Jenkins October 2023 Newsletter
Key Takeaways
-
JDK21 is available on the infrastructure and in official Docker images too.
-
💥Breaking change: set Java 17 as default for LTS.
-
Prototype has been removed as of weekly 2.426
Contributed by: Wadeck Follonier
-
Core security advisory published on October 18
-
Includes an essential Jetty update that provided multiple fixes.
-
Plugin security advisory published on October 25
-
Multiple high score vulnerabilities in various plugins
-
During Hacktoberfest, the Content Security Policy topic got some attention with several PRs being proposed.
-
For more information, refer to the related ticket.
-
Contributed by: Mark Waite
The 2 + 2 + 2 Java support plan has been announced as the Jenkins project approach to support Java versions now and in the future. We plan to generally support two Java LTS releases at any one time, with a transition period over the next 2 years.
Java 21 support by the Jenkins project is looking very, very good. Jenkins 2.426.1 is scheduled to be released Nov 15, 2023 with full support for Java 21. Read more about the Java support plan in the recent blog post from Basil Crow. Thanks to Basil Crow, Bruno Verachten, Alexander Brandes, Mark Waite, and many others for their efforts to bring Java 21 support to Jenkins users.
Jenkins 2.426.1 will also be the first LTS release that removes Prototype.js. Jenkins 2.426 weekly removed Prototype.js after 6 months of work across over 50 plugins. Sincere thanks to Tim Jacomb, Basil Crow, and many others for finishing the project that was first announced in May 2023.
57 Jenkins contributors are registered to vote in the Jenkins elections. Thanks for your involvement in Jenkins and for your interest in assuring that the project has the leadership it needs.
Contributed by: Damien Duportal
-
Stabilization of the plugins.jenkins.io website (JDK upgrade to avoid OOM kills due to cgroupsv2, decrease resource usage)
-
General availability on ci.jenkins.io of:
-
JDK21 21.0.1 (GA) - except for s390x
-
Maven 3.9.5
-
JDK8, 11 and 17 quarterly updates
-
-
Jenkins & plugins:
-
Jenkins LTS 2.414.3 (less than 6 hours after publication)
-
Plugin advisory (less than 2 hours after publication)
-
-
Costs and safety:
-
All of our Terraform states were migrated from AWS to Azure.
-
Kept our Azure bill at $7.5k
-
-
JDK19 removed from the platform
-
ARM64 migration:
-
5 new services migrated (total of 12)
-
Ingress (nginx), datadog and cert-manager migrated
-
Contributed by: Mark Waite
The Jenkins user experience continues to improve thanks to the efforts of contributors from many different areas. Special thanks are due this month to Tim Jacomb (Prototype.js removed from Jenkins core), Mustafa Ulu (consistency improvement and Turkish localization), Daniel Beck (form validation fixes and boolean build parameter display fixes), Markus Winter (nested page elements fixes), Julien Greffe (French localization improvements), and Vincent Latombe (allow cloud reordering).
Notes and video from the monthly user experience SIG meeting are available for review.
Contributed by: Bruno Verachten
-
Latest Java releases - progress with installation and Jenkins development
-
Oct 18, 2023 Oracle patch day
-
Java 11.0.21
-
Java 17.0.9
-
Java 21.0.1
-
-
-
Java 21 support
-
Jenkins enhancement proposal by Mark Waite is progressing nicely
-
Progress testing the top plugins with Java 21
-
36 are now tested with Java 21 (Jenkinsfile modified)
-
90 are known to work with Java 21
-
13 don’t work yet with Java 21 (too outdated, using gradle, not in jenkinsci organization)
-
-
In infra, finished the transition to official JDK 21.0+35.
-
All agents and controllers now supply a JDK21 or JDK21 preview Docker image.
-
-
Java 17 is now the default Java version used in the Docker images, even for the LTS:
-
If you don’t use a tag specifying the JDK version like 2.429-jdk11 but shorter tags like 2.429, you will end up with an image using JDK17 and not JDK11 anymore.
-
Contributed by: Kevin Martens
There were only three blog posts during October, including the September newsletter. However, the two non-newsletter posts provide great information. The Plugin Health Scoring blog post, from Adrien Lecharpentier, announces and shares insight into the plugin health scoring system, and what that score means for a plugin. The guide to update Jenkins, from new author Marc Phillips, provides instructions on how to update Jenkins and what his process looks like.
Additionally, we received several documentation updates from new Jenkins contributors. While these may not have been huge changes, the effort and work done by new community members is always appreciated. Thanks to everyone who contributed during October and Hacktoberfest!
Contributed by: Alyssa Tong
Hacktoberfest has reached a successful end. More than 60 additional people have contributed to Jenkins during the month of October than in the previous month. Thanks to DigitalOcean for their sponsorship of open source through Hacktoberfest.