Jenkins February 2023 Newsletter
Highlights
-
FOSDEM 2023 insights
-
Jenkins is a mentor organization for Google Summer of Code
-
Several container image updates
-
Jenkins Awards voting is now open
Contributed by: Alyssa Tong
FOSDEM 2023
Returning to FOSDEM for the first in-person event since COVID was both exciting and nostalgic for our Jenkins contributors. It was exciting to see the same crowd size and enthusiasm by attendees. Many thanks to the wonderful FOSDEM organizers for yet another fantastic event!
Jenkins in Google Summer of Code (GSoC)
We are thrilled to have been accepted to the Google Summer of Code 2023!! This will be Jenkins' eighth (8th) year participating with the program. Weekly GSoC office hours have begun as well, with office hours every Thursday @ 16:00 UTC. Refer to the Event Calendar for additional details. If you missed the initial meetings, the recordings are below:
Join in on all GSoC discussions in our gitter channel.
Jenkins Awards
Award season is here! Nominations are closed but voting is now open. Congratulations to all the nominees and thank you for your contributions! Check out our blog post about the Jenkins awards.
Contributed by: Damien Duportal
Following FOSDEM, where most of the infrastructure team was present physically, February was a busy month for the Jenkins Infrastructure team:
-
In an effort to reduce bandwidth with JFrog (repo.jenkins-ci.org), Jenkins continuous integration jobs are now using significantly less internet bandwidth thanks to the artifact caching proxy implemented by the team. The artifact caching proxy is implemented on our three cloud providers, so that artifacts can be downloaded from a local cache rather than accessing the artifact repository.
-
Jenkins LTS
2.375.3
is now used on all of our controllers, less than 3 days after its release. -
We have removed all Jenkins deprecated plugins on all of our controllers such as jquery, momentjs, and ace-editor.
-
We upgraded all six of our Kubernetes clusters from the
1.23
to1.24
baseline in the three cloud providers. -
All of the private and internal web services are now using TLS with certificates provided by Let’s Encrypt, along with Azure DNS challenge.
-
We contributed to Docker documentation after catching issues with the Docker CE
23.x
fresh release and Docker BuildX on Ubuntu.
Contributed by: Kevin Martens
February was a busy month for the Jenkins project. We want to highlight several blog posts from various authors such as:
-
Our FOSDEM recap, including insights from the Jenkins participants at the event
-
Multiple posts regarding Google Summer of Code and our participation from Jean-Marc Meessen
-
Our January newsletter from the Jenkins SIG leaders
-
A tutorial on building a Jenkins MSI on a Windows machine by Bruno Verachten
We’ve also received numerous pull requests from contributors that are getting started with Jenkins, as well as several excited participants of the Google Summer of Code. For all of the work and energy you’re putting into the Jenkins project, we extend our deepest gratitude.
Contributed by: Mark Waite
The Jenkins governance board met once in February, resolved several action items, and noted the progress on projects with sponsors like JFrog and Atlassian. We’re sincerely grateful for the sponsorships provided by those generous companies and many other companies.
Contributed by: Bruno Verachten
As part of our ongoing work, we are considering CentOS 7 and its eventual end of life.
There is a proposal to deprecate the Centos 7
Jenkins controller Docker images.
When we decide to deprecate these images, we’ll publish an announcement and a JEP.
Before it is fully deprecated, we’ll also release a merged version of the centos
and centos7
image as the very last CentOS 7
Docker image.
In regards to our Docker images, there were several updates here as well:
-
The latest updates are now part of the agent images such as:
-
ssh-agent: Upgraded Git version on Windows to 2.39.2.windows.1 (#209) @github-actions
-
docker-agent: Upgraded Git version on Windows to 2.39.2.windows.1 (#376) @github-actions
-
Inbound agent:
-
Upgraded the parent image jenkins/agent version to 3107.v665000b_51092-4 (#331) @github-actions
-
Upgraded the parent image jenkins/agent version to 3107.v665000b_51092-3 (#330) @github-actions
-
Upgraded updatecli/updatecli-action from 2.19.0 to 2.20.1 (#329) @dependabot
-
The Windows controller image is not updated as often as the rest. It’s been more than one year without any updates, and we may choose to drop it.
-
-
-
With the release of Debian 12 (“bookworm”), Debian will no longer deliver OpenJDK 11.
-
Thankfully, the end of life date for Debian’s openJDK11 won’t happen until 2026 or 2027.
-
The Jenkins documentation will be updated when it goes out, so that we describe the use and installation of Jenkins with openJDK17.
-
New platforms:
-
RISC-V support is far from official for Jenkins, but tests are progressing.
Contributed by: Mark Waite
User experience improvements continued to arrive in February, thanks to contributions from Jan Faracik, Alexander Brandes, Tim Jacomb, Markus Winter, and others.
Look for the improvements in recent weekly releases and in the new Jenkins 2.387.1
LTS release.
The pipeline graph viewer plugin continues to improve its user interface. Refer to the video highlights in the User Experience SIG recording. Additionally, build logs are now viewed from the main panel with easier navigation.
Contributed by: Kevin Guerroudj
Two security advisories have been published during the month of February:
-
One regarding plugins, including 5 plugins that were affected and have been fixed, with one vulnerable to a sandbox bypass vulnerability.
-
One regarding Docker images and fixing the vulnerabilities CVE-2022-23521 and CVE-2022-41903 present in git, making remote code execution possible.
The security team recommends that users update as soon as possible.