Back to blog

Jenkins January 2023 Newsletter

Alyssa Tong
Alyssa Tong
Kevin Martens
Kevin Martens
February 07, 2023

Jenkins January Newsletter

Highlights

  • Jenkins in GSoC planning is in full steam ahead.

  • General availability of new development tools on ci.jenkins.io: Maven, JDK, Playwright.

  • 98 pull requests were merged from 38 different authors in January.

  • Jenkins 2.375.2 released January 11, 2023. Over 350 positive ratings.

  • A sandbox bypass vulnerability was corrected among 37 other vulnerabilities. The security team recommends users to upgrade.

  • Debian 12 (“bookworm”) will not deliver OpenJDK 11

Outreach and advocacy Update

Contributed by: Alyssa Tong

Infrastructure Update

Contributed by: Damien Duportal

  • Bumped our controllers to LTS 2.375.2

  • General availability of new development tools on ci.jenkins.io:

    • Maven 3.8.7

    • JDK 8u362-b09

    • JDK 11.0.18+10

    • JDK 17.0.6+10

    • JDK 19.0.2+7

    • Playwright (headless web-browser testing)

  • Started to decrease download bandwidth from JFrog (repo.jenkins-ci.org) to our infrastructure by enabling artifact caching for plugins builds on ci.jenkins.io.

    • A lot of “under-the-hood” network and performances related work.

  • Cleaned up deprecated plugins from all of our controllers (momentjs, jquery bundle and ace-editor bundle).

Documentation Update Contributed by: Kevin Martens

During the month of January, 98 pull requests were merged from 38 different authors. We are also preparing for the 2023 edition of Google Summer of Code, by encouraging folks to share ideas or join as mentors. We published one blog post, which was the 2022 recap and contained tons of highlights for the last year of the Jenkins project. Thanks to all of the new and returning contributors for their hard work already in the new year, and the continued efforts that are bound to happen.

Governance Update

Contributed by: Mark Waite

Jenkins 2.375.2 released January 11, 2023. Over 350 positive ratings with only 1 issue reported to have required a rollback for 4 users.

The nine most recent Jenkins weekly releases (2.381 - 2.389) have received positive ratings as well, with 40-50 positive ratings and only 1 reported rollback in each of those 9 weekly releases.

Thanks to everyone that has done such great work on Jenkins core and its recent releases.

Platform Modernization Update

Contributed by: Bruno Verachten

  • Docker images

    • New platforms:

      • UBI9 with JDK17 proposed and maintained by Oliver Gondza from RedHat, who’s also maintainer of the UBI8 container image.

      • Zombie images fixed. Hurray!

      • Java updates were deployed to infra and container images (except for Windows containers):

        • 8u362

        • 11.0.18

        • 17.0.6

        • 19.0.2

  • Debian 12 (“bookworm”) will not deliver OpenJDK 11.

    • The end of life date for Debian’s openJDK11 won’t happen until 2026 or 2027.

    • There is no urge to drop jdk11 support for Jenkins.

    • We will change the documentation nonetheless when it goes out, so that we describe the use of Jenkins with openJDK17.

  • JDK Support for Jenkins

    • Jenkins' enhancement proposal for required JDK11 is final! Congrats.

User Experience Update

Contributed by: Mark Waite

The Jenkins user experience continues to improve. Recent weekly releases have included hiding of potentially sensitive values in system properties and in environment variables, navigation improvements with more breadcrumb entries, changes to the plugin manager, and internal updates to various libraries.

Security Update

Contributed by: Wadeck Follonier

A sandbox bypass vulnerability was corrected and announced in the January security advisory among 37 others vulnerabilities. The security team recommends users to upgrade.

The security team continues to improve the tooling and automation to increase the security of the project. We are pleased to have added support for plugin developers to suppress findings coming from our custom CodeQL rules. See the message in the mailing list.

About the authors

Alyssa Tong

Alyssa Tong

Member of the Jenkins Advocacy and Outreach SIG. Alyssa drives and manages Jenkins participation in community events and conferences like FOSDEM, SCaLE, cdCON, and KubeCon. She is also responsible for Marketing & Community Programs at CloudBees, Inc.

Kevin Martens

Kevin Martens

Kevin Martens is part of the CloudBees Documentation team, helping with Jenkins documentation creation and maintenance.