CloudBees, Inc.

Jenkins OSS LTS 1.480.3

New Features

Minor

1.480.3 plugin POM published and so available as a baseline for plugins.

Resolved issues

Major Security advisory

Various security fixes (SECURITY-13/16/46/47/55/59/60/61); see advisory for details.

Major

SECURITY-54 (not exactly a security vulnerability but in response to the earlier fix of SECURITY-49): rather than forcing administrators to use their personal credentials (API token) to launch JNLP slaves installed as a service (and manually edit the slave configuration to effect this), slave service installers (for Windows, Mac OS X, and Linux) now store a secret tied to the slave rather than a user. Existing slave services will need to be recreated to take advantage of this feature.

Major JENKINS-16474

Slow/hung web UI in 1.483+ (stuck in parseURI)

Major JENKINS-16215

Avoid unnecessary downloads in FilePath.installIfNecessaryFrom

Major JENKINS-16342

People page very slow when using Gravatar plugin, especially when also using older Subversion plugin.

Major JENKINS-16319

Failure to delete old config files during rekeying on Windows (introduced in SECURITY-49 fix).

Major JENKINS-6604

Possible race condition in RemoteClassLoader renders slave unusable

Major JENKINS-16278

"Remember me on this computer" does not work, cookie is not accepted in new session. (Regression from SECURITY-49 fix.)

Major JENKINS-16397

Earlier attempted fix for poor rendering performance of People page was ineffective.

Major JENKINS-16244

Unconditionally displaying People link in side panel, since checking whether the result would be nonempty was much too expensive to do here.

Major JENKINS-13536

Using file parameters could cause build records to not load. Solves the issue for newly created builds. Does not help loading pre-fix builds in which the upload temp file has been deleted; for these, you must manually delete <file class="org.apache.commons.fileupload.disk.DiskFileItem" serialization="custom">…</file> from the build.xml.

Major JENKINS-16468

Lock contention in executor queue

Major JENKINS-16069

Combobox component broken since 1.480

Minor

Fixed a potential issue with render-on-demand HTML fragments.

Minor JENKINS-15466

Diagnostics, though not a fix, for JNA-related error on Windows.

Minor JENKINS-16341

Partial amelioration of a memory leak.

Minor JENKINS-9679

NoClassDefFoundError on Base64 when launching an headless slave with -jnlpCredentials option, newly necessary as of SECURITY-49 in previous LTS. Less important with the fix of SECURITY-54 since that obsoletes this option.

Minor JENKINS-16273

Corrected instructions for passing -jnlpCredentials, relevant after SECURITY-49 fix.

Known issues

None