Back to blog

Jenkins June 2023 Newsletter

Damien DUPORTAL
Damien DUPORTAL
Mark Waite
Mark Waite
Bruno Verachten
Bruno Verachten
Wadeck Follonier
Wadeck Follonier
Kevin Martens
Kevin Martens
July 10, 2023

Jenkins June Newsletter

Key Takeaways

  • Red Hat Enterprise Linux 7, and derivatives like CentOS 7, reach early end of life.

  • Upgrades and improvements of Jenkins components continue with significant progress towards the eventual removal of Prototype.js from Jenkins core.

  • Thanks to a kind donation from Launchable, pull requests to Jenkins core now complete their evaluation builds in 2 hours rather than the 6 hours that were previously required.

Security Update

Contributed by: Wadeck Follonier

  • There was one security advisory published on June 14

    • 2023-06-14 Security Advisory

    • The security team discovered a vulnerability that was corrected as a (positive) side effect of a maintenance task. There is no new security release per se for Jenkins Core, but an advisory and associated warnings to let administrators know that an update is recommended.

    • That advisory also included fixes for plugins.

  • Expansion of the security audit scope in Jenkins Core

    • Originally the scope of the audit requirement was only “UI-related” changes.

    • But recently, there were multiple changes in JavaScript / Jelly without a UI impact, mainly for maintenance.

    • More information about this is in the Jenkins UX SIG - Agendas & Notes, for June 21.

  • Special thanks to the GitHub Security Lab for their reports

    • This is the second time in a row that vulnerabilities they reported were corrected in the advisory.

    • Kudos to Alvaro Muñoz and Tony Torralba for their work on this.

    • In collaboration with them, the Jenkins Security team will improve the CodeQL scanning tool.

Governance Update

Contributed by: Mark Waite

The Linux Foundation will upgrade issues.jenkins.io on Thursday, July 6, 2023. Special thanks to the Linux Foundation for their skilled administration of our JIRA instance. More detailed information is available on the status page.

The four Google Summer of Code projects mentored by members of the Jenkins project are preparing midterm presentations and midterm evaluations. The midterm webinar will be Thursday, July 6, 2023. A recording will be available as well along with the presentation slides.

Upgrades and improvements of Jenkins components continue, with significant progress towards the eventual removal of Prototype.js from Jenkins core. We’ve also seen upgrades for Guava, Guice, Apache commons.io, and HTMLUnit. Thanks to the providers of those libraries and special thanks to the Jenkins maintainers that are leading those upgrades.

Thanks to a kind donation from Launchable, pull requests to Jenkins core now complete their evaluation builds in 2 hours, rather than the 6 hours that were previously required. Launchable uses AI techniques to select a time-limited subset of tests, executed as part of pull request evaluation. Special thanks to Basil Crow for implementing Launchable in the Jenkins project.

The CDF Technical Oversight Committee elections have finished. The Jenkins project nominee, Mark Waite, has been elected to serve. We’re pleased that the Jenkins project continues to have representation on the committee.

Infrastructure Update Contributed by: Damien Duportal

  • The Cloud Costs Control effort continued:

    • We kept the AWS bill at $11,000 while the build workload of ci.jenkins.io increased by 15%.

    • We also decreased the Azure bill by $2,000 ($9,000 → $7,000) despite adding (more) resources.

  • For the build workload migration to ARM64: javadoc.jenkins.io is now proudly served by Azure ARM64 instances.

  • Jenkins LTS' 2.401.1 and 2.401.2 were deployed everywhere less than 24 hours after their releases.

  • Ubuntu 18.04 Bionic end of life: All of our VMs are now using Ubuntu 22.04, except the Update Center one.

  • Cloud Control:

    • The trusted.ci.jenkins.io and puppet.jenkins.io systems were migrated to Azure for security.

    • AWS is only used by ci.jenkins.io for container agents. This means no more EC2.

  • IPv6 support for get.jenkins.io and every other public services, thanks to their migration to a brand new AKS cluster with dual stack enabled.

User Experience Update

Contributed by: Mark Waite

User experience improvements continue thanks to the efforts of Markus Winter, Jan Faracik, Jan Meiswinkel, and others.

Markus is improving the look and feel of the delete dialog, so that it will be consistent and will appear within the web page as a modal dialog, rather than appearing outside the page as a browser dialog.

Jan Faracik continues to improve the look and feel of Jenkins pages, including recent improvements to the logs page and improvement in the cascading style sheets.

Platform Modernization Update

Contributed by: Bruno Verachten

Several platform updates occurred throughout June:

  • CentOS 7: Early End of Life announcement.

  • Docker Image Updates

    • Jenkins agent and controller images: Utilizing updatecli for image management. JDK17 version tracking for ssh-agent and Alpine Linux and JDK version tracking for the controller.

    • ssh-agent: Released versions 5.6.0 and 5.4.0 with JDK version tracking and other enhancements.

    • docker-agent: New release 3131.vf2b_b_798b_ce99-2 with updated dependencies and 3.18.2 Alpine Linux version.

    • docker-inbound-agent: Release 3131.vf2b_b_798b_ce99-2 with updated parent image.

    • Docker Controller: Release 2.411 with Jenkins 2.411 and security policy enhancements. Refer to the release notes for more details.

  • Docker Hub Stats

    • Monthly image exports are shared on this spreadsheet.

    • ArchLinux usage is low, but not deprecated.

  • Work in Progress

    • Windows image availability for the controller. The latest version: 2.410.

Documentation Update Contributed by: Kevin Martens

During the month of June, three blog posts were published on the Jenkins blog. This included the May newsletter, an update announcement for Jenkins mirrors, and instructions on removing deprecated plugins from Jenkins when using Docker.

The documentation has also started to transition to using Java 17 in the installation documentation for various platforms. The Linux installation documentation has been updated accordingly and includes a note regarding the Debian 12 release (as it does not deliver OpenJDK 11). This note will be present on any page that is part of the transition so that users are aware of the updates.

As always, we appreciate all the documentation contributions from new and existing users. Thank you for your work and dedication to the open source community!

About the authors

Damien DUPORTAL

Damien DUPORTAL

Damien is the Jenkins Infrastructure officer and a software engineer at CloudBees working as a Site Reliability Engineer for the Jenkins Infrastructure project. Not only he is a decade-old Hudson/Jenkins user but also an open-source citizen who participates in Updatecli, Asciidoctor, Traefik and many others.

Mark Waite

Mark Waite

Mark is a member of the Jenkins governing board, a long-time Jenkins user and contributor, a core maintainer, and maintainer of the git plugin, the git client plugin, the platform labeler plugin, the embeddable build status plugin, and several others. He is one of the authors of the "Improve a plugin" tutorial.

Bruno Verachten

Bruno Verachten

Bruno is a father of two, husband of one, geek in denial, beekeeper, permie and a Developer Relations for the Jenkins project. He’s been tinkering with continuous integration and continuous deployment since 2013, with various products/tools/platforms (Gitlab CI, Circle CI, Travis CI, Shippable, Github Actions, …​), mostly for mobile and embedded development.
He’s passionate about embedded platforms, the ARM&RISC-V ecosystems, and Edge Computing. His main goal is to add FOSS projects and platforms to the ARM&RISC-V architectures, so that they become as boring as X86_64.
He is also the creator of miniJen, the smallest multi-cpu architectures Jenkins instance known to mankind.

Wadeck Follonier

Wadeck Follonier

Wadeck is the Jenkins security officer, leading the security team in improving Jenkins security. He likes to provide solutions that are both useful and easy to use.

Kevin Martens

Kevin Martens

Kevin Martens is part of the CloudBees Documentation team, helping with Jenkins documentation creation and maintenance.