Jenkins January 2023 Newsletter
Highlights
-
Jenkins in GSoC planning is in full steam ahead.
-
General availability of new development tools on ci.jenkins.io: Maven, JDK, Playwright.
-
98 pull requests were merged from 38 different authors in January.
-
Jenkins 2.375.2 released January 11, 2023. Over 350 positive ratings.
-
A sandbox bypass vulnerability was corrected among 37 other vulnerabilities. The security team recommends users to upgrade.
-
Debian 12 (“bookworm”) will not deliver OpenJDK 11
Contributed by: Alyssa Tong
-
The GSoC Org admin team kicked the new year off with all things GSoC!
-
We hosted a webinar for new mentors.
-
Finalized the GSoC 2023 project ideas list.
-
This post encapsulates current progress and what’s next.
-
There’s still time to become a mentor and or propose project idea(s).
-
Contributed by: Damien Duportal
-
Bumped our controllers to LTS 2.375.2
-
General availability of new development tools on ci.jenkins.io:
-
Maven 3.8.7
-
JDK 8u362-b09
-
JDK 11.0.18+10
-
JDK 17.0.6+10
-
JDK 19.0.2+7
-
Playwright (headless web-browser testing)
-
-
Started to decrease download bandwidth from JFrog (repo.jenkins-ci.org) to our infrastructure by enabling artifact caching for plugins builds on ci.jenkins.io.
-
A lot of “under-the-hood” network and performances related work.
-
-
Cleaned up deprecated plugins from all of our controllers (momentjs, jquery bundle and ace-editor bundle).
Contributed by: Kevin Martens
During the month of January, 98 pull requests were merged from 38 different authors. We are also preparing for the 2023 edition of Google Summer of Code, by encouraging folks to share ideas or join as mentors. We published one blog post, which was the 2022 recap and contained tons of highlights for the last year of the Jenkins project. Thanks to all of the new and returning contributors for their hard work already in the new year, and the continued efforts that are bound to happen.
Contributed by: Mark Waite
Jenkins 2.375.2 released January 11, 2023. Over 350 positive ratings with only 1 issue reported to have required a rollback for 4 users.
The nine most recent Jenkins weekly releases (2.381 - 2.389) have received positive ratings as well, with 40-50 positive ratings and only 1 reported rollback in each of those 9 weekly releases.
Thanks to everyone that has done such great work on Jenkins core and its recent releases.
Contributed by: Bruno Verachten
-
Docker images
-
New platforms:
-
UBI9 with JDK17 proposed and maintained by Oliver Gondza from RedHat, who’s also maintainer of the UBI8 container image.
-
Zombie images fixed. Hurray!
-
Java updates were deployed to infra and container images (except for Windows containers):
-
8u362
-
11.0.18
-
17.0.6
-
19.0.2
-
-
-
-
Debian 12 (“bookworm”) will not deliver OpenJDK 11.
-
The end of life date for Debian’s openJDK11 won’t happen until 2026 or 2027.
-
There is no urge to drop jdk11 support for Jenkins.
-
We will change the documentation nonetheless when it goes out, so that we describe the use of Jenkins with openJDK17.
-
-
JDK Support for Jenkins
-
Jenkins' enhancement proposal for required JDK11 is final! Congrats.
-
Contributed by: Mark Waite
The Jenkins user experience continues to improve. Recent weekly releases have included hiding of potentially sensitive values in system properties and in environment variables, navigation improvements with more breadcrumb entries, changes to the plugin manager, and internal updates to various libraries.
Contributed by: Wadeck Follonier
A sandbox bypass vulnerability was corrected and announced in the January security advisory among 37 others vulnerabilities. The security team recommends users to upgrade.
The security team continues to improve the tooling and automation to increase the security of the project. We are pleased to have added support for plugin developers to suppress findings coming from our custom CodeQL rules. See the message in the mailing list.