Merge branch 'master' into fix/jenkins-core-cleanup-and-sync

Author: shbhmexe

.github/PULL_REQUEST_TEMPLATE.md

@@ -24,6 +24,16 @@ For frontend changes, include screenshots of the relevant page(s) before and aft
 For refactoring and code cleanup changes, exercise the code before and after the change and verify the behavior remains the same.
 -->
 
+### Screenshots (UI changes only)
+
+<!--
+If your change involves a UI change, please include screenshots showing the before and after states.
+-->
+
+#### Before
+
+#### After
+
 ### Proposed changelog entries
 
 - human-readable text

.github/workflows/changelog.yml

@@ -35,7 +35,7 @@ jobs:
         env:
           GITHUB_AUTH: github-actions:${{ secrets.GITHUB_TOKEN }}
       - name: Upload Changelog YAML
-        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+        uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
         with:
           name: changelog.yaml
           path: changelog.yaml
@@ -44,15 +44,15 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository_owner == 'jenkinsci'
     steps:
-      - uses: actions/create-github-app-token@7e473efe3cb98aa54f8d4bac15400b15fad77d94 # v2.2.0
+      - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1
         id: generate-token
         with:
           app-id: ${{ secrets.JENKINS_CHANGELOG_UPDATER_APP_ID }}
           private-key: ${{ secrets.JENKINS_CHANGELOG_UPDATER_PRIVATE_KEY }}
           owner: jenkins-infra
           repositories: jenkins.io
       - name: Check out
-        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Publish jenkins.io changelog draft

.github/workflows/publish-release-artifact.yml

@@ -16,9 +16,9 @@ jobs:
       is-lts: ${{ steps.set-version.outputs.is-lts }}
       is-rc: ${{ steps.set-version.outputs.is-rc }}
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Set up JDK 21
-        uses: actions/setup-java@4e7e684fbb6e33f88ecb2cf1e6b3797739cf499b #v 5.0.0
+        uses: actions/setup-java@f2beeb24e141e01a676f977032f5a29d81c9e27e #v 5.0.0
         with:
           distribution: "temurin"
           java-version: 21

.github/workflows/run-since-updater.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ github.repository_owner == 'jenkinsci' }}
     steps:
-      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Run update-since-todo.py
@@ -29,7 +29,7 @@ jobs:
         id: run_script
         shell: bash
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v7.0.9
+        uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8.0.0
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           commit-message: Fill in since annotations

.gitpod/Dockerfile

@@ -1,6 +1,6 @@
 FROM gitpod/workspace-full:latest
 ARG JAVA_VERSION=21.0.6-tem
-ARG MAVEN_VERSION=3.9.11
+ARG MAVEN_VERSION=3.9.12
 # Install Java 21, Maven and GitHub CLI
 RUN bash -c ". /home/gitpod/.sdkman/bin/sdkman-init.sh && \
     sdk install java ${JAVA_VERSION} && \

ath.sh

@@ -6,7 +6,7 @@ set -o xtrace
 cd "$(dirname "$0")"
 
 # https://github.com/jenkinsci/acceptance-test-harness/releases
-export ATH_VERSION=6464.vf87c7908f638
+export ATH_VERSION=6483.vecb_7d34edb_75
 
 if [[ $# -eq 0 ]]; then
 	export JDK=21

bom/pom.xml

@@ -41,7 +41,7 @@ THE SOFTWARE.
     <commons-fileupload2.version>2.0.0-M4</commons-fileupload2.version>
     <groovy.version>2.4.21</groovy.version>
     <jelly.version>1.1-jenkins-20250731</jelly.version>
-    <stapler.version>2050.v425108fd5089</stapler.version>
+    <stapler.version>2061.v3949245133a_f</stapler.version>
   </properties>
 
   <dependencyManagement>
@@ -63,7 +63,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-framework-bom</artifactId>
-        <version>6.2.14</version>
+        <version>6.2.15</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -119,7 +119,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>commons-io</groupId>
         <artifactId>commons-io</artifactId>
-        <version>2.20.0</version>
+        <version>2.21.0</version>
       </dependency>
       <dependency>
         <groupId>commons-lang</groupId>
@@ -326,7 +326,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.ow2.asm</groupId>
         <artifactId>asm</artifactId>
-        <version>9.9</version>
+        <version>9.9.1</version>
       </dependency>
       <dependency>
         <!-- provided by jcl-over-slf4j -->

cli/pom.xml

@@ -53,7 +53,7 @@
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcprov-jdk18on</artifactId>
-      <version>1.82</version>
+      <version>1.83</version>
       <optional>true</optional>
     </dependency>
     <dependency>

cli/src/main/java/hudson/cli/PlainCLIProtocol.java

@@ -153,15 +153,14 @@ public void run() {
                 }
             } catch (ClosedChannelException x) {
                 LOGGER.log(Level.FINE, null, x);
-                side.handleClose();
             } catch (IOException x) {
                 LOGGER.log(Level.WARNING, null, flightRecorder.analyzeCrash(x, "broken stream"));
             } catch (ReadPendingException x) {
                 // in case trick in CLIAction does not work
                 LOGGER.log(Level.FINE, null, x);
-                side.handleClose();
             } catch (RuntimeException x) {
                 LOGGER.log(Level.WARNING, null, x);
+            } finally {
                 side.handleClose();
             }
         }

core/src/main/java/hudson/Functions.java

@@ -203,6 +203,12 @@ public class Functions {
     private static final AtomicLong iota = new AtomicLong();
     private static Logger LOGGER = Logger.getLogger(Functions.class.getName());
 
+    /**
+     * Escape hatch to use the non-recursive f:password masking.
+     */
+    private static /* non-final */ boolean NON_RECURSIVE_PASSWORD_MASKING_PERMISSION_CHECK = SystemProperties.getBoolean(Functions.class.getName() + ".nonRecursivePasswordMaskingPermissionCheck");
+
+
     public Functions() {
     }
 
@@ -2252,13 +2258,38 @@ public String getPasswordValue(Object o) {
         StaplerRequest2 req = Stapler.getCurrentRequest2();
         if (o instanceof Secret || Secret.BLANK_NONSECRET_PASSWORD_FIELDS_WITHOUT_ITEM_CONFIGURE) {
             if (req != null) {
-                Item item = req.findAncestorObject(Item.class);
-                if (item != null && !item.hasPermission(Item.CONFIGURE)) {
-                    return "********";
-                }
-                Computer computer = req.findAncestorObject(Computer.class);
-                if (computer != null && !computer.hasPermission(Computer.CONFIGURE)) {
-                    return "********";
+                if (NON_RECURSIVE_PASSWORD_MASKING_PERMISSION_CHECK) {
+                    Item item = req.findAncestorObject(Item.class);
+                    if (item != null && !item.hasPermission(Item.CONFIGURE)) {
+                        return "********";
+                    }
+                    Computer computer = req.findAncestorObject(Computer.class);
+                    if (computer != null && !computer.hasPermission(Computer.CONFIGURE)) {
+                        return "********";
+                    }
+                } else {
+                    List<Ancestor> ancestors = req.getAncestors();
+                    for (Ancestor ancestor : Iterators.reverse(ancestors)) {
+                        Object type = ancestor.getObject();
+                        if (type instanceof Item item) {
+                            if (!item.hasPermission(Item.CONFIGURE)) {
+                                return "********";
+                            }
+                            break;
+                        }
+                        if (type instanceof Computer computer) {
+                            if (!computer.hasPermission(Computer.CONFIGURE)) {
+                                return "********";
+                            }
+                            break;
+                        }
+                        if (type instanceof View view) {
+                            if (!view.hasPermission(View.CONFIGURE)) {
+                                return "********";
+                            }
+                            break;
+                        }
+                    }
                 }
             }
         }