage information.
Limit max width of Manage Jenkins entries on very large screens.
Usage Statistics in Global Configuration is now configurable by users with Overall/Manage permission (as well as the usual Overal/Administer).
Make HTTP DELETE based item deletion behave more like an API, recommend it over POST /doDelete.
Increase scroll speed of context menus.
List plugins that failed to load on the Installed tab of the plugin manager.
Highlight in the plugin manager when plugins are looking for new maintainers ("Adopt this plugin").
Developer: Add Javadoc for management link category definitions.
Internal: Permit core building using newer JDK than version 8.
2020/03/16 ver 2.226
What's new in 2.226
Fix drag & drop for previously saved steps in the job configuration form (regression in 2.217).
Organize entries on the Manage Jenkins page into categories and show them in a grid.
Remove the unnecessary "monitor[s]" text next to the bell for a cleaner UI.
Change the colors of the notifications next to the bell to make them more noticeable.
Allow usage statistics to be configured with the configuration-as-code plugin.
Allow ssh authorized keys to be configured with the configuration-as-code plugin.
(pull 4563, ssh-cli-auth 1.8 changelog)
Use modern system fonts provided by the browser when possible.
Changes font size for body copy and headings to improve consistency and legibility.
Update bundled Script Security Plugin from 1.70 to 1.71.
(pull 4561, Script security plugin 1.70 changelog, SECURITY-1754 sandbox bypass vulnerability)
Show in plugin manager table when there are security issues in a currently installed plugin.
2020/03/10 ver 2.225
What's new in 2.225
Don't lose SCM configuration when saving job (regression in 2.224).
WARNING: This release introduces a critical regression when saving jobs.
Please avoid updating to this version.
Winstone 5.9: Fix propagation of the maximum form content size and form content keys number (regression in Jetty 9.4.20 and Jenkins 2.205).
Winstone 5.9: Fix reverse improper proxy redirects to Host due to X-Forwarded-Host and X-Forwarded-Port ordering issue (regression in Jetty 9.4.20 and Jenkins 2.205).
Do not disable all controls on job configuration forms for some users with Job/Configure permission (regression in 2.223).
2020/03/09 ver 2.224
What's new in 2.224
JENKINS-60409 - Winstone 5.9: Fix propagation of the maximum form content size and form content keys number (regression in Jetty 9.4.20 and Jenkins 2.205).
(pull 4542, issue 60409, Winstone 5.9 changelog)
Winstone 5.9: Fix reverse improper proxy redirects to Host due to X-Forwarded-Host and X-Forwarded-Port ordering issue (regression in Jetty 9.4.20 and 2.205).
(pull 4542, issue 60199, Winstone 5.9 changelog, Jetty 9.4.27 changelog)
Do not disable all controls on job configuration forms for some users with Job/Configure permission. (regression in 2.223).
Show plugin release date in plugin manager.
Suppress error stack traces for non-administrator users as core capability.
Indicate when security issues would be addressed by an update in plugin manager.
Show plugin categories as labels in the plugin manager instead of grouping them into different table sections.
Prevent unhandled JSONException in DescriptorList#newInstanceFromRadioList() and ExtensionDescriptorList#newInstanceFromRadioList().
Update size of the search box properly when screen is resized.
2020/03/02 ver 2.223
What's new in 2.223
Remove 'auto refresh' feature, including now obsolete auto refresh telemetry capability.
Allow users with system read permission to view the global security configuration page.
Allow users with system read permission to view the About Jenkins page.
Users with extended read permission now get a more read-only looking UI.
Prevent one occurrence of "Jenkins.instance is missing"
(pull 4525, issue 55070, issue 59992, issue 60454, issue 61192)
Reintroduce Build History description truncation by default.
Allow managing/disabling the limit via the historyWidget.descriptionLimit system property.
A negative value removes the limit, 0 forces empty descriptions.
(pull 4529, issue 61004, issue 60299)
Avoid a NullPointerException when starting a non-Pipeline build with a custom root directory set to a filesystem root (e.g., C:\).
Allow FingerprintFacet to block the deletion of fingerprint.
2020/02/24 ver 2.222
What's new in 2.222
Revamp the layout and icons of the header bar and breadcrumbs.
Instances with plugins that depend on details of the Jenkins layout (e.g. Simple Theme Plugin) may experience UI/layout problems.
A new experimental header color scheme can be enabled by setting the jenkins.ui.refresh system property to true.
Introduce a new experimental UI that can be enabled by setting the jenkins.ui.refresh system property to true.
Currently it includes a new header color scheme, more changes to be added as a part of the UI/UX revamp.
(pull 4463, issue 60920, JEP-223, Jenkins UX SIG)
Add a new experimental Overall/Manage permission which allows a user to configure parts of the global Jenkins configuration without having the Overall/Administer permission.
Add a new experimental Overall/SystemRead permission, which gives (almost) full read access to the Jenkins instance.
The permission is disabled by default, install the Extended Read Permission plugin to activate it.
(pull 4506, issue 12548, JEP-224, Extended Read Permission plugin)
Deprecate the Overall/RunScripts, Overall/UploadPlugins, and Overall/ConfigureUpdateCenter permissions.
Permissions were announced as dangerous and disabled by default in major authorization plugins in 2017.
Custom authorization strategy implementations that grant Overall/Administer without implying one or more of these three permissions will no longer work as expected.
Configurations that grant any of these permissions to users without Overall/Administer will no longer work as expected.
(pull 4365, issue 60266, JEP-223, 2017-04-10 security advisory for Matrix Authorization plugin, 2017-04-10 security advisory for Role-Based Authorization plugin)
Remove the ability to have CSRF protection disabled.
2020/02/20 ver 2.221
What's new in 2.221
Add a new permission Overall/Manage which allows a user to configure parts of the global Jenkins configuration without having the Overall/Administer permission.
This is an experimental feature, disabled by default, that can be enabled by setting the jenkins.security.ManagePermission system property to true.
(pull 4501, issue 60266, JEP-223)
Add globally configured build discarders that delete old builds not marked as "keep forever" even if there is no, or a less aggressive, per-project build discarder configured, executed periodically and after a build finishes.
Jenkins will by default execute the configured per-project build discarder periodically even if no build is currently finishing.
This may delete old builds of projects that got a more aggressive build discarder configuration since the last build was run.
Dynamically loading certain plugins could result in permission errors.
Add memory usage monitor to system information page.
Order Admin Monitors in Global Configuration page.
Improve performance when loading tied jobs.
Update bundled Script Security Plugin from 1.68 to 1.70
2020/02/10 ver 2.220
What's new in 2.220
Fix agent installation as a service on Windows (regression in 2.217).
(Remoting 4.2 changelog, Agent Installer Module 1.7 changelog)
Fix NullPointerException when getting a list of runs with a status threshold (regression in 2.202).
Remove network discovery services (UDP and DNS).
Extends the current milestones so plugins can update jobs and configuration during Jenkins initialization.
Adds initialization milestones: SYSTEM_CONFIG_LOADED, SYSTEM_CONFIG_ADAPTED, JOB_CONFIG_ADAPTED.
Export the plugin compatibility flag in Update Site REST API.
Suggest Jenkins Configuration as Code plugin in the installation wizard.
Do not record the user creating an agent in some circumstances.
Avoid logging node monitoring exceptions caused by node deletion.
2020/01/30 ver 2.219
What's new in 2.219
Important security fixes.
Security hardening related to Stapler routing.
Security hardening: Set X-Content-Type-Options to nosniff in REST API responses.