lts.yml

# DO NOT EDIT THIS FILE DIRECTLY
# ALL CHANGES MUST GO THROUGH PULL REQUESTS
# MALFORMED FILE CONTENTS WILL BREAK THE SITE BUILD

- version: "2.32.1"
  date: 2016-12-24
  lts_predecessor: "2.19.4"
  lts_baseline: "2.32"
  lts_changes:
    - type: major rfe
      message: >
        Upgrade Remoting to version 3.1 with <a href="https://github.com/jenkinsci/remoting/blob/master/docs/protocols.md#jnlp4-connect">JNLP4-connect protocol</a>.
        <a href="https://github.com/jenkinsci/remoting/blob/master/docs/remoting-3-compatibility.md">Compatibility notes are available here</a>.
        Notably, it is no longer possible to use JDK 6 for the Maven project type, as communication with the Maven process uses Remoting, and it now requires Java 7.
      references:
        - issue: 37564
        - issue: 36871
        - issue: 37565
    - type: major rfe
      message: Show notification with popup on most pages when administrative monitors are active.
      issue: 38391
    - type: rfe
      message: Allow disabling/enabling administrative monitors on Configure Jenkins form.
      issue: 38301
    - type: rfe
      message: Ask for confirmation before canceling/aborting runs.
      issue: 30565
    - type: rfe
      message: Prompt user whether to add the job to the current view.
      issue: 19142
    - type: rfe
      message: >
        Allow <code>CommandInterpreter</code> build steps to set a build result as <em>Unstable</em> via the return code.
        Shell and Batch build steps now support this feature.
      issue: 23786
    - type: rfe
      message: >
        Internal: Upgrade Stapler library from 1.243 to 1.246 with fixes required for the Blue Ocean project.
        Changes are listed <a href="https://github.com/stapler/stapler/compare/stapler-parent-1.243...stapler-parent-1.246">here</a>.
      pull: 2593
  changes:
    - type: major bug
      message: >
        Prevent early deallocation of process references by Garbage Collector when starting a remote process.
        It was sometimes causing build failures with messages like <code>FATAL: Invalid object ID 184 iuota=187</code> and <code>java.lang.Exception: Object was recently deallocated</code>.
      issue: 23271
    - type: bug
      message: Redirect to login page in the case of authorisation error when checking connectivity to the Update Center.
      issue: 39741
    - type: bug
      message: >
        WinP 1.24: Native class now tries loading DLLs from the temporary location.
      issue: 20913
    - type: bug
      message: >
        WinP 1.24: WinP sometimes kills wrong processes when using <code>killRecursive()</code>.
        It was likely impacting process termination on Windows agents and sometimes leading to BSoD.
      issue: 24453
- version: "2.32.2"
  date: 2017-02-01
  changes:
    - type: security
      message: Important security fixes.
      references:
        - url: /security/advisory/2017-02-01/
          title: security advisory
    - type: major rfe
      message: Support displaying of warnings from the update site in the plugin manager and in administrative monitors.
      references:
        - issue: 40494
        - url: /blog/2017/01/10/security-warnings/
          title: announcement blog post
    - type: bug
      message: Correctly state that Jenkins will refuse to load plugins whose dependencies are not satisfied in plugin manager.
      issue: 40666
    - type: bug
      message: The <tt>install-plugin</tt> CLI command now correctly installs plugins when multiple file arguments are specified.
      issue: 32358
    - type: bug
      message: >
        Prevent the <code>ClassNotFoundException: javax.servlet.ServletException</code> error when invoking shell tasks on remote agents.
      issue: 40863
    - type: bug
      message: Properties were not passed to Maven command by Maven build step when the <em>Inject Build Variables</em> flag was not set.
      issue: 39268
    - type: bug
      message: Job configuration submission now does not fail when there is no parameters property.
      issue: 39700
    - type: bug
      message: Update Remoting to 3.4 in order to properly terminate the channel in the case <code>Errors</code> and <code>Exception</code>s.
      issue: 39835
    - type: bug
      message: <em>Check for Updates</em> button in the Plugin Manager was hidden in the <em>Updates</em> tab when there was no plugins updates available.
      issue: 39971
    - type: bug
      message: >
        SSHD Module: Handshake was failing (wrong shared secret) 1 out of 256 times due to <a href="https://issues.apache.org/jira/browse/SSHD-330">SSHD-330</a>.
      issue: 40362
    - type: bug
      message: >
        Performance: Use bulk change when submitting Job configurations to minimize the number of sequential <code>config.xml</code> write operations.
      issue: 40435
    - type: bug
      message: Jobs were hanging during process termination on the Solaris 11 Intel platform, regression in 2.20.
      issue: 40470
    - type: bug
      message: Restore option value for setting build result to unstable when loading shell and batch build steps from disk.
      issue: 40894
    - type: rfe
      message: >
        Update to Winstone 3.2 to support ad-hoc certificate generation on Java 8 (using unsupported APIs).
        <strong>This option is deprecated and will be removed in a future release.</strong>
        We strongly recommend you create self-signed certificates yourself and use <tt>--httpsKeyStore</tt> and related options instead.
      issue: 25333
- version: "2.32.3"
  date: 2017-03-01
  changes:
    - type: bug
      message: >
        Display an informative message, rather than a Groovy exception, when <code>View#getItems</code> fails.
      issue: 41825
      pull: 2739
    - type: bug
      message: Don't try to set Agent Port when it is enforced, breaking form submission.
      issue: 41511
      pull: 2726
    - type: bug
      message: Don't add all group names as HTTP headers on "access denied" pages, possibly breaking reverse proxies due to very large headers.
      issue: 39402
      pull: 2727
    - type: bug
      message: Fix handling of the <tt>POST</tt> flag in <code>ManagementLink</code>s within the Manage Jenkins page.
      issue: 38175
      pull: 2692
    - type: bug
      message: <code>IllegalStateException</code> from Winstone when making certain requests with access logging enabled.
      issue: 37625
      pull: 2721
    - type: bug
      message: Do not fail to write a log file just because something deleted the parent directory.
      issue: 16634
      pull: 2738
- version: "2.46.1"
  date: 2017-03-29
  lts_predecessor: "2.32.3"
  lts_baseline: "2.46"
  lts_changes:
    - type: rfe
      message: >
        Update the <a href="https://github.com/jenkinsci/sshd-module">SSHD module</a> from 1.7 to 1.8.
        The change disables obsolete Ciphers: AES128CBC, TripleDESCBC, and BlowfishCBC.
    - type: rfe
      message: Enable the JNLP4 agent protocol by default.
      references:
        - issue: 40886
        - url: https://github.com/jenkinsci/remoting/blob/master/docs/protocols.md#jnlp4-connect
          title: upgrade notes
    - type: rfe
      message: >
        Allow defining agent ping interval and ping timeout in seconds. It can be done via the
        <code>hudson.slaves.ChannelPinger.pingIntervalSeconds</code> and
        <code>hudson.slaves.ChannelPinger.pingTimeoutSeconds</code>
        system properties.
      issue: 28245
    - type: rfe
      message: Print stack traces in logical order, with the most important part on top.
      pull: 1485
    - type: rfe
      message: Reduce size of Jenkins WAR file by not storing identical copies of <code>remoting.jar</code>/<code>slave.jar</code> there.
      pull: 2633
    - type: rfe
      message: Do not print warnings about undefined parameters when <code>hudson.model.ParametersAction.keepUndefinedParameters</code> property is set to <code>false</code>.
      pull: 2687
    - type: rfe
      message: Increase the <code>JENKINS_HOME</code> disk space threshold from 1 GB to 10 GB left. The warning will be shown only if more than 90% of the disk is utilized.
      issue: 40749
    - type: bug
      message: Delete obsolete pinning UI.
      issue: 34065
    - type: bug
      message: Use project-specific validation URL for SCM Trigger, so <code>H</code> is handled correctly in preview.
      issue: 26977
    - type: bug
      message: Failure to serialize a single <code>Action</code> could cause an entire REST export response to fail. Upgraded to Stapler 1.250 with a fix.
      issue: 40088
    - type: bug
      message: Add Usage Statistics section to the global configuration to make it easier to find.
      issue: 32938
    - type: bug
      message: Allow <tt>groovy</tt> CLI command via SSH CLI.
      issue: 41765

  changes:
    - type: bug
      message: >
        Prevent file descriptor leaks when Windows Service installer fails to read data from the service startup log.
      issue: 42670
      pull: 2793
    - type: bug
      message: >
        Update Remoting from 3.5 to 3.7
        in order to prevent file descriptor leaks on agents in the case of multiple connection attempts.
      references:
        - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#37
          title: full changelog
      issue: 42371
      pull: 2773
    - type: bug
      message: Exceptions during Jenkins cleanup step should not block restart.
      issue: 42164
    - type: bug
      message: Cryptic error message when loading JnlpSlaveAgentProtocol4.
      issue: 41987
    - type: bug
      message: >
        Developer: Snapshot builds of plugins that had dependencies on other snapshot builds were not having their version numbers compared correctly.
      issue: 41899
    - type: bug
      message: Do not attempt to find the next occurrence of an impossible date such as June 31st in validation of trigger schedules.
      issue: 41864
      pull: 2759
    - type: bug
      message: >
        Remoting 3.5: Stability improvements.
      references:
        - issue: 41513
        - issue: 41852
    - type: bug
      message: Remove invalid translations in Slovene.
      issue: 41756
      pull: 2767
    - type: rfe
      message: >
        Remoting 3.5: Add option to specify the Remoting protocol to use on the client.
      issue: 41730
    - type: bug
      message: Use of the remote API to create items in views (<tt>/view/…/createItem</tt>) didn't actually add items to views since Jenkins 2.22.
      issue: 41128
      pull: 2760
    - type: bug
      message: >
        Remoting 3.5: Remoting clients now accept lowercase (HTTP 2) headers sent by reverse proxies.
      issue: 40710
    - type: bug
      message: Windows service restart did not retain build queue.
      issue: 32820
- version: "2.46.2"
  date: 2017-04-26
  changes:
    - type: security
      message: Important security fixes.
      references:
        - url: /security/advisory/2017-04-26/
          title: security advisory
    - type: major rfe
      message: >
        Non-Remoting-based CLI.
      references:
        - issue: 41745
        - pull: 2795
        - url: /blog/2017/04/11/new-cli/
          title: announcement blog post
    - type: rfe
      message: >
        Disable SSH server by default.
      issue: 33595
    - type: bug
      message: <code>Computer#addAction</code> would throw an <code>UnsupportedOperationException</code> since Jenkins 2.30. Such a call site was released in SSH Build Agents Plugin 1.15 for SECURITY-161.
      references:
        - issue: 42969
        - url: /security/advisory/2017-03-20/
          title: security advisory including SECURITY-161
      pull: 2819
    - type: bug
      message: Search results page did not correctly encode query parameters.
      issue: 42390
      pull: 2781
    - type: bug
      message: >
        When validating a cron expression, consider the specified time zone.
      pull: 2824
      issue: 43228
    - type: bug
      message: >
        Do not display a warning when an SCM trigger has no schedules (either to disable SCM post-commit hooks, or to enable them without polling).
      issue: 42194
      pull: 2758
    - type: bug
      message: Fix performance issue in deduplication of lists of tool installers.
      issue: 42141
      pull: 2752
- version: "2.46.3"
  date: 2017-05-25
  changes:
    - type: bug
      message: >
        If an exception is thrown while rendering an HTTP response, just log the stack trace on the server side, without trying to send an error page to the client.
      issue: 21695
      pull: 2834
    - type: bug
      message: >
        Setup wizard gets into bad state when failures like network issues happen.
      issue: 41778
      pull: 2825
    - type: bug
      message: >
        Catch and log <code>RuntimeException</code> in <code>Computer#setNode()</code> when updating the Computer list.
      issue: 42043
      pull: 2836
    - type: bug
      message: >
        Fix <tt>AccessDeniedException</tt> in "Build after other projects are built" when user has Discover permission but not Read.
      issue: 42707
      pull: 2846
    - type: bug
      message: >
        Prevent <code>NullPointerException</code> when a non-existent default view is specified in <em>Configure System</em>.
      issue: 42717
      pull: 2815
    - type: bug
      message: >
        Properly handle saving system configuration when disabling all, or all but one, administrative monitors.
      issue: 42852
      pull: 2828
    - type: bug
      message: >
        Remove links in stack traces to the <tt>stacktrace.jenkins-ci.org</tt> service that has been shut down.
      issue: 42861
      pull: 2811
    - type: bug
      message: >
        Ensure that <code>Cloud.PROVISION</code> is properly initialized during the configuration loading.
      issue: 43279
      pull: 2835
    - type: rfe
      message: >
        Migrate legacy users only once per restart to improve performance of the user retrieval logic.
      pull: 2862
      issue: 43936
    - type: bug
      message: Prevent rare <code>NullPointerException</code> if an admin user is created in the setup wizard after first disabling CSRF protection.
      pull: 2868
      issue: 44010

- version: "2.60.1"
  date: 2017-06-21
  lts_predecessor: "2.46.3"
  lts_baseline: "2.60"
  banner: >
    <strong>2.60.1 is the first Jenkins LTS release that requires Java 8 to run.</strong>
    If you're using the Maven Project type, please note that it needs to use a JDK capable of running Jenkins, i.e. JDK 8 or up.
    If you configure an older JDK in a Maven Project, Jenkins will attempt to find a newer JDK and use that automatically.
    If your SSH Build Agents fail to start and you have the plugin install the JRE to run them, make sure to update SSH Build Agents Plugin to at least version 1.17 (1.20 recommended).
  lts_changes:
    - type: major rfe
      message: >
        <strong>Jenkins (controller and agents) now requires Java 8 to run.</strong>
      references:
        - issue: 27624
        - issue: 42709
        - pull: 2802
        - url: /blog/2017/04/10/jenkins-has-upgraded-to-java-8/
          title: announcement blog post
    - type: bug
      message: >
        Update Groovy to 2.4.8 to address memory leak issue.
        <strong><em>Pipeline: Groovy</em> needs to be upgraded to 2.28 or higher to prevent regressions.</strong>
      references:
        - issue: 33358
        - issue: 42189


    # WINDOWS SERVICES START
    - type: major rfe
      message: >
        Upgrade the Windows Agent Installer module from 1.6 to 1.7.
        This change picks major updates in Windows service management logic.
      references:
        - url: https://github.com/jenkinsci/windows-slave-installer-module/blob/master/CHANGELOG.md#17
          title: full changelog
        - url: https://github.com/jenkinsci/windows-slave-installer-module#upgrading-old-agents
          title: guide to upgrading old Windows service agents
      pull: 2765
    - type: major rfe
      message: >
        Windows services:
        Upgrade the bundled <a href="https://github.com/kohsuke/winsw">Windows Service Wrapper</a> from 1.18 to 2.0.2.
      references:
        - url: https://github.com/kohsuke/winsw/blob/master/CHANGELOG.md
          title: full changelog
      pull: 2765
    - type: rfe
      message: >
        Windows services:
        Enable <a href="https://github.com/kohsuke/winsw/blob/master/doc/extensions/runawayProcessKiller.md">Runaway Process Killer</a>
        by default in new agent and controller installations.
      issue: 39231
      pull: 2765
    - type: rfe
      message: >
        Windows services:
        Enable auto-upgrade of Remoting on newly installed agents if they are connected by HTTPS.
      issue: 39237
      pull: 2765
    - type: rfe
      message: >
        Windows services:
        Add support of shared directories mapping in Windows agent services.
      references:
        - url: https://github.com/kohsuke/winsw/blob/master/doc/extensions/sharedDirectoryMapper.md
          title: Shared Directory Mapper documentation
      issue: 23487
      pull: 2765
    - type: bug
      message: >
        Windows services:
        Integrate various stability and performance fixes in <a href="https://github.com/kohsuke/winsw">Windows Service Wrapper</a>
        from 1.18 to 2.0.2.
        There are many fixes around configuration options and process termination.
      pull: 2765
      references:
        - url: https://github.com/kohsuke/winsw/blob/master/CHANGELOG.md
          title: full changelog
    # WINDOWS SERVICES END

    # PACKAGING START
    - type: bug
      message: >
        Packaging:
        Do not invoke recursive <code>chown</code> in <code>JENKINS_HOME</code> during the RPM post-install step unless owned by a different user.
      issue: 23273
    # PACKAGING END

    # SEARCH START
    - type: rfe
      message: >
        Use case-insensitive search by default for new and anonymous users.
      pull: 2801
      issue: 42645
    - type: rfe
      message: >
        Searching in the Build History widget takes into account user preferences (case sensitivity by default).
      pull: 2683
    - type: rfe
      message: >
        Allow searching by build parameter values in the Build History widget.
      issue: 40718
      pull: 2683
    # SEARCH END


    - type: rfe
      message: >
        Update the Trilead SSH library to get support of new Mac, Key, and Key Exchange Algorithms.
      references:
        - issue: 33021
        - issue: 26379
        - issue: 31549
        - issue: 42959
        - issue: 43979
        - issue: 44046
      pull: 2848
      # Included issue reference to followup fix in pull 2872
    - type: rfe
      message: >
        When creating temporary files, use the <code>jenkins</code> prefix instead of the old <code>hudson</code> one.
      pull: 2778


    # LOCALIZATIONS START
    - type: rfe
      message: Update German, French and Russian localizations.
      references:
        - pull: 2777
        - pull: 2787
        - pull: 2798
    - type: rfe
      message: >
        Removed localizations with very low coverage: Albanian, Basque, Belarusian, Bengali, Esperanto, Galician, Georgian, Gujarati, Hindi, Icelandic, Indonesian, Irish, Kannada, Macedonian, Marathi, Mongolian, Occitan, Punjabi, Sinhala, Tamil, Telugu, Thai.
      pull: 2813
    # LOCALIZATIONS END

    - type: rfe
      message: >
        Internal API:
        Add the ability for <code>ItemListener</code> to veto copy operations;
        make <code>Run#compareTo</code> work across jobs;
        save <code>Jenkins</code> after calling <code>setSecurityRealm</code> or <code>setAuthorizationStrategy</code>.
      references:
        - issue: 34691
        - issue: 42319
        - pull: 2762
        - pull: 2782
        - pull: 2790
        - pull: 2805
  changes:
    - type: bug
      message: >
        Fix for <code>NullPointerException</code> while initiating some SSH connections. (regression in 2.59)
      issue: 44120
      pull: 2888
- version: "2.60.2"
  date: 2017-07-19
  changes:
    - type: rfe
      message: >
        Allow overriding the Jenkins session ID suffix so it doesn't change on every restart, possibly resulting in too many cookies.
      pull: 2917
      references:
        - url: https://github.com/jenkinsci/extras-executable-war#jetty-session-ids
          title: how to set session ID
        - issue: 25046
        - issue: 44894
    - type: bug
      message: >
        Add documentation for time zone specification for cron patterns (e.g. SCM polling).
      issue: 9283
      pull: 2927
    - type: bug
      message: >
        Do not submit form when pressing <kbd>Enter</kbd> in the plugin manager's filter field.
      pull: 2902
      issue: 44523
    - type: bug
      message: >
        Jenkins failed to perform some cleanup tasks, including saving the build queue, if stopped via REST <tt>/exit</tt>,
        CLI <tt>shutdown</tt>, or when restarting from <em>Install as Windows Service</em>.
      pull: 2908
      issue: 44589
    - type: bug
      message: >
        Don't check whether disabled administrative monitors are active or not on the <em>Manage Jenkins</em> page.
      issue: 44608
      pull: 2909
    - type: bug
      message: >
        When starting the <code>jenkins.war</code> directly, properly check for Java 8 as minimum instead of Java 7 before proceeding.
      issue: 44764
      pull: 2917
    - type: bug
      message: >
        Prevent <code>NullPointerException</code> when calling <code>restart</code> CLI command. (regression in 2.57)
      issue: 44769
      pull: 2912
    - type: bug
      message: >
        Prevent possible <code>NullPointerException</code> when listing remote directories using the <code>FilePath#list()</code> and <code>FilePath#listDirectories()</code> APIs.
      pull: 2914
      issue: 44942
- version: "2.60.3"
  date: 2017-08-17
  changes:
    - type: bug
      message: >
        Contributions to the PATH environment variable could result in malformed values on agents on a platform different from controller's.
      issue: 14807
      pull: 2936
    - type: bug
      message: >
        Robustness improvements related to agent connections.
      references:
        - issue: 43496
        - issue: 38527
      pull: 2922
      # also pull: 2923
    - type: bug
      message: >
        JNLP for launching agents now requests Java 8.
      pull: 2944
      issue: 45679
    - type: bug
      message: >
        Prevent <tt>NullPointerException</tt> in <code>Jenkins#getRootURL()</code> while the instance is not fully loaded yet.
      issue: 34914
      pull: 2935
    - type: bug
      message: >
        Fix <tt>NullPointerException</tt> when calculating culprits.
      issue: 45516
      pull: 2941
    - type: rfe
      message: >
        The <code>reload-configuration</code> CLI command now waits until the reload is finished, and returns an error code if the reload failed.
      issue: 45256
      pull: 2931
    - type: rfe
      message: >
        Remove the "JNLP" protocol references from the TCP Agent Listener log messages.
      issue: 44103
      pull: 2896
- version: "2.73.1"
  date: 2017-09-13
  lts_predecessor: "2.60.3"
  lts_baseline: "2.73"
  banner: >
    Two regressions since the previous LTS release have been identified in 2.73.1.
    One involved Remoting (agent) connections and the other concerns failures to use passphrase-protected ed25519 SSH keys.
    Please see <a href="/doc/upgrade-guide/2.73/#upgrading-to-jenkins-lts-2-73-1"> the LTS upgrade guide for 2.73.1</a> for more information.
  lts_changes:
  #### updated components and libraries
  # Groovy
    - type: major rfe
      message: >
        Upgrade Groovy from 2.4.8 to 2.4.11.
      references:
        - url: http://groovy-lang.org/changelogs/changelog-2.4.9.html
          title: Groovy 2.4.9 changelog
        - url: http://groovy-lang.org/changelogs/changelog-2.4.10.html
          title: Groovy 2.4.10 changelog
        - url: http://groovy-lang.org/changelogs/changelog-2.4.11.html
          title: Groovy 2.4.11 changelog
        # pull: 2814

    # Winstone-Jetty
    - type: major rfe
      message: >
        Integration of Winstone 4: Upgrade bundled Jetty from 9.2.15.v20160210 to 9.4.5.v20170502.
        <strong>This removes support for the deprecated SPDY protocol.
        The <tt>--spdy</tt> parameter has been removed accordingly and Jenkins may refuse to start if it's set.</strong>
      pull: 2850
      issue: 43713
      references:
        - title: full changelog
          url: "https://github.com/jenkinsci/winstone/blob/master/CHANGELOG.md#40"
    - type: bug
      message: >
        Jetty 9.4.5:
        Prevent the <i>400 Bad Host header</i> error for <code>HttpChannelOverHttp</code> when operating behind reverse proxy.
      pull: 2850
      references:
        - issue: 40693
        - title: corresponding Jetty issue
          url: "https://github.com/eclipse/jetty.project/issues/592"
    - type: rfe
      message: >
        Winstone 4.1: Add Jetty HTTP/2 connector and corresponding options for Winstone-Jetty.
      references:
        - issue: 45438
        - url: https://github.com/jenkinsci/winstone#http2-support
          title: enabling HTTP/2 support in Winstone-Jetty
      pull: 2937

    # remoting
    - type: major rfe
      message: >
        Update Remoting from 3.7 to 3.10 adding opt-in support for work directories and improving logging in Jenkins agents.
      references:
        - title: work directory documentation
          url: https://github.com/jenkinsci/remoting/blob/master/docs/workDir.md
        - title: logging documentation
          url: https://github.com/jenkinsci/remoting/blob/master/docs/logging.md
        - title: remoting changelog
          url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#38
        - issue: 39370
    - type: rfe
      message: >
        Enable Remoting work directories by default for newly created agents launched via JNLP (Java Web Start Launcher).
      pull: 2945
      references:
        - issue: 44112
        - url: https://github.com/jenkinsci/remoting/blob/master/docs/workDir.md
          title: feature documentation

    # SSHD
    - type: major rfe
      message: >
        SSHD Module 2.0: Update from SSHD Core 0.14.0 to Apache MINA SSHD 1.6.0 in Jenkins core and Jenkins CLI.
      references:
        - title: changelog
          url: https://github.com/jenkinsci/sshd-module/blob/master/CHANGELOG.md#20
        - title: plugin compatibility notice
          url: https://github.com/jenkinsci/sshd-module/blob/master/CHANGELOG.md#20-compatibility-notice
        - issue: 43668
      pull: 2853
    - type: rfe
      message: >
        SSHD Module 2.0: Enable aes192ctr and aes256ctr ciphers if JVM supports unlimited-strength encryption.
      issue: 39738
      pull: 2853

    # Windows process library
    - type: rfe
      message: >
        Update WinP from 1.24 to 1.25 to improve performance and diagnostics
        of issues like <a href="https://issues.jenkins.io/browse/JENKINS-30782">JENKINS-30782</a>.
      pull: 2893
      references:
        - title: full changelog
          url: "https://github.com/kohsuke/winp/blob/master/CHANGELOG.md#125"

    # posix-jnr
    - type: bug
      message: >
        Update jnr-posix from 3.0.1 to 3.0.41 to pick up improvements and fixes in the POSIX platforms support.
      pull: 2904


    #### Pipeline issues
    - type: rfe
      message: Freestyle projects may now list Pipeline jobs as downstream and trigger them, without needing to use the Parameterized Trigger plugin or reverse triggers ("Build after other projects are built").
      issue: 28113
      pull: 2873
    - type: rfe
      message: >
        Internal: Define enabling/disabling in <code>ParameterizedJob</code> rather than <code>AbstractProject</code>.
      issue: 27299
      pull: 2866
    - type: rfe
      message: >
        Fixed Pipeline compatibility for a number of CLI commands (<tt>delete-builds</tt>, <tt>list-changes</tt>, <tt>console</tt>, <tt>set-build-description</tt>, and <tt>set-build-display-name</tt>),
        as well as some issues affecting error reporting in other commands when used with Pipeline.
      pull: 2874
      references:
        - issue: 30785
        - issue: 41527
    - type: rfe
      message: >
        Enable simpler syntax for <code>upstream</code> build trigger in pipelines.
      issue: 34464
      pull: 2895
    - type: rfe
      message: >
        Minor optimization to queue maintenance routines and printing of console notes, mainly for the benefit of Pipeline node blocks.
      issue: 45553
      pull: 2947 # and 2948

    ##### Authorize project
    - type: rfe
      message: >
        If you have the Authorize Project plugin installed and configured, its configuration will now be treated as final with respect to the behavior of <em>Job/Build</em> checks from <strong>Build other projects</strong> and <strong>Build after other projects are built</strong>.
        Formerly, if a <strong>Per-project configurable Build Authorization</strong> was enabled globally but some projects did not specify an <strong>Authorization</strong>, the two aforementioned checks would automatically fall back to checking as anonymous (typically denying build permission).
        To restore the former behavior, explicitly configure a <strong>Project default Build Authorization</strong> to be <strong>Run as anonymous</strong>.
        Note that this will affect all build-scoped permission checks, including for example <em>Agent/Build</em>.
      issue: 22949
      pull: 2881
    - type: rfe
      message: >
        Internal API: <code>Tasks.getAuthenticationOf</code> now honors authentication contributed by <code>QueueItemAuthenticatorProvider</code> extensions.
      pull: 2880

    #### Misc issues
    - type: rfe
      message: >
        Moved agent port and protocol configuration out of "security" (authentication and authorization) block in Configure Global Security.
      issue: 4478
      pull: 2900
    - type: rfe
      message: >
        Don't reload user records from disk unless explicitly requested to improve performance of user record access.
      issue: 45737
      pull: 2928

    #### Development / internal
    - type: rfe
      message: >
        Plugin Development: Jenkins now no longer publishes a <code>war-for-test</code> artifact.
        Plugins using 2.64 or a later version of Jenkins (including 2.73.1) as baseline need to use plugin parent POM 2.30 or later.
      pull: 2899
      issue: 24064
  changes:
    - type: rfe
      message: >
        Update Windows service wrapper from 2.1.0 to 2.1.2 and Windows Agent Installer from 1.9 to 1.9.1.
      references:
        - url: https://github.com/kohsuke/winsw/blob/master/CHANGELOG.md
          title: Windows service wrapper changelog
        - url: https://github.com/jenkinsci/windows-slave-installer-module/blob/master/CHANGELOG.md
          title: Windows agent installer changelog
        - pull: 2987
        - issue: 46282
    - type: rfe
      message: >
        Log name of the executor thread that died to improve diagnosability.
      issue: 42376
      pull: 2970
    - type: bug
      message: >
        Prevent caching of the item categories list by the browser to prevent stale data.
      pull: 2973
      issue: 43848
    - type: bug
      message: >
        Improve robustness of the reverse build trigger ("Build after other projects are built").
      pull: 2966
      issue: 45909
    - type: bug
      message: >
        Include culprits in XML and JSON API again. (regression in 2.60)
      issue: 46082
      pull: 2978
    - type: bug
      message: >
        Button to validate proxy configuration in Manage Plugins now works correctly with NTLM authorization.
      pull: 2984
      issue: 46288
- version: "2.73.2"
  date: 2017-10-11
  changes:
    - type: security
      message: Important security fixes.
      references:
        - url: /security/advisory/2017-10-11/
          title: security advisory
    - type: major bug
      message: >
        Fix random failures to use passphrase-protected ed25519 SSH private keys. (regression in 2.73)
      issue: 46754
      pull: 3026
    - type: major bug
      message: >
        Update Remoting library from 3.10 to 3.10.2 to fix regression in Jenkins 2.68 when using non-writable home directories.
      references:
        - issue: 45755
        - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#3102
          title: full changelog
        - url: /doc/upgrade-guide/2.73/#known-issue-agent-connection-failures-involving-jenkins-masters-with-undefined-or-non-writable-home-directory
          title: issue description in 2.73.1 upgrade guide
      pull: 3025
    - type: major rfe
      message: >
        Update Remoting from 3.10 to 3.10.2 to improve stability and diagnosability.
      references:
        - issue: 45023
        - issue: 45233
        - issue: 46259
        - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#3102
          title: full changelog
- version: "2.73.3"
  date: 2017-11-08
  changes:
    - type: security
      message: Security fixes.
      references:
        - url: /security/advisory/2017-11-08/
          title: security advisory
    - type: major bug
      issue: 47448
      pull: 3093
      message: >
        Fix <em>Download from java.sun.com</em> installation method for JDK for downloads requiring an Oracle login after change to the Oracle site.
    - type: bug
      message: >
        Fix potential HTTP 414 error in form validation of long Batch/Shell tool installer scripts.
      issue: 47058
      pull: 3037
    - type: bug
      message: >
        Properly display agent launch arguments when using nested launch methods.
      issue: 47056
      pull: 3034
    - type: bug
      message: >
        Disconnect node on ping timeout instead of leaving the channel half open.
      pull: 3005
      issue: 46680
    - type: bug
      message: >
        Avoid a possible server-side timeout on long-running CLI commands using plain HTTP mode by sending periodic pings from the client.
      pull: 3011
      issue: 46659
- version: "2.89.1"
  date: 2017-12-06
  lts_predecessor: "2.73.3"
  lts_baseline: "2.89"
  banner: >
    Upgrading to Jenkins 2.89.1 does not install the <em>Command Launcher</em> plugin (see below) as it should. If you're using the <em>Launch agent via execution of command on the master</em> launch method for agents, or cloud provider plugins, make sure to manually install the plugin after upgrading, and restart Jenkins afterwards.
  lts_changes:
    - type: major rfe
      pull: 3076
      message: >
        <em>Launch agent via execution of command on the master</em> has been moved to a new <em>Command Launcher</em> plugin and integrated with the <em>Script Security</em> plugin.
      references:
        - issue: 47393
        - url: https://plugins.jenkins.io/command-launcher
          title: Command Launcher plugin site entry
        - url: /security/advisory/2017-10-11/#arbitrary-shell-command-execution-on-controller-by-users-with-agent-related-permissions
          title: related security advisory
    - type: major bug
      message: >
        Prevent core or plugin code from mistakenly attempting to serialize jobs, builds, and users except in their intended top-level XML file positions, preventing a class of serious deserialization-related errors.
      issue: 45892
      pull: 2957
    - type: major bug
      message: >
        Developer: Fix <code>TimeDuration</code> time unit handling and its incorrect usage.
        <code>TimeDuration</code> uses milliseconds as the default unit.
        It was supposed to parse <code>sec</code> or <code>secs</code> suffix to interpret the number as seconds, but that never worked.
      issue: 44052
      pull: 3043

    # Stapler
    - type: major rfe
      message: >
        Upgrade Stapler library from 1.250 to 1.253.
      references:
        - pull: 2956
        - url: https://github.com/stapler/stapler/blob/master/CHANGELOG.md
          title: Stapler changelog
    - type: major bug
      message: >
         Stapler 1.252: Prevent file handle leak in <code>LargeText#GzipAwareSession</code>.
      issue: 45903
      pull: 2956
    - type: bug
      message: >
        Stapler 1.252: Restore ability to attach views to interfaces. (regression in 2.46)
      issue: 43715
      pull: 2956
    - type: rfe
      message: >
        Stapler 1.253: Servlet 3.1 support, improved Blue Ocean performance and changes of interest to plugin developers.
      references:
        - issue: 37062
        - url: https://github.com/stapler/stapler/blob/master/CHANGELOG.md#1253
          title: Stapler changelog
      pull: 3033

    # Remoting
    - type: major rfe
      message: > # from 3.10.2 to 3.13 for the baseline, but from 3.10.3 in 2.73.3 to 3.14 in 2.89.1 effectively
        Update Remoting to improve stability and diagnosability.
      references:
        - issue: 37567
        - issue: 43985
        - issue: 45522
        - issue: 47132
        - issue: 38711
        - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#313
          title: full changelog
      pull: 2988
    - type: rfe
      message: >
        Disable obsolete JNLP, JNLP2, and CLI protocols on new Jenkins installations during Setup Wizard.
      references:
        - issue: 45841
        - url: /blog/2017/08/11/remoting-update/
          title: announcement blog post
      pull: 2950
    - type: rfe
      message: >
        Restart agent communication related threads on both controller and agents when encountering an unhandled exception, if possible, to improve stability.
      issue: 38711
      pull: 3017 # and 3061


    # Misc
    - type: rfe
      message: >
        Default the built-in Jenkins Update Center URL to <code>https://updates.jenkins.io</code> instead of obsolete HTTP endpoint.
        <strong>This requires a JRE compatible with <a href="https://letsencrypt.org/docs/certificate-compatibility/#known-compatible">Let's Encrypt</a>, e.g. Oracle JRE 8u101.</strong>
      pull: 2996
    - type: rfe
      message: >
        Moved Jenkins agent runtime to <code>agent.jar</code> file name, and deprecate (but still support) use of legacy <code>slave.jar</code>.
        Introduce the <code>AGENTJAR_URL</code> environment variable as replacement for <code>SLAVEJAR_URL</code>.
      pull: 3004
      issue: 35451
    - type: rfe
      message: >
        Improve error reporting when failing to archive artifacts.
      pull: 2976
    - type: rfe
      message: >
        Enable <code>cc.xml</code> to export jobs in folders recursively when accessed with a query parameter named <code>recursive</code>.
      pull: 3060 # and 3081
      issue: 36282
    - type: rfe
      message: >
        Add new administrative monitor warning users about disabled CSRF protection.
      issue: 47372
      pull: 3072
    - type: rfe
      message: >
        Commons Codec library upgraded from 1.8 to 1.9.
      pull: 3033
    - type: rfe
      message: >
        Agents JVM must be 1.8+ and a clear message is shown in connection logs if it is not.
      pull: 2915
      issue: 44851
    - type: rfe
      message: >
        Add sidebar link to create new view.
      pull: 3086
      issue: 6290

  changes:
    - type: major bug
      message: >
        Recover from legacy user configuration folders with <code>$</code> characters that are not part of hex escape sequences. (regression in 2.89)
      issue: 47909
      pull: 3134
    - type: major bug
      issue: 47448
      pull: 3093
      message: >
        Fix <em>Download from java.sun.com</em> installation method for JDK for downloads requiring an Oracle login after change to the Oracle site.
    - type: rfe
      message: >
        Update Remoting from 3.13 to 3.14 in order to apply various performance and stability improvements.
      pull: 3138
      references:
        - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#314
          title: full changelog
        - issue: 37566
        - issue: 45294
        - issue: 47425
        - issue: 47901
        - issue: 47942
    - type: rfe
      message: >
        Update Windows Agent Installer from 1.9.1 to 1.9.2:
        Do not try to update <code>jenkins-slave.exe</code> on Unix agents when they connect.
      pull: 3130
      references:
        - url: https://github.com/jenkinsci/windows-slave-installer-module/blob/master/CHANGELOG.md#192
          title: full changelog
        - issue: 47015
    - type: bug
      message: >
        Prevent caching of captcha on the login form.
      pull: 3126
      issue: 43852
- version: "2.89.2"
  date: 2017-12-14
  changes:
    - type: security
      message: >
        Security fixes.
      references:
        - url: /security/advisory/2017-12-14/
          title: security advisory
        - url: /blog/2017/12/14/security-update/
          title: announcement blog post
- version: "2.89.3"
  date: 2018-01-18
  changes:
    - type: major bug
      pull: 3193 # and its #3201 regression
      issue: 48365 # and its 48604 regression
      message: >
        Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed when upgrading Jenkins past the version at which the plugin was detached.
    - type: bug
      references:
        - issue: 48593
        - url: /doc/book/managing/system-properties/
          title: Jenkins features controlled by system properties
      pull: 3200
      message: >
        Make the system property <code>hudson.consoleTailKB</code> actually work.
    - type: bug
      pull: 3198
      issue: 48505
      message: >
        Fix a performance regression in Jenkins 2.86 due to lock contention in <code>ExtensionList</code>.
    - type: bug
      pull: 3164
      issue: 48080
      message: >
        Prevent setup wizard from hanging when the two provided passwords differ, instead show a validation error.
    - type: bug
      issue: 34138
      pull: 3042
      message: >
        Prevent concurrent installation of Maven on the same node to prevent problems.
    - type: bug
      pull: 3156
      issue: 48157
      message: >
        Prevent potential <code>NullPointerException</code> when migrating the default "All View" name for a "My Views" user property.
    - type: rfe
      pull: 3155
      issue: 48349
      message: >
        Cache permission names, allowing Jenkins to recover faster after "stop-the-world" Java GC pauses.
    - type: rfe
      issue: 47429
      pull: 3150
      message: >
        Improve user lookup performance, for example from Git changelog calculation.
- version: "2.89.4"
  date: 2018-02-14
  changes:
    - type: security
      message: Important security fixes.
      references:
        - url: /security/advisory/2018-02-14/
          title: security advisory
    - type: rfe
      message: >
        Security hardening to prevent problems like SECURITY-624 in the future.
      references:
        - url: /security/advisory/2017-12-05/
          title: 2017-12-05 security advisory
        - url: /security/advisory/2018-01-22/#xss-vulnerability-in-job-configuration-forms-in-ant-plugin
          title: Ant Plugin fix in 2018-01-22 security advisory
    - type: bug
      pull: 3187
      message: >
        Update Stapler from 1.253 to 1.254 to make the form that shows up when a URL requiring <code>POST</code> is accessed using a different HTTP verb work with CSRF protection enabled.
      references:
        - issue: 34254
        - url: https://github.com/stapler/stapler/blob/master/CHANGELOG.md#1254
          title: Stapler changelog
    - type: bug
      pull: 3229
      issue: 48899
      message: >
        Do not downgrade detached plugins when upgrading Jenkins while its previous version was not properly recorded.
    - type: bug
      issue: 47439
      pull: 3166
      message: >
        The setup wizard is now resumed upon restart if it hasn't been completed yet, instead of showing the regular login screen. (regression in 2.81)
    - type: rfe
      issue: 48348
      pull: 3157
      message: >
        Reduce memory usage when scheduling pipelines on big clusters.
    - type: rfe
      pull: 3143
      issue: 48350
      message: >
        Improve UI performance with long list of running builds by caching the estimated duration.
- version: "2.107.1"
  date: 2018-03-14
  lts_predecessor: "2.89.4"
  lts_baseline: "2.107"
  banner: >
    This is the first LTS release that includes <a href="/blog/2018/03/15/jep-200-lts/">the JEP-200 Remoting and XStream serialization allowlist</a>.
    This core change requires <a href="https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+fix+for+JEP-200">corresponding changes in many plugins</a> for them to be compatible.
    We strongly recommend that you read the <a href="/doc/upgrade-guide/2.107">LTS upgrade guide</a>, make sure you have good backups before upgrading, and validate this release in a staging environment first.
  lts_changes:

    # JEP-200
    - type: major rfe
      pull: 3120 # and 3230
      message: >
        Switch Remoting/XStream denylist to an allowlist.
      references:
        - issue: 47736
        - url: /blog/2018/01/13/jep-200/
          title: upgrade guidelines for admins and plugin maintainers
        - url: https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+fix+for+JEP-200
          title: list of plugins known to be impacted
        # Serialization allowlist PRs:
        # issue: 48946
        # issue: 49000
        # issue: 49025
        # pull: 3234 # 3241, and 3245
        # pull: 3251
        # pull: 3252
        # pull: 3253 # this one has no issue, so add all to references
        # issue: 49070
        # issue: 49071
        # Original Tomcat fix:
        # issue: 49147

    # Most impactful changes first
    - type: rfe
      issue: 48463
      pull: 3185
      message: >
        Jenkins now creates XML 1.1 files to be more accepting of unusual contents.

    # NIO
    - type: major rfe
      references:
        - issue: 36088
        - issue: 39179
      pull: 3133
      message: >
        Use Java NIO library instead of native code to create and detect symbolic links and Windows junctions to improve compatibility and robustness.
    - type: rfe
      pull: 3135
      message: >
        Use Java NIO to read and write Unix file permissions by default.
        The previous behavior can be restored by setting the Java system property <code>hudson.Util.useNativeChmodAndMode</code> to <code>true</code>.
      references:
        - issue: 36088
        - url: /doc/book/managing/system-properties/
          title: Jenkins features controlled by system properties
    - type: rfe
      references:
      - issue: 47324
      - issue: 48405
      pull: 3169 # and 3173
      message: >
        Improve robustness and error handling of various file operations by switching to NIO.

    # Possibly deserving of user attention
    - type: major rfe # Remoting -- multiple entries merged
      pull: 3145 # and 3120, and #3071 -- oddly enough in reverse order
      message: >
        Update Remoting from 3.14 to 3.17 to integrate multiple fixes and improvements.
      references:
        - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md
          title: full changelog
        - issue: 37566
        - issue: 37670
        - issue: 38696
        - issue: 46724
        - issue: 47965
        - issue: 48055
        - issue: 48130
        - issue: 48133
        - issue: 48309
        - issue: 47736
        - issue: 48686
        - issue: 27035
        - issue: 49027
    - type: rfe
      pull: 3258
      message: >
        Remove support for unbounded number of SCM polling threads.
        Previously, the default was infinite and could be set to between 10 and 100.
        Existing installations with unbounded SCM polling threads will now use the default of 10, and it is no longer possible to use a value outside of this range.
    - type: rfe
      pull: 3129
      issue: 22474
      message: >
        Do not require CSRF crumb to be provided when the request is authenticated using API token.
    - type: rfe
      pull: 3036
      message: >
        Introduce new <code>hudson.lifecycle.ExitLifecycle</code> to exit instead of restart.
      references:
        - issue: 47043
        - url: /doc/book/managing/system-properties/
          title: Jenkins features controlled by system properties
    - type: rfe
      message: >
        Upgrade Executable War from 1.36 to 1.37 to allow supplying <code>jenkins.war</code> command-line arguments via standard input using the <code>--paramsFromStdIn</code> parameter.
      references:
        - pull: 3223
        - title: documentation
          url: https://github.com/jenkinsci/extras-executable-war#parameters-from-stdin

    # Misc RFEs
    - type: rfe # SSHD Module, two merged entries
      message: >
        Update SSHD Module 2.0 to 2.4 to update Apache Mina SSHD Core from 1.6.0 to 1.7.0, and fire authentication events in <tt>SecurityListener</tt>s when a user connects using SSH.
      references:
        - pull: 3278
        - pull: 3111
        - url: https://github.com/jenkinsci/sshd-module/blob/master/CHANGELOG.md
          title: SSHD module changelog
    - type: rfe
      issue: 25286
      pull: 1437
      message: >
        Export <tt>assignedLabels</tt> for agents and <tt>labelExpression</tt> for applicable job types in remote API.
    - type: rfe
      references:
        - issue: 43786 # and 49129
        - url: /blog/2018/01/21/overhaul-of-manage-jenkins-page/
          title: blog post
      pull: 2857 # and 3266
      message: >
        Re-style the Manage Jenkins page, including administrative monitors.
    - type: rfe
      pull: 3250
      message: >
        Define a minimum required version of the Remoting library (agent communication) and print warnings when an older version is connecting.
    - type: rfe
      pull: 3256
      message: >
        When Jenkins fails to load plugins, show failures that users need to take action on separate from those due to other plugins failing to load.

    # Most important fixes that might need user attention
    - type: major bug
      pull: 3196
      issue: 21017
      message: >
        Updating Jenkins jobs and views by XML left fields at their old value if not defined in the new XML.
    - type: bug
      pull: 3178
      issue: 48447
      message: >
        Fix HTTP 404 error when clicking on <em>New View</em> sidebar link from another view.
    - type: bug
      issue: 22088
      pull: 3223
      message: >
        Upgrade Executable War from 1.36 to 1.37 to prevent multiple copies of <code>winstone-*.jar</code> in the temp folder from using up disk space needlessly.
    # Task Reactor
    - type: bug
      references:
        - issue: 48725
        - url: https://github.com/jenkinsci/lib-task-reactor/blob/master/CHANGELOG.md#version-15
          title: full changelog
      pull: 3270
      message: >
        Update to task reactor version 1.5 to prevent hanging of Jenkins on startup/reload when an initialization task throws an unhandled exception.

  # Developer
    - type: rfe
      issue: 48638
      pull: 3195
      message: >
        Developer: <code>Jenkins#getInstance()</code> is now deprecated as its semantics have been a source of confusion for some time. Use <code>#get()</code> in typical cases and <code>Jenkins#getInstanceOrNull()</code> in rare cases (see Javadoc).
    - type: rfe
      issue: 47718
      pull: 3114
      message: >
        Developer: Deprecate the ambiguous <code>User#getUser(String)</code> in favor of the <code>User#getById()</code> or the new <code>User#getOrCreateByIdOrFullName()</code> methods.
    - type: rfe
      pull: 3074
      issue: 27027
      message: >
        Developer: Capture more authentication-related events in <code>SecurityListener</code>.
    - type: rfe
      pull: 3191
      message: >
        Developer: Deprecate <code>hudson.util.Service</code> in favor of Java's <code>ServiceLoader</code>.

  changes:
    - type: bug
      pull: 3313
      issue: 49543
      message: >
        Make JEP-200 serialization allowlist more reliable on old versions of Tomcat 8.
    - type: bug
      pull: 3292
      message: >
        Don't show input validation errors in optional numeric form fields. (regression in 2.105)
      references:
        - issue: 49387
        - issue: 49520
- version: "2.107.2"
  date: 2018-04-11
  changes:
    - type: security
      message: Security fixes.
      references:
        - url: /security/advisory/2018-04-11/
          title: security advisory

    - type: major bug
      pull: 3329
      issue: 48821
      message: >
        Display estimated remaining time again for Pipeline jobs. (regression in 2.89.4)
      # and 2.92

    - type: rfe
      pull: 3296
      message: >
        Update Apache Mina SSHD Core from 1.6.0 to 1.7.0 in CLI client.
      references:
        - issue: 49565
        - title: changelog
          url: "https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12341097&styleName=Text&projectId=12310849&Create=Create&atl_token=A5KQ-2QAV-T4JA-FDED%7C47f5fd1e799680219ff14477b5b2c29ce7aaf6fd%7Clin"
    - type: rfe
      pull: 3336
      message: >
        Update Executable War from 1.37 to 1.38 to show an error when an attempt is made to run Jenkins on Java 9.
      references:
        - issue: 49737
        - url: https://github.com/jenkinsci/extras-executable-war/blob/master/CHANGELOG.md#138
          title: full changelog
    - type: rfe
      issue: 34712
      pull: 3294
      message: >
        Always show the built-in node in the executors widget, even when it is offline.
    - type: rfe
      pull: 3244
      issue: 30909
      message: >
        Periodically persist the build queue so it can be restored on abnormal process termination.
    - type: rfe
      issue: 50056
      pull: 3228
      message: >
        Reduce memory footprint of <code>jenkins.model.lazy.AbstractLazyLoadRunMap#search</code> in descending order.
    - type: rfe
      pull: 3315
      issue: 49788
      message: >
        Add <code>ConcurrentLinkedQueue</code> to white-listed classes for use in XStream (XML serialization) and Remoting (agent communication).

    - type: bug
      pull: 3359
      issue: 50237
      message: >
        JEP-200: Allow <code>org.apache.tools.ant.Location</code> deserialization to prevent exception when listing agent files in non-existent directory or invalid filter.
    - type: bug
      pull: 3312
      issue: 49795
      message: >
        Clean up the <code>build.xml</code> files of parameterized projects that contained unnecessary serialized data.
    - type: bug
      pull: 3346
      issue: 50124
      message: >
        Restore <code>serialVersionUID</code> of <code>AbstractTaskListener</code>. (regression in 2.91)
    - type: bug
      issue: 49971
      pull: 3225
      message: >
        Prevent <code>FileNotFoundException</code> in <code>hudson.Util#loadFile</code> in case of race condition.
    - type: bug
      pull: 3316
      issue: 49642
      message: >
        Make proxy views work inside folders.
    - type: bug
      pull: 3307
      message: >
        Upgrade Winstone from 4.1.0 to 4.1.2 to prevent User session memory leak by setting the default idle session eviction timeout to 30 minutes.
      references:
        - issue: 49596
        - url: https://github.com/jenkinsci/winstone/blob/master/CHANGELOG.md#412
          title: full changelog
    - type: bug
      pull: 3286
      issue: 49498
      message: >
        Fix translation of 'sign up' in Dutch, used to be 'sign in'.
    - type: bug
      issue: 39495
      pull: 3327
      message: >
        Improve robustness in case a build with parameters was stored with a <code>null</code> list of parameters.
    - type: bug
      pull: 3094
      issue: 29470
      message: >
        Prevent <code>NullPointerException</code> in <code>AbstractProject#checkout</code> when the agent disconnects during a build.
    # issue: 49634 wasn't notable enough originally, so skip for LTS as well
- version: "2.107.3"
  date: 2018-05-09
  changes:
    - type: security
      message: Important security fixes.
      references:
        - url: /security/advisory/2018-05-09/
          title: security advisory
    - type: rfe
      pull: 3403 # and 3404
      references:
        - issue: 50939
        - issue: 50616
      message:
        Allow <code>java.util.EnumMap</code> and <code>org.jruby.RubyNil</code> for use in XStream (XML serialization) and Remoting (agent communication).
    - type: rfe
      pull: 3384
      # issue: 50808
      references:
        - url: https://github.com/jenkins-infra/helpdesk/issues/1236
          title: Help desk issue 1236
      message: >
        Internal: Add new update center root CA certificate.
    - type: bug
      issue: 50748
      pull: 3388
      message: >
        Don't log null pointer exceptions on some forms with validation button. (regression in 2.107.2)
    - type: bug
      pull: 3363
      issue: 50324
      message: >
        Allow users without Overall/Read access to use the <code>who-am-i</code> and <code>logout</code> commands.
    - type: bug
      pull: 3282
      issue:  49401
      message: >
        Fix a race condition in the Setup Wizard that could lead to it being skipped on the first startup when groovy scripts or init scripts are pre-installed.
    - type: bug
      message: >
        In rare configurations, agents tried to load unloadable classes from the controller, resulting in <code>ClassNotFoundException: javax.servlet.ServletContextListener</code> on agents.
      pull: 3067
      issue: 46386
    - type: bug
      pull: 3376
      issue: 44402
      message: >
        Make <em>Cancel Shutdown</em> link in side panel work without requiring the page to be reloaded.
- version: "2.121.1"
  date: 2018-06-07
  lts_predecessor: "2.107.3"
  lts_baseline: "2.121"
  lts_changes:
    - type: major rfe
      issue: 22367
      pull: 3301
      message: >
        <em>Install from java.sun.com</em> installation method for JDK tools has been moved to a new <a href="https://plugins.jenkins.io/jdk-tool">JDK Tool Plugin</a>.
    - type: major rfe
      issue: 22936
      pull: 3289
      message: >
        It is no longer possible to rename jobs from their configuration page.
        Jobs now have a link in the side panel titled "Rename" that links to a page specifically dedicated to renaming jobs.
    - type: major rfe
      pull: 882
      issue: 14713
      message: >
        The Job/Build permission no longer implies the Job/Cancel permission.
        The latter needs to be granted explicitly to users who previously got it via this relationship.
    - type: major rfe
      references:
        - issue: 49415
        - issue: 49472
        - issue: 48561
        - issue: 49994
        # issue: 50237 # was backported in PR 3372
        - issue: 49618
        - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#320
          title: full changelog
      pull: 3333 # and 3359, and 3398
      message: >
        Update Remoting from 3.17 to 3.20 in order to apply various performance and diagnosability improvements, such as logging warnings when anonymous classes are serialized over a Remoting channel, and allowing Jenkins core to always deserialize exceptions even if they're not allowed.
        To benefit from the latter improvement, Remoting needs to be updated on the agent side as well.
    - type: major bug
      pull: 3357 # and followup fix in 3419
      message: >
        Fix issue preventing process killing vetoes being effective on agents.
      references:
        - issue: 9104
        - title: <code>ProcessKillingVeto</code> extension point implementations
          url: /doc/developer/extensions/jenkins-core/#processkillingveto

    # Pipeline related
    - type: rfe
      issue: 46652
      pull: 3254
      message: >
        Pipeline builds could not be started if the Authorize Project plugin was configured to associate the build with a user to whom the authorization strategy was configured to deny Agent/Build permission on the built-in node.
    - type: rfe
      issue: 47142
      pull: 3265
      message: >
        <code>archiveArtifacts</code> in a Pipeline failed to throw a normal exception when there were no matches.
    - type: rfe
      pull: 3014
      issue: 26143
      message: >
        Allow use of lists of options as provided by the Pipeline snippet generator for choice parameters.

    # First startup
    - type: rfe
      pull: 3389
      message: >
        Default Crumb Issuer proxy compatibility can be enabled on first startup by setting the system property <code>jenkins.model.Jenkins.crumbIssuerProxyCompatibility</code> to <code>true</code> on startup.
      references:
        - issue: 50767
        - url: /doc/book/managing/system-properties/
          title: Jenkins features controlled by system properties
    - type: rfe
      pull: 3367
      issue: 50291
      message: >
        Introduce <code>hudson.triggers.SafeTimerTask.logsTargetDir</code> system property to write logs usually written to <code>$JENKINS_HOME/logs</code> to another location.

    # UI
    - type: rfe
      pull: 3364
      message: >
        Remove the options to define custom Build Record Root Directory and Workspace Root Directory on the Configure System form to prevent unexpected failures during runtime.
        Instead, these locations can now be customized using system properties on startup.
      references:
        - issue: 50164
        - url: /doc/book/managing/system-properties/
          title: Jenkins features controlled by system properties
    - type: rfe
      pull: 3337
      issue: 38812
      message: >
        Use case-insensitive autocompletion for item selection dialogs if the current user prefers case-insensitive search.
    - type: rfe
      pull: 3345
      message: >
        Better autocompletion for loggers supporting multiple tokens and proposing useful parent loggers.
    - type: rfe
      pull: 3324
      issue: 47020
      message: >
        Show more entries in the search results dropdown and search results page.
    - type: rfe
      issue: 31661
      pull: 3082
      message: >
        Ensure as much as possible that the Jenkins root URL is defined by adding a new setup wizard page and an administrative monitor.

    # Misc
    - type: rfe
      pull: 3304
      issue: 49661
      message: >
        Add <code>agent</code> symbol for a permanent agent in <a href="https://plugins.jenkins.io/structs">Structs Plugin</a> based configuration.
    - type: rfe
      pull: 3312 # and 3325
      issue: 49795
      message: >
        Issue warnings to the system log when attempts are made to use classes with unpredictable names and serial forms (such as anonymous classes) in Remoting or XStream (de)serialization.

    # Dependency
    - type: rfe
      pull: 3378
      references:
        - title: full changelog
          url: https://github.com/jenkinsci/winstone/blob/master/CHANGELOG.md#42
        - title: Jetty 9.4.6 changelog
          url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.6.v20170531
        - title: Jetty 9.4.7 changelog
          url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.7.v20170914
        - title: Jetty 9.4.8 changelog
          url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.8.v20171121
      message: >
        Update Winstone from 4.1.2 to 4.2 to update Jetty from 9.4.5 to 9.4.8 for various bugfixes and improvements.

    # Bugs
    - type: bug
      pull: 3400
      issue: 13128
      message: >
        Archiving artifacts now preserves file permissions and last modification time.
    - type: bug
      issue: 46386
      pull: 3362
      message: >
        Prevent some cases of linkage errors relating to Servlet classes when code is run on an agent.
    - type: bug
      issue: 50599
      pull: 3383
      message: >
        Make the logic for adding nodes atomic, so that if a newly added node fails to be persisted it will not exist in a partly-initialized state.
    - type: bug
      references:
        - issue: 48347
        - url: https://github.com/kohsuke/winp/blob/master/CHANGELOG.md#126
          title: full changelog
      pull: 3399
      message: >
        Update WinP from 1.25 to 1.26 to fix loading of WinP libraries on Windows inside Weblogic web container.

    # Developer
    - type: major rfe
      references:
        - url: https://github.com/jenkinsci/jep/tree/master/jep/202
          title: JEP-202
        - pull: 3302
      message: >
        Developer: JEP-202: Extend <code>VirtualFile</code> API to streamline external artifact storage.
        API additions are marked beta and may change at any time.
    - type: major rfe
      pull: 3289
      issue: 22936
      message: >
        Developer: Subclasses of <code>AbstractItem</code> can implement <code>AbstractItem#isNameEditable</code> and return true to get automatic support for renames.
        Subclasses are also able to dynamically validate renames by implementing <code>AbstractItem#checkRename</code>.

    # Internal
    - type: rfe
      pull: 3311
      message: >
        Internal: Choose more mnemonic <code>artifactId</code>s for modules not consumed externally.
  changes:
    - type: rfe
      pull: 3428
      issue: 51205
      message: >
        Faster list rendering of <em>Plugin Manager » Available</em>.
- version: "2.121.2"
  date: 2018-07-18
  changes:
    - type: security
      message: Important security fixes.
      references:
        - url: /security/advisory/2018-07-18/
          title: security advisory

    - type: rfe
      pull: 3455
      message: >
        Update Remoting from 3.20 to 3.21 to apply logging enhancements and better <code>no_proxy</code> support.
      references:
        - issue: 51223
        - issue: 50965
        - issue: 51551
        - title: Remoting 3.21 changelog
          url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#321
    - type: rfe
      issue: 51608
      pull: 3464
      message: >
        Improve diagnostics of corrupted plugin archives during plugin dynamic loading.
    - type: rfe
      pull: 3471
      issue: 50217
      message: >
        Robustness: A buggy <code>ComputerListener#onConfigurationChange</code> implementation should not block Jenkins startup.
    - type: rfe
      pull: 3447
      issue: 51355
      message: >
        Diagnostics: Log stack traces in JEP-200 rejection messages when <code>jenkins.security.ClassFilterImpl</code> logging level is <code>FINE</code> or above.
    - type: rfe
      issue: 51158
      pull: 3424
      message: >
        Improve Jenkins root URL validation.
    - type: rfe
      pull: 3444
      issue: 27329
      message: >
        Do not remove workspaces for projects with builds in progress.

    - type: bug
      pull: 3484
      issue: 51819
      message: >
         If using the Artifact Manager on S3 plugin with the (non-default) option to delete artifacts, they were not deleted when the entire build was deleted.
    - type: bug
      message: >
        Don't monitor response time on offline agents.
      issue: 20272
      pull: 2911
    - type: bug
      issue: 51650
      pull: 3466
      message: >
        Copying <em>Run</em> parameters did not work as expected as <code>RunParameterDefinition#copyWithDefaultValue</code> called the wrong constructor.
    - type: bug
      pull: 3454
      issue: 51483
      message: >
        Restore implied dependency on JDK Tool Plugin from Apache HttpComponents Client 4 API Plugin to fix dependency problems.
    - type: bug
      pull: 3462
      issue: 51584
      message: >
        Actions created from a <code>TransientActionFactory</code> that got attached to an item in the queue are no longer persisted, which could previously lead to duplicate actions shown for builds.
    - type: bug
      issue: 51179
      pull: 3439
      message: >
        Prevent unhandled <code>ClassCastException</code> when loading fingerprints from corrupted files.
    - type: bug
      pull: 3417
      issue: 51082
      message: >
        Do not duplicate caller stack trace when <code>FilePath#act</code> fails.
    - type: bug
      pull: 3467
      issue: 14632
      message: >
        Fix behaviour of <em>Advanced</em> button when a <code>section</code> element is nested inside.

    - type: rfe
      pull: 3455
      issue: 51541
      message: >
        Developer: <code>ComputerLauncher</code> implementations can now set channels with a custom <code>CommandTransport</code> implementation.
    - type: rfe
      issue: 51779
      pull: 3481
      message: >
        Developer/Internal: Remove use of a Guava method deleted in later versions, which could cause problems for plugins running functional tests.
    - type: bug
      pull: 3489
      issue: 51971
      message: >
        Developer API: <code>StreamTaskListener#getCharset()</code> now returns the default charset when it is not configured.
    - type: bug
      pull: 3489
      issue: 51955
      message: >
        Developer API: Prevent <code>NullPointerException</code> in <code>SlaveComputer#setChannel(Channel,OutputStream,Channel.Listener)</code> with <code>null</code> <code>OutputStream</code>.
- version: "2.121.3"
  date: 2018-08-15
  changes:
  - type: security
    message: Security fixes.
    references:
      - url: /security/advisory/2018-08-15/
        title: security advisory
  - type: rfe
    message: Security hardening related to Stapler routing.
    references:
    - url: /security/advisory/2018-12-05/#SECURITY-595
      title: SECURITY-595 in the 2018-12-05 security advisory
  - type: rfe
    pull: 3522
    issue: 52159
    message: >
      Robustness: Don't break queue processing when the configured queue sorter throws exceptions.
  - type: rfe
    pull: 3542
    issue: 52534
    message: >
      Allow <code>java.time.Ser</code> for use in XStream (XML serialization) and Remoting (agent communication).
  - type: bug
    pull: 3354
    issue: 46248
    message: >
      Fix a potential deadlock between queue maintenance and asynchronous execution.
  - type: bug
    pull: 3482
    issue: 51777
    message: >
      Security hardening: Prevent files in <code>tar</code> archives from being written to a path outside the destination directory.
  - type: bug
    pull: 3496
    issue: 28683
    message: >
      Dynamically loaded plugins now have any <code>PeriodicWork</code>/<code>AperiodicWork</code> extensions scheduled.
  - type: rfe
    pull: 3480
    issue: 52417
    message: >
      Developer: Remove <code>hudson.FilePath#copyFromRemotely(URL)</code> Beta API.
  # issue: 51603 too minor
- version: "2.138.1"
  date: 2018-09-12
  lts_predecessor: "2.121.3"
  lts_baseline: "2.138"
  lts_changes:
  - type: major rfe
    pull: 3380
    message: >
      Redesigned login, signup, and <em>Jenkins is (re)starting</em> pages.
      Existing page decorators like Simple Theme Plugin will no longer work with these redesigned pages.
    references:
    - issue: 50447
    - title: announcement blog post
      url: /blog/2018/06/27/new-login-page/
  - type: major rfe
    pull: 3271
    references:
    - issue: 32442
    - issue: 32776
    - url: /blog/2018/07/02/new-api-token-system/
      title: blog post
    message: >
      Replace single per-user API token with new system of multiple, revocable, unrecoverable API tokens with usage tracking.
  - type: major rfe
    pull: 3188
    issue: 48480
    message: >
      The deprecated Jenkins CLI Protocol versions 1 and 2, and Java Web Start Agent Protocol versions 1, 2, and 3 have been disabled.
      If you still use these protocols (e.g. remoting-based CLI, or old <code>slave.jar</code>s on agents), you need to re-enable these protocols after upgrade, or upgrade the clients.
      The same recommendations as in <a href="/doc/upgrade-guide/2.121/#remoting-update">The 2.121.x upgrade guide for remoting changes</a> apply here.
  - type: major rfe
    pull: 3356
    message: >
      Check SHA-512 or SHA-256 checksums of update site and tool installer metadata and core and plugin downloads if the update site provides them.
  - type: major rfe
    issue: 50336
    pull: 3370
    message: >
      Optional extensions are now loaded without requiring to restart Jenkins after installing an optional dependency.

  - type: rfe
    references:
    - pull: 3422
    - pull: 3497
    - title: full changelog
      url: https://github.com/jenkinsci/winstone/blob/master/CHANGELOG.md#4
    - title: Jetty 9.4.11 changelog
      url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.11.v20180605
    - title: Jetty 9.4.10 changelog
      url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.10.v20180503
    - title: Jetty 9.4.9 changelog
      url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.9.v20180320
    - title: JMX Documentation for Jetty
      url: https://www.eclipse.org/jetty/documentation/jetty-9/index.html
    - title: full list of options
      url: https://github.com/jenkinsci/winstone#command-line-options
    message: >
      Upgrade Winstone from 4.2 to 4.4 to update Jetty from 9.4.8.v20171121 to 9.4.11.v20180605, adding an option to enable JMX when running Jenkins using <code>java -jar jenkins.war</code>.

  - type: rfe
    references:
    - issue: 51818
    - issue: 52204
    - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#322
      title: Remoting 3.22 changelog
    pull: 3514 # and 3530
    message: >
      Upgrade Remoting from 3.21.1 to 3.25 to have agents check availability of the controller's TCP Agent Listener port when connecting over TCP.

  - type: rfe
    pull: 3513
    references:
    - issue: 51837
    - url: /redirect/java-support/
      title: supported Java versions
    message: >
      Upgrade Bytecode Compatibility Transformer from 1.8 to 2.0-beta-2, upgrading ASM from 5.0.1 to 6.2 to improve support of Java 9+ runtimes.

  - type: rfe
    pull: 3486
    references:
    - issue: 51155
    - issue: 51994
    - issue: 46622
    - title: Executable WAR 1.40 changelog
      url: https://github.com/jenkinsci/extras-executable-war/blob/master/CHANGELOG.md#140
    - title: Executable WAR 1.41 changelog
      url: https://github.com/jenkinsci/extras-executable-war/blob/master/CHANGELOG.md#140
    - url: /redirect/java-support/
      title: supported Java versions
    message: >
      Update Executable WAR from 1.39 to 1.41 to allow running Jenkins with incompatible (too new) Java versions by setting the <code>--enable-future-java</code> flag.

  - type: rfe
    pull: 3528
    references:
    - issue: 51965
    - url: https://github.com/jenkinsci/instance-identity-module/blob/master/CHANGELOG.md#22
      title: full changelog
    message: >
      Update instance identity module from 2.1 to 2.2 to improve Java 11 compatibility.
  - type: rfe
    issue: 52771
    pull: 3565
    message: >
      Update JNA from 4.2.1 to 4.5.2 to add support for s390x, update GNU C minimal requirement to 2.7 on Unix platforms.

  # Regular improvements
  - type: rfe
    issue: 52822
    pull: 3571
    message: >
      Add a new CLI command <code>enable-plugin</code> to enable one or more installed plugins and optionally restart Jenkins.
  - type: rfe
    pull: 3536
    issue: 52356
    message: >
      Add support for Zip files larger than 4 GB (Zip64).
  - type: rfe
    issue: 20998
    pull: 3079
    message: >
      Add modification timestamp to files in directory browser views such as archived artifacts and workspaces.
  - type: rfe
    pull: 3206
    message: >
      Export path to agent file system root directory in remote API.
  - type: rfe
    pull: 3476
    issue: 51667
    message: >
      Jenkins remote API: Export fingerprints for builds which do not derive from <code>AbstractBuild</code>, like Pipeline builds.
  - type: rfe
    issue: 51666
    pull: 3553
    message: >
      Some deserialization rejections are now logged on WARNING log level, instead of only on FINER.

  # Bugs
  - type: bug
    pull: 3523
    issue: 52164
    message: >
      Instances of some item types could not be renamed. (regression in 2.110)
  - type: bug
    issue: 52325
    pull: 3537
    message: >
      Don't fail to archive artifacts when attributes cannot be preserved, instead log a message and proceed without preserving attributes. (regression in 2.120)
  - type: bug
    issue: 41127
    pull: 3562
    message: >
      Some types of builds, like pipelines, would sometimes run concurrently even when that was disabled.


  # Developer
  - type: rfe
    pull: 3380
    issue: 50447
    message: >
      Developer: Introduce <code>SimplePageDecorator</code> extension point, which allows decorating the redesigned login page.
    references:
    - title: announcement blog post
      url: /blog/2018/06/27/new-login-page/

  # Internal
  - type: rfe
    pull: 3567
    message: >
      Internal: Update parent POM. Jenkins now requires Maven 3.5.4 or newer to build.
  - type: rfe
    references:
    - issue: 51187
    - issue: 51247
    - pull: 3430
    #- pull: 3431
    #- pull: 3435
    - title: JEP-305
      url: https://github.com/jenkinsci/jep/tree/master/jep/305
    message: >
      Internal: Various improvements related to incremental Maven releases.

  changes:
  - type: bug
    issue: 48770
    pull: 3591
    message: >
      A configured quiet period was interpreted as milliseconds, instead of seconds. (regression in 2.82)
- version: "2.138.2"
  date: 2018-10-10
  changes:
  - type: security
    message: Important security fixes.
    references:
    - url: /security/advisory/2018-10-10/
      title: security advisory
  - type: major rfe
    message: >
      Security hardening: Escape variables in Jelly views by default.
    references:
      - url: /blog/2018/10/10/security-updates/
        title: announcement blog post
      - url: /doc/upgrade-guide/2.138/#security-hardening-to-prevent-xss-vulnerabilities
        title: LTS upgrade guide
      - url: https://wiki.jenkins.io/display/JENKINS/Plugins+affected+by+2018-10-10+Stapler+security+hardening
        title: list of affected plugins
  - type: major bug
    references:
    - issue: 53239
    - issue: 52804
    - issue: 51136
    - issue: 52358
    pull: 3602
    message: >
      Update Winstone-Jetty from 4.4 to 5.0 to fix HTTP/2 support and threading problems on hosts with 30+ cores.
  - type: rfe
    message: Security hardening related to Stapler routing.
    references:
      - url: /security/advisory/2018-12-05/#SECURITY-595
        title: SECURITY-595 in the 2018-12-05 security advisory
  - type: rfe
    message: Security hardening related to HTTP verb restrictions for web methods.
  - type: rfe
    pull: 3604
    references:
    - url: https://github.com/jenkinsci/jep/tree/master/jep/214
      title: JEP-214
    message: >
      Extend anonymous usage statistics with information about applied security fix escape hatches.
  - type: bug
    pull: 3609
    issue: 53401
    message: >
      Fix a thread safety issue when creating multiple nodes in parallel.
  - type: bug
    issue: 37599
    pull: 3583
    message: >
      Nested <code>f:repeatable</code>/<code>f:repeatableProperty</code> form elements inherited <code>minimum</code> when they shouldn't.
  # pull: 3621 too minor (JENKINS-53549: docs on workspace location)
- version: 2.138.3
  date: 2018-11-08
  changes:
    - type: bug
      issue: 48516
      pull: 3672
      message: >
        The initial visibility of nested groups of radio buttons did not accurately reflect the current values.
    - type: bug
      issue: 50795
      pull: 3614
      message: >
        Improve robustness when search items don't specify a display name.
    - type: rfe
      references:
      - pull: 3690
      - url: https://github.com/stapler/stapler/pull/149
        title: stapler/stapler#149
      message: >
        Update Stapler from 1.254.2 to 1.255 to integrate a fix related to <code>StaplerProxy#getTarget()</code> return value handling.
    - type: rfe
      issue: 54029
      message: >
        Add telemetry trial related to Stapler request dispatching.
- version: 2.138.4
  date: 2018-12-05
  changes:
    - type: security
      message: Important security fixes.
      references:
      - url: /security/advisory/2018-12-05/
        title: security advisory
- version: 2.150.1
  date: 2018-12-05
  lts_predecessor: "2.138.4"
  lts_baseline: "2.150"
  lts_changes:
    - type: major rfe
      message: >
        Numerous fixes and improvements to better support running Jenkins on Java 11.
      references:
      - issue: 46523
      - issue: 46725
      - issue: 51805
      - issue: 52019
      - issue: 52024
      - issue: 53693
      - issue: 53710
      - issue: 53929
      - url: https://github.com/jenkinsci/pom/blob/master/CHANGELOG-old.md#149
        title: Parent POM 1.49 changelog
      - url: https://github.com/jenkinsci/winstone/blob/master/CHANGELOG.md#51
        title: Winstone-Jetty 5.1 changelog
      - url: http://groovy-lang.org/changelogs/changelog-2.4.12.html
        title: Groovy 2.4.12 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.12.v20180830
        title: Jetty 9.4.12 changelog
      # pull: 3637
      # pull: 3641
      # pull: 3643
      # pull: 3650
      # pull: 3659
      # pull: 3660
      # pull: 3682
      # Fix problems with update center metadata signature check on Java 11.
      # Update Groovy from 2.4.11 to 2.4.12 to pick up fixes towards Java 11 support.
      # Update jnr-posix to 3.0.45 to prevent Illegal Reflective access warnings when running with Java 11.
      # Update Unix process management logic to support Process Tree termination when running with Java 11.
      # Update Winstone-Jetty from 5.0 to 5.1 to update Jetty to 9.4.12, picking up TLS 1.3 support and fixes towards Java 11.
      # Developer: Update PowerMock and Mockito to versions compatible with Java 11.
      # Internal: Update META-INF/services generator from 1.4 to 1.8 to fix compilation on JDK 10+.
      # Internal: Update Parent POM to 1.49 to make the build flow compatible with Java 11.

    # User major RFEs
    - type: major rfe
      pull: 3667
      message: >
        Migrate most Simplified Chinese translations into <a href="https://plugins.jenkins.io/localization-zh-cn">Localization: Chinese (Simplified)</a> Plugin.

    # User RFEs
    - type: rfe
      issue: 52181
      pull: 3527
      message: >
        Allow use of the <tt>console</tt> command with Job/Read permission.
    - type: rfe
      issue: 17116
      pull: 3414
      message: >
        Wait up to two minutes for process termination before killing it (typically when aborting a build).
    - type: rfe
      issue: 53282
      pull: 3603
      message: >
        Reduce logging level of restart and shutdown related notifications from SEVERE to INFO.
    - type: rfe
      pull: 3653
      issue: 53792
      message: >
        New <code>JENKINS_USER_ID</code> and <code>JENKINS_API_TOKEN</code> environment variables can be used to configure the CLI authentication.
    - type: rfe
      pull: 3697
      issue: 54137
      message: >
        Do not submit telemetry if there's no relevant data.
    - type: rfe
      pull: 3698
      issue: 54136
      message: >
        Use per-trial correlation IDs for telemetry submissions.

    # User bugs
    - type: bug
      message: >
        Update Remoting from 3.26 to 3.27 to eliminate a potential deadlock.
      pull: 3657
      references:
      - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#327
        title: full changelog
      - issue: 53569

    # Developer / API related
    - type: rfe
      issue: 52818
      pull: 3570
      message: >
        Developer: Add support for the <code>@PostConstruct</code> lifecycle method annotation.
    - type: rfe
      issue: 52818
      pull: 3570
      message: >
        Developer: Add interface <code>PersistentDescriptor</code> that allows implementing <code>Descriptor</code>s to skip explicit calls to <code>load()</code>.
    - type: rfe
      pull: 3639
      issue: 53721
      message: >
        Developer: Introduce <code>getPlatform()</code> and <code>setPlatform()</code> methods in <code>hudson.EnvVars</code>.
    - type: rfe
      pull: 3656
      message: >
        Developer: Introduce new <code>hudson.Util#fixNull(value, defaultValue)</code> method.
    - type: rfe
      pull: 3611
      issue: 36547
      message: >
        Developer: Add overridable <code>Queue.Task#getAffinityKey()</code> to allow consistent hashing for Pipeline builds in the future.
    - type: bug
      pull: 3662
      message: >
        Developer: <code>ConsoleAnnotatorFactory</code> mishandled its type parameter, effectively forcing all implementations to use <code>Object</code> or raw types.

  changes:
    - type: security
      message: Important security fixes.
      references:
      - url: /security/advisory/2018-12-05/
        title: security advisory
    - type: bug
      references:
      - issue: 54261
      - issue: 54333
      - issue: 54570
      pull: 3760
      message: >
        Revert compatibility fix for future releases of Firefox due to regressions it caused since 2.148.
    - type: bug
      pull: 3708
      issue: 54310
      message: >
        Prevent <code>Stream is closed</code> error in case a CLI command finishes before the input is entirely read.
    - type: bug
      pull: 3695
      issue: 49196
      message: >
        Avoid <code>Premature EOF</code> error when using the <code>shutdown</code> CLI command.
    - type: bug
      issue: 38719
      pull: 3757
      message: >
        Do not cache CSS/JS resource files for console annotations like Timestamper Plugin across Jenkins restarts.

- version: 2.150.2
  date: 2019-01-16
  changes:
  - type: security
    message: Important security fixes.
    references:
    - url: /security/advisory/2019-01-16/
      title: security advisory
  - type: rfe
    message: Invalidate sessions and CLI authentication caches when changing the user password in the Jenkins user database.
  - type: rfe
    pull: 3730
    issue: 16867
    message: >
      Add support for killing child processes on AIX.

- version: 2.150.3
  date: 2019-02-13
  changes:
  - type: bug
    issue: 55257
    pull: 3851
    message: >
      Improve robustness of console annotators such as the Timestamper plugin in conjunction with certain Pipeline steps such as <code>git</code> on an agent with an old <code>agent.jar</code>.
  - type: bug
    issue: 52869
    pull: 3727
    message: >
      User account creation by administrators did not show error messages when it failed. (regression in 2.129 and 2.138.1)

- version: 2.164.1
  date: 2019-03-13
  lts_predecessor: 2.150.3
  lts_baseline: 2.164
  changes: []
  lts_changes:
# Java 11

    - type: major rfe
      pull: 3794
      message: >
        Java 11 is now fully supported.
        Multiple improvements for running Jenkins on Java 11 since 2.150.x, including support for plugins declaring a minimum Java version in their metadata and refusing to load incompatible plugins, and installation of a new JAXB plugin when running on Java 11 to allow use of JAXB APIs from plugins.
      references:
      - url: /blog/2019/03/11/let-s-celebrate-java-11-support/
        title: announcement blog post
      - url: /doc/administration/requirements/jenkins-on-java-11/
        title: running on Java 11
      - url: /doc/administration/requirements/upgrade-java-guidelines/
        title: upgrading to Java 11
      - issue: 52012 # epic
      - issue: 52282 # pull: 3766
      - issue: 55076 # pull: 3794
      - issue: 55048 # pull: 3016
      - issue: 55980 # pull: 3885
      - issue: 55681 # pull: 3711
      - issue: 52285 # pull: 3882

# Other RFE

# CLI

    - type: rfe
      message: >
        The <code>list-jobs</code> no longer lists items recursively when listing a specific folder.
      issue: 48220
      pull: 3711
    - type: rfe
      pull: 3648
      issue: 27177
      message: >
        Add a new CLI command <code>disable-plugin</code> to disable one ore more installed plugins and optionally restart Jenkins.

# Security

    - type: rfe
      references:
      - issue: 47603
      - issue: 47458
      - issue: 55133
      - issue: 53653
      pull: 3827
      message: >
        Update Trilead SSH library to add support for OpenSSH keys with AES256-CTR encryption.
    - type: rfe
      pull: 3764
      issue: 45318
      message: >
        Add support for the ed25519 key algorithm in Jenkins CLI.
    - type: rfe
      pull: 3861
      issue: 55050
      message: >
        Reduce the performance impact of the SECURITY-904 fix when downloading artifacts or workspaces as ZIP file.

# Setup

    - type: rfe
      pull: 3626
      message: >
        Add new category <em>Languages</em> to the plugin wizard, which automatically installs available localization plugins based on browser language.

# Windows

    - type: rfe
      references:
      - pull: 3854
      - url: https://github.com/kohsuke/winsw/blob/master/CHANGELOG.md#220
        title: Windows Service Wrapper changelog
      - url: https://github.com/jenkinsci/windows-slave-installer-module/blob/master/CHANGELOG.md#1100
        title: Windows Agent Installer Module changelog
      message: >
        Update Windows Service Wrapper from 2.1.2 to 2.2.0 and Windows Agent Installer from 1.9.3 to 1.10.0 to support disabling, renaming and archiving service logs.

# Bugs

    - type: bug
      pull: 3884
      references:
      - issue: 55978
      - url: https://github.com/jenkinsci/sshd-module/blob/master/CHANGELOG.md#26
        title: full changelog
      message: >
        Update SSHD Module from 2.5 to 2.6 to apply a proper Apache Mina idle timeout value when a custom value was set using the <code>org.jenkinsci.main.modules.sshd.SSHD.idle-timeout system property</code>.

# Developer

    - type: rfe
      issue: 54325
      pull: 3721
      message: >
        Developer: Login and signup pages redesigned in 2.129 now can receive style contributions (<code>footer</code> view for <code>SimplePageDecorator</code>) from multiple plugins.

- version: 2.164.2
  date: 2019-04-10
  changes:
  - type: security
    message: Security fixes.
    references:
    - url: /security/advisory/2019-04-10/
      title: security advisory
  - type: bug
    pull: 3914
    issue: 56114
    message: >
      Workspace and artifacts browsing did not work on Windows Server 2016 with Microsoft Docker. (regression in 2.150.2)
  - type: bug
    pull: 3910
    issue: 43218
    message: >
      Prevent <code>NullPointerException</code> when discarding unreadable fingerprint data.
- version: 2.164.3
  date: 2019-05-09
  changes:
    - type: bug
      pull: 3940
      issue: 45661
      message: |-
        Corrupted console notes could cause an uninformative <code>NegativeArraySizeException</code> to be thrown from <code>ConsoleNote#readFrom</code> and build log display to be broken.
    - type: bug
      pull: 3960
      issue: 56856
      message: The setup wizard did not properly escape passwords, resulting in errors with certain special characters.
    - type: bug
      pull: 3761
      references:
        - issue: 53462
        - url: https://bugzilla.mozilla.org/show_bug.cgi?id=1370630
          title: Firefox bug 1370630
      message: Make form submit buttons on the Jenkins classic UI compatible with potentially upcoming Firefox bug fix.
    - type: bug
      pull: 3959
      issue: 56995
      message: Properly flush output from the Maven console annotator.
    - type: bug
      issue: 57096
      message: Make Debian/Ubuntu launcher script work with Java 11.
    - type: rfe
      issue: 57167
      message: |-
        Re-enable Stapler request dispatching telemetry.

- version: 2.176.1
  date: 2019-06-10
  lts_predecessor: 2.164.3
  lts_baseline: 2.176
  lts_changes:
# Major changes
  - type: major rfe
    references:
      - pull: 3838
      - url: /blog/2019/02/17/remoting-cli-removed/
        title: announcement blog post
    message: >
      Support for the Remoting mode of the CLI (<code>-remoting</code> option) has been removed.
  - type: major rfe
    pull: 3951
    issue: 56776
    message: >
      Remove misleading <code>nonStoredPasswordParam</code> symbol for password parameter definitions, since it's actually stored encrypted.
  - type: major rfe
    pull: 2691
    issue: 40750
    message: |-
      Remove built-in support for CCtray (cc.xml) files.
      To restore this feature, install the <a href="https://plugins.jenkins.io/cctray-xml">CCtray XML Plugin</a>.

# Features

  - type: rfe
    pull: 3686
    issue: 11888
    message: |-
      Add <code>stop-job</code> CLI command which allows aborting builds.
  - type: rfe
    pull: 3906
    issue: 56200
    message: >
      Add support for turning off a log recorder in the logger configuration.
  - type: rfe
    pull: 3934
    issue: 56554
    message: >
      Add the run parameter filter value to REST API responses.

# UI Improvements
#  - type: rfe
#    pull: 3923
#    issue: 56398
#    message: >
#      Mobile friendly layout of the login, loading and restart screens.
  - type: rfe
    pull: 3952
    issue: 16750
    message: |-
      Update status icon of a build when the build is finished.
  - type: rfe
    pull: 3998
    message: |-
      Remove misleading references to Java Web Start and JNLP from GUI surrounding inbound Jenkins agents.
#  - type: rfe
#    pull: 3985
#    issue: 56477
#    message: |-
#      The Plugin Manager now provides easier selection for applicable plugin updates with options to select "All", "Compatible" or "None".
#      The selection of "Compatible" plugins (previously "All") has been fixed to exclude all that contain any compatibility warnings.

# Security
  - type: rfe
    pull: 3919 # and 3926
    issue: 24513
    message: >
      Inform administrators about potentially unsafe permissions setup involving builds running as the virtual SYSTEM user.
  - type: rfe
    pull: 3908
    message: >
      Add a log message to build logs when builds run with the virtual SYSTEM authentication.

# Misc
  - type: rfe
    pull: 4008
    message: |-
      Migrate all Chinese localization resources into <a href="https://plugins.jenkins.io/localization-zh-cn">Localization: Chinese (Simplified) plugin</a>.
  - type: rfe
    pull: 3961
    message: |-
      Adjust stream flushing behavior for code running remotely on agents for better performance.
      This may lead to loss of messages for plugins which print to a build log from the agent machine but do not flush their output.
      Use <code>-Dhudson.util.StreamTaskListener.AUTO_FLUSH=true</code> to restore the previous behavior for freestyle builds.
      Note that Pipeline builds always expect remote flush.

# Dependencies
  - type: rfe
    pull: 3943
    references:
      - issue: 56659
      - issue: 56591
      - url: https://github.com/jenkinsci/winstone/blob/master/CHANGELOG.md#52
        title: full changelog
    message: >
      Update Winstone from 5.1 to 5.2 to make HTTPS cipher exclusions configurable.

# Notable bugs
  - type: bug
    pull: 3973
    issue: 55292
    message: |-
      Remove Mailer related localized strings from core. Make sure you use Mailer Plugin 1.23.
  - type: bug
    pull: 3955
    issue: 50504
    message: |-
      Do not offer a workspace lease to a new build if it is already in use by a (Pipeline) build running across an agent reconnection.
#  - type: bug
#    pull: 3925
#    issue: 56403
#    message: |-
#      Renaming an agent retained old agent configuration, causing it to re-appear on restart.
#    # Not mentioning regression, since this apparently has existed for 3 years (since Jenkins 2.8)

# Developer

# Dependencies
  - type: rfe
    pull: 3729
    references:
      - url: https://github.com/jenkinsci/jep/tree/master/jep/216
        title: JEP-216
      - url: https://github.com/stapler/stapler/blob/master/CHANGELOG.md#1257
        title: full changelog
    message: |-
      Developer: Update Stapler from 1.256 to 1.257 to add support for loading localized webapp resources from any plugin.
      Add <code>jenkins.PluginLocaleDrivenResourceProvider</code> interface for plugins to participate in localized resource lookup.
  - type: rfe
    references:
      - pull: 3896
      - url: https://github.com/jenkinsci/jep/tree/master/jep/216
        title: JEP-216
      - url: https://github.com/kohsuke/localizer/compare/localizer-parent-1.24...localizer-parent-1.26
        title: full changelog
    message: >
      Developer: Update Localizer library from 1.24 to 1.26 allowing plugins to override the lookup for localized resource files.

# Other
  - type: rfe
    references:
      - pull: 3967
      - url: /doc/developer/security/secrets/
        title: Storing Secrets in Jenkins
    message: |-
      Developer: Add Jelly UI component <code>f:secretTextarea</code> for multi-line secrets analogous to <code>f:password</code> for single-line.
#  - type: rfe
#    pull: 3963
#    message: |-
#      Developer: Deprecated <code>Run.getLogFile()</code>, as it is not compatible with <a href="https://jenkins.io/jep/210">JEP-210</a>.
  - type: rfe
    pull: 3961
    message: |-
      Developer: <code>SystemProperties</code> may now be used from agent-side code.
      See <code>SystemProperties#allowOnAgent</code>.

  changes:
  - type: bug
    pull: 4014
    issue: 57412
    message: Restore Chinese localized resources used by the setup wizard.
  - type: bug
    pull: 4015
    issue: 57111
    message: |-
      Robustness: Do not put agent offline for runtime exceptions in <code>ComputerListener#onOnline()</code>.

- version: 2.176.2
  date: 2019-07-17
  changes:
    - type: security
      message: Important security fixes.
      references:
        - url: /security/advisory/2019-07-17/
          title: security advisory
    # backport tickets
    - type: bug
      pull: 4035
      issue: 57725
      message: |-
        A thread pool used to wait for external processes to complete could leak class loaders.
    - type: bug
      pull: 4000
      issue: 57528
      message: |-
        Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed upon Jenkins startup when needed as implied dependencies of other plugins which were already present.
        This simplifies compatibility for specialized installation scenarios not using the update center, such as when Jenkins is run from a Docker image prepackaged with some plugins.
    - type: bug
      pull: 4029
      references:
        - issue: 57477
        - url: https://github.com/kohsuke/winp/blob/master/CHANGELOG.md#128
          title: full changelog
      message: |-
        Update WinP from 1.27 to 1.28 to fix problems with a missing DLL and flickering console window in the Windows graceful process shutdown logic.
    - type: rfe
      pull: 4066
      issue: 57993
      message: |-
        Replace some exception stack traces related to agent channels with simpler messages.
- version: 2.176.3
  date: 2019-08-28
  changes:
    - type: security
      message: Important security fixes.
      references:
        - url: /security/advisory/2019-08-28/
          title: security advisory
    - type: bug
      pull: 4001
      issue: 33843
      message: The plugin manager UI no longer prevents disabling a plugin when other plugins only have optional dependencies to it.
    - type: bug
      pull: 4096
      issue: 56243
      message: Fix performance issue when using "Remember me". (regression in 2.160)
    - type: bug
      pull: 4104
      issue: 57383
      message: Do not throw exception when testing proxy configuration. (regression in 2.168)
    - type: bug
      pull: 4107
      issue: 55945
      message: Prevent occasional <code>IllegalStateException</code> on Jenkins restart and invalidate the user session.

- version: 2.176.4
  date: 2019-09-25
  banner: >
    2.176.4 and 2.190.1 contain the same security fixes.
    We're providing an additional release of the 2.176.x LTS line to allow administrators to apply security updates without having to perform a major upgrade.
  changes:
    - type: security
      message: Security fixes.
      references:
        - url: /security/advisory/2019-09-25/
          title: security advisory

- version: 2.190.1
  date: 2019-09-25
  lts_predecessor: 2.176.4
  lts_baseline: '2.190'
  changes: # compared to lts_baseline
    - type: security
      message: Important security fixes.
      references:
        - url: /security/advisory/2019-09-25/
          title: 2019-09-25 security advisory
        - url: /security/advisory/2019-08-28/
          title: 2019-08-28 security advisory
    - type: bug
      pull: 4188
      issue: 59167
      message: |-
        Fix missing absolute URL in the RSS / Atom feeds. (regression in 2.190)
    - type: major bug
      pull: 4176
      issue: 58938
      message: |-
        Jenkins UI broke when a slow trigger administrative warning would be shown. (regression in 2.189)

  lts_changes: # compared to lts_predecessor

    # Major RFEs
    - type: major rfe
      pull: 3982
      issue: 37862
      message: |-
        Jenkins no longer creates symbolic links inside project or build directories.
        The <a href="https://plugins.jenkins.io/build-symlink" target="_blank" rel="noreferrer noopener">Build Symlink</a> plugin may be installed to restore this functionality if desired.
        URLs such as <code>/job/…/lastStableBuild/</code> are not affected, only tools which directly access the <code>$JENKINS_HOME</code> filesystem.
    - type: major rfe
      pull: 4085 # and 4109
      issue: 43610
      message: |-
        Remove Trilead SSH library from Jenkins core and make it available in a new <a href="https://plugins.jenkins.io/trilead-api" target="_blank" rel="noreferrer noopener">detached plugin</a>.

    # Notable bugs not backported into previous LTS line
    - type: bug
      pull: 4152
      issue: 23349
      message: |-
        Add support of emojis and other non-UTF-8 characters in job names. 🎉

    # Component updates
    - type: rfe
      pull: 4010
      references:
        - issue: 51577
        - url: https://github.com/jenkinsci/windows-slave-installer-module/blob/master/CHANGELOG.md#111
          title: full changelog
      message: |-
        Update Windows Agent Installer from 1.10.0 to 1.11, enabling TLS 1.2 on agent downloads when running with .NET 4.6 or newer.
    - type: rfe
      references:
        - pull: 4016
        - url: https://github.com/jenkinsci/winstone/blob/master/CHANGELOG.md#53
          title: full changelog
        - title: Jetty 9.4.18 changelog
          url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.18.v20190429
        - title: Jetty 9.4.17 changelog
          url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.17.v20190418
        - title: Jetty 9.4.16 changelog
          url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.16.v20190411
      message: |-
        Update Winstone-Jetty from 5.2 to 5.3 to update Jetty to 9.4.18.
    - type: rfe
      pull: 4060
      issue: 57515
      message: |-
        Update JNA from 4.5.2 to 5.3.1 to fix issue with shared library loading on AIX when using OpenJDK.
    - type: rfe
      pull: 4087
      references:
        - issue: 57959
        - issue: 50095
        - issue: 57713
        - title: full changelog
          url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#333
      message: |-
        Update Remoting to 3.33.

    # Functional RFEs
    - type: rfe
      references:
        - url: /doc/pipeline/steps/core/#fingerprint-record-fingerprints-of-files-to-track-usage
          title: documentation
        - pull: 3915
      message: |-
        Support setting excludes and case sensitivity in the <code>fingerprint()</code> build step in Pipeline and other job types.
    - type: rfe
      pull: 3994
      issue: 57121
      message: |-
        Improve Configuration-as-Code compatibility of <code>ListView</code>.
    - type: rfe
      pull: 4123
      message: |-
        Stop using the <code>name</code> argument in the <code>install-plugin</code> CLI command.

    # UI/UX RFEs
    - type: rfe
      pull: 3939
      issue: 25046
      message: |-
        Remove obsolete session cookies when logging out, preventing errors related to headers being too large.
    - type: rfe
      pull: 4072
      issue: 58041
      message: |-
        Add support for IPv6 addresses in the Jenkins URL configuration.
    - type: rfe
      pull: 3997
      message: |-
        Allow distinguishing between new projects, disabled projects, and those with aborted builds through differently shaded build balls.
    - type: rfe
      pull: 3802
      issue: 54854
      message: |-
        Add a warning when cron trigger spends a long time in its execution.
    - type: rfe
      pull: 4124
      message: |-
        Batch up plugin installations in setup wizard to improve performance.
    - type: rfe
      references:
        - pull: 4105
        - url: /doc/book/managing/system-properties/
          title: Jenkins features controlled by system properties
      message: |-
        The default interval for node monitors (e.g. free disk space) can now be changed by setting the system property <code>hudson.node_monitors.AbstractNodeMonitorDescriptor.periodMinutes</code>.

- version: 2.190.2
  date: 2019-10-28
  changes:
    - type: bug
      pull: 4204
      issue: 59406
      message: URLs of some projects with emojis in their name were inaccessible.
    - type: bug
      pull: 4263
      issue: 59267
      message: Increase client-side keep-alive ping frequency on the HTTP-based CLI to prevent timeouts.
    - type: bug
      pull: 4231
      issue: 59580
      message: >
        Internal: <code>hudson.util.ProcessTree.OSProcess#getEnvironmentVariables</code> returned <code>null</code> when an error occurred even though it shouldn't.

- version: 2.190.3
  date: 2019-11-20
  changes:
    - type: bug
      pull: 4223
      issue: 59514
      message: >
        Robustness: Do not allow users to resubmit requests using POST on URLs requiring a form submission, as that will fail anyway.
    - type: bug
      pull: 4228
      issue: 56809
      message: The <code>lastCompletedBuild</code> permalink was not being cached in the <code>…/builds/permalinks</code> file.
    - type: bug
      pull: 4269
      issue: 48375
      message: Fix labels to Atom feed links.
    - type: bug
      pull: 4246
      references:
      - issue: 58296
      - issue: 53462
      - url: https://bugzilla.mozilla.org/show_bug.cgi?id=1370630
        title: Firefox issue 1370630
      message: |-
        Revert changes in forms submission in Jenkins classic UI with Firefox.
        Changes caused a regression on forms with "file" inputs.
        These were made to anticipate a bugfix in Firefox which has been backed out since.
        (regression in 2.164.3)

- version: 2.204.1
  date: 2019-12-18
  banner: >
    <b>Configuration as code plugin</b> users upgrading to Jenkins 2.204.1 should review the
    <a href="/doc/upgrade-guide/2.204/#global-configuration-save-and-configuration-as-code-plugin">LTS upgrade guide global configuration save</a> topic and the
    <a href="/doc/upgrade-guide/2.204/#remove-browser-based-metadata-download-settings">LTS upgrade guide download settings</a> topic
  lts_predecessor: 2.190.3
  lts_baseline: '2.204'
  changes: # compared to lts_baseline
    - type: rfe
      pull: 4349
      authors:
        - fqueiruga
      issue: 59508
      message: |-
        Show a tooltip with the full link name when hovering over sidebar links.
    - type: bug
      pull: 4346
      authors:
        - MRamonLeon
      issue: 59793
      message: |-
        Prevent faulty subtask contributors from leaving builds running forever.
    - type: bug
      pull: 4298
      authors:
        - DarphBoBo
      issue: 59665
      message: |-
        Fix <code>Uninstall</code> column sorting in the Plugin Manager Install pane.
  lts_changes: # compared to lts_predecessor
    - type: major rfe
      pull: 4171
      issue: 58993
      authors:
        - jtnord
      message: |-
        Prevent calls to <code>Jenkins#save</code> persisting data before we have finished loading the in-memory model.
        This prevents possible corruption of the main Jenkins configuration.
    - type: major rfe
      pull: 3970
      authors:
        - daniel-beck
      message: |-
        Remove the ability to download update center metadata using the user's browser (deprecated since 2015).
        Jenkins will no longer inform about available updates without a connection to update sites.
        We recommend the use of a local mirror of our update sites, or a self-hosted update center like <a href="https://github.com/jenkinsci/juseppe">Juseppe</a> in these situations.
    - type: major rfe
      issue: 19887
      message: |-
        Allow time zone to be set on a per-user basis.
      pull: 4113
      authors:
        - silent-snowman
    - type: major rfe
      pull: 4239
      issue: 41891
      authors:
        - daniel-beck
      message: |-
        Add an option for a Resource Root URL through which Jenkins will serve user-generated static resources like workspace files or archived artifacts without the need for Content-Security-Policy headers.
    - type: rfe
      pull: 4242
      authors:
        - daniel-beck
      references:
        - pull: 4040
      message: |-
        Stop bundling Maven Plugin, Subversion Plugin, and several other plugins inside the Jenkins war file.
        In very rare cases, this could result in problems when attempting to install plugins compatible with Jenkins before 1.310.
        The Jenkins project is currently not publishing any such plugins.
    - type: rfe
      message: |-
        Deprecate the macOS native installer in favor of Homebrew.
      references:
      - url: /blog/2019/11/25/macos-native-installer-deprecation/#rollout-plan
        title: macOS Native Installer Deprecation blog post
      authors:
        - oleg-nenashev
    - type: bug
      pull: 4246
      references:
        - issue: 58296
        - issue: 53462
        - url: https://bugzilla.mozilla.org/show_bug.cgi?id=1370630
          title: Firefox issue 1370630
      authors:
        - thomasgl-orange
      message: |-
        Revert changes in forms submission in Jenkins classic UI with Firefox have caused a regression on forms with "file" inputs.
        These were made to anticipate a bugfix in Firefox which has been backed out since.
        (regression in 2.173)
    - type: rfe
      pull: 4209
      references:
        - issue: 19760
        - issue: 31209
      authors:
        - slonopotamus
      message: |-
        Remove 100 character length limitation of build description in build history widget.
    - type: rfe
      pull: 4340
      references:
        - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-3.36
          title: Remoting 3.36 release notes
        - pull: 4193
        - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-3.35
          title: Remoting 3.35 release notes
        - pull: 4208
        - pull: 4186
        - issue: 53461
        - pull: 4165
        - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-3.34
          title: Remoting 3.34 release notes
        - url: https://github.com/jenkinsci/remoting/pull/338
          title: Remoting connection steps reduced
      message: |-
        Update Remoting from 3.33 to 3.36.
        Adds a new connection mode for inbound TCP agents.
        Update minimum required remoting version to 3.14.
        Adds command line options "-help" and "-version".
      authors:
        - jeffret-b

- version: 2.204.2
  date: 2020-01-29
  changes:
    - type: security
      message: Important security fixes.
      references:
        - url: /security/advisory/2020-01-29/
          title: security advisory
      authors:
        - daniel-beck
        - jeffret-b
        - jvz
        - wadeck
    - type: major bug
      pull: 4394
      issue: 59107
      authors:
        - jvz
      message: |-
        User is no longer logged out when authenticating another user.
    - type: rfe
      message: Security hardening related to Stapler routing.
      authors:
        - daniel-beck
    - type: rfe
      message: >
        Security hardening: Set <code>X-Content-Type-Options</code> to <code>nosniff</code> in REST API responses.
      authors:
        - wadeck
    - type: bug
      pull: 4382
      issue: 60351
      authors:
        - jtnord
      message: |-
        Disable multiple deletion attempts if <code>hudson.Util.maxFileDeletionRetries</code> is zero.
    - type: bug
      pull: 4329
      issue: 57304
      authors:
        - lgoenner
      message: |-
        Prevent 'zombie' executors on built-in node by removing one-off executors in Computer.removeExecutor.
    - type: bug
      pull: 4357
      issue: 60167
      authors:
        - bulanovk
      message: |-
        Fix AtomicFileWriter performance issue on CephFS when creating an empty file.
    - type: bug
      pull: 4348
      issue: 60092
      authors:
        - pilou-
      message: |-
        Developer: ViewGroupMixIn#getPrimaryView() may return <code>null</code>, and needs to be checked by plugins depending on this version of weekly and beyond.
        It is an intermediate state until a default view is implemented.

- version: 2.204.3
  date: 2020-02-28
  changes:
  - type: rfe
    category: rfe
    pull: 4452
    issue: 60821
    authors:
    - jtnord
    references:
      - pull: 4452
      - issue: 60821
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.7
        title: Winstone 5.7 release notes
    message: |-
      Internal: Winstone 5.7: Change the Jetty thread pool name to "Jetty (winstone)"
  - type: bug
    category: bug
    pull: 4430
    issue: 60750
    authors:
    - jglick
    message: |-
      If the Jenkins root URL has been configured by scripts prior to running the setup wizard, skip the location configuration panel even if selecting the option to skip creation of an admin user.
  - type: bug
    category: bug
    pull: 4433
    issue: 60725
    authors:
    - MRamonLeon
    message: |-
      Prevent inaccurate warnings about missing classes on Java 11 triggered by JavaMelody when Monitoring Plugin is installed.
  - type: bug
    category: bug
    pull: 4422
    issue: 60716
    authors:
    - jglick
    message: |-
      Include details in the system log when a build rotation fails.
  - type: bug
    category: bug
    pull: 4434
    issue: 60678
    authors:
    - MRamonLeon
    message: |-
      Fix java version check for AdoptOpenJDK 11.
  - type: bug
    pull: 4413
    issue: 60625
    message: |-
      Prevent Jenkins page rendering from being blocked when the update center data parsing is in progress.
    authors:
    - jglick
  - type: bug
    category: bug
    pull: 4452
    issue: 57888
    authors:
    - lrpg
    message: |-
      Winstone 5.7: Fix support of system logging customization (regression in 2.177).
    references:
      - pull: 4452
      - issue: 57888
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.7
        title: Winstone 5.7 release notes
  - type: bug
    category: bug
    pull: 4271
    issue: 42658
    authors:
    - ilpianista
    message: |-
      Fix null pointer exception in Agent API when the agent is offline (e.g. retrieving agent version or OS description).

  # pull: 4435 (PR title: Disable native maven based tests)

- version: 2.204.4
  date: 2020-03-03
  changes:
  - type: major bug
    category: regression
    pull: 4539
    issue: 60857
    references:
      - pull: 4539
      - issue: 60857
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.8
        title: Winstone 5.8 release notes
    authors:
    - oleg-nenashev
    message: |-
      Fix a <em>KeyStores with multiple certificates are not supported</em> error from Jetty when passing certain kinds of certificates, such as domain wildcards (regression in 2.204.3).

- version: 2.204.5
  date: 2020-03-07
  banner: >
    System logging customization defect (<a href="https://issues.jenkins.io/browse/JENKINS-57888">JENKINS-57888 - system logging customization</a>) from Jenkins 2.177...2.203.3 is reintroduced in this version as it is considered as less serious than the fixed regressions.
    There is a plan to fix it again in 2.222.1.
  changes:
  - type: major bug
    category: regression
    issue: 60409
    authors:
      - jglick
    message: |-
      Fix propagation of the maximum form content size and form content keys number (regression in Jetty 9.4.20 and Jenkins 2.204.3).
  - type: major bug
    category: regression
    issue: 60199
    authors:
    - olamy
    - jglick
    message: |-
      Fix improper reverse proxy redirects to 127.0.0.1 due to X-Forwarded-Host and X-Forwarded-Port ordering issue  (regression in Jetty 9.4.20 and Jenkins 2.204.3).
  - type: bug
    category: regression
    references:
      - issue: 60409
      - issue: 60199
      - url: https://github.com/jenkinsci/winstone/blob/master/CHANGELOG.md
        title: Winstone changelog
    message: |-
      Revert Winstone from 5.8 to 5.3 to resolve embedded Jetty web container regressions in later Winstone versions.
      High default maximum form size limit and reverse proxy redirection are restored (regressions in 2.204.3).

- version: 2.204.6
  date: 2020-03-25
  changes:
    - type: security
      message: Important security fixes.
      references:
        - url: /security/advisory/2020-03-25/
          title: security advisory
      authors:
        - daniel-beck
        - wadeck
    - type: rfe
      message: Security hardening related to request routing and CSRF protection.
      references:
        - url: /doc/upgrade-guide/2.204/#upgrading-to-jenkins-lts-2-204-6
          title: related upgrade guide
      authors:
        - jvz

- version: "2.222.1"
  date: 2020-03-25
  lts_predecessor: 2.204.6
  lts_baseline: '2.222'
  banner: >
    Global build discarder configuration is not loaded from disk when Jenkins starts (<a href="https://issues.jenkins.io/browse/JENKINS-61688">JENKINS-61688</a>).
    Configuration is saved but not loaded on restart.
    Jenkins 2.222.1 will always start with the default configuration of the Job Build Discarder.
    Custom global build discarder configuration is ignored on restart.
    The default global build discarder is configured each time that Jenkins restarts.
  changes: # compared to lts_baseline 2.222
  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2020-03-25/
        title: security advisory
    authors:
      - daniel-beck
      - wadeck
  - type: major bug
    category: regression
    pull: 4568
    issue: 61429
    authors:
    - fqueiruga
    message: |-
      Fix drag & drop for previously saved steps in the job configuration form (regression in 2.217).
  - type: major bug
    category: regression
    pull: 4542
    issue: 60409
    references:
      - pull: 4542
      - issue: 60409
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.9
        title: Winstone 5.9 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.27.v20200227
        title: Jetty 9.4.27 changelog
    authors:
    - jglick
    - olamy
    message: |-
      Winstone 5.9: Fix propagation of the maximum form content size and form content keys number (regression in Jetty 9.4.20 and Jenkins 2.205).
  - type: major bug
    category: regression
    pull: 4542
    issue: 60199
    authors:
    - jglick
    - olamy
    references:
      - pull: 4542
      - issue: 60199
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.9
        title: Winstone 5.9 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.27.v20200227
        title: Jetty 9.4.27 changelog
    message: |-
      Winstone 5.9: Fix improper reverse proxy redirects to host due to X-Forwarded-Host and X-Forwarded-Port ordering issue (regression in Jetty 9.4.20 and Jenkins 2.205).
  - type: rfe
    message: Security hardening related to request routing and CSRF protection.
    references:
      - url: /doc/upgrade-guide/2.204/#upgrading-to-jenkins-lts-2-204-6
        title: related upgrade guide
    authors:
      - jvz
  - type: rfe
    category: developer
    pull: 4515
    authors:
    - daniel-beck
    message: |-
      Developer: Listen on loopback interface by default in debug mode.
  lts_changes: # compared to lts_predecessor 2.204.5
  - type: major rfe
    category: major rfe
    pull: 4463
    issue: 60920
    authors:
    - fqueiruga
    - daniel-beck
    message: |-
      Revamp the layout and icons of the header bar and breadcrumbs.
      Instances with plugins that depend on details of the Jenkins layout (e.g. Simple Theme Plugin) may experience UI/layout problems.
      A new experimental header color scheme can be enabled by setting the <code>jenkins.ui.refresh</code> system property to <code>true</code>.
  - type: major rfe
    category: major rfe
    pull: 4368
    authors:
    - daniel-beck
    message: |-
      Add globally configured build discarders that delete old builds not marked as "keep forever" even if there is no, or a less aggressive, per-project build discarder configured, executed periodically and after a build finishes.
  - type: major rfe
    pull: 4339
    authors:
      - daniel-beck
    message: |-
      Move cloud configuration from Configure System into its own configuration form on the Manage Nodes page.
  - type: major rfe
    category: major rfe
    pull: 4415
    issue: 40228
    authors:
    - ksenia-nenasheva
    - jglick
    message: |-
      Remove <strong>Enable Security</strong> checkbox in the Global Security configuration.
  - type: major rfe
    category: major rfe
    pull: 4509
    authors:
    - daniel-beck
    message: |-
      Remove the ability to disable <strong>CSRF protection</strong>.
      Instances upgrading from older versions of Jenkins will have CSRF protection enabled and the default issuer set if they currently have it disabled.
  - type: major rfe
    pull: 3991
    authors:
      - daniel-beck
    message: |-
      Redesign password fields to prevent password auto-fill except for the login form.
      Reduce browsers offering to update stored passwords.
      Revert by setting the system property <code>hudson.Functions.hidingPasswordFields</code> to <code>false</code>.
  - type: major rfe
    message: |-
      Deprecate the macOS native installer packaging.
    references:
      - url: /blog/2019/11/25/macos-native-installer-deprecation/
        title: Jenkins macOS native installer deprecation
    authors:
      - oleg-nenashev
  - type: major rfe
    category: major rfe
    pull: 4387
    issue: 60381
    authors:
    - jeffret-b
    message: |-
      Remove old, deprecated, unsupported agent protocols <code>Inbound TCP Agent Protocol/1</code>, <code>Inbound TCP Agent Protocol/2</code>, and <code>Inbound TCP Agent Protocol/3</code>.
      Update Remoting from 3.36 to 4.2 to remove unsupported protocols and add WebSocket support.
    references:
      - issue: 60381
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-3.40
        title: Remoting 3.40 release notes
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.0
        title: Remoting 4.0 release notes
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.0.1
        title: Remoting 4.0.1 release notes
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.2
        title: Remoting 4.2 release notes
  - type: major rfe
    category: major rfe
    pull: 4369
    authors:
    - jglick
    references:
      - url: https://github.com/jenkinsci/jep/blob/master/jep/222/README.adoc
        title: JEP-222
      - url: /blog/2020/02/02/web-socket/
        title: blog post
    message: |-
      Add experimental WebSocket support.
  - type: major rfe
    category: major rfe
    pull: 4450
    issue: 51856
    authors:
    - fcojfernandez
    message: |-
      Extends the current milestones so plugins can update jobs and configuration during Jenkins initialization.
      Adds initialization milestones: <code>SYSTEM_CONFIG_LOADED</code>, <code>SYSTEM_CONFIG_ADAPTED</code>, <code>JOB_CONFIG_ADAPTED</code>.
  - type: major rfe
    category: major rfe
    pull: 4463
    authors:
    - fqueiruga
    - daniel-beck
    message: |-
      Introduce a new experimental UI that can be enabled by setting the <code>jenkins.ui.refresh</code> system property to <code>true</code>.
      Currently it includes a new header color scheme, more changes to be added as a part of the UI/UX revamp.
    references:
      - pull: 4463
      - issue: 60920
      - url: https://github.com/jenkinsci/jep/blob/master/jep/223/README.adoc
        title: JEP-223
      - url: /sigs/ux/
        title: Jenkins UX SIG
  - type: major rfe
    category: major rfe
    pull: 4501
    authors:
    - daniel-beck
    - mikecirioli
    - EstherAF
    - aHenryJard
    references:
      - pull: 4501
      - issue: 60266
      - url: https://github.com/jenkinsci/jep/blob/master/jep/223/README.adoc
        title: JEP-223
    message: |-
      Add a new experimental <code>Overall/Manage</code> permission which allows a user to configure parts of the global Jenkins configuration without having the <code>Overall/Administer</code> permission.
      This is an experimental feature, disabled by default, that can be enabled by setting the <code>jenkins.security.ManagePermission</code> system property to <code>true</code>.
  - type: major rfe
    category: major rfe
    pull: 4506
    authors:
    - timja
    - daniel-beck
    references:
      - pull: 4506
      - issue: 12548
      - url: https://github.com/jenkinsci/jep/blob/master/jep/224/README.adoc
        title: JEP-224
      - url: https://plugins.jenkins.io/extended-read-permission/
        title: Extended Read Permission plugin
    message: |-
      Add a new experimental <code>Overall/SystemRead</code> permission, which gives (almost) full read access to the Jenkins instance.
      The permission is disabled by default, install the Extended Read Permission plugin to activate it.
  - type: rfe
    category: rfe
    pull: 4414
    issue: 60634
    authors:
    - jglick
    message: |-
      The environment variable <code>WORKSPACE_TMP</code> may now be used from (non-Pipeline) builds to access a temporary directory associated with the build workspace.
  - type: rfe
    category: rfe
    pull: 4365
    issue: 60266
    authors:
    - mikecirioli
    references:
      - pull: 4365
      - issue: 60266
      - url: https://github.com/jenkinsci/jep/blob/master/jep/223/README.adoc
        title: JEP-223
      - url: /security/advisory/2017-04-10/#matrix-authorization-strategy-plugin-allowed-configuring-dangerous-permissions
        title: 2017-04-10 security advisory for Matrix Authorization plugin
      - url: /security/advisory/2017-04-10/#role-based-authorization-strategy-plugin-allowed-configuring-dangerous-permissions
        title: 2017-04-10 security advisory for Role-Based Authorization plugin
    message: |-
      Deprecate the <code>Overall/RunScripts</code>, <code>Overall/UploadPlugins</code>, and <code>Overall/ConfigureUpdateCenter</code> permissions.
      Permissions were announced as dangerous and disabled by default in major authorization plugins in 2017.
      Custom authorization strategy implementations that grant <code>Overall/Administer</code> without implying one or more of these three permissions will no longer work as expected.
      Configurations that grant any of these permissions to users without <code>Overall/Administer</code> will no longer work as expected.
  - type: major bug
    category: regression
    pull: 4471
    issue: 60884
    authors:
    - AaronZurawski
    message: |-
      Fix NullPointerException when getting a list of runs with a status threshold (regression in 2.202).
  - type: major bug
    pull: 4394
    issue: 59107
    message: |-
      User is no longer logged out when authenticating another user.
    authors:
      - jvz
  - type: bug
    category: regression
    pull: 4452
    issue: 57888
    authors:
    - lrpg
    message: |-
      Winstone 5.9: Fix support of system logging customization (regression in 2.204.5)
    references:
      - pull: 4452
      - issue: 57888
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.9
        title: Winstone 5.9 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.27.v20200227
        title: Jetty 9.4.27 changelog

- version: 2.222.2
  date: 2020-04-22
  banner: >
    Jenkins 2.222.2 was not packaged or delivered.
    All changes planned for 2.222.2 are included in 2.222.3.
  changes:
  - type: bug
    category: internal
    authors:
    - kohsuke
    message: |-
      Jenkins 2.222.2 was not placed in the artifact repository or on the download site.

- version: "2.222.3"
  date: 2020-04-24
  changes:
  - type: major bug
    category: major bug
    pull: 4602
    issue: 61688
    authors:
    - daniel-beck
    message: |-
      Use the saved global build discarder configuration on restart.
  - type: major bug
    category: regression
    pull: 4607
    issue: 61692
    authors:
    - daniel-beck
    message: |-
      Fix proxy form validation when a password is set (regression in 2.222.1).
  - type: bug
    category: bug
    pull: 4540
    issue: 60788
    authors:
    - slide
    message: |-
      Prevent NullPointerException when hitting <em>Check Now</em> against a custom update center without tool installer metadata.
  - type: bug
    category: bug
    pull: 4525
    issue: 60454
    authors:
    - Wadeck
    - daniel-beck
    references:
      - pull: 4525
      - issue: 60454
      - issue: 55070
      - issue: 59992
      - issue: 61192
    message: |-
      Prevent one occurrence of "Jenkins.instance is missing" during Jenkins restart.
  - type: rfe
    category: rfe
    pull: 4573
    issue: 61465
    authors:
    - daniel-beck
    message: |-
      Developer: Make <code>h.checkAnyPermission</code> and <code>&lt;l:layout permissions="..."&gt;</code> work on objects that aren't <code>AccessControlled</code>.
  - type: rfe
    category: internal
    pull: 4532
    issue: 61279
    authors:
    - timja
    message: |-
      Developer: Prevent spurious deprecation messages by removing the deprecated findbugs-annotation.

- version: "2.222.4"
  date: 2020-05-24
  changes:
  - type: major bug
    category: regression
    pull: 4701
    issue: 62133
    authors:
    - daniel-beck
    message: |-
      Prevent a form validation "404 Not Found" error when the resource root URL configuration points at a previously configured resource root URL (regression in 2.222.1).
  - type: bug
    category: bug
    pull: 4601
    issue: 61409
    authors:
    - jeffret-b
    - jglick
    - Vlatombe
    references:
    - issue: 61409
    - pull: 4601
    - pull: 4596
    - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.2.1
      title: Remoting 4.2.1 changelog
    - url: "/blog/2020/02/02/web-socket/"
      title: WebSockets blog post
    - url: https://github.com/jenkinsci/jep/blob/master/jep/222/README.adoc
      title: JEP-222
    message: |-
      Upgrade to Remoting 4.2.1 to fix an issue with large payloads over WebSockets.
      Requires a matching <code>agent.jar</code> with remoting 4.2.1 or later.
  - type: bug
    category: bug
    pull: 4606
    issue: 61694
    authors:
    - oleg-nenashev
    message: |-
      Update Groovy Init hooks to run after all job configurations are adapted.
  - type: bug
    category: regression
    pull: 4629
    issue: 61660
    authors:
    - sladyn98
    message: |-
      Fix spacing between error messages in Setup Wizard (regression in 2.222.1).
  - type: bug
    category: regression
    pull: 4653
    issue: 61711
    authors:
    - rishabhBudhouliya
    message: |-
      Fix input field hints for tools like the git plugin that search the PATH for their executable (regression in 2.222.1).
  - type: bug
    category: bug
    pull: 4536
    issue: 61284
    authors:
    - timja
    message: |-
      Remove grey bar below the <code>textarea</code> form elements for read only users.
  - type: bug
    category: bug
    pull: 4622
    issue: 61812
    authors:
    - timja
    message: |-
      Distinguish between defined (<strong>*****</strong>) and undefined (<strong>N/A</strong>) password on read-only configuration forms for users with Overall/SystemRead or Item/ExtendedRead permissions.
  - type: rfe
    category: rfe
    pull: 4479
    issue: 61202
    authors:
    - timja
    references:
    - issue: 61202
    - pull: 4479
    - issue: 61321
    - pull: 4541
    message: |-
      Users with extended read permission now get a more read-only looking UI.

- version: "2.235.1"
  date: 2020-06-17
  lts_predecessor: "2.222.4"
  lts_baseline: "2.235"

  changes: # compared to lts_baseline 2.235

  - type: major bug
    category: regression
    pull: 4713
    issue: 62163
    authors:
    - daniel-beck
    message: |-
      Make plugin manager work on Internet Explorer 11 again (regression in 2.231).
  - type: major bug
    category: regression
    pull: 4712
    issue: 61920
    authors:
    - MRamonLeon
    message: |-
      Prevent telemetry warnings about missing <code>javax.annotation</code> classes when running with Java 11 (regression in 2.231).
  - type: major bug
    category: regression
    pull: 4714
    issue: 62181
    authors:
    - jglick
    message: |-
      Fix a deadlock involving custom loggers during agent startup (regression in 2.231).
  - type: bug
    category: bug
    pull: 4718
    issue: 62231
    authors:
    - MRamonLeon
    message: |-
      Prevent Old Data Monitor from failing plugin loading in the case of class field unmarshalling issues.

  lts_changes: # compared to lts_predecessor 2.222.4

  # Major user experience improvements
  # Plugin manager improvements
  - type: major rfe
    category: major rfe
    pull: 4513
    issue: 61166
    references:
    - issue: 61166
    - pull: 4580
    - pull: 4513
    - pull: 4588
    - pull: 4534
    - pull: 4591
    - pull: 4535
    - pull: 4589
    - pull: 4584
    authors:
    - daniel-beck
    message: |-
      Various improvements to the plugin manager, including:
      It no longer shows all available plugins by default; use search field to find plugins.
      They are now sorted by popularity by default.
      Additionally, categories are no longer used to group plugins, instead they're shown as labels.
  - type: major rfe
    category: major rfe
    pull: 4546
    authors:
    - daniel-beck
    message: |-
      Organize entries on the <em>Manage Jenkins</em> page into categories and show them in a grid.

  # Other improvements
  - type: major rfe
    category: major rfe
    pull: 4503
    authors:
    - daniel-beck
    message: |-
      Remove 'auto refresh' feature, including now obsolete auto refresh telemetry capability.

  # System/Read improvements
  - type: major rfe
    category: major rfe
    pull: 4479
    issue: 61202
    authors:
    - timja
    references:
    - issue: 61202
    - pull: 4479
    - url: /blog/2020/05/25/read-only-jenkins-announcement/
      title: Read-only Jenkins Configuration blog post
    message: |-
      Users with extended read permission now get a more read-only looking UI.
  - type: major rfe
    category: major rfe
    pull: 4520
    issue: 61201
    references:
    - issue: 61205
#    - pull: 4524
    - issue: 61201
#    - pull: 4520
    - issue: 61203
#    - pull: 4518
    - issue: 61207
#    - pull: 4530
    - issue: 61455
#    - pull: 4569
    - issue: 61208
#    - pull: 4533
    - issue: 61208
#    - pull: 4685
    authors:
    - timja
    - amuniz
    - daniel-beck
    message: |-
      Allow users with Overall/SystemRead permission to view <em>About Jenkins</em>, <em>Manage Plugins</em>, <em>Global Security Configuration</em>, and <em>System Log</em>.
  - type: bug
    category: bug
    pull: 4622
    issue: 61812
    authors:
    - timja
    message: |-
      Distinguish between defined (<em>*****</em>) and undefined (<em>N/A</em>) password on read-only configuration forms for users with <code>Overall/SystemRead</code> or <code>Item/ExtendedRead</code> permissions.

  # Overall/Manage improvements
  - type: major rfe
    category: major rfe
    pull: 4571
    issue: 61456
    references:
    - issue: 61456
#    - pull: 4571
    - issue: 61453
#    - pull: 4572
    - issue: 61457
#    - pull: 4570
    - issue: 61455
#    - pull: 4569
    authors:
    - EstherAF
    - amuniz
    - timja
    - escoem
    message: |-
      Allow users with Overall/Manage permission to access the <em>System Information</em>, <em>Prepare for Shutdown</em>, and <em>About Jenkins</em> management links.
      <em>Usage Statistics</em> in <em>Global Configuration</em> is now also configurable by users with that permission.

  # User experience improvements
  - type: rfe
    category: rfe
    pull: 4548
    issue: 60921
    authors:
    - fqueiruga
    message: |-
      Use modern system fonts provided by the browser when possible.
      Changes font size for body copy and headings to improve consistency and legibility.
  - type: rfe
    category: rfe
    pull: 4658
    issue: 61840
    authors:
    - fqueiruga
    message: |-
      Restyle buttons.
      Add support for large buttons, hyperlinks styled as buttons and icon-only buttons.
  - type: rfe
    category: rfe
    pull: 4663
    authors:
    - timja
    message: |-
      Restyle the help icon.
  - type: rfe
    category: rfe
    pull: 4610
    issue: 61478
    authors:
    - romenrg
    message: |-
      Improve styling of alert banners to be more visually appealing and to better match existing user interface components.
      Alerts now fully cover the navigation bar while they are displayed instead of covering only a portion of the navigation bar.

  # Other improvements
  - type: rfe
    category: rfe
    pull: 4389
    issue: 60410
    authors:
    - jeffret-b
    message: |-
      Suppress error stack traces for non-administrator users as core capability.

- version: "2.235.2"
  date: 2020-07-15
  changes:
  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2020-07-15/
        title: security advisory
    authors:
      - wadeck
  - type: bug
    category: bug
    pull: 4812
    issue: 61823
    references:
    - issue: 61823
    - pull: 4812
    - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.9.1
      title: Winstone 5.9.1 changelog
    authors:
    - oleg-nenashev
    message: |-
      Fix <code>--httpKeepAliveTimeout</code> option which had no effect (regression in 2.235.1).
  - type: bug
    category: bug
    pull: 4770
    issue: 62560
    authors:
    - fqueiruga
    message: |-
      Fix buttons that linger too long after closing modal (regression in 2.233 and 2.235.1).

- version: "2.235.3"
  date: 2020-07-27
  changes:
  - type: major rfe
    category: major rfe
    message: |-
      Update Debian and Red Hat repository signing keys for the Jenkins long term support repositories.
    references:
      - url: /blog/2020/07/27/repository-signing-keys-changing/
        title: announcement and upgrade guidelines
    authors:
      - olblak

- version: "2.235.4"
  date: 2020-08-12
  banner: >
    A <strong>new GPG signing key</strong> is used for the Jenkins long term support package repositories.
    Follow the instructions in the <a href="/blog/2020/07/27/repository-signing-keys-changing/">Linux repository signing blog post</a> to install the new public key on your computer.
  changes:
  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2020-08-12/
        title: security advisory
    authors:
      - daniel-beck
      - wadeck
  - type: major rfe
    category: major rfe
    message: |-
      Use <strong>new 64 bit Windows installer</strong> with service account checks and port validation.
      Supports 64 bit Java 8 and 64 bit Java 11.
    references:
      - url: /blog/2019/02/01/windows-installers/
        title: Announcement
      - url: /doc/upgrade-guide/2.235/
        title: Upgrade guide
    authors:
      - slide
  - type: bug
    category: bug
    pull: 4805
    issue: 62695
    authors:
    - johnou
    message: |-
       Allow graceful shutdown when SCM triggers are configured.
  - type: bug
    category: bug
    pull: 4833
    issue: 62723
    authors:
    - jglick
    - Zastai
    message: |-
      Fix <code>IllegalArgumentException: Method not found</code> error caused by misbehaviour in <code>Util.isOverridden()</code> (regression in 2.241).

- version: "2.235.5"
  date: 2020-08-17
  changes:
  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2020-08-17/
        title: security advisory
    authors:
      - daniel-beck
  - type: major rfe
    authors:
    - oleg-nenashev
    - slide
    message: |-
      Major update of the Alpine-based Jenkins Docker image.
      Jenkins Docker image for Alpine now uses Alpine 3.12 and AdoptOpenJDK 8u262.
    references:
      - url: /doc/upgrade-guide/2.235/#docker-alpine-image-overhaul
        title: upgrade guide

- version: "2.249.1"
  date: 2020-09-09
  lts_predecessor: "2.235.5"
  lts_baseline: "2.249"

  changes: # compared to lts_baseline 2.249 - extracted from the RC commit(s)

  - type: security
    message: Important security fixes from Jenkins 2.252 and 2.235.4.
    references:
      - url: /security/advisory/2020-08-12/
        title: security advisory
    authors:
      - daniel-beck
      - wadeck
  - type: major bug
    category: regression
    pull: 4912
    issue: 63458
    authors:
    - jglick
    message: |-
      Stop pre-formatting agent logs to prevent deadlocks (regression in 2.231).
  - type: major bug
    category: regression
    pull: 4897
    issue: 63274
    authors:
    - Wadeck
    message: |-
      Fix button that copies API token to clipboard (regression in 2.238).
  - type: major bug
    category: regression
    pull: 4870
    issue: 63180
    authors:
    - fqueiruga
    message: |-
      Restore wrapping tabs into multiple lines instead of overflowing (regression in 2.248).
  - type: bug
    category: bug
    references:
      - url: https://github.com/jenkinsci/dark-theme-plugin/issues/126
        title: Fixes bread crumbs flash in Dark Theme
    issue: 63285
    pull: 4867
    authors:
    - fqueiruga
    message: |-
      Normalize widget colors to be consistent with the new color palette.
  - type: bug
    category: regression
    pull: 4892
    issue: 63276
    authors:
    - fqueiruga
    message: |-
      Empty installed plugins table text is readable again (regression in 2.249).
  - type: bug
    category: bug
    pull: 4893
    issue: 63232
    authors:
    - Wadeck
    message: |-
      Show build time data in the Build Time Trend Page (regression in 2.245).
  - type: bug
    category: bug
    pull: 4863
    issue: 63166
    authors:
    - takashiharano
    message: |-
      Replace text references to slave with agent in Japanese documentation and messages.
  - type: bug
    category: regression
    pull: 4901
    issue: 63342
    authors:
    - francoiscampbell
    message: |-
      Fix backspace key sometimes did not delete text from the Script Console on a Mac (regression in 2.248).
  - type: bug
    category: regression
    pull: 4896
    issue: 63308
    authors:
    - timja
    message: |-
      Fix regular expression validator UI location (regression in 2.244).
  - type: rfe
    category: rfe
    pull: 4850
    issue: 61687
    authors:
    - gmshake
    message: |-
      Prevent concurrent build deletion.

  lts_changes: # compared to lts_predecessor 2.235.5 (selected by personal review)

  # Major user experience improvements
  - type: major rfe
    category: major rfe
    pull: 4752
    authors:
    - 95jonpet
    - timja
    - fqueiruga
    references:
      - issue: 60924
      - pull: 4752
      - issue: 62515
      - pull: 4763
      - pull: 4772
      - pull: 4814
      - pull: 4842
      - pull: 4843
      - url: https://github.com/jenkinsci/dark-theme
        title: Dark Theme repository
      - url: https://cd.foundation/blog/2020/08/04/introducing-the-jenkins-dark-theme/
        title: Introducing the Jenkins Dark Theme
    message: |-
      Release 'alpha' dark theme.

  # Major Windows Support Updates
  - type: major rfe
    category: major rfe
    pull: 4823
    references:
      - url: /blog/2020/07/23/windows-support-updates/
        title: announcement
      - url: /blog/2020/07/23/windows-support-updates/#use-cases-affected-by-net-framework-2-0-support-removal
        title: upgrade guidelines
      - issue: 60005
      - issue: 61862
      - url: /doc/administration/requirements/windows/
        title: Windows support policy
    authors:
    - NextTurn
    - oleg-nenashev
    message: |-
      Stop supporting .NET Framework 2.0 for launching Jenkins server and agents as a Windows service.
      .NET Framework 4.0 or above is now required.
  - type: major rfe
    category: major rfe
    pull: 4823
    references:
      - url: /blog/2020/07/23/windows-support-updates/#windows-service-management-changes-in-jenkins-2-248
        title: changes summary
      - url: https://github.com/winsw/winsw/releases
        title: full WinSW changelog
      - url: https://github.com/jenkinsci/windows-slave-installer-module/releases/tag/windows-slave-installer-2.0
        title: Windows Agent Installer 2.0 changelog
    authors:
    - NextTurn
    - oleg-nenashev
    message: |-
      Update Windows Service Wrapper (WinSW) from 2.3.0 executable for .NET Framework 2.0 to 2.9.0 for .NET Framework 4.0.
      Includes numerous improvements and bugfixes.
      Most notably, the service installer will now ask for permission elevation if the required.

  # Plugin manager improvements
  - type: rfe
    category: rfe
    pull: 4073
    issue: 59136
    references:
      - pull: 4073
      - issue: 59136
      - pull: 4742
      - issue: 62332
    authors:
    - jetersen
    - daniel-beck
    message: |-
      Show in plugin manager when newer releases of plugins exist but aren't being offered due to unsatisfied requirements.
      Show warnings for <b>deprecated</b> plugins in the update manager and administrative monitors.

  # More user experience improvements
  - type: rfe
    category: rfe
    issue: 62698
    pull: 4808
    references:
      - issue: 62698
      - pull: 4808
      - issue: 61973
      - pull: 4700
      - issue: 62750
      - pull: 4816
      - issue: 56109
      - pull: 4820
      - issue: 63002
      - pull: 4835
      - url: https://issues.jenkins.io/browse/JENKINS-62437
        title: "Configuration UI Accessibility: Tables to Divs migration"
      - pull: 4782
      - issue: 4767
      - issue: 62175
    authors:
    - fqueiruga
    message: |-
      Provide a more modern look and feel for the Jenkins UI.
  - type: rfe
    category: rfe
    pull: 4748
    issue: 61806
    authors:
    - 95jonpet
    - jglick
    message: |-
      Remove page generation timestamp from the footer.

  # Permissions enhancements - System read support, Overall/Manage
  - type: rfe
    category: rfe
    pull: 4724
    issue: 62264
    references:
      - issue: 62264
      - pull: 4724
      - issue: 61458
      - pull: 4728
    authors:
    - amuniz
    - timja
    message: |-
      Allow users with Overall/Manage permission to configure Node Monitoring and to reload configuration from disk.
  - type: rfe
    category: rfe
    pull: 4531
    issue: 61206
    authors:
    - timja
    message: |-
      Add system read support for 'Node Monitoring Configuration', configuring clouds, viewing agent configuration, system information, and logs.

  # Jenkins command line interface
  - type: rfe
    category: rfe
    pull: 4673
    authors:
    - sorend
    message: |-
      Support Bearer tokens in Jenkins-CLI <code>-auth</code> parameter.

  # Security hardening
  - type: rfe
    category: rfe
    pull: 4630
    issue: 61808
    authors:
    - daniel-beck
    message: |-
      Security hardening: Always round-trip password form control values in an encrypted form, even if not backed by an encrypted <code>Secret</code> field.
      In case of problems, this can be disabled by setting the system property <code>hudson.util.Secret.AUTO_ENCRYPT_PASSWORD_CONTROL</code> to <code>false</code> on startup.
  - type: rfe
    category: rfe
    pull: 4630
    issue: 61808
    authors:
    - daniel-beck
    message: |-
      Security hardening: Always use a placeholder value for password form control values in item related configuration forms when the user is missing Item/Configure permission, even if not backed by an encrypted <code>Secret</code> field.
      In case of problems, this can be disabled by setting the system property <code>hudson.util.Secret.BLANK_NONSECRET_PASSWORD_FIELDS_WITHOUT_ITEM_CONFIGURE</code> to <code>false</code>.
  - type: bug
    category: bug
    pull: 4823
    authors:
    - NextTurn
    message: |-
      Fix the default domain name in Windows service <code>serviceaccount</code> configurations.
    references:
      - issue: 12660
      - url: https://github.com/winsw/winsw/releases/tag/v2.7.0
        title: Windows Service Wrapper 2.7.0 changelog

  # Winstone 5.10
  - type: rfe
    category: rfe
    pull: 4811
    authors:
    - oleg-nenashev
    references:
      - pull: 4811
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.28.v20200408
        title: 9.4.28.v20200408 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.29.v20200521
        title: 9.4.29.v20200521 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.30.v20200611
        title: 9.4.30.v20200611 changelog
    message: |-
      Update Winstone from 5.9 to 5.10.
      Update Jetty from 9.4.27.v20200227 to 9.4.30.v20200611.
      Add <code>--httpsRedirectHttp</code> option that activates automatic HTTP request redirects to HTTPs.
  - type: bug
    category: bug
    pull: 4811
    issue: 61823
    authors:
    - oleg-nenashev
    message: |-
      Fix <code>--httpKeepAliveTimeout</code> option which had no effect (regression in 2.224).

  # Stapler 1.260
  - type: bug
    category: bug
    pull: 4813
    issue: 61438
    authors:
    - rahulsom
    references:
      - issue: 61438
      - pull: 4813
      - url: https://github.com/stapler/stapler/releases/tag/stapler-parent-1.260
        title: Stapler 1.260 changelog
    message: |-
      Update Stapler from 1.259 to 1.260.

  # Other fixes
  - type: rfe
    category: rfe
    pull: 4683
    issue: 62014
    authors:
    - daniel-beck
    message: |-
      Add the ability to filter out environment variables for Shell and Windows batch build steps.
  - type: bug
    category: bug
    pull: 4833
    issue: 62723
    authors:
    - jglick
    - Zastai
    message: |-
      Fix <code>IllegalArgumentException: Method not found</code> error caused by misbehaviour in <code>Util.isOverridden()</code> (regression in 2.241).
  - type: bug
    category: bug
    pull: 4839
    issue: 63014
    authors:
    - jglick
    message: |-
      Remove the fallback Jenkins URL from the JNLP launch file so that WebSocket agents can be connected over Java Web Start.

  # Fingerprint improvements
  - type: rfe
    category: rfe
    pull: 4834
    authors:
    - stellargo
    references:
      - pull: 4834
      - issue: 62345
      - pull: 4731
      - url: https://github.com/jenkinsci/jep/tree/master/jep/226
        title: JEP-226
      - url: https://javadoc.jenkins.io/hudson/model/Fingerprint.html
        title: Fingerprint API Javadoc
      - url: https://github.com/jenkinsci/redis-fingerprint-storage-plugin
        title: Redis reference implementation
    message: |-
      Allow fingerprint storage engine to be selected from the configuration page.
      Add new external fingerprint storage API methods.
  - type: rfe
    category: rfe
    pull: 4842
    issue: 62747
    authors:
    - timja
    message: |-
      Developer: Add <code>alert-success</code> banner.
  - type: rfe
    category: developer
    pull: 4683
    issue: 62014
    authors:
    - daniel-beck
    message: |-
      Developer: Add new extension points to define build step environment filters (currently in beta).
  - type: rfe
    category: internal
    pull: 4831
    references:
      - pull: 4832
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.4
        title: Remoting 4.4 changelog
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.5
        title: Remoting 4.5 changelog
    authors:
    - jeffret-b
    message: |-
      Internal: Upgrade to Remoting 4.5.
      This switches agent.jar and remoting.jar to a code-signing certificate owned by the CDF.

- version: "2.249.2"
  date: 2020-10-07
  changes:
  - type: major bug
    category: regression
    pull: 4942
    issue: 62661
    authors:
    - res0nance
    message: |-
      Fix migration of status filter when coming from an older version of Jenkins (regression in 2.249.1).
  - type: bug
    category: bug
    pull: 4898
    issue: 63330
    authors:
    - timja
    message: |-
      Make alert colors consistent with 'Manage Jenkins' alert colors.
  - type: bug
    category: bug
    pull: 4921
    issue: 63563
    authors:
    - MRamonLeon
    message: |-
      Avoid warning on logs about Anonymous Class in <code>hudson.FilePath</code>.
  - type: bug
    category: bug
    pull: 4923
    issue: 63562
    authors:
    - daniel-beck
    message: |-
      Fix NullPointerException pollution on logs if PluginDeprecationMonitor is enabled and some conditions are met.
  - type: bug
    category: bug
    pull: 4899
    issue: 63331
    authors:
    - timja
    message: |-
      Developer: Make unavailable plugin background themeable.

- version: '2.249.3'
  date: 2020-11-04
  changes:
  - type: major bug
    category: regression
    pull: 5001
    issue: 63798
    authors:
    - timja
    - yJunS
    references:
      - pull: 4949
      - pull: 5001
      - issue: 63798
    message: |-
      Fix extensions footer location (regression in 2.235.1).
  - type: major bug
    category: regression
    pull: 4943
    issue: 63712
    authors:
    - daniel-beck
    message: |-
      Show display names in change list again (regression in 2.249.1).
  - type: bug
    category: bug
    pull: 4936
    issue: 63332
    authors:
    - benebsiny
    message: |-
      Prevent radio buttons from moving when they are clicked.

# pull: 5045 (PR title: Cherry pick JDK 11.0.9 / 8.0.272+ compatible FunctionsTest#printThrowable() to stable-2.249)

- version: "2.263.1"
  date: 2020-12-03
  lts_predecessor: "2.249.3"
  lts_baseline: "2.263"

  changes: # compared to lts_baseline 2.263 - extracted from the RC commit(s)

  - type: major bug
    category: major bug
    pull: 5046
    issue: 64040
    authors:
    - timja
    references:
      - pull: 5046
      - issue: 64040
      - issue: 64136
    message: |-
      Fix hidden page elements from radio blocks showing up when they should not.
  - type: bug
    category: bug
    pull: 5038
    issue: 62985
    authors:
    - jglick
    references:
      - pull: 5038
      - url: https://github.com/stapler/stapler/releases/tag/stapler-parent-1.261
        title: Stapler 1.261 changelog
    message: |-
      Fix file handle leak when viewing corrupted build logs.
      Upgrade Stapler from 1.260 to 1.261.
  - type: bug
    category: bug
    pull: 5013
    issue: 63868
    authors:
    - oleg-nenashev
    message: |-
      Prevent the Build History Widget from crashing when users have Discover permissions without Read for folders.
  - type: rfe
    category: rfe
    pull: 5034
    issue: 64035
    authors:
    - oleg-nenashev
    - olamy
    references:
      - issue: 64035
      - pull: 5034
      - pull: 4975
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.12
        title: Winstone 5.12 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.31.v20200723
        title: Jetty 9.4.31.v20200723 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.32.v20200930
        title: Jetty 9.4.32.v20200930 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.33.v20201020
        title: Jetty 9.4.33.v20201020 changelog
    message: |-
      Winstone 5.12: Update Jetty from 9.4.30.v20200611 to 9.4.33.v20201020.
      Introduce LowResourceMonitor from Jetty by upgrading to Winstone 5.12.
  - type: rfe
    category: rfe
    pull: 5035
    issue: 64039
    authors:
    - jtnord
    message: |-
      Improve performance of authorisation strategies when the authentication realm is case insensitive.

  # pull: 5033 (PR title: JDK 11.0.9 / 8.0.272+ compatible FunctionsTest#printThrowable())
  # pull: 5064 (PR title: Update the pinned version of ATH in use to a more recent version)

  lts_changes: # compared to lts_predecessor 2.249.3 (selected by personal review)

  - type: major bug
    category: major bug
    authors:
    - tam116
    references:
      - issue: 64212
      - url: "https://github.com/jenkinsci/packaging/pull/198"
        title: pull 198 (packaging)
    message: |-
      Fix Debian / Ubuntu Java version check for Java 11.0.9.1.

  - type: major rfe
    category: major rfe
    pull: 4909
    references:
      - pull: 4909
      - url: https://github.com/jenkinsci/jep/blob/master/jep/224/README.adoc
        title: JEP-224
    authors:
    - timja
    message: |-
      Graduate Overall/SystemRead permission to general availability (GA) status.

  - type: major rfe
    category: rfe
    pull: 4951
    authors:
    - daniel-beck
    message: >
      SSHD module 2.7: Remove deprecated key exchange and MAC algorithms.
    references:
      - pull: 4951
      - url: "https://github.com/jenkinsci/sshd-module/blob/master/CHANGELOG.md#27"
        title: SSHD module 2.7 changelog

  - type: rfe
    category: rfe
    pull: 4951
    authors:
    - daniel-beck
    message: >
      SSHD module 2.7: Allow configuring disabled key exchange and MAC algorithms through system properties.
    references:
      - pull: 4951
      - url: "https://github.com/jenkinsci/sshd-module/blob/master/CHANGELOG.md#27"
        title: SSHD module 2.7 changelog

  - type: rfe
    category: rfe
    pull: 4926
    issue: 63592
    authors:
    - fqueiruga
    message: |-
      Improve the layout and clarity of the page displayed when jobs are not yet created.

  - type: rfe
    category: rfe
    pull: 4950
    issue: 63795
    authors:
    - aHenryJard
    message: |-
      Allow users with the Jenkins/MANAGE permission to restart and safe restart Jenkins.

  - type: rfe
    category: rfe
    pull: 4910
    authors:
    - daniel-beck
    references:
      - pull: 4910
      - url: "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy"
        title: Cross-Origin-Opener-Policy at developer.mozilla.org
    message: |-
      Set <code>Cross-Origin-Opener-Policy</code> to <code>same-origin</code>.

  - type: rfe
    category: rfe
    pull: 4027
    issue: 57484
    authors:
    - Wadeck
    message: |-
      Improve the scripting capacity related to the API Token system.
      Provide a way to configure a fixed/default API Token for admin during installation phase.

  - type: bug
    category: bug
    pull: 4978
    authors:
    - PhilippHomann
    references:
      - pull: 4978
      - url: /doc/book/managing/system-properties/#historywidget-descriptionlimit
        title: Features controlled with System Properties
    message: |-
      Hide description panel in sidebar if historyWidget.descriptionLimit is 0.

  - type: bug
    category: bug
    pull: 4889
    issue: 42228
    authors:
    - takashiharano
    message: |-
      Prevent JavaScript error when registering validators in some cases.

  - type: bug
    category: bug
    pull: 4992
    authors:
    - 95jonpet
    message: |-
      Prevent resource leak in the File Fingerprint Storage implementation.

  - type: rfe
    category: developer
    pull: 4939
    authors:
    - Vlatombe
    message: |-
      Developer: Improve the combobox component to support default value and readonly mode.

  - type: rfe
    category: developer
    pull: 4825
    issue: 62757
    authors:
    - stellargo
    message: |-
      Developer: Allow migration of fingerprints from local storage to external storage.

  - type: rfe
    category: developer
    pull: 4888
    authors:
    - stellargo
    message: |-
      Developer: Expose fingerprint range set serialization methods for plugins.

  - type: rfe
    category: developer
    pull: 4974
    references:
      - pull: 4974
      - url: https://github.com/jenkinsci/jep/tree/master/jep/202
        title: JEP-202
    authors:
    - jglick
    message: |-
      Developer: Pluggable Artifact Storage: Make the <code>VirtualFile</code> API generally available to plugin developers.

  - type: rfe
    category: developer
    pull: 4829
    issue: 46175
    authors:
    - Zastai
    message: |-
      Developer: A <code>SimpleBuildStep</code> or <code>SimpleBuildWrapper</code> can now choose not to require a workspace context (working directory and launcher).

  - type: rfe
    category: developer
    pull: 4922
    authors:
    - Vlatombe
    message: |-
      Developer: Cloud implementations are given more context about ongoing planned nodes.
      Add <code>CloudState</code> to be passed to <code>Cloud#provision</code> and <code>Cloud#canProvision</code> methods.

- version: "2.263.2"
  date: 2021-01-13
  changes:
  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2021-01-13/
        title: security advisory
    authors:
      - daniel-beck
      - jeffret-b
      - jvz
      - Wadeck
  - type: major bug
    category: regression
    pull: 5099
    issue: 64373
    authors:
    - timja
    message: |-
      Help text now expands in behaviours for GitHub organization folders (regression in 2.244).
  - type: rfe
    message: Security hardening related to XML processing using <code>Digester2</code>.
    references:
      - url: /doc/upgrade-guide/2.263/#digester2
        title: related upgrade guide entry
    authors:
      - daniel-beck
  - type: rfe
    message: Security hardening related to form validation responses.
    references:
      - url: /doc/upgrade-guide/2.263/#formvalidation
        title: related upgrade guide entry
    authors:
      - daniel-beck
  - type: rfe
    message: Security hardening restricting label names.
    references:
      - url: /doc/upgrade-guide/2.263/#labelatom
        title: related upgrade guide entry
    authors:
      - jeffret-b
  - type: bug
    category: bug
    pull: 5081
    issue: 64071
    authors:
    - fqueiruga
    references:
      - issue: 64071
      - issue: 64125
      - pull: 5081
    message: |-
      Populate select fields with default values (regression in 2.244).
  - type: bug
    category: bug
    pull: 5090
    issue: 64330
    authors:
    - belingueres
    message: |-
      Wrong unicode codes in Spanish translation and small improvements.
  - type: rfe
    category: internal
    pull: 5087
    authors:
    - StefanSpieker
    message: |-
      Internal: Updated Node version to latest LTS (14.15.1).

  # pull: 5104 (PR title: [JENKINS-64393] update jupiter to fix not running junit4 tests)

- version: "2.263.3"
  date: 2021-01-25
  changes:
  - type: security
    message: Security fix.
    references:
      - url: /security/advisory/2021-01-26/
        title: 2021-01-26 security advisory
  - type: major bug
    category: regression
    pull: 5191
    issue: 64655
    authors:
    - jeffret-b
    message: |-
      Provide a default implementation of the "all files in zip" download link.
      This is especially important for external storage plugin (regression in 2.263.2).
  - type: major bug
    category: regression
    pull: 5188
    issue: 64632
    authors:
    - Wadeck
    references:
      - pull: 5188
      - issue: 64632
      - url: /security/advisory/2021-01-13/#SECURITY-1452
        title: SECURITY-1452
    message: |-
      Fix the file handle leak inside DirectoryBrowserSupport (regression in 2.263.2).
  - type: major bug
    category: regression
    pull: 5187
    issue: 64621
    authors:
    - Wadeck
    references:
      - pull: 5187
      - issue: 64621
      - issue: 61473
      - url: /security/advisory/2021-01-13/#SECURITY-1452
        title: SECURITY-1452
    message: |-
      Include root folder in downloaded zip files (regression in 2.263.2).
      Resolve an additional related zip archive root folder issue.

  # pull: 5178 (PR title: Ignore security test that fails in CI)

- version: "2.263.4"
  date: 2021-02-10
  changes:
  - type: rfe
    category: rfe
    pull: 5190
    issue: 64670
    authors:
    - alecharp
    - batmat
    message: |-
      Improve performance in fingerprint file creation.
  - type: bug
    category: bug
    pull: 5113
    issue: 64332
    authors:
    - timja
    message: |-
      Use the correct freestyle font-size for descriptions.
  - type: bug
    category: bug
    pull: 5114
    issue: 64426
    authors:
    - timja
    message: |-
      Don't tell user's to signup when signup is not available.

- version: "2.277.1"
  date: 2021-03-10
  lts_predecessor: "2.263.4"
  lts_baseline: "2.277"
  banner: >
    As described in the <a href="/blog/2020/11/10/major-changes-in-weekly-releases/">Major changes in the weekly release line</a> blog post, this release improves key user interface components.
    Configuration user interfaces now use html <code>div</code> markup to present a better layout than the previous html <code>table</code> layout.
    Configuration pages are now easier to read, easier to understand, and work better on a wide range of screens.
    See the <a href="https://issues.jenkins.io/secure/Dashboard.jspa?selectPageId=20741">Jenkins issue tracker</a> for a list of plugins known to have issues with the change.
    <p>&nbsp;</p>
    <p>As described in the <a href="/blog/2020/11/10/spring-xstream/">Spring and XStream updates (breaking changes!)</a> blog post, this release updates and replaces outdated internal components.
    The Acegi security library used for authentication has been replaced by Spring Security (<a href="https://github.com/jenkinsci/jep/blob/master/jep/227/README.adoc">JEP-227</a>).
    See the <a href="https://github.com/jenkinsci/jep/blob/master/jep/227/compatibility.adoc">Spring Security compatibility table</a> for the latest plugin compatibility status.
    A fork of the XStream library used to read and write XML files has been replaced by the upstream version of XStream (<a href="https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc">JEP-228</a>).
    See the <a href="https://github.com/jenkinsci/jep/blob/master/jep/228/compatibility.adoc">XStream compatibility table</a> for the latest plugin compatibility status.
    <p>&nbsp;</p>
    <b>Known Issues</b>If your Jenkins instance was created before Jenkins 2.4 or 2.7.1 LTS, a Setup Wizard may appear on the startup after the upgrade.
    In such a case, a Jenkins admin may need to skip the plugin installation.
    See the upgrade guide for the detailed guidelines.
  changes: # compared to lts_baseline 2.277 - extracted from the RC commit(s)

  - type: security
    pull: 5285
    authors:
    - dependabot
    references:
      - url: /security/advisory/2021-02-19/
        title: security advisory
      - url: https://github.com/spring-projects/spring-security/releases/tag/5.4.4
        title: Spring Security 5.4.4 release notes
      - url: https://github.com/spring-projects/spring-security/releases/tag/5.4.3
        title: Spring Security 5.4.3 release notes
    message: |-
      Important security fix.
      This vulnerability does not exist in any Jenkins LTS release.
      It was discovered in a weekly release and fixed in a weekly release without being part of an LTS release.

  - type: major bug
    category: major bug
    pull: 5282
    issue: 41727
    authors:
    - timja
    message: |-
      Show available plugin updates by reloading update center data on upgrade/downgrade.

  - type: major bug
    category: regression
    pull: 5263
    issue: 64805
    authors:
    - fqueiruga
    message: |-
      Fix Internet Explorer 11 rendering of the <em>Available</em> plugins tab (regression in 2.270).

  - type: major bug
    category: regression
    pull: 5236
    issue: 64775
    authors:
    - alecharp
    message: |-
      Include 'plugin-id' and 'plugin-version' data attributes in the <em>Available</em> plugins tab (regression in 2.270).

  - type: major bug
    category: major bug
    pull: 5281
    issue: 64840
    authors:
    - rsandell
    message: |-
      Fix plugin search over multiple update sites (regression in 2.270).

  - type: bug
    category: bug
    pull: 5216
    issue: 64746
    authors:
    - escoem
    references:
      - issue: 64746
      - pull: 5216
      - url: https://github.com/spring-projects/spring-security/releases/tag/5.4.2
        title: Spring Security 5.4.2 release notes
    message: |-
      Restore, as deprecated, the old constructor based on acegisecurity <code>Authentication</code> parameter in order to keep backward compatibility.

  lts_changes: # compared to lts_predecessor 2.249.3 (selected by personal review)

  - type: major rfe
    category: major rfe
    pull: 3895
    issue: 56109
    authors:
    - jsoref
    - timja
    - fqueiruga
    references:
      - issue: 56109
      - pull: 3895
      - url: /doc/developer/views/table-to-div-migration/
        title: Table to div layout migration guide
    message: |-
      Change Jenkins configuration UI from tables to divs for layout in forms.

  - type: major rfe
    category: major rfe
    pull: 5051
    issue: 64196
    authors:
    - timja
    message: |-
      Massive performance enhancement to available plugins page of Plugin Manager.
      Exact matches of plugin name are moved to the top.

  - type: bug
    category: bug
    pull: 5051
    issue: 63684
    authors:
    - timja
    message: |-
      Fix incorrect striping of rows on available page of Plugin Manager.

  - type: bug
    category: bug
    pull: 5145
    issue: 64439
    authors:
    - benebsiny
    message: |-
      Prevent user input of 'e' or 'E' as 'positive-number', 'non-negative-number', or 'number'.

  - type: bug
    category: bug
    pull: 5010
    issue: 35452
    authors:
    - jeffret-b
    message: |-
      Change the standard URL for obtaining the inbound agent configuration file from <code>${agent_url}/slave-agent.jnlp</code> to <code>${agent_url}/jenkins-agent.jnlp</code>.
      The old name is obsolete and will be removed at a future time.

  - type: rfe
    category: rfe
    pull: 5035
    issue: 64039
    authors:
    - jtnord
    message: |-
      Improve performance of authorisation strategies when the authentication realm is case insensitive.

  - type: rfe
    category: rfe
    pull: 4274
    issue: 1877
    authors:
    - Austry
    message: |-
      Add the ability to specify a reason for quieting down Jenkins ("Prepare for shutdown").

  - type: rfe
    category: rfe
    pull: 4962
    authors:
    - StefanSpieker
    message: |-
      Dropped support for deprecated system properties: <code>hudson.model.Hudson.logStartupPerformance</code>, <code>hudson.model.Hudson.initLogLevel</code>, <code>hudson.model.Hudson.parallelLoad</code>, <code>hudson.model.Hudson.killAfterLoad</code> and <code>hudson.model.Hudson.workspaceDirName</code>.
      Please use <code>jenkins.model.Jenkins.</code>-prefixed SystemProperties.

  - type: rfe
    category: rfe
    pull: 5047
    authors:
    - jglick
    message: |-
      Remove administrative monitor offering to migrate <code>$JENKINS_HOME</code> on a ZFS filesystem.

  - type: rfe
    category: rfe
    pull: 5015
    issue: 63977
    authors:
    - Wadeck
    message: |-
      Show security and non-security notifications in separate categories with their associated icons.

  - type: rfe
    category: rfe
    pull: 5063
    authors:
    - fqueiruga
    - Wadeck
    message: |-
      Reduce page load time by loading the administrative monitors popup on demand.
      Allow keyboard navigation even when there are active administrative monitors.

  - type: rfe
    category: rfe
    pull: 5176
    authors:
    - fqueiruga
    - timja
    message: |-
      Use a more accessible color palette in configuration form tabs.

  - type: rfe
    category: rfe
    pull: 5198
    authors:
    - res0nance
    - alecharp
    - batmat
    references:
      - pull: 5190
      - pull: 5198
      - issue: 64670
    message: |-
      Improve fingerprint save performance.

  - type: rfe
    category: rfe
    pull: 5153
    issue: 63222
    authors:
    - caseyduquettesc
    message: |-
      Add a system property <code>jenkins.agent.inboundUrl</code> to provide an alternate URL for inbound TCP agents.

  - type: rfe
    category: rfe
    pull: 4962
    authors:
    - StefanSpieker
    message: |-
      Drop support for deprecated system properties: <code>hudson.model.Hudson.logStartupPerformance</code>, <code>hudson.model.Hudson.initLogLevel</code>, <code>hudson.model.Hudson.parallelLoad</code>, <code>hudson.model.Hudson.killAfterLoad</code> and <code>hudson.model.Hudson.workspaceDirName</code>.
      Please use <code>jenkins.model.Jenkins.</code>-prefixed SystemProperties.

  - type: rfe
    category: rfe
    pull: 5082
    issue: 58101
    authors:
    - res0nance
    message: |-
      Reduce lock contention around Jenkins queue.

  - type: rfe
    category: rfe
    pull: 5102
    authors:
    - daniel-beck
    message: |-
      Stop bundling CVS plugin.
      Jenkins will no longer automatically install CVS plugin on startup if a plugin depending on Jenkins (then Hudson) 1.340 or earlier is discovered.
      If you use a plugin that relies on the functionality provided by CVS plugin and manage plugins outside the Jenkins plugin manager, you will now need to ensure yourself that a recent release of CVS plugin is installed.
      Jenkins will attempt to load such plugins but may fail at any time during startup or afterwards with <code>ClassNotFoundException</code> or similar.

  - type: rfe
    category: rfe
    pull: 5122
    authors:
    - oleg-nenashev
    - olamy
    references:
      - issue: 64035
      - pull: 5034
      - pull: 5122
      - pull: 5332
      - url: "https://github.com/jenkinsci/winstone/releases/tag/winstone-5.12"
        title: Winstone 5.12 changelog
      - url: "https://github.com/jenkinsci/winstone/releases/tag/winstone-5.13"
        title: Winstone 5.13 changelog
      - url: "https://github.com/jenkinsci/winstone/releases/tag/winstone-5.14"
        title: Winstone 5.14 changelog
      - url: "https://github.com/jenkinsci/winstone/releases/tag/winstone-5.15"
        title: Winstone 5.15 changelog
      - url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.31.v20200723"
        title: Jetty 9.4.31.v20200723 changelog
      - url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.32.v20200930"
        title: Jetty 9.4.32.v20200930 changelog
      - url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.33.v20201020"
        title: Jetty 9.4.33.v20201020 changelog
      - url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.34.v20201102"
        title: Jetty 9.4.34 changelog
      - url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.35.v20201120"
        title: Jetty 9.4.35 changelog
      - url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.36.v20210114"
        title: Jetty 9.4.36 changelog
      - url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.37.v20210219"
        title: Jetty 9.4.37 changelog
      - url: "https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.38.v20210224"
        title: Jetty 9.4.38 changelog
    message: |-
      Winstone 5.15: Update Jetty from 9.4.30.v20200611 to 9.4.38.v20210224 for bug fixes and enhancements.

  - type: rfe
    category: rfe
    pull: 5043
    authors:
    - jeffret-b
    references:
      - pull: 5043
      - url: "https://github.com/jenkinsci/remoting/releases/tag/remoting-4.6"
        title: Remoting 4.6 changelog
    message: |-
      Upgrade from Remoting 4.5 to Remoting 4.6 with bugfixes and dependency updates.

  - type: rfe
    category: rfe
    pull: 5111
    authors:
    - timja
    references:
      - pull: 5111
      - url: "https://github.com/stapler/stapler/releases/tag/stapler-parent-1.262"
        title: Stapler 1.262 changelog
    message: |-
      Update stapler to 1.262 to fix a number of <code>IllegalReflectiveAccessWarnings</code> when running on Java 11.

  - type: rfe
    category: rfe
    pull: 5129
    authors:
    - dependabot
    references:
      - pull: 5129
      - url: "https://github.com/jnr/jnr-posix/compare/jnr-posix-3.0.45...jnr-posix-3.1.4"
        title: Commits from jnr-posix 3.0.45 to 3.1.4
    message: |-
      Update jnr-posix library from 3.0.45 to 3.1.4.

  - type: rfe
    category: rfe
    pull: 5125
    authors:
    - dependabot
    references:
      - pull: 5125
      - url: "https://github.com/java-native-access/jna/blob/master/CHANGES.md#release-560"
        title: JNA 5.6.0 changelog
      - url: "https://github.com/java-native-access/jna/blob/master/CHANGES.md#release-550"
        title: JNA 5.5.0 changelog
      - url: "https://github.com/java-native-access/jna/blob/master/CHANGES.md#release-540"
        title: JNA 5.4.0 changelog
    message: |-
      Update Java native access (jna) library from 5.3.1 to 5.6.0 for more recent platform library fixes and enhancements.

  - type: major rfe
    category: developer
    pull: 4944
    issue: 19561
    authors:
    - jglick
    references:
      - pull: 4944
      - pull: 5115
      - url: "https://github.com/jenkinsci/jep/blob/master/jep/227/README.adoc"
        title: JEP-227
      - url: "/blog/2020/11/10/spring-xstream/"
        title: Spring and XStream updates (breaking changes!) blog post
      - url: "https://x-stream.github.io/changes.html#1.4.14"
        title: XStream 1.4.14 changelog
      - url: "https://x-stream.github.io/changes.html#1.4.15"
        title: XStream 1.4.15 changelog
    message: |-
      Developer: Use an updated version of the XStream serialization library without custom patches.

  - type: major rfe
    category: developer
    pull: 4848
    authors:
    - jglick
    references:
      - pull: 4948
      - pull: 5166
      - url: "https://github.com/jenkinsci/jep/blob/master/jep/228/README.adoc"
        title: JEP-228
      - url: "/blog/2020/11/10/spring-xstream/"
        title: Spring and XStream updates (breaking changes!) blog post
      - url: https://github.com/spring-projects/spring-security/releases/tag/5.4.2
        title: Spring Security 5.4.2 release notes
    message: |-
      Developer: Use Spring Security rather than its predecessor, Acegi Security.
      Other bundled Spring libraries are also updated.

  - type: major rfe
    category: developer
    pull: 4929
    authors:
    - fqueiruga
    references:
      - pull: 4929
      - url: "https://blog.jquery.com/"
        title: jQuery older release notes (3.1.1, 3.2.1, 3.3.0, 3.3.1, 3.4.0, 3.4.1)
      - url: "https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/"
        title: jQuery 3.5.0 release notes
      - url: "https://blog.jquery.com/2020/05/04/jquery-3-5-1-released-fixing-a-regression/"
        title: jQuery 3.5.1 release notes
    message: |-
      Developer: Upgrade jQuery from 2.1.4 to 3.5.1.

- version: "2.277.2"
  date: 2021-04-07
  changes:
  - type: security
    message: Security fixes.
    references:
      - url: /security/advisory/2021-04-07/
        title: security advisory
  - type: major bug
    category: regression
    pull: 5316
    issue: 64972
    authors:
    - benebsiny
    message: |-
      Fix help buttons in the draggable section (regression in 2.277.1).
  - type: rfe
    message: Security hardening against some CSRF attacks.
    references:
      - url: /doc/upgrade-guide/2.277/#submittedform
        title: related upgrade guide entry
    authors:
      - daniel-beck
  - type: bug
    category: bug
    pull: 5367
    issue: 62006
    authors:
    - timja
    message: |-
      Fix <code>NoClassDefFoundError</code> exception while executing <code>ProcessTree.get()</code>.
  - type: bug
    category: bug
    pull: 5305
    issue: 64931
    authors:
    - olamy
    message: |-
      Prevent Jenkins queue deadlock when cancelling tasks under certain conditions.
  - type: bug
    category: bug
    pull: 5207
    issue: 65186
    authors:
    - fqueiruga
    message: |-
      Reduce logging of renamed API endpoint.

- version: "2.277.3"
  date: 2021-04-20
  changes:
  - type: security
    message: Important security fix.
    references:
      - url: /security/advisory/2021-04-20/
        title: security advisory
  - type: rfe
    category: rfe
    pull: 5380
    authors:
    - olamy
    references:
      - pull: 5380
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.16
        title: Winstone 5.16 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.39.v20210325
        title: Jetty 9.4.39.v20210325 changelog
    message: |-
      Winstone 5.16: Update Jetty from 9.4.38.v20210224 to 9.4.39.v20210325 for bug fixes and enhancements.

- version: "2.277.4"
  date: 2021-05-05
  changes:
  - type: bug
    category: regression
    pull: 5379
    issue: 65021
    authors:
    - benebsiny
    message: |-
      Fix disabled dropdown items to appear disabled (regression in 2.277.1).
  - type: bug
    category: regression
    pull: 5408
    issue: 65336
    authors:
    - MarkEWaite
    message: |-
      Fix load statistics graph links to include correct graph duration (regression in 2.277.1).
  - type: bug
    category: bug
    pull: 5377
    issue: 56934
    authors:
    - jtnord
    message: |-
      Honor the current folder when creating new views with the "New View" link.
  - type: rfe
    category: rfe
    pull: 5360
    issue: 65281
    authors:
    - MarkEWaite
    references:
      - pull: 5360
      - issue: 65281
      - url: https://x-stream.github.io/changes.html#1.4.16
        title: XStream 1.4.16
    message: |-
      Upgrade from xstream 1.4.15 to 1.4.16.

- version: "2.289.1"
  date: 2021-06-02
  lts_predecessor: "2.277.4"
  lts_baseline: "2.289"
  changes: # compared to lts_baseline 2.289 - extracted from the RC commit(s)

  - type: major bug
    category: regression
    pull: 5489
    issue: 65605
    authors:
    - jtnord
    message: |-
      Fix <code>NoSuchMethodError</code> when using plugins that rely on bridge methods for compatibility (regression in 2.278).

  - type: bug
    category: regression
    issue: 65585
    authors:
    - res0nance
    message: |-
      Fix form submission for some specific form validation cases (regression in 2.289).

  - type: bug
    category: bug
    pull: 5448
    issue: 65190
    authors:
    - benebsiny
    message: |-
      Wrap the build name in the build results list if it is too long.

  - type: bug
    category: bug
    pull: 5455
    issue: 64294
    authors:
    - jglick
    message: |-
      Improve performance for standard input of the Jenkins CLI, for example with the `install-plugin` command.

  - type: bug
    category: bug
    pull: 5435
    issue: 52356
    authors:
    - basil
    message: |-
      Fix an issue archiving files greater than 4 GiB in size when creating ZIP64 archives.

  lts_changes: # compared to lts_predecessor 2.277.4 (selected by personal review)

  - type: major rfe
    category: major rfe
    pull: 5049
    issue: 64107
    authors:
    - kuisathaverat
    - timja
    references:
      - issue: 55582
      - issue: 64107
      - pull: 5049
      - pull: 5206
      - url: https://github.com/jenkinsci/sshd-module
        title: SSHD module repository
    message: |-
      SSHD module is no longer bundled in Jenkins core.
      Provide SSHD as a plugin.

  - type: major rfe
    category: major rfe
    pull: 5065
    authors:
    - timja
    - fqueiruga
    - josephbrueggen
    - uhafner
    references:
      - pull: 5065
      - pull: 5392
    message: |-
      Add modern icons: build status and weather.

  - type: rfe
    category: rfe
    pull: 5337
    authors:
    - jeffret-b
    - res0nance
    message: |-
      Add administrative monitors recommending no executors are configured on the controller.

  - type: rfe
    category: rfe
    pull: 5078
    authors:
    - daniel-beck
    - fqueiruga
    message: |-
      Add indicator for security-related entries in the global administrative monitors configuration.

  - type: rfe
    category: rfe
    pull: 5424
    authors:
    - daniel-beck
    message: |-
      Improve UI of slow trigger administrative monitor.

  - type: rfe
    category: rfe
    pull: 5192
    issue: 63855
    authors:
    - benebsiny
    - oleg-nenashev
    message: |-
      Support 'min' and 'max' values in field definitions of forms.

  - type: rfe
    category: rfe
    pull: 5291
    authors:
    - fqueiruga
    message: |-
      Improve button focus states.

  - type: rfe
    category: rfe
    pull: 5311
    authors:
    - basil
    message: |-
      Do not force plugin upgrades of recently detached plugins.

  - type: rfe
    category: rfe
    pull: 5338
    authors:
    - basil
    references:
      - pull: 5338
      - url: https://plugins.jenkins.io/ant
        title: Ant plugin
      - url: https://plugins.jenkins.io/javadoc
        title: Javadoc plugin
      - url: https://plugins.jenkins.io/rad-builder
        title: RAD Builder plugin
    message: |-
      Stop bundling the Ant and Javadoc plugins.
      Jenkins will no longer automatically install the Ant and Javadoc plugins on startup if a plugin depending on Jenkins 1.430 or earlier is discovered.
      If you use such a plugin that also relies on the functionality provided by the Ant or Javadoc plugin (e.g., the RAD Builder and manage plugins outside the Jenkins plugin manager, you will now need to ensure that a recent release of the Ant or Javadoc plugin is installed.
      Jenkins will attempt to load such plugins but may fail at any time during startup or afterwards with <code>ClassNotFoundException</code> or similar.

  - type: rfe
    category: rfe
    pull: 5412
    issue: 65308
    authors:
    - res0nance
    references:
      - pull: 5402
      - pull: 5412
      - issue: 65308
    message: |-
      Improve performance when creating or deleting nodes by reducing queue-lock contention.

  - type: rfe
    category: rfe
    pull: 5365
    issue: 65172
    authors:
    - daniel-beck
    message: |-
      Improve support for update site-defined setup wizard suggestions.

  - type: rfe
    category: rfe
    pull: 4623
    authors:
    - daniel-beck
    message: |-
      Switch to sending POST requests by default for form validation URLs.

  - type: rfe
    category: rfe
    pull: 5368
    authors:
    - daniel-beck
    message: |-
      Add a Jenkins User-Agent header to outgoing HTTP requests by default.
      Use <code>jenkins.UserAgentURLConnectionDecorator.disabled</code> to disable it if needed.

  - type: bug
    category: bug
    pull: 5359
    authors:
    - res0nance
    message: |-
      Sort available plugins by name when popularity is equal.

  - type: bug
    category: bug
    pull: 5377
    issue: 56934
    authors:
    - jtnord
    message: |-
      Honor the current folder when creating new views with the "New View" link.

  - type: bug
    category: bug
    pull: 5333
    issue: 65017
    authors:
    - daniel-beck
    message: |-
      Do not render full error responses in case of internal errors when validating fields in configuration forms.

  - type: bug
    category: bug
    pull: 5341
    authors:
    - felfert
    message: |-
      Accept negative numbers in number input controls (regression in 2.274).

  - type: bug
    category: bug
    pull: 5138
    issue: 64510
    authors:
    - jeffret-b
    message: |-
      Improve reconnection behavior for inbound TCP agents.

  - type: rfe
    category: rfe
    pull: 5266
    authors:
    - gulyaev13
    message: |-
      Remove the hardcoded JKS key store so that other key stores can be used, like BCFKS from the FIPS version of Bouncy Castle.

  - type: rfe
    category: rfe
    pull: 5292
    authors:
    - dependabot
    references:
      - pull: 5292
      - url: "https://github.com/jenkinsci/remoting/releases/tag/remoting-4.7"
        title: Remoting 4.7 changelog
    message: |-
      Upgrade from Remoting 4.6 to Remoting 4.7 with bugfixes and dependency updates.

  - type: rfe
    category: rfe
    pull: 5347
    authors:
    - jeffret-b
    references:
      - pull: 5347
      - url: https://github.com/jenkinsci/bouncycastle-api-plugin/releases/tag/bouncycastle-api-2.20
        title: bouncycastle-api 2.20 changelog
      - url: https://github.com/jenkinsci/bouncycastle-api-plugin/releases/tag/bouncycastle-api-2.18
        title: bouncycastle-api 2.18 changelog
      - url: https://github.com/jenkinsci/bouncycastle-api-plugin/blob/master/docs/CHANGELOG.md#217
        title: bouncycastle-api 2.17 changelog
      - url: https://github.com/jenkinsci/bouncycastle-api-plugin/blob/master/docs/CHANGELOG.md#2163
        title: bouncycastle-api 2.16.3 changelog
      - url: https://github.com/jenkinsci/bouncycastle-api-plugin/blob/master/docs/CHANGELOG.md#2162
        title: bouncycastle-api 2.16.2 changelog
      - url: https://github.com/jenkinsci/bouncycastle-api-plugin/blob/master/docs/CHANGELOG.md#2161
        title: bouncycastle-api 2.16.1 changelog
      - url: https://www.bouncycastle.org/releasenotes.html
        title: Bouncy Castle library 1.64 release notes
    message: |-
      Upgrade bouncycastle-api plugin from 2.16.0 to 2.20.
      Upgrade Bouncy Castle library to 1.64.

  - type: rfe
    category: rfe
    pull: 5413
    authors:
    - dependabot[bot]
    references:
      - pull: 5413
      - url: https://github.com/spring-projects/spring-security/releases/tag/5.4.6
        title: Spring project spring-security 5.4.6 release notes
    message: |-
      Bump spring-security-bom from 5.4.5 to 5.4.6.

  - type: rfe
    category: internal
    pull: 5324
    authors:
    - daniel-beck
    - jglick
    references:
      - pull: 5324
      - url: https://github.com/stapler/stapler/releases/tag/stapler-parent-1.263
        title: Stapler 1.263 release notes
      - url: https://commons.apache.org/proper/commons-beanutils/changes-report.html#a1.9.4
        title: Apache commons beanutils 1.9.4 release notes
    message: |-
      Internal: Update Stapler from 1.262.1 to 1.263 to use latest Apache commons-beanutils.
      Update Apache commons-beanutils from 1.9.3 to 1.9.4.

  - type: major rfe
    category: developer
    pull: 5065
    authors:
    - timja
    - fqueiruga
    - josephbrueggen
    references:
      - pull: 5065
      - url: https://github.com/jenkinsci/github-branch-source-plugin/pull/393
        title: Example external SVG sprite implementation in GitHub Branch Source plugin
    message: |-
      Developer: Add support for plugins to use external SVG sprites in their icons.

- version: "2.289.2"
  date: 2021-06-30
  changes:
  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2021-06-30/
        title: security advisory
  - type: rfe
    category: rfe
    pull: 5540
    authors:
    - dependabot[bot]
    - basil
    references:
      - issue: 65624
      - pull: 5437
      - pull: 5540
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.17
        title: Winstone 5.17 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.18
        title: Winstone 5.18 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.40.v20210413
        title: Jetty 9.4.40 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.41.v20210516
        title: Jetty 9.4.41 changelog
    message: |-
      Winstone 5.18: Update Jetty from 9.4.39.v20210325 to 9.4.41.v20210516 for bug fixes and enhancements.
  - type: rfe
    category: rfe
    pull: 5498
    issue: 65657
    authors:
    - MRamonLeon
    references:
      - pull: 5498
      - issue: 65657
      - url: https://x-stream.github.io/changes.html#1.4.17
        title: XStream 1.4.17
    message: |-
      Update from xstream 1.4.16 to 1.4.17.
  - type: bug
    category: bug
    pull: 5479
    issue: 65585
    authors:
    - thomasgl-orange
    - basil
    references:
      - issue: 65585
      - pull: 5479
      - pull: 5405
    message: |-
      Prepare for form submission changes in future Firefox releases.
      Adapt form validation for all web browsers and form validation test automation for HtmlUnit based tests.
  - type: bug
    category: bug
    pull: 5550
    issue: 65766
    authors:
    - jglick
    message: |-
      A race condition in class loading could result in a <code>LinkageError</code>.
  - type: bug
    category: bug
    pull: 5543
    issue: 65751
    authors:
    - sratz
    message: |-
      Do not change fonts when build artifacts are as shown as a tree.
  - type: bug
    category: bug
    pull: 5461
    issue: 64991
    authors:
    - daniel-beck
    message: |-
      Jenkins redirects users to the previous page after login even if they were able to view it while not logged in (regression in 2.266).
  - type: bug
    category: bug
    pull: 5548
    issue: 65195
    authors:
    - ngg
    message: |-
      Fix incorrect process termination issues when running on macOS.
  - type: bug
    category: bug
    pull: 5548
    issue: 64347
    authors:
    - ngg
    message: |-
      Add check to prevent out of bounds memory access error on macOS.

  # pull: 5405 (PR title: [JENKINS-53462] Stop using deprecated submit events)

- version: "2.289.3"
  date: 2021-07-28
  changes:
  - type: bug
    category: bug
    pull: 5471
    issue: 65574
    authors:
    - uhafner
    message: |-
      Improve build status progress animation.

- version: "2.303.1"
  date: 2021-08-25
  lts_predecessor: "2.289.3"
  lts_baseline: "2.303"
  changes: # compared to lts_baseline 2.303 - extracted from the RC commit(s)

  - type: bug
    category: bug
    pull: 5613
    issue: 66094
    authors:
    - trungPa
    message: |-
      Fix an issue unzipping archives in a corner case when entries have the same path prefix as the target location.

  - type: bug
    category: bug
    pull: 5675
    issue: 66413
    authors:
    - jtnord
    references:
      - pull: 5675
      - issue: 66413
      - url: https://issues.apache.org/jira/browse/IO-741
        title: Apache Commons-IO issue 741
    message: |-
      Detect files in a symlink that points to a directory (regression in 2.301).
      Bump Commons IO to 2.11.0.

  - type: bug
    category: bug
    pull: 5634
    issue: 65923
    authors:
    - benebsiny
    message: |-
      Show tooltips when users hover on the SVG icons.

  - type: rfe
    category: rfe
    authors:
    - MarkEWaite
    references:
      - url: /blog/2021/08/17/docker-images-use-jdk-11-by-default/
        title: Blog post
    message: |-
      Use Java 11 in Docker images instead of Java 8.

  - type: rfe
    category: rfe
    pull: 5628
    issue: 66177
    authors:
    - amuniz
    message: |-
      Allow Java 11 administrative monitor to be disabled with a system property.

  lts_changes: # compared to lts_predecessor 2.289.3 (selected by personal review)

  - type: major bug
    category: regression
    pull: 5506
    issue: 65273
    authors:
      - jtnord
    message: |-
      Fix SSH command line interface (CLI) authentication (regression in 2.284).

  - type: major bug
    category: regression
    pull: 5489
    issue: 65605
    authors:
      - jtnord
    message: |-
      Fix <code>NoSuchMethodError</code> when using plugins that rely on bridge methods for compatibility (regression in 2.278).

  - type: major rfe
    category: major rfe
    pull: 5320
    authors:
      - olamy
    message: |-
      Remove Apache Commons Digester library and related code from the Jenkins core.
    references:
      - pull: 5320
      - issue: 65161
      - url: /blog/2021/06/04/digester-removal/
        title: Announcement and upgrade guidelines

  - type: bug
    category: bug
    pull: 5461
    issue: 64991
    authors:
      - daniel-beck
    message: |-
      Jenkins redirects users to the previous page after login even if they were able to view it while not logged in (regression in 2.266).

  - type: bug
    category: bug
    pull: 5536
    authors:
      - Wadeck
    message: |-
      Improve contrast for the checkbox in the login page.

  - type: rfe
    category: rfe
    pull: 5474
    issue: 65577
    authors:
      - timja
    message: |-
      Recommend running on Java 11.

  - type: rfe
    category: rfe
    pull: 5465
    issue: 59412
    authors:
      - jglick
    message: |-
      Display Pipeline builds among user build history and remove incorrect warning about view build history.

  - type: rfe
    category: rfe
    pull: 5472
    authors:
      - TobiX
    message: |-
      Show implied plugin dependencies or a count of dependencies for plugins split from core.

  - type: rfe
    category: rfe
    pull: 5462
    authors:
      - daniel-beck
    message: |-
      Explain that some plugin updates can be unavailable even on the latest version of a given release line (i.e. LTS).

  - type: rfe
    category: localization
    pull: 5499
    issue: 65398
    authors:
      - aHenryJard
    message: |-
      Update French terminology for controller.

  - type: rfe
    category: rfe
    pull: 5538
    authors:
      - benebsiny
    message: |-
      Change the word 'number' to 'integer' in the error message of the number field.

  - type: rfe
    category: rfe
    pull: 5563
    authors:
    - ngg
    - basil
    message: |-
      The Jenkins process management functionality now supports FreeBSD.

  - type: rfe
    category: rfe
    pull: 5586
    authors:
    - jglick
    message: |-
      Optimize access control checks affecting (at least) Pipeline <code>node</code> steps.

  - type: rfe
    category: rfe
    pull: 5454
    authors:
      - daniel-beck
    references:
      - pull: 5454
      - url: https://github.com/jenkinsci/jenkins/pull/5454#issue-627566656
        title: Plugin versions with a fix
      - url: https://github.com/jenkinsci/jep/tree/master/jep/200
        title: JEP-200
    message: |-
      Remove JEP-200 compatibility workarounds for releases published before February 2018 of the following plugins: Maven Integration, Job DSL, Monitoring, Git Client, Pipeline: Supporting APIs, OWASP Dependency-Check.

  - type: rfe
    category: rfe
    pull: 5422
    issue: 65442
    authors:
      - basil
    references:
      - pull: 5422
      - url: https://github.com/stapler/stapler/releases/tag/1527.ve41b3ce15c05
        title: Stapler 1527.ve41b3ce15c05 changelog
      - url: https://github.com/stapler/stapler/releases/tag/1532.vfcf95addcb5f
        title: Stapler 1532.vfcf95addcb5f changelog
      - pull: 5549
      - url: https://github.com/stapler/stapler/releases/tag/1539.v2f05ce93882d
        title: Stapler 1539.v2f05ce93882d changelog
      - url: https://github.com/stapler/stapler/releases/tag/1563.v3da2d02f9572
        title: Stapler 1563.v3da2d02f9572 changelog
    message: |-
      Update Stapler from 1.263 to 1563.v3da2d02f9572 to improve performance when encoding unicode characters in JSON API.

  - type: rfe
    category: rfe
    pull: 5445
    authors:
      - basil
    references:
      - pull: 5445
      - url: https://plugins.jenkins.io/external-monitor-job
        title: External Monitor Job Type plugin
      - url: https://plugins.jenkins.io/ldap
        title: LDAP plugin
      - url: https://plugins.jenkins.io/pam-auth
        title: PAM Authentication plugin
    message: |-
      Stop bundling the External Monitor Job Type, LDAP, and PAM Authentication plugins.
      Jenkins will no longer automatically install the External Monitor Job Type, LDAP, or PAM Authentication plugins on startup if a plugin depending on Jenkins 1.467 or earlier is discovered.
      If you use such a plugin that also relies on the functionality provided by the External Monitor Job Type, LDAP, or PAM Authentication plugin and manage plugins outside Jenkins' plugin manager, you will now need to ensure that a recent release of the External Monitor Job Type, LDAP, or PAM Authentication plugin is installed.
      Jenkins will attempt to load such plugins but may fail at any time during startup or afterwards with <code>ClassNotFoundException</code> or similar.

  # - type: rfe
  #   category: rfe
  #   pull: 5450
  #   authors:
  #     - res0nance
  #   message: |-
  #     Remove the requirement for locking the queue when adding a new node.

  # - type: rfe
  #   category: rfe
  #   pull: 5556
  #   authors:
  #     - jglick
  #   message: |-
  #     Document REST methods to mark an (agent) node temporarily offline and related tasks.

  - type: rfe
    category: rfe
    pull: 5589
    authors:
    - olamy
    references:
      - pull: 5589
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.19
        title: Winstone 5.19 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.42.v20210604
        title: Jetty 9.4.42 changelog
    message: |-
      Winstone 5.19: Update Jetty from 9.4.41.v20210516 to Jetty 9.4.42.v20210604.

  - type: rfe
    category: rfe
    pull: 5598
    authors:
      - dependabot[bot]
    references:
      - pull: 5505
      - url: https://github.com/spring-projects/spring-security/releases/tag/5.5.0
        title: Spring project spring-security 5.5.0 release notes
      - pull: 5598
      - url: https://github.com/spring-projects/spring-security/releases/tag/5.5.1
        title: Spring project spring-security 5.5.1 release notes
    message: |-
      Bump spring-security-bom from 5.4.6 to 5.5.1.

  - type: rfe
    category: rfe
    pull: 5547
    authors:
      - dependabot[bot]
      - timja
    message: |-
      Bump sshd-core from 2.5.1 to 2.7.0 in Jenkins CLI.

  - type: rfe
    category: rfe
    pull: 5555
    authors:
      - Wadeck
    message: |-
      Add <code>X-Frame-Options</code> header to AJAX responses.

  # - type: rfe
  #   category: internal
  #   pull: 5518
  #   authors:
  #     - daniel-beck
  #   message: |-
  #     Internal: Remove partial (~6% complete) Arabic and Portuguese translations

  - type: rfe
    category: rfe
    pull: 5526
    authors:
      - basil
      - timja
    references:
      - pull: 5526
      - url: "https://plugins.jenkins.io/vertx/"
        title: Vertx plugin
      - url: "https://plugins.jenkins.io/slave-prerequisites/"
        title: Slave Prerequisites plugin
    message: |-
      Remove the Bytecode Compatibility Transformer library and related code from Jenkins core.
      Developer:  Plugins that rely on the <code>hudson.model.Queue$Item#id</code> or <code>hudson.model.AbstractProject#triggers</code> fields must be updated to call the corresponding getters.

  - type: rfe
    category: internal
    pull: 5452
    authors:
      - daniel-beck
    message: |-
      Stop sending HTTP response headers related to the remoting-based CLI (removed in 2.165).

  - type: rfe
    category: internal
    pull: 5478
    issue: 40700
    authors:
      - dependabot[bot]
    references:
      - pull: 5478
      - issue: 40700
      - url: "https://github.com/jenkinsci/remoting/releases/tag/remoting-4.8"
        title: Remoting 4.8 changelog
      - pull: 5539
      - url: "https://github.com/jenkinsci/remoting/releases/tag/remoting-4.9"
        title: Remoting 4.9 changelog
      - pull: 5607
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.10
        title: Remoting 4.10 changelog
    message: |-
      Internal: Upgrade from Remoting 4.7 to Remoting 4.10 with bugfixes and dependency updates.

  - type: rfe
    category: developer
    pull: 5521
    authors:
      - basil
    references:
      - pull: 5521
      - url: https://plugins.jenkins.io/nis-notification-lamp/
        title: NIS notification lamp plugin
    message: |-
      Developer: Remove JTidy dependency from Jenkins core.
      Plugins that use JTidy functionality must be updated to explicitly declare a dependency on JTidy rather than relying on Jenkins core to provide this library.

  - type: rfe
    category: developer
    pull: 5565
    authors:
      - basil
    message: |-
      Developer: <code>InterceptingExecutorService</code> and its subclasses no longer extend <code>com.google.common.util.concurrent.ForwardingExecutorService</code> or <code>com.google.common.collect.ForwardingObject</code>.

  - type: rfe
    category: developer
    pull: 5560
    authors:
      - basil
    references:
      - pull: 5560
      - url: https://plugins.jenkins.io/maven-repo-cleaner/
        title: Maven Repository Scheduled Cleanup plugin
      - url: https://plugins.jenkins.io/sicci_for_xcode/
        title: SICCI for Xcode plugin
      - url: https://plugins.jenkins.io/tmpcleaner/
        title: java.io.tmpdir cleaner plugin
    message: |-
      Developer: Remove <code>jna-posix</code> dependency from Jenkins core.
      Plugins that use <code>jna-posix</code> functionality must be migrated from <code>jna-posix</code> to <code>jnr-posix</code>.

  - type: rfe
    category: developer
    pull: 5603
    authors:
    - basil
    references:
      - pull: 5566
      - pull: 5603
    message: |-
      Developer: The <code>hudson.util.SubClassGenerator</code> and experimental <code>hudson.model.TreeView</code> class have been removed without replacement.

  # - type: rfe
  #   category: developer
  #   pull: 5533
  #   authors:
  #     - daniel-beck
  #   message: |-
  #     Developer: <code>View</code> is now a <code>DescriptorByNameOwner</code> allowing its use as <code>AncestorInPath</code>.

- version: "2.303.2"
  date: 2021-10-06
  changes:
  - type: security
    message: Security fixes.
    references:
      - url: /security/advisory/2021-10-06/
        title: security advisory
    authors:
      - daniel-beck
      - Wadeck
  - type: rfe
    message: >
      Security hardening: The "short description" of build causes is now defined as plain text instead of HTML.
    references:
      - url: /doc/upgrade-guide/2.303/#SECURITY-2452
        title: related LTS upgrade guide entry
      - url: /doc/developer/security/xss-prevention/Cause-getShortDescription
        title: related developer documentation
    authors:
      - daniel-beck
  - type: bug
    category: regression
    pull: 5723
    issue: 66470
    authors:
      - basil
    pr_title: "[JENKINS-66470] Register view-related permission groups and permissions\
      \ prior to the execution of JCasC"
    message: |-
      Allow Jenkins to start when the JCasC configuration defines view-related permissions (regression in 2.302).
  - type: bug
    category: bug
    pull: 5670
    issue: 66379
    authors:
      - jtnord
    pr_title: "[JENKINS-66379] upgrade winstone to allow non JKS keystores for\
      \ https certificates"
    references:
      - pull: 5670
      - issue: 66379
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.20
        title: Winstone 5.20 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.21
        title: Winstone 5.21 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.43.v20210629
        title: Jetty 9.4.43 changelog
    message: |-
      Use the JVM's default keystore type for the Jenkins server when terminating TLS connections within Jenkins.
      Used if Jenkins is started with the <code>--httpsPort</code> argument.
      Winstone 5.21: Update Jetty from 9.4.42.v20210604 to Jetty 9.4.43.v20210629.
  - type: bug
    category: bug
    pull: 5704
    authors:
      - jonsten
    pr_title: Fix bug in TextparameterDefinition
    message: |-
      Fix wrong parameter type for <code>Text Parameter</code> when triggering a build via the <code>buildWithParameters</code> API call.
  - type: rfe
    category: rfe
    pull: 5620
    message: |-
      Bump bundled Ant from 1.10.10 to 1.10.11.
  - type: rfe
    category: rfe
    pull: 5685
    issue: 66507
    authors:
      - basil
    references:
      - pull: 5685
      - issue: 66507
      - url: https://x-stream.github.io/changes.html#1.4.18
        title: XStream 1.4.18
    message: |-
      Upgrade from xstream 1.4.17 to 1.4.18.

- version: "2.303.3"
  date: 2021-11-04
  changes:
  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2021-11-04/
        title: security advisory
  - type: major rfe
    message: |-
      Security hardening: Require role check for remoting callables.
    references:
    - url: /doc/upgrade-guide/2.303/#SECURITY-2458
      title: LTS upgrade guide
    - url: /doc/developer/security/remoting-callables/
      title: developer documentation
  - type: rfe
    message: Always allow configuring agent-to-controller security subsystem.
  - type: bug
    category: bug
    pull: 5722
    issue: 66613
    authors:
      - Wadeck
    pr_title: "[JENKINS-66613] Correct Antlr grammar for LabelExpression"
    message: |-
      Correction of Label expression including a "implies" relationship without spaces around.

- version: "2.319.1"
  date: 2021-12-01
  lts_predecessor: "2.303.3"
  lts_baseline: "2.319"
  changes: # compared to lts_baseline 2.319 - extracted from the RC commit(s)

  - type: bug
    category: bug
    pull: 5900
    issue: 67063
    authors:
      - daniel-beck
    pr_title: "[JENKINS-67063] Revert canonicalization of entries when untarring"
    message: |-
      Do not attempt to canonicalize tar entries when untaring, as the result may be unexpected for symlinks.

  - type: bug
    category: bug
    pull: 5881
    issue: 67061
    authors:
      - daniel-beck
    references:
      - pull: 5881
      - issue: 67061
      - url: /doc/upgrade-guide/2.303/#SECURITY-2455
        title: Upgrade guide - Agent to controller path filter security fixes
    pr_title: "[JENKINS-67061] Fix overload in ConfigDirectory"
    message: |-
      Fix form submission for file access rules of agent to controller security subsystem (regression in 2.111).

  - type: bug
    category: bug
    pull: 5875
    issue: 67028
    authors:
      - NotMyFault
    pr_title: "[JENKINS-67028] Fix missing project hyperlink in build history"
    message: |-
      Fix missing hyperlink in build history (regression in 2.314).

  - type: bug
    category: bug
    pull: 5864
    issue: 67002
    authors:
      - jtnord
    pr_title: "[JENKINS-67002] protect Jenkins against bad RestartListeners"
    message: |-
      An exception thrown by a <code>RestartListener</code> no longer leaves Jenkins in a zombie-like state.

  - type: bug
    category: regression
    pull: 5865
    issue: 66993
    authors:
      - basil
    pr_title: "[JENKINS-66993] Do not register `AntClassLoader` as parallel-capable"
    message: |-
      Prevent <code>LinkageError</code> during class loading (regression in 2.309).

  - type: bug
    category: bug
    pull: 5906
    issue: 66969
    authors:
      - janfaracik
      - timja
    pr_title: "[JENKINS-66969] Fix ongoing first build from disappearing from\
      \ build history"
    message: |-
      Show ongoing first build in build history (regression in 2.314).

  - type: bug
    category: bug
    pull: 5932
    issue: 67188
    authors:
      - jglick
    pr_title: "[JENKINS-67188] Deadlock loading `TaskListener` vs. `StreamTaskListener`"
    message: |-
      Jenkins startup could hang due to a deadlock in class loading.

  - type: bug
    category: bug
    pull: 5919
    issue: 67033
    authors:
      - benebsiny
    pr_title: "[JENKINS-67033] Missing icon in dashboard view"
    message: |-
      Display the "Configure System" icon in the drop down menu.

  # pull: 5936 (PR title: Update at-since Javadoc up to 2.319)

  lts_changes: # compared to lts_predecessor 2.303.3 (selected by personal review)

  # Inclusive naming improvements

  - type: major rfe
    category: major rfe
    pull: 5425
    authors:
      - daniel-beck
    references:
      - url: /doc/upgrade-guide/2.319/#built-in-node-name-and-label-migration
        title: Upgrade guide - Built-In Node Name and Label Migration
    message: |-
      Replace the term "master" for the main Jenkins application with "controller" or "built-in node" in user interface strings and documentation.
      New installations get the new node and label immediately.
      Existing installations do not change the node name (e.g. <code>NODE_NAME</code> environment variable) or label of the built-in node until an administrator explicitly performs the migration.
      If a job definition, Pipeline definition, or tool installer reference must be tied to the built-in node, it should use the label "<code>built-in</code>".

  # User interface improvements

  - type: rfe
    category: rfe
    pull: 5693
    authors:
      - janfaracik
    pr_title: Modernise Manage Jenkins screen
    message: |-
      Modernise the "Manage Jenkins" screen.

  - type: rfe
    category: rfe
    pull: 5692
    authors:
      - janfaracik
    pr_title: Revamp build history search bar
    message: |-
      Modernise the "Build History" search bar.

  - type: rfe
    category: rfe
    pull: 5664
    authors:
      - janfaracik
    pr_title: Revamp Feed bar and Add/Edit description button to be consistent
      + correctly spaced
    message: |-
      Update appearance for feed bar and description button to be modern and consistent.

  - type: rfe
    category: rfe
    pull: 5507
    authors:
      - uhafner
    message: |-
      Improve layout of console output header.

  - type: rfe
    category: rfe
    pull: 5739
    issue: 66659
    authors:
      - zbynek
    pr_title: JENKINS-66659 Show new icons in build history
    message: |-
      Show new status icons in build history.

  - type: rfe
    category: rfe
    pull: 5763
    authors:
      - janfaracik
    pr_title: Update tooltips to be consistent across Jenkins
    message: |-
      Update tooltips to be consistent across Jenkins.

  - type: rfe
    category: rfe
    pull: 5663
    authors:
      - janfaracik
      - timja
    pr_title: Use SVGs over PNGs for the sidebar when possible
    message: |-
      Use SVGs over PNGs for the sidebar when possible.
      Breadcrumb bar/logo/menu items are now correctly aligned on the left together.
      Move old <code>war/images</code> folder to <code>webapp</code> so they can be used in frontend - the SVGs are now in the <code>webapp/images/svgs</code> folder.

  - type: rfe
    category: rfe
    pull: 5700
    issue: 65928
    authors:
      - benebsiny
    pr_title: "[JENKINS-65928] Job trend page shows previous icons"
    message: |-
      Replace the old icons with the new SVG icons in the job trend page.

  - type: rfe
    category: rfe
    pull: 5697
    authors:
      - janfaracik
    pr_title: Graphs now scale correctly for high-DPI screens
    message: |-
      Graphs now scale correctly on high resolution screens.

  - type: rfe
    category: rfe
    pull: 5788
    issue: 49675
    authors:
      - jtnord
    pr_title: "[JENKINS-49675] Mark the cookie as secure when serving via HTTPS"
    message: |-
      Screen resolution cookie now has the <code>secure</code> flag set when Jenkins is running on HTTPS.

  - type: rfe
    category: rfe
    pull: 5821
    issue: 64831
    authors:
      - dependabot[bot]
    pr_title: "[JENKINS-64831] - Remoting 4.11: Deprecate the -cp option in the\
      \ agent.jar"
    references:
      - pull: 5821
      - issue: 64831
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.11
        title: Remoting 4.11 changelog
    message: |-
      Deprecate the <code>-cp</code> option in the remoting agent.jar command line.
      Upgrade from Remoting 4.10 to Remoting 4.11.

  - type: rfe
    category: rfe
    pull: 5615
    issue: 66105
    authors:
      - i-am-vt
    pr_title: "[JENKINS-66105]The appropriate HTTP code in buildWithParameters."
    message: |-
      When the <code>buildWithParameter</code> API is called, if the requests with the same parameters in the queue are merged, the http response code of the request uses a more appropriate 303(see other) instead of 201(created).

  - type: bug
    category: bug
    pull: 5704
    authors:
      - jonsten
    pr_title: Fix bug in TextparameterDefinition
    message: |-
      Fix wrong parameter type for <code>Text Parameter</code> when triggering a build via the <code>buildWithParameters</code> API call.

  - type: bug
    category: bug
    pull: 5670
    issue: 66379
    authors:
      - jtnord
    pr_title: "[JENKINS-66379] upgrade winstone to allow non JKS keystores for\
      \ https certificates"
    references:
      - pull: 5670
      - issue: 66379
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.20
        title: Winstone 5.20 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.21
        title: Winstone 5.21 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.43.v20210629
        title: Jetty 9.4.43 changelog
    message: |-
      Use the JVM's default keystore type for the Jenkins server when terminating TLS connections within Jenkins.
      Used if Jenkins is started with the <code>--httpsPort</code> argument.
      Winstone 5.21: Update Jetty from 9.4.42.v20210604 to Jetty 9.4.43.v20210629.

  - type: bug
    category: bug
    pull: 5722
    issue: 66613
    authors:
      - Wadeck
    pr_title: "[JENKINS-66613] Correct Antlr grammar for LabelExpression"
    message: |-
      Correction of label expression including a "implies" relationship without spaces around.

  - type: bug
    category: bug
    pull: 5821
    issue: 61212
    authors:
      - dependabot[bot]
    pr_title: "[JENKINS-61212] - Fix Agent handshake when connecting them over\
      \ Websocket on Java 11"
    references:
      - pull: 5821
      - issue: 61212
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.11
        title: Remoting 4.11 changelog
    message: |-
      Fix agent handshake when connecting over Websocket on Java 11.
      Upgrade from Remoting 4.10 to Remoting 4.11.

  - type: rfe
    category: internal
    pull: 5834
    issue: 66930
    authors:
      - olamy
    pr_title: "[JENKINS-66930] remove unsafe classes copied from Apache Ant which\
      \ have been deprecated in Oct 2019"
    message: |-
      Remove deprecated, unsafe classes previously copied from Apache Ant. Docker Slaves plugin is incompatible with this change.

  - type: rfe
    category: rfe
    pull: 5699
    issue: 23784
    authors:
      - basil
    pr_title: "[JENKINS-23784] - Register `DependencyClassLoader` in the default\
      \ plugin strategy as parallel-capable"
    message: |-
      Load classes from plugins in parallel for faster startup on multicore machines.

  - type: rfe
    category: developer
    pull: 5651
    authors:
      - basil
    references:
      - pull: 5651
      - url: https://github.com/spring-projects/spring-security/releases/tag/5.5.1
        title: Woodstox implementation
      - url: https://en.wikipedia.org/wiki/StAX
        title: StAX API
      - url: https://plugins.jenkins.io/azure-artifact-manager/
        title: Azure Artifact Manager plugin
      - url: https://plugins.jenkins.io/azure-container-agents/
        title: Azure Container Agents plugin
      - url: https://plugins.jenkins.io/windows-azure-storage/
        title: Azure Storage plugin
      - url: https://plugins.jenkins.io/azure-sdk/
        title: Azure SDK API plugin
      - url: https://plugins.jenkins.io/jackson2-api/
        title: Jackson 2 API plugin
    message: |-
      Remove the Woodstox implementation of the StAX API from Jenkins core.
      Users of the Azure Artifact Manager, Azure Container Agents, Azure Storage, and Azure SDK API plugins must upgrade those plugins to the latest versions in lockstep with this core upgrade.
      Plugins that consume Woodstox should depend on it directly or via the Jackson 2 API plugin.

  - type: rfe
    category: internal
    pull: 5698
    authors:
      - basil
    pr_title: Revive support for `URLClassLoader` in `ClassicPluginStrategy`
    message: |-
      Internal: Experimental support for <code>URLClassLoader</code> can be enabled by setting <code>hudson.ClassicPluginStrategy.useAntClassLoader=false</code>.

- version: "2.319.2"
  date: 2022-01-12
  changes:
  - type: security
    message: Security fix.
    references:
      - url: /security/advisory/2022-01-12/
        title: security advisory
    authors:
      - Kevin-CB
  - type: rfe
    category: rfe
    pull: 5882
    issue: 67099
    authors:
      - Vlatombe
    pr_title: "[JENKINS-67099] Make trim labels more selective when we're operating\
      \ on selected nodes"
    message: |-
      Only apply <code>trimLabels</code> operation to affected nodes when adding or removing them.
  - type: rfe
    category: rfe
    issue: 67332
    authors:
      - daniel-beck
      - jglick
    references:
    - issue: 67332
    - issue: 67226
    - pull: 5957
    - pull: 6031
    - pull: 6061
    message: |-
      Improve FilePath telemetry collection and its description.

- version: "2.319.3"
  date: 2022-02-09
  changes:
  - type: security
    message: Security fix.
    references:
      - url: /security/advisory/2022-02-09/
        title: security advisory
    authors:
      - Wadeck
  - type: bug
    category: bug
    pull: 6164
    issue: 67470
    authors:
      - jglick
    pr_title: "[JENKINS-67470] Extend shading of Tyrus WebSocket client"
    message: |-
      Fix <code>ClassNotFoundException: io.jenkins.cli.shaded.org.w3c.dom.Node</code> when using JAXB.
  - type: rfe
    category: developer
    issue: 67702
    pull: 6231
    authors:
      - dependabot[bot]
    pr_title: Bump XStream from 1.4.18 to 1.4.19
    references:
      - pull: 6231
      - url: https://x-stream.github.io/changes.html#1.4.19
        title: XStream 1.4.19 changelog
      - url: https://x-stream.github.io/CVE-2021-43859.html
        title: XStream CVE-2021-43859
    message: |-
      Upgrade the XStream library from 1.4.18 to 1.4.19.
      Addresses the CVE-2021-43859 security vulnerability when unmarshalling highly recursive collections or maps causing a Denial of Service.
  - type: bug
    category: regression
    pull: 6193
    issue: 67635
    authors:
      - NivKeidan
    pr_title: JENKINS-67635 consider agent label expressions when applying trimLabels
    message: |-
      Launch only one agent to satisfy cloud agent requests that use label expressions.

- version: "2.332.1"
  date: 2022-03-09
  lts_predecessor: "2.319.3"
  lts_baseline: "2.332"
  changes: # compared to lts_baseline 2.332 - extracted from the RC commit(s)

  - type: rfe
    category: rfe
    issue: 41218
    authors:
      - basil
    message: |-
      Switch Linux installers from System V init to systemd.

  - type: rfe
    category: rfe
    pull: 6180
    issue: 67674
    authors:
      - Wadeck
      - daniel-beck
    pr_title: "[JENKINS-67674] Update bundled dependencies after the advisory"
    references:
      - pull: 6180
      - issue: 67674
      - url: /security/advisory/2022-01-12/
        title: 2022-01-12 security advisory
    message: |-
      Update the bundled Matrix Project plugin from 1.18 to 1.20.

  - type: rfe
    category: rfe
    pull: 6305
    issue: 67885
    authors:
      - jtnord
    pr_title: "[JENKINS-67885] update the bundled `display-url-api` plugin"
    message: |-
      Update bundled Display URL API plugin to prevent issues starting the mailer plugin for offline installations.

  - type: bug
    category: bug
    pull: 6184
    issue: 67496
    authors:
      - benebsiny
    pr_title: "[JENKINS-67496] Drag & drop is messed up, drag placeholders always\
      \ have tiny size"
    message: |-
      Keep the same height when dragging and dropping a component (regression in 2.277).

  - type: bug
    category: bug
    pull: 6225
    issue: 67627
    authors:
      - daniel-beck
    pr_title: "[JENKINS-67627] Have expandable text boxes expand into multiple\
      \ lines"
    message: |-
      Correctly render expandable text boxes into multiple lines (regression in 2.197 and 2.176.4).

  - type: bug
    category: bug
    pull: 6206
    issue: 67662
    authors:
      - daniel-beck
    pr_title: "[JENKINS-67662] Do not show wrong feature name in tooltips"
    message: |-
      Show correct feature name in tooltips of help links (regression in 2.179).

  - type: bug
    category: regression
    pull: 6193
    issue: 67635
    authors:
      - NivKeidan
    pr_title: JENKINS-67635 consider agent label expressions when applying trimLabels
    message: |-
      Launch only one agent to satisfy cloud agent requests that use label expressions.

  - type: bug
    category: bug
    pull: 6234
    issue: 67689
    authors:
      - timja
    pr_title: JENKINS-67689 Don't hide cancel button with long build names
    message: |-
      Truncate long build names again (regression in 2.332).

  - type: bug
    category: bug
    pull: 6264
    issue: 67753
    authors:
      - NotMyFault
    pr_title: '[JENKINS-67753] Overwrite "grey" balls with modern build status'
    message: |-
      Overwrite grey balls icon with the modern "not built" status.

  - type: bug
    category: bug
    pull: 6233
    authors:
      - NotMyFault
    pr_title: "[JENKINS-67609] Deduplicate help button question mark"
    message: |-
      Render the question mark on the new help button only once so that it is not shown twice, even while using different themes.

  - type: bug
    category: regression
    pull: 6261
    authors:
      - dependabot[bot]
    pr_title: "[JENKINS-67000] Bump remoting from 4.11.2 to 4.12"
    references:
      - pull: 5983
      - issue: 67000
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.11.2
        title: Remoting 4.11.2 changelog
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.12
        title: Remoting 4.12 changelog
    message: |-
      Update remoting from 4.11 to 4.12 to allow Java web start agents to connect (regression in 2.318).

  - type: bug
    category: bug
    issue: 56219
    authors:
      - basil
    message: |-
      Restart systemd service when the controller exits unexpectedly.

  - type: bug
    category: bug
    issue: 65809
    authors:
      - basil
    message: |-
      Restart the Jenkins service after plugin updates on Debian 11 (bullseye).

  lts_changes: # compared to lts_predecessor 2.319.3 (selected by personal review)

  # Agent to controller subsystem is now always enabled

  - type: major rfe
    category: major rfe
    pull: 5885
    issue: 67173
    authors:
      - daniel-beck
    pr_title: "[JENKINS-67173] Remove Callable allowlist and FilePath agent-to-controller\
      \ support"
    message: |-
      Always enable the agent-to-controller security subsystem.
      Remove the admin-customizable allowlists for callables and file paths.
      Remove the ability to access some files on the controller from agents.
      Use the Plugin Manager to upgrade incompatible plugins.
    references:
      - pull: 5885
      - issue: 67173
      - url: https://issues.jenkins.io/issues/?jql=%22Epic%20Link%22%20%3D%20JENKINS-67173
        title: the issue tracker

  # Modernise Jenkins components

  - type: major rfe
    category: major rfe
    pull: 5707
    authors:
      - basil
    references:
      - pull: 5707
      - issue: 36779
      - url: https://github.com/jenkinsci/jep/tree/master/jep/233
        title: JEP-233
      - url: https://guava.dev/
        title: Guava web site
      - url: https://github.com/google/guava/releases/tag/v31.0.1
        title: Guava 31.0.1 changelog
    pr_title: "[JEP-233] Upgrade Guava from 11.0.1 to latest"
    message: |-
      Upgrade the Guava library from 11.0.1 (released on January 9, 2012) to 31.0.1 (released on September 27, 2021).
      Plugins have already been prepared to support the new version of Guava.
      Use the Plugin Manager to upgrade all plugins before <u>and</u> after upgrading Jenkins.

  # UI improvements

  - type: rfe
    category: rfe
    pull: 5851
    authors:
      - janfaracik
    pr_title: Modernise the table design
    references:
      - pull: 5851
      - pull: 5925
      - pull: 5842
      - pull: 6055
      - pull: 5916
      - pull: 5358
      - issue: 65113
    message: |-
      Modernise the table design.
      Add support for Ionicons.
      Improve the usability and layout of the 'Plugin Manager' page with better controls and a 'Report an issue' link for each plugin.
      Update the 'New view', 'New node', 'About', 'System Info', and 'Log Recorder' pages.
  - type: rfe
    category: rfe
    pull: 5862
    issue: 4814
    authors:
      - slide
    pr_title: 'feat: Add ability to upload a plugin via URL [JENKINS-4814]'
    message: |-
      Allow the plugin manager to upload by URL in addition to upload by file name.
  - type: rfe
    category: rfe
    pull: 6096
    authors:
      - daniel-beck
    pr_title: Make env-vars.html nicer and actually localizable
    message: |-
      Improve visualization of the 'Environment Variables' page.
  - type: rfe
    category: rfe
    pull: 5889
    authors:
      - zbynek
    pr_title: Improve artifact list readability in dark theme
    message: |-
      Improve artifact list readability in dark theme.
  - type: rfe
    category: rfe
    pull: 5871
    authors:
      - zbynek
    pr_title: Use CSS animation for console progress
    message: |-
      Use CSS animation for console progress.

  # JRuby support removed

  - type: rfe
    category: rfe
    pull: 6103
    authors:
      - dependabot[bot]
    pr_title: "[JEP-7] Remove `jruby` support from Stapler"
    references:
      - pull: 6103
      - url: https://github.com/jenkinsci/jep/tree/master/jep/7#jep-7-deprecation-of-ruby-and-python-plugin-runtimes
        title: "JEP-7: Deprecation of Ruby and Python plugin runtimes"
      - url: /blog/2021/12/22/deprecated-ruby-runtime/
        title: Deprecating non-Java plugins (blog post)
      - url: https://github.com/jenkinsci/stapler
        title: Stapler repository
      - url: https://www.jruby.org/
        title: JRuby project
    message: |-
      Remove support for plugins written in JRuby or Jython.
      JRuby support has been removed from the Stapler web framework used in Jenkins core.
      Plugins written in JRuby and Jython have not been distributed by update center since January 22, 2022.

  # JNDI setting of Jenkins home directory removed

  - type: rfe
    category: rfe
    pull: 6111
    authors:
      - basil
    pr_title: Remove JNDI support
    message: |-
      Remove support for setting the Jenkins home directory via Java Naming and Directory Interface (JNDI).

  - type: rfe
    category: developer
    pull: 5524
    authors:
      - basil
      - timja
    references:
      - pull: 5524
      - url: https://asm.ow2.io/
        title: ObjectWebASM web site
    pr_title: Stop bundling unnecessary copy of ASM 5
    message: |-
      Developer: Provide a stable version of <code>ObjectWebASM</code> (currently 9.1) on the classpath.

  - type: rfe
    category: developer
    pull: 5856
    authors:
      - basil
      - timja
    pr_title: Unfork `AntClassLoader`
    message: |-
      Developer: Use the upstream version of <code>AntClassLoader</code> without custom patches.


- version: "2.332.2"
  date: 2022-04-06
  changes:

  - type: rfe
    category: rfe
    authors:
      - slide
    issue: 68170
    pr_title: "[JENKINS-68170] Show warning dialog if Java 8 is selected"
    references:
      - issue: 68170
      - url: https://github.com/jenkinsci/packaging/pull/306
        title: pull 306 (packaging)
    message: |-
      Show warning dialog if Java 8 is selected in Windows installer.
  - type: bug
    category: bug
    authors:
      - basil
    issue: 68007
    pr_title: Prefer --httpPort from JENKINS_ARGS over HTTP_PORT when the two
      differ
    references:
      - issue: 68007
      - url: https://github.com/jenkinsci/packaging/pull/296
        title: pull 296 (packaging)
    message: |-
      Prefer <code>--httpPort</code> from <code>JENKINS_ARGS</code> over <code>HTTP_PORT</code> when the two differ.
  - type: bug
    category: regression
    pull: 6359
    issue: 67995
    authors:
      - basil
    pr_title: '[JENKINS-67995] `SystemdLifecycle` logging "Operation not permitted"
      calling `sd_notify(3)` during startup'
    message: |-
      Remove unnecessary log spam when starting Jenkins under <code>systemd</code> on Debian 11 (regression in 2.333 and 2.332.1).
  - type: bug
    category: regression
    pull: 6287
    issue: 67797
    authors:
      - NotMyFault
    pr_title: Don't show status tooltip on nobuilt jobs
    message: |-
      Don't show build status on jobs that are not yet built (regression in 2.321).
  - type: bug
    category: bug
    pull: 6315
    issue: 66446
    authors:
      - jglick
      - basil
    pr_title: '[JENKINS-66446] Adjust class loading behavior of `JnlpSlaveRestarterInstaller`'
    message: |-
      Ensure inbound agent restart logic is applied.
  - type: bug
    category: bug
    authors:
      - basil
    issue: 68149
    pr_title: '[JENKINS-68149] Handle old WAR location from RPM'
    references:
      - issue: 68149
      - url: https://github.com/jenkinsci/packaging/pull/301
        title: pull 301 (packaging)
    message: |-
      Recover gracefully after incorrect merge of <code>/etc/sysconfig/jenkins</code> on Red Hat-based systems.

- version: "2.332.3"
  date: 2022-05-04
  changes:

  - type: major bug
    category: regression
    pull: 6449
    issue: 68122
    authors:
      - basil
    pr_title: "[JENKINS-68122] Avoid deadlock involving `RingBufferLogHandler.LogRecordRef`\
      \ class loading (III)"
    message: |-
      Avoid a deadlock between agent class loading and logging.

  - type: rfe
    category: rfe
    pull: 6254
    issue: 67742
    authors:
      - NotMyFault
    pr_title: "[JENKINS-67742] Replace computer-flash gif"
    message: |-
      Replace the computer-flash GIF icon with the hourglass icon.

  - type: rfe
    category: bug
    pull: 6400
    issue: 67967
    authors:
      - benebsiny
    pr_title: '[JENKINS-67967] "View build information" is not readonly'
    message: |-
      Make "View build information" pages readonly for users who don't have permission.

  - type: rfe
    category: rfe
    pull: 6480
    issue: 68276
    authors:
      - jtnord
    pr_title: "[JENKINS-68276] Upgrade bundled Jackson 2 API plugin from 2.12.0\
      \ to 2.13.2.20220328-273.v11d70a_b_a_1a_52"
    references:
      - issue: 68276
      - pull: 6480
      - url: https://github.com/jenkinsci/jackson2-api-plugin/releases
        title: Jackson 2 API plugin changelogs
    message: |-
      Upgrade bundled Jackson 2 API plugin from 2.12.0 to 2.13.2.20220328-273.v11d70a_b_a_1a_52.

  - type: bug
    category: regression
    pull: 6483
    issue: 68260
    authors:
      - zbynek
    pr_title: "[JENKINS-68260] Allow filtering updates by plugin ID"
    message: |-
      Allow filtering updates in plugin manager by plugin ID (regression in 2.320).

  - type: bug
    category: bug
    pull: 6310
    authors:
      - zbynek
    pr_title: Allow missing logger name in log viewer
    message: |-
      Display log entries with missing logger names in the log viewer.

  - type: bug
    category: regression
    pull: 6452
    issue: 68055
    authors:
      - res0nance
    pr_title: "[JENKINS-68055] retain label expressions when trimming labels"
    message: |-
      Preserve load statistics data for label expressions.

  - type: bug
    category: bug
    pull: 6382
    authors:
      - NotMyFault
    pr_title: Fix bad encoding of security warnings in French
    message: |-
      Fix bad encoding of security warnings in French showing special characters.

  # pull: 6454 (PR title: Remove unnecessary shutdown hook)

- version: "2.332.4"
  date: 2022-06-22
  changes:
    - type: security
      message: Important security fixes.
      references:
        - url: /security/advisory/2022-06-22/
          title: security advisory
      authors:
        - daniel-beck
    - type: rfe
      category: rfe
      pull: 6581
      issue: 68556
      authors:
        - daniel-beck
      pr_title: Remove SSH plugin from setup wizard
      message: |-
        Remove SSH Plugin from setup wizard plugin selection.

- version: "2.346.1"
  date: 2022-06-22
  lts_predecessor: "2.332.4"
  lts_baseline: "2.346"
  changes: # compared to lts_baseline 2.346 - extracted from the RC backport commit(s)

  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2022-06-22/
        title: security advisory
    authors:
      - daniel-beck

  - type: rfe
    category: rfe
    pull: 6581
    issue: 68556
    authors:
      - daniel-beck
    pr_title: Remove SSH plugin from setup wizard
    message: |-
      Remove SSH Plugin from setup wizard plugin selection.

  - type: rfe
    category: rfe
    pull: 6602
    authors:
      - basil
      - dependabot[bot]
    pr_title: Bump executable-war from 2.6 to 2.7
    message: |-
      Allow running on Java 17 without <code>--enable-future-java</code>.

  - type: rfe
    category: rfe
    pull: 6591
    issue: 68591
    authors:
      - MarkEWaite
    pr_title: "[JENKINS-68591] Use new layout for remote class loader stats"
    message: |-
      Show remote class loader statistics of agents with new table layout.

  - type: bug
    category: regression
    pull: 6534
    issue: 68303
    authors:
      - alecharp
      - basil
    pr_title: "[JENKINS-68303] Animate button when job already in queue"
    message: |-
      Fix indistinguishable build scheduling icon when the job is already in-queue (regression in 2.321).

  - type: bug
    category: regression
    pull: 6493
    issue: 68042
    authors:
      - Langer0416
      - NotMyFault
      - basil
    pr_title: "[JENKINS-68042] Help button alignment is wrong if no object is\
      \ present to place it on (regression in 2.320)"
    message: |-
      Fix the position of the help button when it is not directly attached to an object (regression in 2.320).

  - type: bug
    category: regression
    pull: 6556
    issue: 68296
    authors:
      - alecharp
    pr_title: "[JENKINS-68296] Restore actions icon lookup with size"
    message: |-
      Restore actions icon size lookup (regression in 2.341).

  - type: bug
    category: bug
    pull: 6600
    issue: 68215
    authors:
      - basil
    pr_title: Work around JENKINS-68215 when running on Java 17
    message: |-
      Fix a runtime error when viewing the build time trend on Java 17.

  - type: bug
    category: bug
    pull: 6597
    issue: 63766
    authors:
      - basil
    pr_title: "[JENKINS-63766] Work around JDK-8231454"
    references:
      - pull: 6597
      - issue: 63766
      - url: https://bugs.openjdk.org/browse/JDK-8231454
        title: JDK-8231454 metaspace leak
    message: |-
      Provide supporting infrastructure to enable Pipeline: Groovy to work around a metaspace memory leak for users running Pipeline jobs on Java 11.

  - type: bug
    category: regression
    pull: 6607
    authors:
      - Langer0416
    pr_title: "[JENKINS-63636] Ambiguous total length of build progress bar"
    message: |-
      Restore the frame color of the build progress bar of the executor widget.

  - type: bug
    category: regression
    pull: 6613
    issue: 68640
    authors:
      - Vlatombe
    pr_title: "[JENKINS-68640] Fix z-index of `#bottom-sticker` vs. `#top-sticker`"
    message: |-
      Keep the Save and Apply buttons in front of menus (regression in 2.337).

  - type: bug
    category: bug
    pull: 6576
    issue: 68542
    authors:
      - Vlatombe
    pr_title: "[JENKINS-68542] Store inbound cookie key in connection state"
    references:
      - pull: 6576
      - issue: 68542
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.13.2
        title: Remoting 4.13.2 changelog
    message: |-
      Fix WebSocket reconnection in edge cases.
      Upgrade from Remoting 4.13 to 4.13.2.

  - type: bug
    category: developer
    pull: 6609
    issue: 68630
    authors:
      - janfaracik
    pr_title: "[JENKINS-68630] Fix classes not working for Jenkins Symbols"
    message: |-
      Fix class attribute for Jenkins Symbols using <code>&lt;l:icon &hellip; /&gt;</code>.

  - type: rfe
    category: developer
    pull: 6582
    issue: 68559
    authors:
      - daniel-beck
    pr_title: Update bundled plugins after 2022-05-17 security advisory
    references:
      - pull: 6582
      - url: /security/advisory/2022-05-17/
        title: 2022-05-17 security advisory
    message: |-
      Update bundled Script Security Plugin from 1.75 to v35f6a_0b_8207e
      Update bundled WMI Windows Agents Plugin from 1.0 to 1.8.1

  lts_changes: # compared to lts_predecessor 2.332.3 (selected by personal review)

  # UI improvements

  - type: major rfe
    category: major rfe
    pull: 5923
    authors:
      - janfaracik
      - timja
      - NotMyFault
      - jamesD33064
      - basil
      - jglick
    pr_title: Modernise form components
    references:
      - issue: 67396
      - pull: 6084
      - pull: 6442
      - issue: 68293
      - pull: 5743
      - issue: 68284
      - pull: 6473
      - pull: 6295
      - pull: 6273
      - pull: 6229
      - pull: 6307
      - pull: 5778
      - pull: 6248
      - pull: 5417
      - pull: 6186
    message: |-
      Modernise form components and Jenkins UI.

  # Agent improvements

  - type: major bug
    category: regression
    pull: 6261
    authors:
      - dependabot[bot]
    references:
      - pull: 5983
      - pull: 6329
      - issue: 67000
      - issue: 66446
      - issue: 67928
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.12
        title: Remoting 4.12 changelog
      - url: https://github.com/jenkinsci/remoting/releases/tag/remoting-4.13
        title: Remoting 4.13 changelog
    message: |-
      Update Remoting from 4.11.2 to 4.13 to allow Java Web Start agents to connect (regression in 2.318).
      Allow agent reconnects on Java 11 and WebSocket.
      Prevent infinite loop in case of a closed SSL connection.

  # Load statistics and label management

  - type: rfe
    category: rfe
    pull: 4579
    issue: 50211
    authors:
      - stellargo
      - basil
    pr_title: "[JENKINS-50211] Reject connections from agents with unsupported\
      \ Remoting versions"
    message: |-
      Reject connections from agents with unsupported Remoting versions.

  # Configuration as code

  - type: rfe
    category: rfe
    pull: 6203

    authors:
      - timja
    pr_title: JENKINS-56057 Support update site warnings with Configuration as
      Code
    references:
      - pull: 6202
      - issue: 56057
      - pull: 6203
      - issue: 61985
    message: |-
      Update site warnings can now be configured with Configuration as Code.
      Allow setting a user's primary view via Configuration as Code.

  # Compatibility risks

  - type: rfe
    category: rfe
    pull: 5901
    authors:
      - daniel-beck
      - basil
    pr_title: Adapt to jenkinsci/remoting#490
    references:
      - pull: 5901
      - url: /doc/developer/security/remoting-callables/
        title: Remoting callables documentation
    message: |-
      Remove support for <code>RoleChecker#check(RoleSensitive)</code> calls which were added again in Jenkins 2.319.
      All remoting <code>Callable</code> implementations need to perform an actual role check as documented.

  - type: rfe
    category: rfe
    pull: 6323
    authors:
      - basil
    pr_title: Remove JNR
    references:
      - pull: 6323
      - url: https://github.com/jnr
        title: Java Native Runtime project
    message: |-
      Remove the Java Native Runtime (JNR) library from Jenkins core.

  - type: rfe
    category: developer
    authors:
      - basil
    pr_title: Remove glibc from alpine_jdk11
    references:
      - url: https://github.com/jenkinsci/docker/pull/1361
        title: Docker pull request 1361
    message: |-
      Remove unused <code>glibc</code> package from Alpine-based Docker images.

  - type: rfe
    category: developer
    authors:
      - basil
    pr_title: Avoid additional packages by specifying --no-install-recommends
    references:
      - url: https://github.com/jenkinsci/docker/pull/1375
        title: Docker pull request 1375
    message: |-
      Remove unnecessary packages from Debian-based Docker images.

  - type: rfe
    category: developer
    pull: 5928
    authors:
      - Vlatombe
    pr_title: Update winstone to 5.24
    references:
      - pull: 5928
      - issue: 66379
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.23
        title: Winstone 5.23 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-5.24
        title: Winstone 5.24 changelog
    message: |-
      Winstone 5.24 - Add an option to write the listening port to a file.
      Remove automatic self-signed certificate if TLS is specified but no keystore

  # Bug fixes

  - type: bug
    category: bug
    pull: 6233
    authors:
      - NotMyFault
    pr_title: "[JENKINS-67609] Deduplicate help button question mark"
    message: |-
      Render the question mark on the new help button only once so that it is not shown twice, even while using different themes.

  - type: bug
    category: bug
    pull: 6450
    issue: 67237
    authors:
      - Si-So
    pr_title: "[JENKINS-67237] BuildTrigger waits until the dependency graph has\
      \ been updated - 2nd attempt"
    message: |-
      Wait for the computation to finish when triggering a new build while the build graph is being recomputed.
      This guarantees that recently updated build triggers are executed.

  # Packaging

  - type: rfe
    category: rfe
    authors:
      - basil
    pr_title: Add debian_slim_jdk17 image
    references:
      - url: https://github.com/jenkinsci/docker/pull/1360
        title: Docker pull request 1360
    message: |-
      Add slim Debian-based JDK 17 Docker image.
  - type: rfe
    category: rfe
    authors:
      - basil
    pr_title: Add alpine_jdk17
    references:
      - url: https://github.com/jenkinsci/docker/pull/1362
        title: Docker pull request 1362
    message: |-
      Add Alpine-based JDK 17 Docker image.

  # pull: 6510 (PR title: [JENKINS-68286] Allow extra classes with <layout:icon>)
  # pull: 6529 (PR title: [JENKINS-68356] Icons and text contain misalignment and/or visual imbalance in /legend)
  # pull: 6550 (PR title: [JENKINS-68537] Use Unicode escapes when properties files are both valid UTF-8 and ISO-8859-1)
  # pull: 6560 (PR title: [JENKINS-68492] `javadoc:javadoc` can no longer be executed with `install`)
  # pull: 6567 (PR title: [JENKINS-68531] Remove invalid translations of Java version monitor)

- version: "2.346.2"
  date: 2022-07-13
  changes:

  - type: rfe
    category: rfe
    issue: 68752
    authors:
      - timja
    references:
      - url: https://github.com/jenkinsci/docker/pull/1408
        title: Docker pull request 1408
      - url: https://github.com/jenkinsci/plugin-installation-manager-tool/#readme
        title: Plugin installation manager tool documentation
    message: |-
      Remove deprecated Docker plugin installation script <code>install-plugins.sh</code>.
      Use plugin installation manager tool through the <code>jenkins-plugin-cli</code> script in the Docker image.

  - type: bug
    category: bug
    pull: 6673
    issue: 68752
    authors:
      - timja
    pr_title: JENKINS-68752 Ignore duplicate log recorder keys
    message: |-
      Ignore duplicate log recorders keyed by same name.

  - type: bug
    category: regression
    pull: 6616
    issue: 68639
    authors:
      - Riliane
      - Vlatombe
      - timja
    pr_title: "[JENKINS-68639] Check whether an icon path already contains the\
      \ context path before appending the context path to it"
    message: |-
      Display job icons correctly on the Jenkins dashboard, even when a non-empty context path alters the URL (regression in 2.346.1).

  - type: bug
    category: regression
    pull: 6672
    issue: 68785
    authors:
      - basil
    pr_title: "[JENKINS-68785] No log messages for inbound agents after the first\
      \ message (regression in 2.310)"
    message: |-
      Show all log messages when an inbound agent fails to connect (regression in 2.310).

  - type: bug
    category: regression
    pull: 6684
    issue: 68730
    authors:
      - benebsiny
    pr_title: "[JENKINS-68730] Plugin manager selection mode unselects updated\
      \ plugins"
    message: |-
      Plugins selected for update cannot be unselected once the update has started.

  - type: bug
    category: regression
    pull: 6691
    issue: 68799
    authors:
      - pascal910107
    pr_title: "[JENKINS-68799] Radio buttons have strange offset"
    message: |-
      Fix offset of radio buttons when selected.

  - type: bug
    category: regression
    pull: 6714
    issue: 68848
    authors:
      - dwnusbaum
    pr_title: "[JENKINS-68848] Fix date format used to parse boot attempt timestamps"
    message: |-
      Make previous boot attempt timestamps available to boot-failure.groovy startup hooks (regression in 2.308).


- version: "2.346.3"
  date: 2022-08-10
  changes:

  - type: rfe
    category: rfe
    pull: 6565
    authors:
     - dependabot[bot]
    pr_title: Upgrade Spring Framework from 5.3.19 to 5.3.20
    references:
      - pull: 6565
      - url: https://github.com/spring-projects/spring-framework/releases/tag/v5.3.20
        title: Spring Framework 5.3.20 changelog
      - url: https://tanzu.vmware.com/security/cve-2022-22970
        title: CVE-2022-22970
      - url: https://tanzu.vmware.com/security/cve-2022-22971
        title: CVE-2022-22971
    message: |-
      Upgrade Spring Framework from 5.3.19 to 5.3.20.

  - type: bug
    category: regression
    pull: 6643
    issue: 68417
    authors:
     - jglick
     - basil
    pr_title: "[JENKINS-68417] Revert `LogRecord` tricks"
    message: |-
      Revert prior attempts to make log records collectible by limiting discarded messages.

  - type: bug
    category: bug
    pull: 6745
    issue: 68906
    authors:
      - daniel-beck
    pr_title: "[JENKINS-68906] Fix children context menu links"
    message: |-
      Connect breadcrumb context menus to items in subfolders.

  - type: bug
    category: bug
    pull: 6651
    issue: 68672
    authors:
      - frankie699
      - basil
    pr_title: "[JENKINS-68672] Total length of progress bar still difficult to\
      \ see in shaded rows"
    message: |-
      Improve progress bar visibility in shaded rows.

  - type: bug
    category: bug
    pull: 6936
    issue: 65873
    authors:
      - dependabot
      - jglick
      - basil
    pr_title: "[JENKINS-65873] [JENKINS-68954] Optimize <code>AnonymousClassWarnings</code>"
    message: |-
      Update Remoting from 4.13.2 to 4.13.3 to improve performance of previous fix for <code>java.lang.OutOfMemoryError: unable to create new native thread</code> on agents.

- version: "2.361.1"
  date: 2022-09-07
  lts_predecessor: "2.346.3"
  lts_baseline: "2.361"
  changes: # compared to lts_baseline 2.361 - extracted from the RC commit(s)

  - type: security
    message: Important security fix.
    references:
      - url: /security/advisory/2022-09-09/
        title: 2022-09-09 security advisory
  - type: major rfe
    category: major rfe
    pull: 6801
    issue: 68694
    references:
     - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.0
       title: Winstone 6.0 Changelog
     - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.1
       title: Winstone 6.1 Changelog
     - url: https://webtide.com/jetty-10-and-11-have-arrived/
       title: Jetty blog
     - url: https://github.com/jenkinsci/winstone/pull/232
       title: Remove ability to load pem cert for winstone
    authors:
      - basil
    pr_title: "Winstone 6.1: upgrade Jetty from 9.4.46.v20220331 to 10.0.11"
    message: |-
      Winstone 6.1: Upgrade Jetty from 9.4.46.v20220331 to 10.0.11.
      Remove support for OpenSSL-style PEM-encoded RSA private keys when running Jenkins with the embedded Jetty container and TLS.

  - type: major rfe
    category: rfe
    pull: 6772
    authors:
      - ridemountainpig
      - frankie139506
      - NotMyFault
      - frankie699
      - benebsiny
    pr_title: Modernise the table design
    references:
      - pull: 6963
      - issue: 69240
      - pull: 6961
      - issue: 69230
      - pull: 6957
      - issue: 69211
      - pull: 6930
      - issue: 68957
      - pull: 6728
      - issue: 68578
      - pull: 6922
      - issue: 68851
    message: |-
      Update to various UI elements.
      Modernize tables, forms, and progress bars.

  - type: major bug
    category: regression
    pull: 6971
    issue: 69210
    authors:
      - basil
    pr_title: "[JENKINS-69210] Unable to rebuild a job triggered by polling"
    message: |-
      Fix an error when rebuilding jobs triggered by polling (regression in 2.358).

  - type: major bug
    category: bug
    pull: 6954
    issue: 69198
    authors:
      - basil
    pr_title: "[JENKINS-69198] Bump jenkins from 1.83 to 1.84"
    message: |-
      Update Jenkins pom from 1.83 to 1.84.
      Ensure jar files and javadoc are up to date for 2.361.1.

  - type: bug
    category: bug
    pull: 6936
    issue: 65873
    authors:
      - dependabot
      - jglick
      - basil
    references:
      - pull: 6936
      - issue: 65873
      - issue: 68954
      - url: https://github.com/jenkinsci/remoting/releases/tag/3028.va_a_436db_35078
        title: Remoting 3028.va_a_436db_35078 changelog
      - url: https://github.com/jenkinsci/remoting/releases/tag/3044.vb_940a_a_e4f72e
        title: Remoting 3044.vb_940a_a_e4f72e changelog
    pr_title: "[JENKINS-65873] [JENKINS-68954] Optimize <code>AnonymousClassWarnings</code>"
    message: |-
      Upgrade Remoting from 3025.vf64a_a_3da_6b_55 to 3044.vb_940a_a_e4f72e to improve performance of previous fix for <code>java.lang.OutOfMemoryError: unable to create new native thread</code> on agents.

  - type: bug
    category: bug
    pull: 6902
    issue: 68801
    authors:
      - bzzitsme
    pr_title: "[JENKINS-68801] - Fix for Functions#extractPluginNameFromIconSrc"
    message: |-
      Use correct icon lookup, even when plugin ID includes multiple occurrences of "plugin".

  - type: bug
    category: bug
    pull: 6929
    issue: 68750
    authors:
      - DuMaM
    pr_title: "[JENKINS-68750] sorting by timestamp list of installed plugins in plugin manager"
    message: |-
      Fix sorting list of installed plugins by timestamp in plugin manager (regression in 2.274).

  - type: bug
    category: regression
    pull: 6692
    issue: 68390
    authors:
     - Hildebrand-Ritense
     - timja
    pr_title: "[JENKINS-68390] Fixed build number cutoff in build history widget"
    message: |-
     Build number cut off on Safari (regression in 2.344).

  - type: bug
    category: regression
    pull: 6620
    issue: 68380
    authors:
     - NotMyFault
     - janfaracik
    pr_title: "[JENKINS-68380] Make CodeMirror textareas resizable"
    message: |-
     Script console input box is not sizeable, yet the box looks like it is (regression in 2.321).

  - type: bug
    category: regression
    pull: 7034
    issue: 69250
    authors:
     - basil
    pr_title: "Upgrade Stapler from 1711.v5b_1b_03f0fcf2 to 1711.1713.vc400cfb_5597a_"
    message: |-
     Developer: Temporarily restore compatibility with PowerMock-based tests (regression in 2.361.1 RC 1).
     PowerMock will be completely removed on or after June 1, 2023.

  lts_changes: # compared to lts_predecessor 2.346.3 (selected by personal review)

  - type: major rfe
    category: major rfe
    pull: 6083
    issue: 68570
    authors:
      - basil
      - timja
      - janfaracik
      - NotMyFault
      - jglick
    pr_title: "[JEP-236] [JENKINS-68570] Require Java 11 or newer"
    references:
      - url: "/blog/2022/06/28/require-java-11/"
        title: Blog post
      - issue: 68570
      - url: https://github.com/jenkinsci/jep/blob/master/jep/236/README.adoc
        title: JEP-236
      - pull: 6083
    message: |-
      Require Java 11 or newer.

  - type: major rfe
    category: major rfe
    pull: 6485
    issue: 68282
    authors:
      - janfaracik
      - NotMyFault
      - timja
    pr_title: "[JENKINS-68282] New design for configure project page"
    message: |-
      New design for project configuration page.
      Navigation links available on left side of screen.

  - type: major rfe
    category: rfe
    pull: 6772
    authors:
      - janfaracik
      - Langer0416
      - daniel-beck
      - ridemountainpig
      - frankie139506
      - NotMyFault
      - frankie699
    pr_title: Modernise the table design
    references:
      - pull: 6760
      - issue: 68912
      - pull: 6698
      - issue: 68934
      - pull: 6687
      - issue: 68198
      - pull: 6651
      - issue: 68672
    message: |-
      Update to various UI elements.
      Modernize tables, forms, and progress bars.

  - type: rfe
    category: rfe
    pull: 6585
    issue: 55582
    authors:
      - basil
      - jglick
      - timja
    pr_title: "[JEP-230] [JENKINS-55582] Convert `instance-identity` to a detached\
      \ plugin"
    message: |-
      The <code>instance-identity</code> module has been converted to a detached plugin.

  - type: rfe
    category: rfe
    pull: 6671
    authors:
      - basil
    pr_title: Bump minimum supported Remoting version from 3.14 to 4.2.1
    message: |-
      Update the minimum required Remoting version to 4.2.1.

  - type: rfe
    category: rfe
    pull: 6893
    authors:
      - janfaracik
      - timja
    pr_title: Add a keyboard shortcut to focus the global search bar (⌘ + K/CTRL
      + K)
    message: |-
      Keyboard shortcut added to focus global search bar (⌘ + K/CTRL + K).

  - type: rfe
    category: rfe
    pull: 6675
    issue: 68780
    authors:
      - Si-So
      - basil
    pr_title: "[JENKINS-68780] Blocked upstream projects in the queue block downstream\
      \ projects "
    message: |-
      Blocked upstream projects in the queue block downstream projects when the option "Block build when upstream project is building" is enabled for the downstream project.
      Similarly, blocked downstream projects in the queue block upstream projects when the option "Block build when downstream project is building" is enabled for the upstream project.

  - type: rfe
    category: rfe
    pull: 6126
    authors:
      - daniel-beck
      - basil
      - timja
    pr_title: Render /manage using ManageJenkinsAction, handle links using StaplerF…
    message: |-
      Add breadcrumbs to "Manage Jenkins" and children of it.
      Developers should ensure they use relative links for navigating between pages if they are a child of "Manage Jenkins".

  - type: rfe
    category: rfe
    pull: 6571
    authors:
      - basil
    pr_title: Use `URLClassLoader` by default
    message: |-
      Use native Java Platform functionality rather than Ant to load classes.
      The old behavior can be restored by setting <code>-Dhudson.ClassicPluginStrategy.useAntClassLoader=true</code>.

  - type: rfe
    category: rfe
    pull: 6543
    issue: 51820
    authors:
      - jglick
      - timja
    pr_title: "[JENKINS-51820] Removing Java Web Start support"
    references:
      - pull: 6543
      - url: https://en.wikipedia.org/wiki/Java_Web_Start
        title: Java Web Start
    message: |-
      Remove Java Web Start support for launching inbound agents, along with the GUI mode, the platform-specific agent installers, and the JAR signature.

  - type: bug
    category: bug
    pull: 6745
    issue: 68906
    authors:
      - daniel-beck
    pr_title: "[JENKINS-68906] Fix children context menu links"
    message: |-
      Connect breadcrumb context menus to items in subfolders.

  - type: bug
    category: bug
    pull: 6576
    issue: 68542
    authors:
      - Vlatombe
    pr_title: "[JENKINS-68542] Store inbound cookie key in connection state"
    references:
      - pull: 6576
      - issue: 68542
      - url: https://github.com/jenkinsci/remoting/releases/tag/3025.vf64a_a_3da_6b_55
        title: Remoting 3025.vf64a_a_3da_6b_55 changelog
      - url: https://github.com/jenkinsci/remoting/releases/tag/3028.va_a_436db_35078
        title: Remoting 3028.va_a_436db_35078 changelog
      - url: https://github.com/jenkinsci/remoting/releases/tag/3044.vb_940a_a_e4f72e
        title: Remoting 3044.vb_940a_a_e4f72e changelog
    message: |-
      Fix websocket reconnection in edge cases.
      Upgrade from Remoting 4.13 to 3044.vb_940a_a_e4f72e.

  - type: bug
    category: regression
    pull: 6643
    issue: 68417
    authors:
     - jglick
     - basil
    pr_title: "[JENKINS-68417] Revert `LogRecord` tricks"
    message: |-
      Revert prior attempts to make log records collectible by limiting discarded messages.

- version: "2.361.2"
  date: 2022-10-05
  changes:

  - type: major bug
    category: regression
    pull: 7076
    issue: 69543
    authors:
      - Vlatombe
    pr_title: "[JENKINS-69543] Fix thread safety in websockets handling."
    message: |-
      Fix thread safety in websockets handling.

  - type: bug
    category: regression
    pull: 6999
    issue: 69320
    authors:
      - benebsiny
    pr_title: "[JENKINS-69320] Resize behavior of Execute Shell build steps is\
      \ broken"
    message: |-
      Fix the resize behavior of Execute Shell build steps (regression in 2.321 or 2.357).

  - type: bug
    category: regression
    pull: 7027
    issue: 67624
    authors:
      - basil
    pr_title: "[JENKINS-67624] `FileAlreadyExistsException` on startup"
    message: |-
      Fix a potential <code>FileAlreadyExistsException</code> error on startup on systems with slow I/O.

  - type: bug
    category: bug
    pull: 7045
    issue: 69467
    authors:
      - NotMyFault
    pr_title: "Fix Plugin Manager selection controller buttons appearance"
    message: |-
      Fix Plugin Manager selection buttons appearance.

  - type: bug
    category: bug
    issue: 69570
    authors:
      - basil
    pr_title: "Java version check incorrect in <code>init.d/jenkins</code>"
    message: |-
      Fix Java version check in <code>/etc/init.d/jenkins</code>.

  - type: bug
    category: bug
    pull: 6989
    issue: 68805
    authors:
    - daniel-beck
    - basil
    pr_title: "[JENKINS-68805] Reset cached attributes with ampersand as well"
    message: |-
      Properly reset attributes of cached symbols.

- version: "2.361.3"
  date: 2022-11-02
  changes:

  - type: major bug
    category: regression
    pull: 7087
    issue: 69534
    authors:
      - jonaslind
    pr_title: "[JENKINS-69534] Fix a race condition that causes file descriptor leaks when cloud agents are created"
    message: |-
      Fix a race condition that causes file descriptor leaks when cloud agents are created (regression in 2.294).

  - type: bug
    category: regression
    pull: 6970
    issue: 69257
    authors:
      - ridemountainpig
    pr_title: "[JENKINS-69257] Model link chevron is not in center in user build cause"
    message: |-
      Model link chevron is not in center in user build cause on console log.

  - type: bug
    category: bug
    pull: 6702
    issue: 67864
    authors:
      - pascal910107
    pr_title: "[JENKINS-67864] Table columns get wider and smaller if you click on buttons"
    message: |-
      Table columns get wider or smaller depending on the sort selection.

- version: "2.361.4"
  date: 2022-11-13
  changes:

  - type: major bug
    category: regression
    pull: 7273
    issue: 69850
    authors:
      - Si-So
    pr_title: "[JENKINS-69850]: Queue.maintain() does no longer trigger an infinite recursive loop after loading a queue from xml"
    message: |-
      Prevent a stack overflow when loading a queue (regression in 2.361).

- version: "2.375.1"
  date: 2022-11-30
  lts_predecessor: "2.361.4"
  lts_baseline: "2.375"
  changes: # compared to lts_baseline 2.375 - extracted from the RC commit(s)

  - type: major bug
    category: regression
    issue: 69890
    authors:
      - amuniz
    pr_title: "[JENKINS-69890] Prevent deadlock on websocket agents"
    message: |-
      Prevent potential deadlocks on websocket agents.
  - type: major bug
    category: regression
    pull: 7350
    issue: 70023
    authors:
      - janfaracik
    pr_title: "[JENKINS-70023] Fix Gravatar error on profile page"
    message: |-
      Fix Gravatar error on profile page (regression in 2.335).
  - type: rfe
    category: rfe
    pull: 7342
    issue: 70044
    authors:
      - dwnusbaum
    pr_title: "[JENKINS-70044] Add telemetry for activation of optional permissions"
    message: |-
      Add telemetry for activation of permissions that are not enabled by default.

  lts_changes: # compared to lts_predecessor 2.361.4 (selected by personal review)

  - type: major rfe
    category: rfe
    pull: 7208
    authors:
      - ridemountainpig
      - janfaracik
      - Langer0416
      - timja
      - NotMyFault
      - daniel-beck
      - basil
      - benebsiny
      - kaltepeter
    pr_title: Update design of Manage Users page
    references:
      - issue: 65124
      - pull: 6728
      - pull: 6924
      - pull: 6956
      - pull: 6907
      - pull: 7052
      - pull: 7098
      - pull: 7074
      - pull: 7185
      - pull: 6886
      - issue: 69032
      - pull: 7183
      - pull: 7182
      - pull: 7217
      - pull: 7216
      - pull: 7205
      - issue: 69714
      - pull: 7197
    message: |-
      Update to various UI elements.
      Modernize icons, navigation, and buttons.
  - type: major rfe
    category: major rfe
    pull: 6912
    authors:
      - janfaracik
      - timja
      - basil
    pr_title: Improve breadcrumb bar accessibility
    message: |-
      Improve breadcrumb bar accessibility.
  - type: major rfe
    category: major rfe
    pull: 7049
    authors:
      - janfaracik
      - timja
      - NotMyFault
    pr_title: Update the design of notifications
    message: |-
      Update the design of notifications.
  - type: major rfe
    category: major rfe
    pull: 7208
    issue: 65124
    authors:
      - janfaracik
      - timja
    pr_title: "[JENKINS-65124] Update weather icons"
    message: |-
      Update the weather and status icons.
  - type: major bug
    category: regression
    pull: 7273
    issue: 69850
    authors:
      - Si-So
    pr_title: "[JENKINS-69850]: Queue.maintain() does no longer trigger an infinite\
      \ recursive loop after loading a queue from xml"
    message: |-
      Prevent a stack overflow when loading a queue (regression in 2.361).
  - type: rfe
    category: rfe
    pull: 7117
    issue: 69624
    authors:
      - basil
    pr_title: "[JENKINS-69624] [JENKINS-69638] Winstone 6.4: Upgrade Jetty from\
      \ 10.0.11 to 10.0.12"
    references:
      - pull: 7117
      - issue: 69624
      - pull: 7277
      - issue: 69509
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.0
        title: Winstone 6.0 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.1
        title: Winstone 6.1 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.2
        title: Winstone 6.2 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.3
        title: Winstone 6.3 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.4
        title: Winstone 6.4 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.5
        title: Winstone 6.5 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.6
        title: Winstone 6.6 changelog
      - url: https://webtide.com/jetty-10-and-11-have-arrived
        title: Jetty 10 and 11 blog post
      - url: https://github.com/eclipse/jetty.project/releases/jetty-10.0.12
        title: Jetty 10.0.12 changelog
      - url: /doc/book/installing/initial-settings/#https-with-an-existing-certificate
        title: HTTPS with an existing certificate
      - url: https://github.com/jenkinsci/winstone/pull/232
        title: Remove ability to load pem cert for winstone
    message: |-
      Winstone 6.6: Upgrade Jetty from 10.0.11 to 10.0.12.
      Remove support for OpenSSL-style PEM-encoded RSA private keys when running Jenkins with the embedded Jetty (Winstone) container and TLS.
      The flags <code>--httpsPrivateKey</code> and <code>--httpsCertificate</code> have been removed.
      The flags <code>--ajp13Port</code> and <code>--ajp13ListenAddress</code> have been removed.
      The flags <code>--handlerCountMax</code> and <code>--handlerCountMaxIdle</code> have been removed.
      The flags <code>--toolsJar</code> and <code>--useJasper</code> have been removed.
      Support HTTP/2 without the use of a custom <code>--extraLibFolder</code> option.
  - type: rfe
    category: rfe
    pull: 6783
    authors:
      - janfaracik
    pr_title: Add sidebar to plugin manager, increase search bar size
    message: |-
      Add sidebar to plugin manager, increase search bar size.
  - type: rfe
    category: rfe
    pull: 6768
    authors:
      - NotMyFault
      - basil
    pr_title: Add support for Apple touch bar icons
    message: |-
      Add support for Apple's touch bar icons.
  - type: rfe
    category: rfe
    pull: 7061
    authors:
      - basil
    pr_title: EOL `maven-assembly-plugin`
    references:
      - pull: 7061
      - url: https://repo.jenkins-ci.org/releases/org/jenkins-ci/main/jenkins-parent/
        title: Artifactory
      - url: https://github.com/jenkinsci/jenkins/tags
        title: GitHub source code download
    message: |-
      Removed: The signed <code>jenkins-parent-${JENKINS_VERSION}-src.zip</code> source archives have been removed from Artifactory for future releases.
      Users who wish to download source archives for offline consumption are encouraged to do so via GitHub.
  - type: rfe
    category: rfe
    pull: 6966
    issue: 68952
    authors:
      - Langer0416
      - basil
    pr_title: "[JENKINS-68952] Wrong location of email form validation on setup\
      \ wizard"
    message: |-
      Display email form validation errors near the data entry field in the setup form.
  - type: rfe
    category: rfe
    pull: 7046
    authors:
      - daniel-beck
    pr_title: In the security warnings popup, show recommended actions
    message: |-
      Show recommended actions (e.g., to update affected plugins) in security warnings popup.
  - type: rfe
    category: rfe
    pull: 7091
    authors:
      - omehegan
    pr_title: Clarify safe restart won't wait for Pipeline jobs
    message: |-
      Clarify safe restart won't wait for Pipeline jobs.
  - type: rfe
    category: rfe
    pull: 6951
    authors:
      - mawinter69
      - basil
    pr_title: Allow Formchecker to check more than 1 thing at a time
    message: |-
      Allow form checker to check more than one thing at a time.
  - type: rfe
    category: rfe
    pull: 7246
    authors:
      - basil
    pr_title: Document missing options
    message: |-
      Add documentation for the <code>--paramsFromStdIn</code> and <code>--version</code> command-line options.
  - type: bug
    category: regression
    pull: 7250
    authors:
      - basil
    pr_title: Correctly encode pound sign in `sortable.js`
    message: |-
      Fix sorting of British currency in tables.
  - type: bug
    category: regression
    pull: 7072
    issue: 68627
    authors:
      - daniel-beck
    pr_title: "[JENKINS-68627] Improve build progress animation after refresh"
    message: |-
      Improve build progress animation when refreshing parts of the history/executors widget.
  - type: bug
    category: regression
    pull: 6999
    issue: 69320
    authors:
      - benebsiny
    pr_title: "[JENKINS-69320] Resize behavior of Execute Shell build steps is\
      \ broken"
    message: |-
      Fix the resize behavior of Execute Shell build steps.
  - type: bug
    category: regression
    pull: 7043
    issue: 69250
    authors:
      - Vlatombe
    pr_title: "[JENKINS-69250] Searchbar is only present when using Jenkins header"
    message: |-
      Fix <code>searchBar is null</code> issue in setup wizard and when using custom Jenkins headers.
  - type: bug
    category: regression
    pull: 7195
    authors:
      - basil
    pr_title: Ping asynchronously in `Jetty10Provider`
    message: |-
      Ensure that temporary network partitions do not cancel the WebSocket ping thread (regression in 2.363).

- version: "2.375.2"
  date: 2023-01-11
  changes:

  - type: rfe
    category: rfe
    pull: 7470
    issue: 70199
    authors:
      - daniel-beck
    pr_title: "[JENKINS-70199] Add distributed builds telemetry"
    message: |-
      Add telemetry related to distributed builds.

  - type: major bug
    category: bug
    pull: 7407
    issue: 70105
    authors:
      - dependabot
      - amuniz
    pr_title: "[JENKINS-70105] Slow down WebSocket reconnect logic when the controller is responding"
    references:
      - url: https://github.com/jenkinsci/remoting/pull/603
        title: Slow down websocket re-connect
    message: |-
      Wait for 10 seconds before attempting to reconnect a WebSocket agent, regardless of whether or not the controller is responding.

  - type: major bug
    category: bug
    pull: 7412
    issue: 70103
    authors:
      - jglick
      - amuniz
    pr_title: "[JENKINS-70103] `WeakHashMap` broken for looking up Jetty `Session` in WebSocket response"
    message: |-
      Memory leak when repeatedly connecting WebSocket agents.

  - type: bug
    category: bug
    pull: 7385
    issue: 70083
    authors:
      - daniel-beck
    pr_title: "[JENKINS-70083] Update bundled script-security and junit versions"
    references:
      - url: /security/advisory/2022-11-15/
        title: Jenkins Security Advisory 2022-11-15
    message: |-
      Updated bundled Script Security plugin from 1189.vb_a_b_7c8fd5fde to 1190.v65867a_a_47126.
      Updated JUnit plugin from 1156.vcf492e95a_a_b_0 to 1160.vf1f01a_a_ea_b_7f.

  - type: bug
    category: bug
    pull: 7348
    issue: 69587
    authors:
      - janfaracik
    pr_title: "[JENKINS-69587] Fix console view bouncing when new entries appear"
    references:
    message: |-
      Fix console-view bouncing when new entries appear.

- version: "2.375.3"
  date: 2023-02-08
  changes:

  - type: bug
    category: bug
    pull: 7568
    issue: 70301
    authors:
      - MarkEWaite
    pr_title: "[JENKINS-70301] Do not report implied dependencies for WMI Windows Agents plugin"
    references:
    message: |-
      Resolve implied dependencies on WMI Windows Agent plugin.
  - type: bug
    category: bug
    pull: 7524
    issue: 70240
    authors:
      - jtnord
    pr_title: "Prevent Angry Jenkins when checking a non http(s) based update center URL."
    references:
    message: |-
      Prevent Angry Jenkins when checking a non http(s) based update center URL.
  - type: bug
    category: regression
    pull: 7475
    issue: 70209
    authors:
      - Gadzy
    pr_title: "fix letter-spacing"
    references:
    message: |-
      Remove negative letter-spacing to improve legibility in some languages and fonts (regression in 2.340 + 2.350).
  - type: bug
    category: regression
    pull: 7539
    issue: 70169
    authors:
      - timja
    pr_title: "JENKINS-70169 Restore link to last breadcrumb"
    references:
    message: |-
      Restore link to last breadcrumb in Console view.

- version: "2.375.4"
  date: 2023-03-08
  changes:
  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2023-03-08/
        title: security advisory
  - type: rfe
    message: Limit the maximum number of search results.

- version: "2.387.1"
  date: 2023-03-08
  lts_predecessor: "2.375.3"
  lts_baseline: "2.387"
  changes: # compared to lts_baseline 2.375 - extracted from the RC commit(s)

  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2023-03-08/
        title: security advisory

  - type: major bug
    category: regression
    issue: 70394
    authors:
      - mPokornyETM
    pr_title: "[JENKINS-70394] Move 'set node temporarily offline/online' buttons to app-bar"
    message: |-
      Move 'set node temporarily offline/online' buttons to app-bar to make them clickable again (regression in 2.385).
  - type: major bug
    category: bug
    issue: 70531
    pull: 7596
    authors:
      - jglick
    pr_title: "[JENKINS-70531] Apply timeout on WebSocket write operations"
    message: |-
      Allow WebSocket agent connections to time out after 5m if a write never succeeds.
  - type: major bug
    category: bug
    issue: 70334
    pull: 7547
    authors:
      - Dohbedoh
    pr_title: "[JENKINS-70334] Fix and simplify TcpSlaveAgentListenerRescheduler"
    message: |-
      Fix the TcpSlaveAgentListenerRescheduler functionality.
      TcpSlaveAgentListener is automatically restarted on failure.
  - type: bug
    category: bug
    issue: 70487
    authors:
      - NotMyFault
    pr_title: "Bump script-security from 1228.vd93135a_2fb_25 to 1229.v4880b_b_e905a_6"
    message: |-
      Add script-security update to LTS baseline.
  - type: bug
    category: bug
    issue: 70533
    pull: 7618
    authors:
      - daniel-beck
    pr_title: "[JENKINS-70533] Skip submitting telemetry when exception is thrown"
    message: |-
      Do not submit empty telemetry data if an error occurred during data collection.
  - type: bug
    category: bug
    issue: 70571
    pull: 7623
    authors:
      - MarkEWaite
    pr_title: "Update bundled Apache Mina-sshd plugins"
    references:
      - url: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45047
        title: CVE-2022-45047
    message: |-
      Update bundled Apache Mina SSHD API plugins from 2.9.1-44.v476733c11f82 to 2.9.2-50.va_0e1f42659a_a.
  - type: rfe
    message: Limit the maximum number of search results.

  lts_changes: # compared to lts_predecessor 2.361.4 (selected by personal review)

  - type: major rfe
    category: rfe
    pull: 6843
    authors:
    pr_title: "Hide potentially sensitive values (system properties and environment variables) by default"
    references:
      - pull: 6843
      - pull: 6995
      - issue: 69339
      - pull: 7373
      - pull: 7452
      - pull: 7173
      - issue: 70128
      - pull: 7556
      - issue: 70112
      - pull: 7555
      - pull: 7475
      - issue: 70209
      - pull: 7425
      - issue: 70117
      - pull: 7597
      - issue: 70240
      - pull: 7314
      - pull: 7203
      - pull: 7171
      - pull: 7364
      - issue: 69517
      - pull: 7366
      - pull: 7364
      - pull: 7229
      - issue: 69715
      - pull: 7352
      - pull: 7367
      - pull: 7368
      - pull: 7399
      - issue: 70036
      - pull: 7427
      - issue: 70121
      - pull: 6511
    message: |-
      Update to various UI elements.
      Modernize table display, page layout, and buttons.
  - type: major rfe
    category: major rfe
    pull: 7457
    issue: 70169
    authors:
      - lemeurherve
      - timja
    pr_title: "[JENKINS-70169] Add missing breadcrumb items"
    references:
      - pull: 6912
      - pull: 7487
      - pull: 7488
      - pull: 7489
      - pull: 7490
      - pull: 7491
      - pull: 7492
      - pull: 7493
      - pull: 7494
      - pull: 7495
      - pull: 7496
    message: |-
      Add missing breadcrumb items in various locations.
  - type: major rfe
    category: major rfe
    pull: 7293
    authors:
      - slide
    pr_title: "[JENKINS-68652] Update ANTLR2 to ANTLR4"
    message: |-
      Update ANTLR2 grammars and code to ANTLR4.
  - type: major rfe
    category: major rfe
    pull: 7436
    authors:
      - dependabot
    pr_title: "Upgrade Spring Security from 5.7.4 to 5.8.0"
    references:
      - url: https://github.com/spring-projects/spring-security/releases/tag/5.7.5
        title: Spring Security 5.7.5 release notes
      - url: https://github.com/spring-projects/spring-security/releases/tag/5.8.0
        title: Spring Security 5.8.0 release notes
      - url: https://spring.io/security/cve-2022-31690
        title: CVE-2022-31690
      - url: https://spring.io/security/cve-2022-31692
        title: CVE-2022-31692
    message: |-
      Update Spring Security from 5.7.4 to 5.8.0.
      This update includes several fixes and improvements.
  - type: major rfe
    category: major rfe
    pull: 7376
    issue: 64151
    authors:
      - slide
    pr_title: "[JENKINS-64151] Set a default file size rotation of AsyncPeriodicWork…"
    message: |-
      Set default file size rotation of AsyncPeriodicWork / AsyncAperiodicWork task logs to 10MB.
  - type: major rfe
    category: rfe
    pull: 6408
    authors:
      - janfaracik
    pr_title: "Replace YUI tooltips with Tippy.js"
    message: |-
      Update appearance of tooltips and replace old library with Tippy.js.
  - type: major bug
    category: bug
    issue: 70103
    pull: 7412
    references:
      - issue: 70105
      - pull: 7309
    authors:
      - jglick
      - amuniz
      - dependabot
    pr_title: "[JENKINS-70103] WeakHashMap broken for looking up Jetty Session in WebSocket response"
    message: |-
      Several fixes and improvements for Websocket agents.
  - type: rfe
    category: rfe
    pull: 7340
    authors:
      - basil
    pr_title: "Increase minimum required Remoting version from 4.2.1 to 4.7"
    message: |-
      The minimum required Remoting version has been increased to 4.7 (released on February 16, 2021).
  - type: rfe
    category: rfe
    pull: 7470
    issue: 70199
    authors:
      - daniel-beck
    pr_title: "[JENKINS-70199] Add distributed builds telemetry"
    message: |-
      Add telemetry related to distributed builds.
  - type: rfe
    category: rfe
    pull: 7342
    issue: 70044
    authors:
      - dwnusbaum
    pr_title: "[JENKINS-70044] Add telemetry for activation of optional permissions"
    message: |-
      Add telemetry for activation of permissions that are not enabled by default.
  - type: rfe
    category: rfe
    pull: 7362
    issue: 62332
    authors:
      - daniel-beck
      - jglick
    pr_title: "[JENKINS-62332] Remove plugin update GUI 'A newer version than being offered for installation exists…'"
    message: |-
      Remove the notice in the plugin manager Updates tab about newer plugin versions not compatible with your current core version.
      Limit the display of updates to plugin versions actually being offered by the update center for your core version.
  - type: rfe
    category: rfe
    pull: 7046
    authors:
      - daniel-beck
    pr_title: "In the security warnings popup, show recommended actions"
    message: |-
      Show recommended actions, such as "update affected plugins", in security warnings popup.
  - type: rfe
    category: rfe
    pull: 7312
    authors:
      - basil
    pr_title: "Remove Commons HttpClient 3.x"
    references:
      - url: https://github.com/jenkinsci/lib-commons-httpclient
        title: Commons HTTP Client
      - url: https://hc.apache.org/httpclient-legacy/
        title: Apache HTTP Client
    message: |-
      Jenkins no longer bundles a patched version of the deprecated Commons HttpClient 3.x library for use by plugins.
      Plugins should be migrated to the native Java 11 HTTP client or updated to depend on the legacy Commons HttpClient 3.x API plugin.
  - type: rfe
    category: rfe
    pull: 7413
    authors:
      - daniel-beck
    pr_title: "Remove deprecated Multijob plugin from setup wizard"
    message: |-
      Remove the deprecated Multijob plugin from the setup wizard.
  - type: rfe
    category: rfe
    pull: 7414
    authors:
      - MarkEWaite
    pr_title: "Remove WMI Windows Agents plugin from setup wizard"
    message: |-
      Remove the deprecated WMI Windows Agents plugin from the setup wizard.
  - type: rfe
    category: rfe
    pull: 7568
    issue: 70301
    authors:
      - MarkEWaite
    pr_title: "[JENKINS-68627] Improve build progress animation after refresh"
    message: |-
      Do not report implied dependencies for WMI Windows Agents plugin.
  - type: rfe
    category: rfe
    pull: 7305
    authors:
      - Vlatombe
    pr_title: "Don't save Jenkins configuration on reload"
    message: |-
      Avoid unnecessary configuration save when reloading configuration from disk.
  - type: rfe
    category: rfe
    pull: 7523
    issue: 23152
    authors:
      - jglick
    pr_title: "[JENKINS-23152] More robust handling of build number collisions"
    message: |-
      Robustness improvement regarding build number collisions.
  - type: rfe
    category: rfe
    pull: 7256
    authors:
      - basil
    pr_title: "De-duplicate file-based logging implementations"
    message: |-
      Remove support for log rotation via <code>SIGALRM</code>.
      The command-line argument <code>--daemon</code> has been removed.
  - type: bug
    category: bug
    pull: 7464
    issue: 70178
    authors:
      - janfaracik
    pr_title: "[JENKINS-70178] Improve tooltip performance"
    message: |-
      Improve tooltip performance.
  - type: bug
    category: bug
    pull: 7040
    issue: 69183
    authors:
      - benebsiny
      - daniel-beck
    pr_title: "[JENKINS-69183] It is impossible to update disabled plugins"
    message: |-
      Fix the update of disabled plugins.
  - type: bug
    category: bug
    issue: 70414
    pull: 7580
    authors:
      - jglick
    pr_title: "[JENKINS-70414] Missing agent-side Channel.close from PingThread.onDead"
    message: |-
      Close connection on the agent if the agent's liveness ping receives no response.
  - type: bug
    category: bug
    pull: 7514
    authors:
      - jglick
    pr_title: "[JENKINS-70206] Lazy initialization of JnlpSlaveAgentProtocol4"
    message: |-
      Delay initialization of cryptography needed for TCP inbound agents unless and until such an agent is connected.
  - type: bug
    category: bug
    pull: 7042
    issue: 68194
    authors:
      - benebsiny
    pr_title: "[JENKINS-68194] Delete .disabled file when uninstalling a plugin"
    message: |-
      Delete <code>.disabled</code> files when uninstalling a plugin.
  - type: bug
    category: bug
    pull: 7378
    authors:
      - basil
    pr_title: "Synchronize agent protocol access"
    message: |-
      Fix a race condition affecting the launch of inbound agents.
  - type: rfe
    category: developer
    pull: 7548
    authors:
      - dependabot
    pr_title: "Upgrade XStream from 1.4.19 to 1.4.20"
    references:
      - url: https://x-stream.github.io/changes.html
        title: XStream 1.4.20 release notes
      - url: https://x-stream.github.io/CVE-2022-40151.html
        title: CVE-2022-40151
      - url: https://x-stream.github.io/CVE-2022-41966.html
        title: CVE-2022-41966
    message: |-
      Upgrade XStream from 1.4.19 to 1.4.20.
      This maintenance release addresses the security vulnerabilities CVE-2022-40151 and CVE-2022-41966, causing a Denial of Service by raising a stack overflow.
      It also provides new converters for <code>Optional</code> and <code>Atomic</code> types.
  - type: rfe
    category: developer
    pull: 7477
    issue: 68692
    authors:
      - basil
    pr_title: "[JENKINS-68692] Upgrade Guice from 5.0.1 to 5.1.0"
    references:
      - url: https://github.com/google/guice/wiki/Guice510
        title: Guice 5.1.0 release notes
    message: |-
      Upgrade Guice from 5.0.1 to 5.1.0.
      Guice 5.1.0 contains eight fixes and improvements.
  - type: rfe
    category: developer
    pull: 7391
    authors:
      - dependabot
    pr_title: "Upgrade Spring Framework from 5.3.23 to 5.3.24"
    references:
      - url: https://github.com/spring-projects/spring-framework/releases/tag/v5.3.24
        title: Spring Framework 5.3.24 release notes
    message: |-
      Upgrade Spring Framework from 5.3.23 to 5.3.24.

  # pull: 7303 (PR title: Allow detached plugin location to be overridden)
  # pull: 7508 (PR title: Provide native Java 11 HTTP client versions of FormValidation#URLCheck methods)

- version: "2.387.2"
  date: 2023-04-05
  banner: >
    A <strong>new GPG signing key</strong> is used for the Jenkins long term support package repositories.
    Follow the instructions in the <a href="/doc/upgrade-guide/2.387/#upgrading-to-jenkins-lts-2-387-2">upgrade guide</a> to install the new public key on your computer.
  changes:
  - type: major bug
    category: bug
    pull: 7670
    issue: 69955
    authors:
      - Dohbedoh
    pr_title: "[JENKINS-69955] Make websocket connection idleTimeout configurable"
    message: |-
      Adjust WebSocket idle timeout to 60 seconds by default, to avoid "WebSocketTimeoutException: Connection Idle Timeout" issues.
  - type: bug
    category: bug
    pull: 7653
    issue: 70599
    authors:
      - MarkEWaite
    pr_title: "[JENKINS-70599] restore installNecessaryPlugins redirect destination"
    references:
    message: |-
      Restore the redirect destination of the <code>pluginManager/installNecessaryPlugins</code> API endpoint.
  - type: bug
    category: bug
    pull: 7651
    issue: 70626
    authors:
      - daniel-beck
    pr_title: "Update plugins after 2023-02-15 security advisory"
    references:
      - url: /security/advisory/2023-01-24/
        title: Jenkins Security Advisory 2023-01-24
      - url: /security/advisory/2023-02-15/
        title: Jenkins Security Advisory 2023-02-15
    message: |-
      Update bundled plugins to include fixes announced in 2023-01-24 and 2023-02-15 Jenkins security advisories.
  - type: rfe
    category: rfe
    authors:
      - dduportal
      - markewaite
      - smerle
      - lemeurherve
    references:
      - url: https://github.com/jenkins-infra/release/pull/358
        title: pull 358
    message: |-
      Sign WAR file and Windows installer with new code signing certificate.

- version: "2.387.3"
  date: 2023-05-03
  changes:
  - type: bug
    category: bug
    pull: 7743
    issue: 70820
    authors:
      - NotMyFault
    pr_title: "[JENKINS-70820] - Restore 'New Node' button for users with node creation permission"
    message: |-
      Restore <strong>New Node</strong> button in computer overview for users with node creation permission.
  - type: bug
    category: bug
    pull: 7735
    issue: 70809
    authors:
      - mamh2021
    pr_title: "[JENKINS-70809] - Fix 'delete build' button overflow the side-panel"
    message: |-
      Fix <strong>Delete Build</strong> button text overflow.
  - type: bug
    category: bug
    pull: 7740
    issue: 69489
    authors:
      - NotMyFault
    pr_title: "[JENKINS-69489] - Hide restart checkbox if the controller doesn't support it"
    message: |-
      Hide <strong>Restart Jenkins</strong> checkbox in the update center if the controller doesn't support it.
  - type: bug
    category: bug
    pull: 7778
    issue: 69129
    authors:
      - basil
    pr_title: "[JENKINS-69129] Support escaped emoji characters in XML files"
    message: |-
      Support emojis in Job DSL scripts.

- version: "2.401.1"
  date: 2023-05-31
  lts_predecessor: "2.387.3"
  lts_baseline: "2.401"
  changes: # compared to lts_baseline 2.401 - extracted from the RC commit(s)

  - type: security
    message: Important security fix.
    references:
      - url: /security/advisory/2023-06-14/
        title: 2023-06-14 security advisory

  - type: bug
    category: regression
    pull: 7924
    issue: 71182
    authors:
      - jglick
    pr_title: "[JENKINS-71182] Correct Unicode behavior of `XML_1_1`"
    message: |-
      Fix the writing of emojis to XML (regression in 2.403).

  - type: bug
    category: regression
    pull: 7875
    issue: 71139
    authors:
      - jglick
    pr_title: "[JENKINS-71139] Fail fast when serializing invalid XML 1.1 data"
    message: |-
      Do not write NUL values to XML files.
      A technically illegal <code>#x0</code> (NUL) could be written to Jenkins XML files but could no longer be read.
      Now the write will fail as well (regression in 2.398).

  - type: bug
    category: regression
    pull: 8052
    issue: 71345
    authors:
      - MarkEWaite
    pr_title: "[JENKINS-71345] Remove 'undefined' from system dropdown menu"
    message: |-
      Remove "undefined" trailing text from system dropdown menu.

  - type: bug
    category: bug
    pull: 7891
    issue: 71160
    authors:
      - flabrie
      - NotMyFault
    pr_title: '[JENKINS-71160] Fix "Tmp directories are hidden" alert icon'
    message: |-
      Fix the warning icon in the workspaces temporary directory message.

  - type: bug
    category: regression
    pull: 7870
    issue: 71115
    authors:
      - niralmaruda
    pr_title: "[JENKINS-71115] Builds filter field doesn't use full width on sub\
      \ 970px windows"
    message: |-
      Show full width filter field for builds on pages less than 970 pixels wide.

  lts_changes: # compared to lts_predecessor 2.387.3 (selected by personal review)

  - type: rfe
    category: rfe
    pull: 7661
    authors:
      - janfaracik
      - timja
    pr_title: Simplify settings names
    message: |-
      Simplify the names of the settings in Manage Jenkins.

  - type: rfe
    category: rfe
    pull: 7581
    authors:
      - janfaracik
      - NotMyFault
    pr_title: Use a card layout instead of a table for the dashboard on mobile
    message: |-
      Use a card layout instead of a table for the dashboard on mobile.

  - type: rfe
    category: rfe
    pull: 7748
    authors:
      - janfaracik
    pr_title: Refresh the Build with Parameters interface
    message: |-
      Refresh the Build with Parameters interface.

  - type: rfe
    category: rfe
    pull: 7718
    authors:
      - janfaracik
      - timja
    pr_title: Revamp icon legend as a modal
    message: |-
      Revamp icon legend as a modal.

  - type: rfe
    category: rfe
    pull: 7712
    authors:
      - janfaracik
    pr_title: Refresh the design of the About Jenkins page
    message: |-
      Refresh the design of the About Jenkins page.

  - type: rfe
    category: rfe
    pull: 7614
    authors:
      - jglick
      - daniel-beck
    pr_title: "`t:progressiveText` should tolerate 5xx HTTP errors"
    message: |-
      Running pipeline build logs can now be displayed across controller restarts without reloading in some environments.

  - type: rfe
    category: rfe
    pull: 7299
    issue: 69853
    authors:
      - Wadeck
      - NotMyFault
      - timja
    pr_title: "[JENKINS-69853] User experimental flags"
    message: |-
      Introduce user experimental flags.

  - type: rfe
    category: rfe
    pull: 7625
    authors:
      - prathi-mani
      - MarkEWaite
      - NotMyFault
      - janfaracik
    pr_title: Added copy to clipboard button to agent launch snippets
    references:
      - pull: 7625
      - pull: 7678
      - pull: 7665
      - issue: 21052
    message: |-
      Add a copy button for the code snippets that start agents and for the Jenkins home directory.
      Warn user that copy button requires HTTPS.

  - type: rfe
    category: rfe
    pull: 7605
    authors:
      - jglick
    pr_title: Default CLI mode to `-webSocket`
    message: |-
      The default connection mode for the Java CLI client is now <code>webSocket</code>.
      You can specify <code>http</code> to continue to use the former default (for example because you are running Jenkins in a servlet container other than the recommended builtin Jetty, or because you are running an unusual reverse proxy which does not support WebSocket).
      You can also continue to specify <code>ssh</code> to use SSH transport (for example because you prefer to authenticate with a private key rather than an API token), or use a native SSH client.

  - type: rfe
    category: rfe
    pull: 7827
    authors:
      - basil
    pr_title: Remove dependency on `jenkins-js-modules`
    message: |-
      Simplify loading of JavaScript and CSS.
      Users of OWASP DependencyTrack must upgrade to 4.3.1 or later, and users of ServiceNow CI/CD must upgrade to 2.1 or later.

  - type: bug
    category: bug
    pull: 7701
    issue: 70630
    authors:
      - carlos-mon-inm
      - NotMyFault
      - MarkEWaite
    pr_title: "[JENKINS-70630] - Fix HTTP2 missing header"
    message: |-
      Fix null pointer exception on the "Manage Jenkins" page when HTTP/2 is enabled.

  - type: bug
    category: regression
    pull: 7740
    issue: 69489
    authors:
      - NotMyFault
    pr_title: "[JENKINS-69489] - Hide restart checkbox if the controller doesn't\
      \ support it"
    message: |-
      Hide the <strong>Restart Jenkins</strong> checkbox in the update center if the controller doesn't support it.

  - type: bug
    category: regression
    pull: 7577
    issue: 70394
    authors:
      - mPokornyETM
      - timja
    pr_title: "[JENKINS-70394] Move 'set node temporarily offline/online' buttons\
      \ to app-bar"
    message: |-
      Move <code>set node temporarily offline/online</code> buttons to appbar.

  - type: rfe
    category: developer
    pull: 7838
    authors:
      - dependabot[bot]
    references:
      - url: https://github.com/spring-projects/spring-framework/releases/tag/v5.3.27
        title: Spring Framework 5.3.27 release notes
    pr_title: Upgrade Spring Framework from 5.3.26 to 5.3.27
    message: |-
      Upgrade Spring Framework from 5.3.26 to 5.3.27.

  - type: rfe
    category: developer
    pull: 7632
    authors:
      - jglick
    pr_title: Upgrade Winstone from 6.7 to 6.10
    references:
      - pull: 7632
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.10
        title: Winstone 6.10 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.9
        title: Winstone 6.9 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.8
        title: Winstone 6.8 changelog
    message: |-
      Upgrade bundled Winstone from 6.7 to 6.10.
      Add the <code>excludeProtocols</code> option.
      Improve logging during shutdown.

- version: "2.401.2"
  date: 2023-06-28
  changes:
  - type: major rfe
    category: major rfe
    pull: 8118
    authors:
      - MarkEWaite
    references:
      - pull: 7913
      - pull: 8082
      - issue: 71428
      - url: /blog/2023/05/30/operating-system-end-of-life/
        title: End of life operating systems
    pr_title: "Backport end of life warning to stable-2.401"
    message: |-
      Warn administrators when their Linux operating system is approaching end of life.
  - type: rfe
    category: rfe
    pull: 7990
    authors:
    - NotMyFault
    pr_title: "Upgrade from Guice 5.1.0 to 6.0.0"
    references:
    - url: https://github.com/google/guice/wiki/Guice600#changes-since-guice-510
      title: Guice 6.0.0 changelog
    - pull: 8121
    message: |-
      Upgrade from Guice 5 to 6.

- version: "2.401.3"
  date: 2023-07-26
  changes:

  - type: security
    message: Important security fix.
    references:
      - url: /security/advisory/2023-07-26/
        title: security advisory

  - type: bug
    category: bug
    pull: 8161
    authors:
      - MarkEWaite
    pr_title: "Remove incorrect text from JENKINS_HOME help page"
    message: |-
      Remove incorrect text from JENKINS_HOME help.

- version: "2.414.1"
  date: 2023-08-23
  lts_predecessor: "2.401.3"
  lts_baseline: "2.414"
  changes: # compared to lts_baseline 2.401 - extracted from the RC commit(s)

  - type: security
    authors:
      - Kevin-CB
      - dwnusbaum
    message: |-
      Important security fix.
    references:
      - url: /security/advisory/2023-07-26/
        title: 2023-07-26 security advisory
  - type: major rfe
    category: rfe
    authors:
      - timja
    references:
      - url: https://github.com/jenkinsci/docker/pull/1687
        title: Docker pull request 1687
    message: |-
      Update Debian images to version 12.0 (bookworm).
  - type: rfe
    category: rfe
    pull: 8129
    authors:
      - janfaracik
    pr_title: Add last build status to job page
    message: |-
      Add last build status to job page.
  - type: bug
    category: regression
    pull: 8258
    issue: 71630
    authors:
      - daniel-beck
    pr_title: "Remove Rebuilder Plugin from setup wizard options"
    message: |-
      Remove rebuilder plugin from the setup wizard plugin selection.
  - type: bug
    category: regression
    pull: 8293
    issue: 71698
    authors:
      - timja
    pr_title: "[JENKINS-71698] Only disable plugin manager button if none are selected"
    message: |-
      Only disable the plugin manager "install" button if no plugins are selected (regression in 2.414).


  lts_changes: # compared to lts_predecessor 2.387.3 (selected by personal review)

  - type: major rfe
    category: rfe
    pull: 7474
    authors:
    - mawinter69
    - janfaracik
    - NotMyFault
    - flabrie
    - niralmaruda
    pr_title: "Update link dropdown menus to use new Tippy dropdowns"
    references:
      - pull: 8210
      - pull: 8179
      - pull: 8076
      - pull: 8025
      - pull: 7989
      - pull: 8015
      - pull: 7962
      - pull: 7716
      - pull: 7836
      - issue: 70805
      - pull: 7891
      - issue: 71160
      - pull: 7870
      - issue: 71115
      - pull: 7887
      - issue: 71152
      - pull: 7420
      - issue: 70115
      - pull: 7922
      - issue: 71177
      - pull: 7770
    message: |-
      Update to various UI elements.
      Update appearance and framework for dropdown links.
      Modernize forms and pages.
  - type: major rfe
    category: rfe
    pull: 8087
    authors:
    - janfaracik
    pr_title: "Update the Log Recorders interface"
    references:
      - pull: 8186
      - pull: 8164
    message: |-
      Update UI and function of Log Recorder.
      Display a notice when there are no logs available.
  - type: major rfe
    category: rfe
    pull: 7355
    issue: 70059
    authors:
    - meiswjn
    pr_title: "[JENKINS-70059] Improve Safe Restart interface and user information"
    message: |-
      Allow cancelling the quiet down mode of a safe restart with an optional custom message for safe restarts (with new default message).
      Use a less dangerous color for the safeRestart banner.
      Allow setting the full prepareShutdown message instead of only the reason.
      Show a hint on the "Jenkins Unavailable" page about safe restarts.
  - type: major bug
    category: bug
    pull: 7942
    issue: 71200
    authors:
    - Dohbedoh
    pr_title: "[JENKINS-71200] Fix elements property overload in ListView"
    message: |-
      Prefix the name of input elements of ListView to prevent form submission issues when an Item (job) is named <code>elements</code>.
  - type: rfe
    category: rfe
    pull: 7911
    issue: 13545
    authors:
    - mawinter69
    pr_title: "[JENKINS-13545] use dialogs to delete computers, views, clouds, users and logrecorders"
    message: |-
      Use dialogs to delete computers, views, clouds, users and log recorders instead of dedicated pages.
  - type: rfe
    category: rfe
    pull: 7893
    authors:
    - yaroslavafenkin
    pr_title: "[JENKINS-71034] [JENKINS-71035] [JENKINS-71036] [JENKINS-71037] Improve CSP compatibility"
    references:
      - issue: 71034
      - issue: 71035
      - issue: 71036
      - issue: 71037
      - pull: 8054
      - issue: 71042
      - issue: 71044
      - issue: 71045
      - pull: 8039
      - issue: 71040
      - issue: 71041
    message: |-
      Improve Content Security Policy compatibility.
  - type: rfe
    category: rfe
    pull: 8173
    authors:
    - basil
    pr_title: "Upgrade Winstone from 6.11 to 6.12"
    references:
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.11
        title: Winstone 6.11 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.12
        title: Winstone 6.12 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.14
        title: Jetty 10.0.14 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.15
        title: Jetty 10.0.15 changelog
    message: |-
      Upgrade Winstone from 6.10 to 6.12.
      This includes the upgrade of Jetty from 10.0.13 to 10.0.15.
      Add or update MIME types for JavaScript files, JavaScript module files, AV1 Image File (AVIF) files, Web Open Font Format (WOFF) files, and WebAssembly files.
  - type: rfe
    category: rfe
    pull: 8147
    authors:
    - timja
    - janfaracik
    pr_title: "JENKINS-71246 Remove animations on login page causing high CPU usage in some cases"
    references:
      - pull: 7995
      - issue: 71246
      - pull: 7872
    message: |-
      Update to sign-in page on desktop and mobile.
      Remove animations and modernize page.
  - type: rfe
    category: rfe
    pull: 7673
    authors:
    - benebsiny
    - niralmaruda
    pr_title: "[JENKINS-70220] Filter builds should be hidden when the big 'no builds' block is visible"
    references:
      - issue: 70220
      - pull: 7870
      - issue: 71115
    message: |-
      Update to Builds widget UI.
  - type: rfe
    category: rfe
    pull: 7658
    issue: 70729
    authors:
    - Vlatombe
    pr_title: "[JENKINS-70729] Rework clouds management into multiple pages"
    message: |-
      Rework clouds management into multiple pages to better scale to large numbers of clouds.
      Users of EC2 Plugin should update it to version 2.0.7 or newer for compatibility.
  - type: rfe
    category: rfe
    pull: 8140
    authors:
    - takashiharano
    pr_title: "Add Japanese translation of Apply"
    message: |-
      Add Japanese translation of Apply.
  - type: rfe
    category: rfe
    pull: 8127
    authors:
    - jglick
    pr_title: "Clean up DoubleLaunchChecker"
    message: |-
      Switch the double-launch checker to a regular administrative monitor.
  - type: rfe
    category: rfe
    pull: 8065
    authors:
    - basil
    pr_title: "Move from javax.inject to jakarta.inject"
    message: |-
      Add support for <code>jakarta.inject</code> annotations.
  - type: rfe
    category: rfe
    pull: 7998
    authors:
    - jglick
    pr_title: "Lazy-load-friendly Job.getEstimatedDurationCandidates"
    message: |-
      Reduce the circumstances under which recent old builds will be loaded when starting new builds.
  - type: rfe
    category: rfe
    pull: 7976
    authors:
    - jglick
    pr_title: "Refinements to AssociatedConverterImpl.cache"
    message: |-
      Refinements to class loading behavior looking up special formatters for XML configuration files.
  - type: rfe
    category: rfe
    pull: 7948
    authors:
    - basil
    pr_title: "Add a user experimental flag to run Jenkins without Prototype.js"
    message: |-
      Add a user experimental flag to run Jenkins without Prototype.js.
      Plugin authors should enable this flag and fix any issues that result from the removal of Prototype.js.
      In the future Prototype.js will be removed from Jenkins core.
  - type: rfe
    category: rfe
    pull: 7956
    authors:
    - janfaracik
    pr_title: "Make the skip link visible"
    message: |-
      Make "Skip to content" link visible through keyboard navigation.
  - type: bug
    category: bug
    pull: 7992
    issue: 71244
    authors:
    - Bananeweizen
    pr_title: "[JENKINS-71244] Avoid relative link in update center"
    message: |-
      Fix update center proxy configuration hyperlink in error messages.
  - type: bug
    category: bug
    pull: 7972
    authors:
    - Vlatombe
    pr_title: "Support clouds without a config.jelly"
    message: |-
      Fix support of clouds without a <code>config.jelly</code> file.

- version: "2.414.2"
  date: 2023-09-20
  changes:
  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2023-09-20/
        title: security advisory

  - type: major rfe
    category: rfe
    pull: 8273
    issue: 71366
    authors:
      - mattpulver
    pr_title: "[JENKINS-71366] Set sandbox allow-same-origin in DEFAULT_CSP_VALUE."
    message: |-
      Add <code>allow-same-origin</code> to the <code>sandbox</code> Content-Security-Policy directive of workspace and artifact browsers if the Resource Root URL feature is not used.
      Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests.
  - type: major bug
    category: bug
    pull: 8378
    issue: 61452
    authors:
      - jglick
    pr_title: "[JENKINS-61452] Tolerate corrupt Base64 in PlainTextConsoleOutputStream"
    message: |-
      The plain text console log will still be printed even if some console annotations are corrupt.
  - type: bug
    category: bug
    pull: 8341
    issue: 71238
    authors:
      - janfaracik
    pr_title: "[JENKINS-71238] New login page breaks login-theme-plugin"
    message: |-
      New login page breaks <code>login-theme-plugin</code> (regression in 2.404).
  - type: bug
    category: bug
    pull: 8341
    issue: 71238
    authors:
      - dwnusbaum
    pr_title: "[JENKINS-71479] Do not use SCSS lighten function directly to avoid invalid CSS"
    message: |-
      Fix invalid CSS which caused some buttons to become invisible on hover (regression in 2.402).

- version: "2.414.3"
  date: 2023-10-18
  banner: >
    Short tags (without "jdk" in them) such as <code>jenkins/jenkins:2.414.3-alpine</code> are using Java 17 and not Java 11 like previously.
    If you need to keep using Java 11, use tags like <code>jenkins/jenkins:2.414.3-jdk11</code>.
    Also note that two new tags (2.414.3-alpine-jdk17 & 2.414.3-slim-jdk17) have been published without any content change a week later than the original ones.
  changes:
  - type: security
    message: Important security fix.
    references:
      - url: /security/advisory/2023-10-18/
        title: security advisory
  - type: major rfe
    category: rfe
    authors:
      - basil
    pr_title: "Java 17 by default"
    references:
      - url: https://github.com/jenkinsci/docker/pull/1724
        title: Docker pull request 1724
    message: |-
      Use Java 17 as the default Java version in container images that do not specify a Java version in the container label.
  - type: major rfe
    category: rfe
    pull: 8478
    issue: 72058
    authors:
      - dependabot
    references:
      - url: https://commons.apache.org/proper/commons-compress/changes-report.html#a1.24.0
        title: Apache Commons Compress 1.24.0 Release Notes
    pr_title: "Bump org.apache.commons:commons-compress from 1.23.0 to 1.24.0"
    message: |-
      Update commons-compress from 1.23.0 to 1.24.0.
  - type: major bug
    category: bug
    pull: 8490
    issue: 72016
    authors:
      - jglick
    pr_title: "[JENKINS-72016] Define a thread pool for ProxyConfiguration's HttpClient"
    message: |-
      Do not create a large number of threads when making numerous HTTP requests.
  - type: major bug
    category: regression
    pull: 8529
    issue: 72076
    authors:
      - basil
    pr_title: "[JENKINS-72067] High memory usage from XStream2.AssociatedConverterImpl"
    message: |-
      Reduce high memory usage from <code>XStream2.AssociatedConverterImpl</code> (regression in 2.405).
  - type: rfe
    category: rfe
    pull: 8440
    issue: 71996
    authors:
      - jglick
    pr_title: "Add telemetry for security-related settings"
    message: |-
      Add telemetry collecting basic information about the security configuration.
  - type: rfe
    category: rfe
    pull: 8592
    issue: 72156
    authors:
    - olamy
    pr_title: "[JENKINS-72156] Backport Upgrade to Winstone 6.14 which contains an upgrade to Jetty 10.0.17"
    references:
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.13
        title: Winstone 6.13 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.14
        title: Winstone 6.14 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16
        title: Jetty 10.0.16 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.17
        title: Jetty 10.0.17 changelog
      - url: https://nvd.nist.gov/vuln/detail/CVE-2023-44487
        title: CVE-2023-44487
    message: |-
      Upgrade Winstone from 6.12 to 6.14.
      This includes the upgrade of Jetty from 10.0.15 to 10.0.17.
      The Jetty upgrade includes fixes for several CVEs.
  - type: bug
    category: regression
    pull: 8485
    issue: 71890
    authors:
      - benebsiny
    pr_title: "[JENKINS-71890] Model links in build history views and administrative monitors no longer work"
    message: |-
      Restore context menus of model links in build history views and administrative monitors (regression in 2.402).

- version: "2.426.1"
  date: 2023-11-15
  banner: >
    Short container image tags (without "jdk" in them) such as <code>jenkins/jenkins:2.426.1</code> are now using Java 17.
    If you need to continue using Java 11, use tags like <code>jenkins/jenkins:2.426.1-jdk11</code>.
    The Windows container images of this release switch from a windowsservercore-1809 Temurin base image to a windowsservercore-ltsc2019 Microsoft base image.
    Note also that a proper set of tags is now published for these Windows images and they include "ltsc2019" instead of only "2019".
  lts_predecessor: "2.414.3"
  lts_baseline: "2.426"
  changes: # compared to lts_baseline 2.426 - extracted from the RC commit(s)

  - type: major bug
    category: bug
    pull: 8422
    authors:
      - daniel-beck
    pr_title: "[JENKINS-71252][JENKINS-70793] Multiple form validation fixes"
    references:
      - issue: 71252
      - issue: 70793
    message: |-
      Show form validation results for form elements that are initially hidden.
      Remove previous form validation errors when the form validation is updated with new content (regression in 2.355).
  - type: major bug
    category: bug
    issue: 72170
    pull: 8602
    authors:
      - mawinter69
    pr_title: "[JENKINS-72170] fix nested hetero-list entries with mixture of inputs and buttons"
    message: |-
      Fix multibranch Pipeline <strong>Add source</strong> and other uses that mix inputs and buttons (regression in 2.422).
  - type: major bug
    category: bug
    issue: 72163
    authors:
      - basil
    pr_title: "[JENKINS-72163] Retry on initial connection failure occurs in one entrypoint but not the other"
    references:
      - url: https://github.com/jenkinsci/remoting/pull/675
        title: Remoting PR 675
    message: |-
      Add <code>sleep</code> call when <code>-noReconnect</code> is not specified for Kubernetes agents.
  - type: major bug
    category: bug
    issue: 65368
    authors:
      - sunweisheng
    pr_title: "Remoting agent.jar does not work behind proxy"
    message: |-
      Add proxy support for Remoting.
  - type: major bug
    category: regression
    pull: 8564
    issue: 71937
    authors:
      - Vlatombe
    pr_title: "[JENKINS-71937] Fix deprecated 'Slave' constructor"
    message: |-
      Fix agent allocation due to label issue detected by vSphere Cloud plugin (regression in 2.421).
  - type: major bug
    category: regression
    pull: 8613
    issue: 72189
    authors:
      - mawinter69
    pr_title: "[JENKINS-72189] fix drag&drop handle for existing repeatables"
    message: |-
      Fix drag and drop handle for existing repeatables (regression in 2.335).
  - type: rfe
    category: rfe
    pull: 8564
    issue: 72248
    authors:
      - daniel-beck
    pr_title: "Add telemetry for Jenkins uptime"
    message: |-
      Add telemetry for Jenkins uptime.
  - type: bug
    category: regression
    pull: 8606
    issue: 72179
    authors:
      - daniel-beck
    pr_title: "[JENKINS-72179] Show description of boolean build parameter values"
    message: |-
      Show the description of boolean build parameter values on the Parameters view (regression in 2.179).
  - type: bug
    category: regression
    pull: 8492
    issue: 72020
    authors:
      - Vlatombe
    pr_title: "[JENKINS-72020] Restore ability to reorder clouds"
    message: |-
      Allow clouds to be reordered.
      This was previously possible, but disappeared when the cloud management was moved to a separate page (regression in 2.403).
  - type: bug
    category: regression
    pull: 8674
    issue: 70994
    authors:
      - basil
    pr_title: "[JENKINS-70994] Upgrade bundled SnakeYAML plugin from 1.33-95.va_b_a_e3e47b_fa_4 to 2.2-111.vc6598e30cc65"
    message: |-
      Update SnakeYAML plugin to 2.2 to silence security scanners.

  lts_changes: # compared to lts_predecessor 2.414.3 (selected by personal review)

  - type: major rfe
    category: major rfe
    authors:
      - basil
    pr_title: "Support Java 21"
    references:
      - issue: 71800
      - url: https://www.jenkins.io/blog/2023/11/06/introducing-2-2-2-java-support-plan/
        title: Java 21 supported in 2.426.1
    message: |-
      Support Java 21 in addition to Java 11 and Java 17.
  - type: major rfe
    category: major rfe
    pull: 7781
    authors:
      - timja
      - basil
    pr_title: "[JENKINS-70906] Remove prototype from core"
    references:
      - issue: 70906
      - pull: 7781
      - url: https://www.jenkins.io/blog/2023/05/12/removing-prototype-from-jenkins/
        title: Prototype removal blog post
    message: |-
      Remove outdated Prototype.js library.
  - type: major rfe
    category: major rfe
    authors:
      - MarkEWaite
    pr_title: "Remove CentOS 7 container images"
    references:
      - url: "/blog/2023/05/30/operating-system-end-of-life/"
        title: Red Hat Enterprise Linux 7 and CentOS 7 end of life blog post
      - url: https://github.com/jenkinsci/docker/pull/1777
        title: Docker pull request 1777
    message: |-
      Stop delivering CentOS 7 container images as part of the end of support for Red Hat Enterprise Linux 7 and its derivatives.
  - type: major rfe
    category: rfe
    pull: 7938
    issue: 71438
    authors:
      - mawinter69
    pr_title: "[JENKINS-71438] Replace browser confirm with modal dialogs"
    message: |-
      Replace browser confirm with modal dialogs in many places.
      Add API for alert, confirm, prompt, modal and form dialogs.
  - type: major rfe
    category: rfe
    pull: 8418
    authors:
    - mawinter69
    - janfaracik
    - NotMyFault
    pr_title: "Replace hetero-list YUI button and menu with new style button and tippy.js menu"
    references:
      - pull: 8381
      - pull: 8376
      - pull: 8375
      - pull: 8363
      - pull: 8180
    message: |-
      Updates to various UI elements.
      Modernize buttons, menus, link design, and content blocks.
  - type: major rfe
    category: rfe
    pull: 8403
    authors:
      - timja
    pr_title: "Add Appearance system configuration page"
    message: |-
      Add <strong>Appearance</strong> system configuration page to customize Jenkins' look and feel.
  - type: major rfe
    category: rfe
    pull: 8528
    authors:
    - jglick
    - Vlatombe
    pr_title: "Avoid saving disabled status when deleting a project"
    references:
      - pull: 8494
      - pull: 8395
      - pull: 8299
    message: |-
      Various performance optimizations.
      Optimizations for loading, label parsing, and project deletion.
  - type: major bug
    category: bug
    pull: 8448
    authors:
      - Vlatombe
    pr_title: "Label parsing robustness fix"
    message: |-
      Prevent incorrect <code>readResolve</code> implementations from breaking agent label parsing.
  - type: rfe
    category: rfe
    pull: 8526
    authors:
      - basil
    pr_title: "Automate Java version recommendation administrative monitor"
    message: |-
      Automate the display of an administrative monitor when approaching Java end of life (EOL) dates.
  - type: rfe
    category: rfe
    authors:
      - philfry
    pr_title: "RPM: Remove System V initialization script"
    references:
      - url: https://github.com/jenkinsci/packaging/pull/409
        title: pull 409 (packaging)
      - url: https://www.jenkins.io/blog/2022/03/25/systemd-migration/
        title: Linux install packages migrated from System V init to systemd
    message: |-
      Remove System V initialization scripts from RPM based installers.
      The System V initialization scripts were replaced in March 2022 with systemd initialization.
      RPM users with a custom log directory no longer have a <code>logrotate(8)</code> configuration out-of-the-box.
  - type: rfe
    category: rfe
    pull: 8250
    issue: 71087
    authors:
      - daniel-beck
    pr_title: "[JENKINS-71087] Nicer 404 error pages"
    message: |-
      Add a nicer 404 error page.
  - type: rfe
    category: rfe
    pull: 8503
    authors:
      - basil
    pr_title: "Increase minimum required Remoting version from 4.7 to 4.13"
    message: |-
      The minimum required Remoting version has been increased from 4.7 to 4.13.
  - type: rfe
    category: rfe
    pull: 8453
    issue: 71950
    authors:
      - basil
    pr_title: "[JENKINS-71950] List plugins in deterministic order"
    message: |-
      List plugins in deterministic order to improve diagnosability of plugin linkage errors.
  - type: rfe
    category: rfe
    pull: 8208
    authors:
      - janfaracik
    pr_title: "Display a notice when there are plugins installed or updates available"
    message: |-
      Display a notice when plugin updates are available or when there are no plugins installed.
  - type: rfe
    category: rfe
    pull: 8265
    issue: 71054
    authors:
      - yaroslavafenkin
    pr_title: "[JENKINS-71054] Remove the treeview option for artifactList"
    message: |-
      Remove the treeview option for artifactList.
  - type: rfe
    category: rfe
    pull: 8283
    authors:
      - meiswjn
    pr_title: "Add logging for agent usage by job"
    message: |-
      Log agent usage by job.
  - type: rfe
    category: rfe
    pull: 8262
    issue: 71496
    authors:
      - mawinter69
    pr_title: "[JENKINS-71496] Make tab pane selection reachable via keyboard"
    message: |-
      Make tab panes accessible via keyboard.
  - type: rfe
    category: rfe
    pull: 8273
    issue: 71366
    authors:
      - mattpulver
    pr_title: "[JENKINS-71366] Set sandbox allow-same-origin in DEFAULT_CSP_VALUE."
    message: |-
      Add <code>allow-same-origin</code> to the <code>sandbox</code> ContentSecurityPolicy directive of workspace and artifact browsers if the Resource Root URL feature is not used.
      Allow requests to resources like stylesheets and images, even if a reverse proxy prohibits cross-site requests.
  - type: rfe
    category: rfe
    pull: 8446
    authors:
    - mustafau
    pr_title: "Turkish localization fixes for the new job page"
    references:
      - pull: 8368
    message: |-
      Updates to Turkish localization for jobs.
  - type: rfe
    category: rfe
    pull: 8258
    authors:
      - daniel-beck
    pr_title: Remove Rebuilder Plugin from setup wizard options
    message: |-
      Remove the rebuild plugin from the setup wizard plugin selection.
  - type: rfe
    category: rfe
    pull: 8503
    authors:
      - basil
    pr_title: "Remove KXML2 library"
    message: |-
      Stop shipping <code>net.sf.kxml:kxml2</code> because Jenkins no longer depends on it.
  - type: bug
    category: bug
    pull: 8474
    authors:
      - jtnord
    pr_title: fix signup autofocus
    message: |-
      Prevent log spam when using the Jenkins security database and users signup.
  - type: bug
    category: bug
    pull: 8493
    issue: 71880
    authors:
      - mawinter69
    pr_title: "[JENKINS-71880] fix notification in breadcrumb"
    message: |-
      Show a confirmation popup when triggering a task action from a context menu.
  - type: bug
    category: bug
    pull: 8485
    issue: 72018
    authors:
      - flabrie
    pr_title: "[JENKINS-72018] Form entries in .repeated-chunk using .show-if-not-only\
      \ CSS class are not hidden when they are alone"
    message: |-
      Hide the delete button from the only repeatable element in configuration forms when at least one element is expected.
  - type: bug
    category: bug
    pull: 8471
    issue: 71983
    authors:
      - mawinter69
    pr_title: "[JENKINS-71983] allow symbols in MenuItem#withIconClass"
    message: |-
      Symbols display in breadcrumbs now.
  - type: bug
    category: bug
    pull: 8416
    issue: 38520
    authors:
      - dependabot[bot]
    pr_title: "[JENKINS-38520] Every message in agent log appears twice with the\
      \ `-agentLog` option"
    message: |-
      Message no longer appears twice when the <code>agentLog</code> option is used.
  - type: bug
    category: bug
    pull: 8388
    issue: 71848
    authors:
      - daniel-beck
    pr_title: "[JENKINS-71848] Remove admin monitors popup from `/manage/` again"
    message: |-
      Hide administrative monitors icons/popup in the header of <strong>Manage Jenkins</strong>, as they're shown directly on the page.
  - type: bug
    category: bug
    pull: 8387
    issue: 71833
    authors:
      - daniel-beck
    pr_title: "[JENKINS-71833] Fix link to job in slow trigger admin monitor"
    message: |-
      Fix link to job in the message informing administrators of trigger computations that run for an unusually long time.
  - type: bug
    category: bug
    pull: 8089
    authors:
      - dten
    pr_title: Use standard size node icon even with long node names
    message: |-
      Use standard size node icon even with long node names.
  - type: bug
    category: bug
    pull: 8288
    issue: 71186
    authors:
      - programbeginnerTW
    pr_title: "[JENKINS-71186] - Avoid a warning from web application scanners"
    message: |-
      Add the <code>X-Content-Type-Options</code> HTTP header to the response from the agent listener.
      Silence security scanners that incorrectly report an issue when the HTTP header is missing.
  - type: bug
    category: bug
    pull: 8233
    authors:
      - jglick
    pr_title: "`LazyBuildMixIn.getEstimatedDurationCandidates` duplication"
    message: |-
      Estimate project duration accurately in more cases.

- version: "2.426.2"
  date: 2023-12-13
  changes:
  - type: rfe
    category: rfe
    pull: 8661
    authors:
      - MarkEWaite
    pr_title: "[JENKINS-72252] Warn 12 months and 3 months before end of Java support"
    message: |-
      Warn users at 12 months prior to end of Java support and again at 3 months prior to end of Java support.
  - type: bug
    category: regression
    pull: 8666
    authors:
      - basil
    references:
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.15
        title: Winstone 6.15 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.16
        title: Winstone 6.16 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.18
        title: Jetty 10.0.18 changelog
    pr_title: "[JENKINS-72266] Upgrade Winstone from 6.14 to 6.16 (upgrade Jetty from 10.0.17 to 10.0.18)"
    message: |-
      Add support for Unix Domain Sockets.
      Upgrade Winstone from 6.14 to 6.16.
      Upgrade Jetty from 10.0.17 to 10.0.18.

- version: "2.426.3"
  date: 2024-01-24
  changes:
  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2024-01-24/
        title: security advisory
  - type: bug
    category: regression
    pull: 8814
    issue: 72469
    authors:
      - MarkEWaite
    pr_title: "[JENKINS-72469] Avoid repeated tool downloads from misconfigured HTTP servers"
    message: |-
      Avoid repeated tool downloads from misconfigured HTTP servers.
  - type: bug
    category: regression
    pull: 8505
    issue: 71737
    authors:
      - car-roll
    pr_title: "[JENKINS-71737] fix redirect when submitting cloud changes"
    message: |-
      Fix redirect when renaming a cloud.

- version: "2.440.1"
  date: 2024-02-21
  lts_predecessor: "2.426.3"
  lts_baseline: "2.440"
  changes: # compared to lts_baseline 2.440 - extracted from the RC commit(s)

  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2024-01-24/
        title: security advisory
  - type: major bug
    category: regression
    pull: 8872
    issue: 72407
    authors:
      - mawinter69
    pr_title: "[JENKINS-72407] missing folder icon"
    message: |-
      Fix missing folder icons.
  - type: bug
    category: regression
    pull: 8891
    issue: 72603
    authors:
      - daniel-beck
    pr_title: "[JENKINS-72603] Update bundled Matrix Project Plugin to 822.824.v14451b_c0fd42"
    message: |-
      Update the bundled Matrix Project Plugin from 818.v7eb_e657db_924 to 822.824.v14451b_c0fd42.
  - type: bug
    category: regression
    pull: 8832
    issue: 72505
    authors:
      - timja
    pr_title: "[JENKINS-72505] f:validateButton finds selected radio button"
    message: |-
      Find selected radio option when validating instead of the last one used.

  lts_changes: # compared to lts_predecessor 2.426.3 (selected by personal review)

  - type: major rfe
    category: rfe
    pull: 8822
    authors:
      - NotMyFault
    pr_title: Add an 'Appearance' category to the wizard
    message: |-
      Add an <strong>Appearance</strong> category to the setup wizard.
  - type: major rfe
    category: rfe
    pull: 8586
    issue: 72148
    authors:
      - jgreffe
    pr_title: "[JENKINS-72148] Add missing fr properties in hudson directory"
    references:
      - pull: 8594
      - pull: 8595
      - pull: 8578
      - pull: 8577
    message: |-
      Add missing <code>*_fr.properties</code> in win32errors and hudson, lib, and Jenkins resources.
      Translate <code>hudson/Messages.properties</code>, <code>hudson/model/Messages.properties</code>, and <code>jenkins/model/Messages.properties</code> into French.
  - type: major rfe
    category: rfe
    pull: 8791
    authors:
      - janfaracik
      - mawinter69
      - jtnord
      - olamy
    pr_title: Update appearance of controls in header
    references:
      - pull: 8802
      - pull: 8780
      - pull: 8761
      - pull: 8689
      - pull: 8740
      - pull: 8693
      - pull: 8705
    message: |-
      Update to various UI elements.
      Style widget panes to match Jenkins.
      Modernize icons, controls, and fonts.
  - type: rfe
    category: rfe
    pull: 8787
    authors:
      - daniel-beck
    pr_title: Add telemetry for basic Java system properties
    message: |-
      Add telemetry for basic Java system properties describing the environment.
  - type: rfe
    category: rfe
    pull: 8651
    authors:
      - mustafau
    pr_title: Turkish localization fixes for build page
    references:
      - pull: 8631
    message: |-
      Turkish localization fixes for build, login, and user management pages.
  - type: rfe
    category: rfe
    pull: 8643
    authors:
      - dependabot[bot]
      - basil
    pr_title: Bump org.jenkins-ci.main:remoting from 3181.v78543a_987053 to 3186.vc3b_7249b_87eb_
    message: |-
      Fix a minor memory leak in a Remoting log statement.
      Add forward proxy support for WebSocket.
      Support custom certificate options for WebSocket.
  - type: rfe
    category: rfe
    pull: 6869
    issue: 60866
    authors:
      - daniel-beck
      - basil
      - NotMyFault
    pr_title: "[JENKINS-60866][JENKINS-71797] Remove timeline widget"
    message: |-
      Remove build timeline widget from the build history pages of views, jobs, and agents.
  - type: rfe
    category: rfe
    pull: 8675
    authors:
      - jglick
    pr_title: Log `Error`s from `SlaveComputer._connect`
    message: |-
      More consistently report errors launching outbound agents.
  - type: rfe
    category: rfe
    pull: 8639
    authors:
      - basil
    pr_title: Stop recommending `-jnlpUrl`
    message: |-
      Stop recommending JNLP URL in agent launch instructions.
  - type: rfe
    category: rfe
    pull: 8762
    authors:
      - jglick
    pr_title: Simplifying `JNLPLauncher`
    message: |-
      Deprecate all configurable options in <strong>Launch agent by connecting it to the controller</strong> (<code>inbound</code> in JCasC), as these are only useful in conjunction with the deprecated <code>jnlpUrl</code> mode.
  - type: rfe
    category: rfe
    pull: 8773
    authors:
      - basil
    pr_title: Print deprecation warning when using `-jnlpUrl`
    message: |-
      The <code>jnlpUrl ${JENKINS_URL}/computer/${AGENT_NAME}/jenkinsagent.jnlp</code> argument to the agent JAR has been deprecated.
      Use <code>url ${JENKINS_URL}</code> and <code>name ${AGENT_NAME}</code> instead, potentially also passing in <code>webSocket</code>, <code>tunnel</code>, and/or work directory options as needed.
  - type: rfe
    category: rfe
    pull: 8679
    authors:
      - StefanSpieker
    pr_title: Deleted long deprecated and unused `UserProperties`
    message: |-
      Removed deprecated and unused class <code>UserProperties</code>.
  - type: rfe
    category: rfe
    pull: 8618
    issue: 72159
    authors:
      - mawinter69
    pr_title: "[JENKINS-72159] deactivate MarkedOffline monitor when agents are\
      \ online"
    message: |-
      Deactivate the administrative monitor when all previously offline agents are again online.
  - type: rfe
    category: rfe
    pull: 8629
    issue: 64816
    authors:
      - mawinter69
    pr_title: "[JENKINS-64816] prepare for support of node monitors by JCasC"
    message: |-
      Prepare node monitors to work with configuration as code.
  - type: rfe
    category: rfe
    pull: 8719
    issue: 72371
    authors:
      - mawinter69
    pr_title: "[JENKINS-72371] rework node monitor configuration"
    message: |-
      Rework node monitor configuration.
  - type: rfe
    category: rfe
    pull: 8593
    issue: 72009
    authors:
      - mawinter69
    pr_title: "[JENKINS-72009, JENKINS-72200, JENKINS-24947] various fixes and\
      \ improvements around disk space monitoring"
    message: |-
      Allow configuration of disk thresholds globally and for each agent.
      Improve the warning when disk space is too low.
      Ensure agents are taken offline when disk space is low.
  - type: rfe
    category: rfe
    pull: 8714
    authors:
      - basil
    pr_title: Refuse to load the Jenkins test harness in production
    message: |-
      Fail fast when attempting to load a broken plugin that contains the Jenkins test harness in production.
  - type: rfe
    category: rfe
    authors:
      - minfrin
    pr_title: "Add packaging support for unix domain sockets"
    references:
      - url: https://github.com/jenkinsci/packaging/pull/442
        title: pull 442 (packaging)
    message: |-
      Add packaging support for Unix domain sockets.
  - type: rfe
    category: rfe
    pull: 8700
    issue: 72343
    authors:
      - lemeurherve
    pr_title: "[JENKINS-72343] Accept all 2xx and 3xx status codes to validate\
      \ proxy in HTTP Proxy Configuration"
    message: |-
      Accept all 2xx and 3xx status codes to validate proxy in HTTP Proxy Configuration.
  - type: rfe
    category: rfe
    pull: 8771
    issue: 72157
    authors:
      - mawinter69
    pr_title: "[JENKINS-72157] ensure uptime is independent of system clock"
    message: |-
      Ensure uptime is independent of system clock.
  - type: rfe
    category: rfe
    pull: 8725
    authors:
      - mawinter69
    pr_title: show node monitors on agent page
    message: |-
      Show monitoring data on agent page.
  - type: rfe
    category: rfe
    pull: 8394
    authors:
      - janfaracik
      - timja
    pr_title: Use Jenkins modal for 'Apply' button failures
    message: |-
      Use a notification and Jenkins modal for 'Apply' button failures.
  - type: rfe
    category: rfe
    pull: 8442
    authors:
      - timja
    pr_title: Allow plugins to override boot failure view
    message: |-
      <code>BootFailure</code> subclasses can now override the Jenkins startup failure page.
  - type: rfe
    category: rfe
    pull: 8815
    authors:
      - basil
      - timja
    pr_title: Improve crash consistency on Linux
    message: |-
      Reduce the window of time during which a crash may lead to an inconsistent state on Linux.
  - type: bug
    category: bug
    pull: 8622
    issue: 72181
    authors:
      - daniel-beck
    pr_title: "[JENKINS-72181] Restore flushed output for 'groovy' CLI command"
    message: |-
      Restore printing output from <code>println</code> and similar methods for the <code>groovy</code> CLI command (regression in 2.427).
  - type: bug
    category: bug
    pull: 8633
    issue: 72222
    authors:
      - mustafau
    pr_title: "[JENKINS-72222] Fix inconsistent wording between login page and\
      \ security configuration"
    message: |-
      Refer to the correct option in the security configuration help text.
  - type: bug
    category: bug
    pull: 8630
    authors:
      - mustafau
    pr_title: Fix issues with help texts under security configuration
    message: |-
      Restore security configuration help text and remove obsolete help text.
  - type: bug
    category: bug
    pull: 8640
    authors:
      - jglick
    pr_title: Temporary memory leak in `FutureImpl.executors`
    message: |-
      Some agent-related objects could be kept in memory after being disconnected and removed from the computer list.
  - type: bug
    category: bug
    pull: 8739
    issue: 72196
    authors:
      - mawinter69
    pr_title: "[JENKINS-72196] avoid wrong styling when deleting the first of\
      \ 2 shell steps"
    message: |-
      Avoid incorrect styling when deleting the first of two shell steps in a job definition.
  - type: bug
    category: bug
    pull: 8736
    authors:
      - jglick
    pr_title: "Class loading deadlock between `PermalinkProjectAction.Permalink`\
      \ & `PeepholePermalink`"
    message: |-
      Prevent a deadlock that can occur when loading <code>PermalinkProjectAction.Permalink</code>.
  - type: bug
    category: bug
    pull: 8776
    issue: 72449
    authors:
      - Vlatombe
    pr_title: "[JENKINS-72449] Specify that no fallback to the default locale\
      \ should be used when looking up a resource bundle via `I18n` action."
    message: |-
      Display strings consistently in the requested language when running Jenkins in a JVM with a non-english locale.
  - type: bug
    category: bug
    pull: 8765
    issue: 72288
    authors:
      - mawinter69
    pr_title: "[JENKINS-72288] fix nested job link in mobile view"
    message: |-
      Fix nested job link in mobile view.
  - type: bug
    category: bug
    pull: 8763
    issue: 72443
    authors:
      - daniel-beck
    pr_title: "[JENKINS-72443] Do not show copy option without visible items"
    message: |-
      Do not show option to copy items when there are no items visible.
  - type: bug
    category: bug
    pull: 8800
    issue: 71965
    authors:
      - mawinter69
    pr_title: "[JENKINS-71965] fix timezone in build history"
    message: |-
      Display correct time zone in build history.
  - type: bug
    category: bug
    pull: 8793
    authors:
      - jglick
    pr_title: Restore JCasC compatibility for `JNLPLauncher.tunnel`
    message: |-
      The <code>tunnel</code> property on an <code>inbound</code> agent was inadvertently broken for JCasC usage in 2.437.
      It remains deprecated and usages should be deleted (regression in 2.437).
  - type: bug
    category: bug
    pull: 8717
    issue: 72370
    authors:
      - mawinter69
    pr_title: "[JENKINS-72370][JENKINS-11889] fix SimpleScheduledRetentionStrategy\
      \ with inbound agents"
    message: |-
      Fix <code>SimpleScheduledRetentionStrategy</code> on inbound agents.
      Allow suspended inbound agents to again accept tasks when they are reconnected and the configured scheduling policy is enabled.
  - type: bug
    category: bug
    pull: 8836
    authors:
      - basil
    pr_title: Use ConcurrentHashMap#computeIfAbsent in JarCacheSupport
    references:
      - url: https://github.com/jenkinsci/remoting/pull/713
        title: Remoting PR 713
    message: |-
      Remove code that may have caused an agent-side hang under a rare race condition.
  - type: bug
    category: bug
    pull: 8847
    authors:
      - basil
    pr_title: Avoid continual thread replacement in JarCacheSupport
    references:
      - url: https://github.com/jenkinsci/remoting/pull/717
        title: Remoting PR 717
    message: |-
      Reduce the likelihood of thread creation errors on agents.

- version: "2.440.2"
  date: 2024-03-20
  changes:
  - type: security
    message: Important security fix.
    references:
      - url: /security/advisory/2024-03-20/
        title: security advisory
  - type: rfe
    category: rfe
    pull: 8923
    issue: 72775
    authors:
      - olamy
    references:
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.17
        title: Winstone 6.17 changelog
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.18
        title: Winstone 6.18 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.19
        title: Jetty 10.0.19 changelog
      - url: https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.20
        title: Jetty 10.0.20 changelog
    pr_title: "Upgrade to Winstone 6.18 which include Jetty 10.0.20 upgrade"
    message: |-
      Upgrade Winstone from 6.16 to 6.18.
      Upgrade Jetty from 10.0.18 to 10.0.20.
  - type: rfe
    category: rfe
    pull: 8975
    issue: 71148
    authors:
      - mawinter69
    pr_title: "[JENKINS-71148] avoid empty tooltips"
    message: |-
      Do not show empty tooltips.
  - type: bug
    category: regression
    pull: 8966
    issue: 72711
    authors:
      - daniel-beck
    pr_title: "[JENKINS-72711] Restore progress animation in build history and buildtime trend views"
    message: |-
      Restore progress animation in build history and build time trend views (regression in 2.434).

- version: "2.440.3"
  date: 2024-04-17
  changes:
  - type: security
    message: Security fix.
    references:
      - url: /security/advisory/2024-04-17/
        title: security advisory
  - type: bug
    category: bug
    pull: 9012
    issue: 72796
    authors:
      - jtnord
    pr_title: "[JENKINS-72796] stable context classloader for Computer.threadPoolForRemoting"
    message: |-
      Ensure threads in the <code>Computer.threadPoolForRemoting</code> executor service always have the Jenkins webapp <code>ClassLoader</code> set as the context <code>ClassLoader</code> to prevent random class loading issues when code is running in this <code>ExecutorService</code>.
  - type: bug
    category: bug
    pull: 9009
    issue: 72799
    authors:
      - jglick
    pr_title: "[JENKINS-72799] Apply SlaveComputer.decorate also to openLogFile"
    message: |-
      Customization of agent log files did not work for inbound agents.
  - type: rfe
    category: rfe
    pull: 9047
    issue: 72900
    authors:
      - dependabot
    pr_title: "Bump org.springframework.security:spring-security-bom from 5.8.10 to 5.8.11"
    references:
      - pull: 9042
      - url: https://github.com/spring-projects/spring-security/releases/tag/5.8.11
        title: Spring Security 5.8.11 release notes
      - url: https://github.com/spring-projects/spring-framework/releases/tag/v5.3.33
        title: Spring Framework 5.3.33 release notes
    message: |-
      Update Spring Security to 5.8.11.
      Update Spring Framework to 5.3.33.
  - type: rfe
    category: rfe
    pull: 9022
    issue: 72856
    authors:
      - daniel-beck
    pr_title: "Update bundled trilead-api to 2.84.86.vf9c960e9b_458"
    references:
      - url: https://plugins.jenkins.io/trilead-api/releases/#version_2.84.86.vf9c960e9b_458
        title: Trilead API 2.84.86.vf9c960e9b_458 release notes
    message: |-
      Update bundled Trilead API Plugin to 2.84.86.vf9c960e9b_458.
  - type: rfe
    category: rfe
    pull: 9089
    issue: 72954
    authors:
      - daniel-beck
    pr_title: "Bump Mina to 2.12.1 in the CLI"
    references:
      - url: https://github.com/apache/mina-sshd/releases/tag/sshd-2.12.1
        title: Mina 2.12.1 release notes
    message: |-
      Update Apache Mina in the CLI from 2.11.0 to 2.12.1.
  - type: rfe
    category: rfe
    pull: 9091
    authors:
      - basil
    pr_title: "Upgrade bundled plugins"
    references:
      - pull: 8914
      - pull: 8961
      - pull: 8988
      - pull: 9018
      - pull: 9036
      - pull: 9091
      - pull: 9098
      - pull: 9103
    message: |-
      Upgrade bundled plugins.

- version: "2.452.1"
  date: 2024-05-15
  lts_predecessor: "2.440.3"
  lts_baseline: "2.452"
  changes: # compared to lts_baseline 2.452 - extracted from the RC commit(s)

  - type: major bug
    category: bug
    authors:
      - jglick
    pull: 9170
    issue: 73011
    pr_title: "[JENKINS-73011] Round-trip JNLPLauncher.tunnel to null not ''"
    message:
      After reconfiguring a static inbound agent in the GUI using fields such as WebSocket (deprecated in 2.440.x), the suggested launch instructions would incorrectly include <code>-tunnel</code> (with no argument), even if that field had been left blank.
  - type: bug
    category: bug
    authors:
      - jtnord
    pr_title: "[JENKINS-72998] call refresh on the Extension providers again"
    pull: 9157
    issue: 72998
    message: |-
      If the <code>variant</code> plugin is installed at the same time as a plugin that has an <code>OptionalExtension</code>, these extensions would not be correctly discovered until the next scan for new <code>Extensions</code>.
  - type: rfe
    category: rfe
    authors:
      - dependabot
    pull: 9159
    issue: 73064
    pr_title: "Bump org.springframework:spring-framework-bom from 5.3.33 to 5.3.34"
    references:
      - url: https://github.com/spring-projects/spring-framework/releases/tag/v5.3.34
        title: Spring Framework Bom 5.3.34 release notes
    message: |-
      Upgrade Spring Framework BOM from 5.3.33 to 5.3.34.

  lts_changes: # compared to lts_predecessor 2.440.3 (selected by personal review)
  - type: major rfe
    category: rfe
    authors:
      - daniel-beck
    pr_title: "[JENKINS-18884] Remove 'People' view"
    references:
      - issue: 18884
      - pull: 9060
      - url: https://plugins.jenkins.io/people-view/
        title: People View plugin
    message: |-
      Remove the <strong>People</strong> view.
      Administrators can install the new People View plugin to restore this functionality.
  - type: major rfe
    category: rfe
    authors:
      - TobiX
    pr_title: "Require Debian 10 / Ubuntu 20.04 or newer, include jenkins.tmpfiles"
    references:
      - url: https://github.com/jenkinsci/packaging/pull/456
        title: pull 456 (packaging)
      - url: https://github.com/jenkinsci/packaging/issues/455
        title: Packaging issue 455
    message: |-
      Add specific temporary files to the Debian package for better support of Unix domain sockets.
      Require Debian 10 and Ubuntu 20.04 as the minimum supported versions for Debian packages.
  - type: major rfe
    category: rfe
    pull: 8860
    issue: 72540
    authors:
      - lne3
    pr_title: "[JENKINS-72540] FilePath.copyRecursiveTo() copying now also if\
      \ local and remote have incompatible character sets at binary level"
    message: |-
      Allow recursive remote file copy even if the local and remote nodes have incompatible character sets at binary level such as ISO-8859-1 and CP-1047.

  # UI improvements

  - type: rfe
    category: rfe
    pull: 8821
    issue: 69113
    authors:
      - mawinter69
      - NotMyFault
    pr_title: "[JENKINS-69113] renovate progressBar"
    message: |-
      Modernize progress bar UI in various locations.
  - type: rfe
    category: rfe
    pull: 8827
    authors:
      - janfaracik
      - MarkEWaite
    pr_title: Add components for dropdown items
    message: |-
      Add components for dropdown items.
      Refer to the new Design Library Dropdowns page for implementation details.
  - type: rfe
    category: rfe
    pull: 8977
    authors:
      - mawinter69
    pr_title: use symbol for parameters in build history of pending jobs
    message: |-
      Use the symbol for parameters in the build history of pending jobs.
  - type: rfe
    category: rfe
    pull: 8960
    authors:
      - anhcraft
      - NotMyFault
    pr_title: Add copy-to-clipboard button to the build console output
    message: |-
      Add a "copy to clipboard" button to the build console output.
  - type: rfe
    category: rfe
    pull: 8955
    authors:
      - mawinter69
    pr_title: readonly mode for f:select
    message: |-
      Enable readonly mode for dropdown menus when using the Extended Read Permission plugin.
  - type: rfe
    category: rfe
    pull: 8938
    authors:
      - mawinter69
    pr_title: fix margin in readonly mode
    message: |-
      Remove the extra margin when viewing in read only mode.
  - type: rfe
    category: rfe
    pull: 8823
    issue: 69191
    authors:
      - mawinter69
    pr_title: "[JENKINS-69191] new icon for agent not accepting tasks and computer\
      \ icon legend"
    message: |-
      Add a computer icon legend and a new icon for agents that are not accepting tasks.
  - type: rfe
    category: rfe
    pull: 8831
    authors:
      - NotMyFault
    pr_title: Remove unused material-icons
    message: |-
      Remove unused material icons.
  - type: rfe
    category: rfe
    authors:
      - mustafau
    pr_title: Translate appearance link to Turkish
    references:
      - pull: 9067
      - pull: 9062
    message: |-
      Localize the <strong>Appearance</strong> link and plain text Markup Formatter for Turkish.

  # Administration enhancements

  - type: rfe
    category: rfe
    pull: 8944
    issue: 72637
    authors:
      - daniel-beck
    pr_title: "[JENKINS-72637] Make Cloud permission scope inherit from Jenkins"
    message: |-
      Make the Agent/Provision permission available in the global Security configuration when using matrix-based authorization strategies.
  - type: rfe
    category: rfe
    pull: 8990
    authors:
      - jglick
    pr_title: Null out `ProxyConfiguration.userName` on save
    message: |-
      Do not configure an authenticator during proxy configuration via the GUI if the proxy username is blank.
  - type: rfe
    category: rfe
    pull: 8951
    authors:
      - olamy
      - NotMyFault
    pr_title: Allow update sites to define a custom URL for wizard plugin suggestion
    message: |-
      Add ability for custom update centers to override the suggested plugin list.
  - type: rfe
    category: rfe
    pull: 8929
    authors:
      - daniel-beck
    pr_title: Create new index page for heap dump creation
    message: |-
      Create an index page for heap dump creation.
  - type: rfe
    category: rfe
    pull: 8986
    authors:
      - jglick
    pr_title: Use `ABORTED` from `Run.reload`
    message: |-
      Non-Pipeline builds interrupted by a controller restart will now be marked as aborted rather than failed.
  - type: rfe
    category: rfe
    pull: 8922
    issue: 72636
    authors:
      - daniel-beck
    pr_title: "[JENKINS-72636] Prevent authenticated access to Resource Root URL"
    message: |-
      Prevent authenticated access to Resource Root URL.
  - type: rfe
    category: rfe
    pull: 8864
    authors:
      - MarkEWaite
    pr_title: Update operating system end of life data
    message: |-
      Update operating system end of life data for Amazon Linux, Alpine Linux, and Fedora Linux.

  # General enhancements

  - type: rfe
    category: rfe
    authors:
      - gounthar
      - lemeurherve
    pr_title: "chore(windows): Switch from Temurin base images to Temurin JDK binaries"
    references:
      - url: https://github.com/jenkinsci/docker/pull/1848
        title: pull 1848 (Docker)
    message: |-
      Use <code>jlink</code> to reduce Java size on Windows as we've done previously for Java on Linux.
  - type: rfe
    category: rfe
    pull: 8825
    authors:
      - Abhishekkr3003
    pr_title: Adds support of sessionId for External-Job-Monitor
    message: |-
      Support Session ID for External Job Monitor to avoid HTTP 503 response.

  # General bugs

  - type: bug
    category: bug
    pull: 9025
    issue: 72833
    authors:
      - basil
    pr_title: "[JENKINS-72833] Do not attempt to self-`exec` on systems without\
      \ `libc`"
    message: |-
      Do not attempt to self-restart on operating systems where this is not supported.
  - type: bug
    category: bug
    pull: 9026
    issue: 65911
    authors:
      - basil
    pr_title: "[JENKINS-65911] Correct JNA method signature for `fcntl(2)`"
    message: |-
      Fix a crash when restarting Jenkins on macOS.
  - type: bug
    category: bug
    pull: 8976
    authors:
      - jglick
      - Vlatombe
    pr_title: Move `CloudList.setOwner` call from `Jenkins.loadTasks` to `load`
    message: |-
      Set the correct owner for <code>Jenkins.clouds</code> after <code>Jenkins.load()</code>.
  - type: bug
    category: bug
    pull: 8912
    issue: 72627
    authors:
      - BobDu
    pr_title: "[JENKINS-72627] Improve locale parsing for loading of localised\
      \ help files"
    message: |-
      Improve locale parsing for loading of localised help files.
  - type: bug
    category: bug
    pull: 8852
    issue: 72532
    authors:
      - basil
    pr_title: "[JENKINS-72532] CLI `-noCertificateCheck` does not work with `-webSocket`"
    message: |-
      Support <code>noCertificateCheck</code> with <code>webSocket</code> on the CLI.
  - type: bug
    category: bug
    pull: 8907
    issue: 72509
    authors:
      - mawinter69
    pr_title: "[JENKINS-72509] show error message in progressive logs on 4xx status\
      \ codes"
    message: |-
      Show an error message in progressive logs on <code>4xx</code> status codes.
  - type: bug
    category: bug
    pull: 8908
    issue: 71700
    authors:
      - mawinter69
    pr_title: "[JENKINS-71700] avoid stacktrace from artifactarchiver when no\
      \ artifacts are found"
    message: |-
      Avoid a stack trace from ArtifactArchiver when no artifacts are found.
  - type: bug
    category: bug
    pull: 8874
    authors:
      - jglick
      - daniel-beck
    pr_title: Missing `VirtualFile.run` usage in `DirectoryBrowserSupport`
    message: |-
      Restore performance displaying build artifacts when using remote artifact managers such as in S3.
      A security fix in 2.394 caused a substantial slowdown that is now resolved.
  - type: bug
    category: bug
    pull: 8881
    issue: 72579
    authors:
      - balaji-sivasakthi
    pr_title: "[JENKINS-72579] Adjust heap dump file name for compatibility with\
      \ OpenJDK file suffix requirements"
    message: |-
      Adjust heap dump file name for compatibility with OpenJDK file suffix requirements.
  - type: bug
    category: bug
    pull: 8854
    authors:
      - mawinter69
    pr_title: do not generate td when outside table for buildbutton
    message: |-
      Fix build button rendering for Dashboard View plugin.
  - type: bug
    category: bug
    pull: 8807
    issue: 66530
    authors:
      - dsrink
    pr_title: "[JENKINS-66530] Change focus in the 'new item' page only if 'from'\
      \ has a valid job name"
    message: |-
      Change focus in the <code>new item</code> page only if <code>from</code> has a valid job name.

- version: "2.452.2"
  date: 2024-06-12
  changes:
  - type: major bug
    category: bug
    pull: 9198
    issue: 72622
    authors:
      - Dohbedoh
    pr_title: "[JENKINS-72622] Rename CloudSet query parameter to avoid conflict"
    message: |-
      Rename CloudSet query parameter <code>type</code> to <code>cloudDescriptorName</code> to avoid conflicts in cloud plugin implementations.
  - type: rfe
    category: rfe
    pull: 9224
    issue: 73093
    authors:
      - daniel-beck
    pr_title: "[JENKINS-73093] Update script-security to 1336.vf33a_a_9863911"
    references:
      - url: https://github.com/jenkinsci/script-security-plugin/releases/tag/1336.vf33a_a_9863911
        title: Script Security 1336.vf33a_a_9863911 release notes
    message: |-
      Update bundled Script Security plugin from 1335.vf07d9ce377a_e to 1336.vf33a_a_9863911.
  - type: rfe
    category: rfe
    pull: 9326
    issue: 732552
    authors:
      - daniel-beck
    pr_title: "[JENKINS-73252] Update bouncycastle-api from 2.30.1.77-225.v26ea_c9455fd9 to 2.30.1.78.1-233.vfdcdeb_0a_08a_a_"
    references:
      - url: https://github.com/jenkinsci/bouncycastle-api-plugin/releases/tag/2.30.1.78.1-233.vfdcdeb_0a_08a_a_
        title: Bouncy Castle API plugin 2.30.1.78.1-233.vfdcdeb_0a_08a_a_ release notes
    message: |-
      Update bouncycastle API plugin from 2.30.1.77-225.v26ea_c9455fd9 to 2.30.1.78.1-233.vfdcdeb_0a_08a_a_.
  - type: bug
    category: bug
    pull: 9254
    issue: 73114
    authors:
      - mawinter69
    pr_title: "[JENKINS-73114] avoid conflicts with css classes from bootstrap"
    message: |-
      Add new CSS classes to avoid conflicts with CSS classes from bootstrap.
  - type: bug
    category: bug
    pull: 9227
    issue: 73047
    authors:
      - SNanda8895
    pr_title: "[JENKINS-73047] Fix weather icons "
    message: |-
      Fix width of weather icons in Safari when zoomed.
  - type: bug
    category: bug
    pull: 9304
    issue: 64553
    authors:
      - mawinter69
    pr_title: "[JENKINS-64553] fix ItemListener not called after updating job
      via REST API or CLI"
    message: |-
      Consistently notify job listeners when the job definition is updated from the REST API or command line interface.

- version: "2.452.3"
  date: 2024-07-10
  changes:
  - type: major bug
    category: regression
    pull: 9370
    issue: 73246
    authors:
    - BobDu
    message: |-
      Show help text in the correct locale even if user has an alternate language option defined in their browser (regression in 2.444).
  - type: major bug
    category: regression
    pull: 9409
    issue: 73301
    authors:
    - basil
    message: |-
      Correctly highlight alerts (regression in 2.452.2).
  - type: bug
    category: bug
    pull: 9347
    issue: 73243
    authors:
    - mawinter69
    message: |-
      Show correct build history panel even when a '$' character is included in a tooltip of the build history data.
      Quote replacement string in symbol tooltips.
  - type: bug
    category: bug
    pull: 9421
    issue: 73369
    authors:
    - basil
    references:
      - url: https://github.com/jenkinsci/structs-plugin/releases/tag/338.v848422169819
        title: Structs 338.v848422169819 release notes
      - url: https://www.jenkins.io/security/advisory/2024-06-26/#SECURITY-3371
        title: SECURITY-3371
    message: |-
      Update bundled structs plugin to 338.v848422169819.

- version: "2.452.4"
  date: 2024-08-07
  changes:
  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2024-08-07/
        title: security advisory

- version: "2.462.1"
  date: 2024-08-07
  lts_predecessor: "2.452.4"
  lts_baseline: "2.462"
  changes: # compared to lts_baseline 2.462 - extracted from the RC commit(s)

  - type: security
    message: Important security fixes.
    references:
      - url: /security/advisory/2024-08-07/
        title: security advisory
  - type: rfe
    category: rfe
    pull: 9398
    authors:
      - dependabot[bot]
    pr_title: Upgrade Spring Security from 5.8.12 to 5.8.13
    references:
      - url: https://github.com/spring-projects/spring-security/releases/tag/5.8.13
        title: Spring Security 5.8.13
      - pull: 9398
    message: |-
      Upgrade Spring Security from 5.8.12 to 5.8.13.
      Spring Security 5.8.13 includes 19 fixes and improvements.
  - type: rfe
    category: rfe
    pull: 9385
    authors:
      - dependabot[bot]
    pr_title: Upgrade Spring Framework from 5.3.36 to 5.3.37
    references:
      - url: https://github.com/spring-projects/spring-framework/releases/tag/v5.3.37
        title: Spring Security 5.3.37
      - pull: 9385
    message: |-
      Upgrade Spring Framework from 5.3.36 to 5.3.37.
      Spring Framework 5.3.37 includes 5 fixes and improvements.
  - type: rfe
    category: rfe
    pull: 9456
    authors:
      - basil
    pr_title: "Upgrade bundled plugins"
    references:
      # commons-text-api 1.12.0-119.v73ef73f2345d
      - pull: 9386
      # structs 338.v848422169819
      - pull: 9419
      # bouncycastle-api 2.30.1.78.1-248.ve27176eb_46cb_
      - pull: 9439
      # workflow-step-api 678.v3ee58b_469476
      - pull: 9444
      # mina-sshd-api 2.13.1-117.v2f1a_b_66ff91d
      - pull: 9429
      # Additional updates for versions used in tests
      - pull: 9464
    message: |-
      Upgrade bundled plugins.

  lts_changes: # compared to lts_predecessor 2.452.3 (selected by personal review)

  - type: rfe
    category: rfe
    pull: 9259
    issue: 73170
    authors:
      - basil
    pr_title: "[JENKINS-73170] Upgrade Commons FileUpload from 1.5 to 2.0.0-M2"
    references:
      - url: https://commons.apache.org/proper/commons-fileupload/changes-report.html
        title: Apache Commons 2.0.0-M2 release notes
    message: |-
      Upgrade Commons FileUpload from 1.5 to 2.0.0-M2.
      Users of the SAML Single Sign On (SSO) (<code>miniorange-saml-sp</code>) plugin should upgrade to a compatible version in lockstep with upgrading Jenkins core.
      Users of the OpenText Application Automation Tools (<code>hp-application-automation-tools-plugin</code>) plugin should wait for a compatible version before upgrading Jenkins core.
  - type: rfe
    category: rfe
    pull: 9111
    authors:
      - janfaracik
    pr_title: Refresh the 'New item' page
    message: |-
      Refresh the 'New item' page.
  - type: rfe
    category: rfe
    pull: 9271
    authors:
      - mawinter69
    pr_title: move the add/edit description button to the app-bar
    message: |-
      Move <strong>Add description</strong> to app bar.
  - type: rfe
    category: rfe
    pull: 9169
    authors:
      - janfaracik
    pr_title: Add download option to 'Console output', move 'View as plain text'
      and 'Copy' buttons to app bar
    message: |-
      Add download option to <strong>Console output</strong>, move <strong>View as plain text</strong> and <strong>Copy</strong> buttons to app bar.
  - type: rfe
    category: rfe
    pull: 9287
    authors:
      - janfaracik
    pr_title: Remove 'Disable project' button from project view
    message: |-
      Remove <strong>Disable project</strong> button from project view.
  - type: rfe
    category: rfe
    pull: 9115
    authors:
      - janfaracik
    pr_title: Refresh the style of alerts
    message: |-
      Refresh the style of alerts.
  - type: rfe
    category: rfe
    pull: 9132
    authors:
      - timja
    pr_title: Improve Edit build information page
    message: |-
      Improve the edit build information page.
  - type: rfe
    category: rfe
    pull: 9263
    issue: 73158
    authors:
      - mawinter69
    pr_title: "[JENKINS-73158] avoid jumping layout due to tooltips"
    message: |-
      Avoid jumping layout due to tooltips.
  - type: rfe
    category: rfe
    pull: 9367
    authors:
      - janfaracik
    pr_title: Refine button appearances in sidebars, menus, pages and breadcrumbs
    message: |-
      Refine button appearances in sidebars, menus, pages and breadcrumbs.
  - type: rfe
    category: rfe
    pull: 9366
    authors:
      - janfaracik
    pr_title: Adjust heading weights and sizes
    message: |-
      Adjust heading weights and sizes.
  - type: rfe
    category: rfe
    pull: 9221
    authors:
      - janfaracik
    pr_title: Display how many users there are on the 'Users' page
    message: |-
      Display how many users there are on the <strong>Users</strong> page.
  - type: rfe
    category: rfe
    pull: 9214
    authors:
      - basil
    pr_title: "[JENKINS-67344] Poor performance of UpdateSite.getData"
    references:
      - url: https://github.com/jenkinsci/json-lib/pull/30
        title: json-lib PR 30
    message: |-
      Improve the performance of JSON parsing.
  - type: rfe
    category: rfe
    pull: 9312
    authors:
      - basil
    pr_title: Replace usages of JZlib with native Java Platform functionality
    message: |-
      Improve the performance of file compression and decompression.
  - type: rfe
    category: rfe
    pull: 9303
    issue: 64356
    authors:
      - mawinter69
    pr_title: "[JENKINS-64356] fix legacyIds missing when creating jobs via REST
      API or CLI"
    message: |-
      Improve startup performance when jobs have been created via REST API or command line interface.
  - type: rfe
    category: rfe
    pull: 9182
    issue: 73046
    authors:
      - jonesbusy
    pr_title: "[JENKINS-73046] Remove ASM from core"
    message: |-
      Remove ASM dependencies from core.
  - type: rfe
    category: rfe
    pull: 9232
    authors:
      - basil
    pr_title: Upgrade Winstone from 6.18 to 6.19 (remove support for multiple
      WAR files)
    references:
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.19
        title: Winstone 6.19 changelog
    message: |-
      The <code>webappsDir</code> argument to run Winstone with a directory full of WAR files has been removed without replacement.
  - type: rfe
    category: rfe
    pull: 9203
    issue: 53958
    authors:
      - mawinter69
    pr_title: "[JENKINS-53958] allow pipeline jobs to run when built-in is offline"
    message: |-
      Allow pipeline jobs to run when built-in node is offline.
  - type: bug
    category: bug
    pull: 9133
    issue: 70246
    authors:
      - timja
    pr_title: "[JENKINS-70246] Unexpectedly wide sidepanel"
    message: |-
      Adjust side panel sizes for certain screens like iPad Pro.
  - type: bug
    category: bug
    pull: 9141
    issue: 69588
    authors:
      - timja
    pr_title: "[JENKINS-69588] Stop installed plugins page jumping on load"
    message: |-
      Installed plugin view no longer jumps during first load.
  - type: bug
    category: regression
    pull: 9123
    issue: 72845
    authors:
      - Lmh-java
    pr_title: "[JENKINS-72845]: Fix status icon animation display on Safari"
    message: |-
      Fix status icon animation display on Safari.
  - type: bug
    category: regression
    pull: 9201
    issue: 72744
    authors:
      - mawinter69
    pr_title: "[JENKINS-72744] remove tooltip when widget is refreshed"
    message: |-
      Remove tooltip when a widget is refreshed.
  - type: bug
    category: bug
    pull: 9336
    issue: 72854
    authors:
      - Pldi23
    pr_title: "[JENKINS-72854] fix the enum jelly to take readOnlyMode into account"
    message: |-
      Honor readonly mode when displaying enumerations on pages.
  - type: bug
    category: bug
    pull: 9170
    issue: 73011
    authors:
      - jglick
    pr_title: '[JENKINS-73011] Round-trip `JNLPLauncher.tunnel` to `null` not
      `""`'
    message: |-
      After reconfiguring a static inbound agent in the GUI using fields such as WebSocket, deprecated in 2.440.x, the suggested launch instructions would incorrectly include <code>tunnel</code> (with no argument) even if that field had been left blank.
  - type: bug
    category: bug
    pull: 9083
    issue: 65829
    authors:
      - Dohbedoh
    pr_title: "[JENKINS-65829] Fix WorkspaceCleanupThread to consider suffixed
      works…"
    message: |-
      Fix the <code>WorkspaceCleanupThread</code> to consider workspaces with suffixes even if the original is nonexistent.
      Reduce the number of remoting calls made by <code>WorkspaceCleanupThread</code>.
  - type: bug
    category: bug
    pull: 9257
    issue: 60997
    authors:
      - dependabot[bot]
    pr_title: "[JENKINS-60997] Work around BEANUTILS-509"
    message: |-
      Work around an upstream issue that could cause a hang in rare cases when two users load a configuration screen of the same type at the same time.
  - type: bug
    category: bug
    pull: 9266
    issue: 73156
    authors:
      - mawinter69
    pr_title: "[JENKINS-73156] handle svg cleanup of symbols via an xml document"
    message: |-
      Handle svg cleanup via an xml document to avoid broken symbols.
  - type: bug
    category: bug
    pull: 9219
    issue: 73090
    authors:
      - jglick
    pr_title: "[JENKINS-73090] Handle CR from `LineTransformationOutputStream`"
    message: |-
      Treat lines of text (mainly in build logs) as completed by a single carriage return in addition to a newline or carriage return plus newline, avoiding an out of memory error if a large number of such lines are printed in sequence.
  - type: bug
    category: bug
    pull: 9254
    issue: 73114
    authors:
      - mawinter69
    pr_title: "[JENKINS-73114] avoid conflicts with css classes from bootstrap"
    message: |-
      Add new CSS classes to avoid conflicts with CSS classes from bootstrap.

- version: "2.462.2"
  date: 2024-09-04
  changes:
  - type: rfe
    category: rfe
    pull: 9450
    issue: 73404
    authors:
      - jtnord
    pr_title: "[JENKINS-73404] SecretTextArea missing FormValidation support"
    message: |-
      Form validation now works for <code>SecretTextArea</code> fields.
  - type: rfe
    category: rfe
    pull: 9612
    authors:
      - mawinter69
    pr_title: "Update dependency org.springframework:spring-framework-bom to v5.3.39"
    references:
      - url: https://github.com/spring-projects/spring-framework/releases/tag/v5.3.38
        title: Spring Framework 5.3.38
      - url: https://github.com/spring-projects/spring-framework/releases/tag/v5.3.39
        title: Spring Framework 5.3.39
      - issue: 73622
    message: |-
      Upgrade Spring Framework from 5.3.37 to 5.3.39.
      Spring Framework 5.3.38 and 5.3.39 include 8 fixes and improvements.
  - type: rfe
    category: rfe
    pull: 9636
    authors:
      - basil
    pr_title: "Update Spring Security to 5.8.14 in LTS"
    references:
      - url: https://github.com/spring-projects/spring-security/releases/tag/5.8.14
        title: Spring Security 5.8.14
      - issue: 73648
    message: |-
      Upgrade Spring Security from 5.8.13 to 5.8.14.
      Spring Security 5.8.14 includes 2 fixes and several dependency updates.
  - type: rfe
    category: rfe
    pull: 9652
    authors:
      - basil
    pr_title: "Upgrade junit to 1296.vb_f538b_c88630 on LTS"
    references:
      - url: https://github.com/jenkinsci/junit-plugin/releases/tag/1296.vb_f538b_c88630
        title: Junit plugin 1296.vb_f538b_c88630 release notes
    message: |-
      Upgrade JUnit plugin to 1296.vb_f538b_c88630.
  - type: bug
    category: bug
    pull: 9482
    issue: 73453
    authors:
      - mawinter69
    pr_title: "[JENKINS-73453] make icons in table buttons resizable"
    message: |-
      Change icon size in table when resizing the table.
  - type: bug
    category: bug
    pull: 9520
    issue: 73586
    authors:
      - mawinter69
    pr_title: "[JENKINS-73586] Fix New Item page layout if no icon is defined for an item type "
    message: |-
      Fix <strong>New Item</strong> page layout if no icon is defined for an item (regression in 2.453).

- version: "2.462.3"
  date: 2024-10-02
  banner: >
    This is the last Jenkins LTS release to support Java 11.
    Future Jenkins LTS releases will require Java 17 or Java 21.
    More information is available in the <a href="/doc/book/platform-information/support-policy-java/">Java support policy</a> and the <a href="/blog/2023/11/06/introducing-2-2-2-java-support-plan/">2 + 2 + 2 Java support plan</a> blog post
  changes:
  - type: security
    message: Security fixes.
    references:
      - url: /security/advisory/2024-10-02/
        title: security advisory
  - type: major bug
    category: bug
    pull: 9663
    issue: 73692
    authors:
      - jglick
    pr_title: "[JENKINS-73692] Turn off logging from BackgroundGlobalBuildDiscarder"
    message: |-
      No longer printing verbose and uninformative messages to <code>$JENKINS_HOME/logs/tasks/Periodic background build discarder.log</code>.
  - type: rfe
    category: rfe
    authors:
      - olamy
    pr_title: "Upgrade to Winstone 6.22 and Jetty 10.0.24"
    references:
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.19
        title: Winstone 6.19 release notes
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.20
        title: Winstone 6.20 release notes
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.21
        title: Winstone 6.21 release notes
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.22
        title: Winstone 6.22 release notes
      - url: https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.21
        title: Jetty 10.0.21 release notes
      - url: https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.22
        title: Jetty 10.0.22 release notes
      - url: https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.23
        title: Jetty 10.0.23 release notes
      - url: https://github.com/jetty/jetty.project/releases/tag/jetty-10.0.24
        title: Jetty 10.0.24 release notes
      - pull: 9698
      - issue: 73743
    message: |-
      Upgrade Winstone from 6.18 to 6.22.
      Upgrade Jetty from 10.0.20 to 10.0.24.
  - type: bug
    category: bug
    pull: 9641
    issue: 73668
    authors:
      - mawinter69
    pr_title: "[JENKINS-73668] fix styling of rowSelectionController dropdown"
    message: |-
      Fix the appearance of the <strong>Plugin Manager</strong> actions dropdown.
  - type: bug
    category: bug
    pull: 9644
    issue: 73422
    authors:
      - Dohbedoh
    pr_title: "[JENKINS-73422] Add escape hatch for Authenticated user access to Resource URL"
    message: |-
      Add escape hatch for Authenticated user access to Resource URL.
  - type: rfe
    message: |-
      Developer: Add <code>ExtendedReadRedaction</code> extension point to allow plugins to redact content from <code>config.xml</code> files served via API or CLI to users with Extended Read permission.
    references:
      - url: /security/advisory/2024-10-02/#SECURITY-3373
        title: SECURITY-3373

- version: "2.479.1"
  date: 2024-10-30
  lts_predecessor: "2.462.3"
  lts_baseline: "2.479"
  changes: # compared to lts_baseline 2.479 - extracted from the RC commit(s)

  - type: major bug
    category: bug
    pull: 9760
    issue: 73760
    authors:
      - basil
    pr_title: "[JENKINS-73760] Updates fail due to invalid JSON from HTTP Update Center"
    message: |-
      Migrate from http://updates.jenkins-ci.org to <a href="https://updates.jenkins.io">https://updates.jenkins.io</a> if the initial installation version was 2.76 or older.
  - type: bug
    category: bug
    pull: 9797
    issue: 73838
    authors:
      - basil
    pr_title: "[JENKINS-73838] Compatibility for Jenkins#doSafeRestart(StaplerRequest, String)"
    message: |-
      Restore compatibility with plugins calling <code>Jenkins#doSafeRestart(StaplerRequest, String)</code>.
  - type: bug
    category: bug
    pull: 9764
    issue: 73801
    authors:
      - basil
    pr_title: "[JENKINS-73801] Nested Views plugin overrides View#doConfigDotXml(StaplerRequest)"
    message: |-
      Restore compatibility with plugins contributing new views with custom XML, such as the Nested Views plugin.
  - type: bug
    category: bug
    pull: 9693
    issue: 73437
    authors:
      - ridemountainpig
    pr_title: "[JENKINS-73437] Fix build history no automatic line wrapping"
    message: |-
      Wrap long lines in the build history.
  - type: bug
    category: bug
    pull: 9827
    issue: 73867
    authors:
      - basil
    pr_title: "Override the outdated managed dependency on asm in guice-parent"
    message: |-
      Prevent an old version of ASM from appearing as a managed dependency in plugin builds.
  - type: bug
    category: bug
    pull: 9834
    issue: 73917
    authors:
      - markewaite
    pr_title: "Update dependency io.jenkins.plugins:asm-api to v9.7.1-95.v9f552033802a_"
    message: |-
      Update ASM to 9.7.1 to match the most recent release of the ASM API and Jenkins ASM API plugin.
  - type: bug
    category: bug
    pull: 9810
    issue: 73835
    authors:
      - dwnusbaum
    pr_title: "[JENKINS-73835] Do not allow builds to be deleted while they are
      still running and ensure build discarders run after builds are fully complete"
    message: |-
      Do not allow builds to be deleted while they are still building.
      Ensure build discarders only process builds which have fully completed.
  - type: bug
    category: bug
    pull: 9882
    authors:
      - basil
    pr_title: "Allow for null to be passed to doSafeRestart"
    message: |-
      Allow null to be passed as the first argument to <code>doSafeRestart</code>.
  - type: bug
    category: bug
    pull: 9790
    issue: 73824
    authors:
      - dwnusbaum
    pr_title: "[JENKINS-73824] Wait for Pipeline builds to complete before allowing
      their jobs to be deleted"
    message: |-
      Wait for ongoing Pipeline builds to fully complete before allowing their parent job to be deleted.

  lts_changes: # compared to lts_predecessor 2.462.3 (selected by personal review)

  - type: major rfe
    category: rfe
    authors:
      - basil
    pr_title: "Require Java 17 or newer"
    references:
      - pull: 9358
      - issue: 67907
      - url: https://www.jenkins.io/blog/2024/06/11/require-java-17/
        title: Java 17 requirement blog post
    message: |-
      Require Java 17 or newer.
  - type: major rfe
    category: rfe
    authors:
      - basil
    pr_title: "[JENKINS-73278] Migrate core from EE 8 to EE 9"
    references:
      - url: https://github.com/spring-projects/spring-framework/releases/tag/v6.0.23
        title: Spring Framework 6.0.23 release notes
      - url: https://github.com/spring-projects/spring-framework/releases/tag/v6.1.12
        title: Spring Framework 6.1.12 release notes
      - url: https://github.com/spring-projects/spring-framework/releases/tag/v6.1.13
        title: Spring Framework 6.1.13 release notes
      - url: https://github.com/spring-projects/spring-framework/releases/tag/v6.1.14
        title: Spring Framework 6.1.14 release notes
      - url: https://github.com/spring-projects/spring-security/releases/tag/6.2.6
        title: Spring Security 6.2.6 release notes
      - url: https://github.com/spring-projects/spring-security/releases/tag/6.3.2
        title: Spring Security 6.3.2 release notes
      - url: https://github.com/spring-projects/spring-security/releases/tag/6.3.3
        title: Spring Security 6.3.3 release notes
      - url: https://github.com/spring-projects/spring-security/releases/tag/6.3.4
        title: Spring Security 6.3.4 release notes
      - url: https://projects.eclipse.org/releases/jakarta-ee-9
        title: Jarkata EE 9 release page
      - url: https://github.com/jenkinsci/ldap-plugin/releases/tag/733.vd3700c27b_043
        title: LDAP plugin 733.vd3700c27b_043
      - url: https://github.com/jenkinsci/reverse-proxy-auth-plugin/releases/tag/reverse-proxy-auth-plugin-1.8.0
        title: Reverse Proxy Auth plugin 1.8.0
      - url: https://github.com/jenkinsci/mailer-plugin/releases/tag/489.vd4b_25144138f
        title: Mailer plugin 489.vd4b_25144138f
      - url: https://github.com/jenkinsci/cas-plugin/releases/tag/cas-plugin-1.7.0
        title: CAS plugin 1.7.0
      - url: https://github.com/jenkinsci/negotiatesso-plugin/releases/tag/136.vda_2b_6a_744b_d8
        title: Windows Negotiate SSO plugin 136.vda_2b_6a_744b_d8
      - url: https://www.jenkins.io/doc/book/platform-information/support-policy-servlet-containers/
        title: Servlet Container Support Policy
      - pull: 9672
      - issue: 73278
    message: |-
      Upgrade Spring Framework from 5.3.39 to 6.1.14, upgrade Spring Security from 5.8.14 to 6.3.4, and upgrade Java EE from 8 to 9.
      Users of the LDAP plugin must upgrade to version 733.vd3700c27b_043 in combination with upgrading Jenkins core.
      Users of the Reverse Proxy Auth plugin must upgrade to version 1.8.0 in combination with upgrading Jenkins core and must also upgrade the Mailer plugin to version 489.vd4b_25144138f.
      Users of the CAS plugin must upgrade to version 1.7.0 in combination with upgrading Jenkins core.
      Users of the Windows Negotiate SSO plugin must upgrade to version 136.vda_2b_6a_744b_d8 in combination with upgrading Jenkins core.
      Users of third-party servlet containers must upgrade their servlet container to an EE 9 version in accordance with the Jenkins Servlet Container Support Policy.
  - type: major rfe
    category: major rfe
    authors:
      - basil
    pr_title: "[JENKINS-73130] Upgrade core from Jetty 10.x to 12.x (EE 8)"
    references:
      - pull: 9590
      - issue: 73130
      - url: https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.10
        title: Jetty 12.0.10 release notes
      - url: https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.11
        title: Jetty 12.0.11 release notes
      - url: https://github.com/jetty/jetty.project/releases/tag/jetty-12.0.12
        title: Jetty 12.0.12 release notes
    message: |-
      Upgrade Jetty from 10.0.24 to 12.0.12.
  - type: major rfe
    category: major rfe
    pull: 9405
    issue: 68822
    authors:
      - madisparn
    pr_title: "JENKINS-68822 added support for removing all builds with LogRotator"
    message: |-
      Allow all builds to be removed by the build discarder.
  - type: major rfe
    category: major rfe
    authors:
      - markewaite
    pr_title: "[JENKINS-73129] Remove Windows path traversal escape hatch from SECURITY-2481"
    references:
      - pull: 9387
      - issue: 73129
      - url: /security/advisory/2021-10-06/#SECURITY-2481
        title: Path traversal vulnerability on Windows - SECURITY-2481
    message: |-
      Remove Windows path traversal vulnerability escape hatch that was provided with the SECURITY-2481 fix..
  - type: major bug
    category: bug
    pull: 9428
    issue: 73381
    authors:
      - basil
    pr_title: "[JENKINS-73381] Downloading tar.gz artifacts in Firefox is broken"
    message: |-
      Fix download of <code>.tar.gz</code> artifacts in Firefox.
  - type: rfe
    category: rfe
    authors:
      - janfaracik
      - mawinter69
      - timja
    pr_title: "Refine content and appearance of the user account screen"
    references:
      - pull: 9521
      - pull: 9707
      - pull: 9461
      - pull: 9411
      - pull: 9393
      - pull: 9381
    message: |-
      Enhancements and refinements for the appearance of several pages in Jenkins.
  - type: rfe
    category: rfe
    authors:
      - zbynek
      - janfaracik
    pr_title: "Refine form controls appearance"
    references:
      - pull: 9453
      - pull: 9380
      - pull: 9365
      - pull: 9395
      - pull: 9641
    message: |-
      Refinements and modernizations to sections of the Jenkins UI.
  - type: rfe
    category: rfe
    pull: 7268
    issue: 69869
    authors:
      - Wadeck
      - timja
    pr_title: "[JENKINS-69869] Categorize the user properties"
    message: |-
      User properties are now categorized in different pages.
  - type: rfe
    category: rfe
    pull: 9148
    authors:
      - janfaracik
    pr_title: "Rewrite the build history widget"
    message: |-
      Update the design of the build history widget.
  - type: rfe
    category: rfe
    pull: 9724
    authors:
      - janfaracik
    pr_title: "Use Notice component for views lacking jobs"
    message: |-
      Use Notice component for views lacking jobs.
  - type: rfe
    category: rfe
    pull: 9648
    issue: 73669
    authors:
      - mawinter69
    pr_title: "[JENKINS-73669] don't change unrelated checkboxes in rowSelectionCont…"
    message: |-
      Do not edit unrelated checkboxes in <code>rowSelectionController</code>.
  - type: rfe
    category: rfe
    pull: 9591
    authors:
      - jglick
    pr_title: "Friendlier handling of DeploymentHandshakeException from CLI in -webSocket mode"
    message: |-
      Improve display of HTTP handshake errors (such as authentication issues) from the CLI in <code>-webSocket</code> mode.
  - type: rfe
    category: rfe
    pull: 9665
    authors:
      - Vlatombe
    pr_title: "Add -webSocket option by default when creating an inbound agent"
    message: |-
      Use webSocket in the inbound agent command line sample.
  - type: rfe
    category: rfe
    pull: 9616
    authors:
      - zbynek
    pr_title: "Allow plugins to customize number of suggestions in autocomplete"
    message: |-
      Allow plugins to customize the maximum number of suggestions in autocomplete text fields.
  - type: rfe
    category: rfe
    pull: 9594
    issue: 73597
    authors:
      - jeromepochat
    pr_title: "[JENKINS-73597] Remove RekeySecretAdminMonitor and related resources"
    message: |-
      Remove obsolete <code>RekeySecretAdminMonitor</code>.
  - type: rfe
    category: rfe
    pull: 9511
    issue: 73563
    authors:
      - mawinter69
    pr_title: "[JENKINS-73563] create a jenkins-button instead of a yui button in makeButton"
    message: |-
      Use <code>makeButton</code> to create a <code>jenkins-button</code> on the fly instead of using YUI.
  - type: rfe
    category: rfe
    pull: 9502
    issue: 73495
    authors:
      - markewaite
    pr_title: "[JENKINS-73495] Clarify the plugin incompatibility message"
    message: |-
      Clarify that the plugin incompatibility message applies to the current plugin.
  - type: rfe
    category: rfe
    pull: 9501
    authors:
      - markewaite
    pr_title: "Add end of life dates for Alpine 3.20, Ubuntu 24.04, Fedora 40"
    message: |-
      Add end of life dates for Alpine 3.20, Ubuntu 24.04, and Fedora 40.
      Correct several end of life dates, including CentOS 8.
  - type: rfe
    category: rfe
    pull: 9476
    authors:
      - basil
    pr_title: "Use detached plugins as a cache for the Update Center"
    message: |-
      Avoid unnecessary download of bundled plugins during the setup wizard.
  - type: rfe
    category: rfe
    pull: 9488
    authors:
      - mawinter69
    pr_title: "scroll fields from added hetero-list entry into viewport"
    message: |-
      Scroll fields from the added hetero-list entry into the viewport.
  - type: rfe
    category: rfe
    pull: 9465
    authors:
      - mawinter69
    pr_title: "modernise build time trend page"
    message: |-
      Modernize the build time trend page with a "time since" column and a link to the console, and allow the table to be resized.
      Remove the agent column for the Pipeline build trend.
  - type: rfe
    category: rfe
    pull: 9483
    authors:
      - jglick
    pr_title: "Lifecycle.onBootFailure"
    message: |-
      When using <code>ExitLifecycle</code>, exit the process immediately upon a boot failure.
      Also allow custom lifecycles to exit immediately.
  - type: rfe
    category: rfe
    pull: 9449
    authors:
      - Vlatombe
    pr_title: "Show plugin source URL when downloading it"
    message: |-
      Display the source URL in logs when installing a plugin.
  - type: rfe
    category: rfe
    pull: 9437
    authors:
      - Vlatombe
    pr_title: "Allow administrative monitors to be displayed for users with Overall/MANAGE permission"
    message: |-
      Allow some administrative monitors to be displayed for users with <code>Overall/MANAGE</code> permission.
  - type: rfe
    category: rfe
    pull: 9440
    authors:
      - basil
    pr_title: "Increase minimum required Remoting version from 4.13 to 3107.v665000b_51092"
    message: |-
      Increase the minimum required Remoting version from 4.13 to 3107.v665000b_51092.
  - type: rfe
    category: rfe
    authors:
      - basil
    pr_title: "Delegate compression to servlet container"
    references:
      - pull: 9379
      - url: https://github.com/jenkinsci/stapler/releases/tag/1881.vd39f3ee5c629
        title: Stapler 1881.vd39f3ee5c629 release notes
      - url: https://github.com/jenkinsci/winstone/releases/tag/winstone-6.20
        title: Winstone-Jetty 6.20 release notes
    message: |-
      Update Stapler from 1880.vb_6d94a_3b_05db_ to 1881.vd39f3ee5c629 and Winstone-Jetty from 6.19 to 6.20 to let Jetty handle HTTP response compression.
      A new command-line option <code>--compression</code> can be used to disable compression if desired.
  - type: rfe
    category: rfe
    pull: 9177
    authors:
      - mawinter69
    pr_title: "remove idle executors from widget"
    message: |-
      Remove idle executors from the Build Executor widget.
  - type: rfe
    category: rfe
    pull: 7037
    issue: 14789
    authors:
      - das7pad
    pr_title: "[JENKINS-14789] Configurable interval for computer retention check"
    message: |-
      The latency for bringing up offline agents can be improved using a new global config option <strong>Computer Retention Check Interval</strong> and setting an <strong>In demand delay</strong> of zero on the agents.
  - type: bug
    category: bug
    authors:
      - scherler
      - janfaracik
    pr_title: "[JENKINS-73695] Prevent unnecessary horizontal scrollbar in Firefox"
    references:
      - pull: 9695
      - issue: 73695
      - pull: 9667
      - pull: 9654
      - issue: 73330
      - pull: 9649
      - pull: 9625
      - pull: 9658
      - issue: 73302
    message: |-
      Several bug fixes for the Jenkins UI.
  - type: bug
    category: bug
    pull: 9737
    issue: 73785
    authors:
      - daniel-beck
    pr_title: "[JENKINS-73785] Restore ContextMenu#from with StaplerRequest/Response args"
    message: |-
      Restore compatibility with plugins contributing new objects with context menus, such as the Nested Views plugin.
  - type: bug
    category: bug
    pull: 9653
    issue: 73687
    authors:
      - dwnusbaum
    pr_title: "[JENKINS-73687] Make deserialization of Map fields in XML files more robust"
    message: |-
      Make deserialization of <code>Map</code> fields in XML files more robust.
  - type: bug
    category: bug
    pull: 9696
    authors:
      - basil
    pr_title: "Compatibility for ChainedServletFilter"
    message: |-
      Restore compatibility with the OpenId Connect Authentication and Reverse Proxy Authentication plugins.
  - type: bug
    category: bug
    pull: 9152
    issue: 72988
    authors:
      - mawinter69
    pr_title: "[JENKINS-72988] validate displayname against items in the same ItemGroup"
    message: |-
      Validate display name only against items in the same ItemGroup.
  - type: bug
    category: bug
    pull: 9463
    authors:
      - timja
    pr_title: "Disable dependents toggle in plugin manager with system read"
    message: |-
      Correct the styling for plugins that can't be disabled in plugin manager when user has system read permission.
  - type: bug
    category: bug
    pull: 9624
    issue: 73613
    authors:
      - mawinter69
    pr_title: "[JENKINS-73613] refresh buildhistory widget in all cases"
    message: |-
      Refresh the build history widget in all cases, including on background tabs or hidden tabs.
  - type: bug
    category: bug
    authors:
      - mawinter69
    pr_title: "[JENKINS-73554] fix jelly exception"
    references:
      - pull: 9519
      - issue: 73554
    message: |-
      Fix <code>IndexOutOfBoundsException</code> in cloud management pages when the controller has no executors.
  - type: bug
    category: bug
    pull: 9485
    issue: 73467
    authors:
      - basil
    pr_title: "[JENKINS-73467] No facility to try unsupported Remoting versions when using inbound agents"
    message: |-
      Fix the <code>hudson.slaves.SlaveComputer.allowUnsupportedRemotingVersions</code> escape hatch, which was previously not working with inbound agents.

- version: "2.479.2"
  date: 2024-11-27
  changes:
  - type: security
    message: Important security fix.
    references:
      - url: /security/advisory/2024-11-27/
        title: security advisory
  - type: rfe
    category: rfe
    authors:
      - renovate
      - daniel-beck
    pr_title: "Update dependency org.jenkins-ci.plugins:script-security to v1369"
    references:
      - pull: 9970
      - issue: 74852
      - url: https://github.com/jenkinsci/script-security-plugin/releases/tag/1368.vb_b_402e3547e7
        title: Script Security plugin 1368.vb_b_402e3547e7 release notes
    message: |-
      Upgrade Script Security plugin to 1368.vb_b_402e3547e7.
      Script Security 1368.vb_b_402e3547e7 includes a fix for <a href="https://www.jenkins.io/security/advisory/2024-11-13/#SECURITY-3447">SECURITY-3447</a>.
  - type: bug
    category: bug
    pull: 9954
    issue: 74826
    authors:
      - renovate
      - markewaite
    pr_title: "Update dependency com.thoughtworks.xstream:xstream to v1.4.21 [SECURITY]"
    message: |-
      Upgrade XStream to 1.4.21.
      XStream 1.4.21 includes a fix for <a href="https://x-stream.github.io/CVE-2024-47072.html">CVE-2024-47072</a>.
  - type: bug
    category: bug
    pull: 9947
    issue: 74795
    authors:
      - basil
    pr_title: "[JENKINS-74795] Job created via REST API attaches to default view"
    message: |-
      Do not add jobs created via the REST API to the default view (regression in 2.475).
  - type: bug
    category: bug
    pull: 9945
    issue: 74814
    authors:
      - basil
    pr_title: "[JENKINS-74814] java.lang.UnsupportedOperationException: This stack walker does not have RETAIN_CLASS_REFERENCE access"
    message: |-
      Allow context classloaders to be defined without making explicit reference to the calling class.

- version: "2.479.3"
  date: 2025-01-08
  changes:
  - type: rfe
    category: rfe
    pull: 10096
    issue: 75077
    authors:
      - renovate
      - markewaite
    pr_title: "Update mina-sshd-api.version to v2.14.0-138.v6341ee58e1df"
    message: |-
      Upgrade Apache MINA core from 2.0.26 to 2.0.27.
  - type: bug
    category: bug
    pull: 9981
    issue: 73908
    authors:
      - daniel-beck
    pr_title: "[JENKINS-73908] Do not show button to upgrade to SystemRead users"
    message: |-
      Remove <strong>Upgrade Automatically</strong> from users with `SystemRead` permissions.
  - type: bug
    category: bug
    pull: 10121
    issue: 73942
    authors:
      - basil
    pr_title: "Backporting for 2.479.3 LTS (part 3)"
    message: |-
      Fix double-zipped <code>.tgz</code> files so they are no longer mismatched.
  - type: bug
    category: bug
    pull: 10065
    issue: 75003
    authors:
      - basil
    pr_title: "[JENKINS-75003] Zip-based tool installer configuration incorrectly
      rejects non-HTTP(S) URLs (regression in 2.379)"
    message: |-
      Allow non-HTTP(S) URLs in zip-based tool installer configuration.
  - type: bug
    category: bug
    pull: 9983
    issue: 73487
    authors:
      - daniel-beck
    pr_title: "[JENKINS-73487] Fix Stapler exception with multiple security warnings"
    message: |-
      Fix exception error message about <code>hudson.model.UpdateSite$Warning</code> on <strong>Manage Jenkins</strong> that may be shown when plugins with known security issues are installed.
  - type: bug
    category: regression
    pull: 10000
    issue: 73907
    authors:
      - ridemountainpig
    pr_title: "[JENKINS-73907] Fix double-escaped tooltips in 'Help for feature'"
    message: |-
      Fix double-escaped tooltips in "Help for feature" (regression in 2.380).

- version: "2.492.1"
  date: 2025-02-05
  lts_predecessor: "2.479.3"
  lts_baseline: "2.492"
  changes: # compared to lts_baseline 2.492 - extracted from the RC commit(s)

  - type: rfe
    category: rfe
    pull: 10196
    authors:
      - markewaite
    pr_title: "Disable JnlpSlaveRestarterInstallerTest on ci.jenkins Windows agents"
    message: |-
      Disable the <code>JnlpSlaveRestarterInstallerTest</code> on ci.jenkins Windows agents.

  lts_changes: # compared to lts_predecessor 2.479.3 (selected by personal review)

  - type: major rfe
    category: rfe
    pull: 10045
    issue: 73539
    authors:
      - timja
      - zbynek
      - janfaracik
      - fqueiruga
    pr_title: "[JENKINS-73539] Disable YUI by default"
    message: |-
      Disable the Yahoo! User Interface library by default.
  - type: major rfe
    category: rfe
    pull: 7569
    authors:
      - janfaracik
      - timja
      - NotMyFault
    pr_title: Overhaul search with a Command Palette
    message: |-
      Add Command Palette as a replacement for the search bar.
  - type: major rfe
    category: rfe
    authors:
      - janfaracik
    pr_title: Refine content and appearance of the 'Edit View' screen
    references:
      - pull: 9734
      - pull: 9735
      - pull: 9833
    message: |-
      Refine and modernize the appearance of several pages.
  - type: rfe
    category: rfe
    pull: 10049
    authors:
      - janfaracik
      - timja
    pr_title: Add icons to Command Palette
    message: |-
      Add icons to Command Palette.
  - type: rfe
    category: rfe
    authors:
      - mustsafu
    pr_title: Turkish localization fixes for node list page
    references:
      - pull: 9928
      - pull: 9916
    message: |-
      Add Turkish translations for node list and RSS links.
  - type: rfe
    category: rfe
    pull: 9462
    authors:
      - timja
    pr_title: Use standard dropdowns for combobox
    message: |-
      Modernize <code>ComboBox</code> component.
  - type: rfe
    category: rfe
    pull: 9787
    issue: 73813
    authors:
      - mawinter69
    pr_title: "[JENKINS-73813] Show a notification when scheduling a build fails"
    message: |-
      Show a notification when scheduling a build fails.
  - type: rfe
    category: rfe
    pull: 9930
    authors:
      - jglick
    pr_title: Clarify SECURITY-3315 error code on client side
    message: |-
      Clearer error message for the CLI in the default <code>webSocket</code> mode when a 403 error results from a reverse proxy misconfiguration.
  - type: rfe
    category: rfe
    pull: 9883
    authors:
      - Vlatombe
    pr_title: Display appropriate GUI that accurately displays offline by design
    message: |-
      The agents online/offline status and icon can now be influenced by the offline cause, giving better information to users.
      Clarifies some use cases when an agent was offline by design and not because of a configuration or technical error.
  - type: rfe
    category: rfe
    authors:
      - Vlatombe
    pr_title: "[JENKINS-30101][JENKINS-30175] Simplify persistence design for
      temporarily offline status"
    references:
      - pull: 9855
      - issue: 30101
      - issue: 30175
    message: |-
      Retain user-generated offline reason when agent connects or disconnects for technical reasons.
  - type: rfe
    category: rfe
    pull: 10026
    authors:
      - mtughan
    pr_title: Allow all immutable List subclasses from Java 11
    message: |-
      Allow all immutable <code>List</code> subclasses from Java 11 over remoting.
  - type: rfe
    category: rfe
    pull: 10058
    authors:
      - Vlatombe
    pr_title: "Simplify AtomicFileWriter and use clearer temporary file names"
    message: |-
      Avoid printing the same stack trace multiple times when file persistence fails.
      Temporary file names used by the <code>AtomicFileWriter</code> are now derived from the target file name.
  - type: rfe
    category: rfe
    pull: 9995
    issue: 74858
    authors:
      - tejasdrolia
    pr_title: "[JENKINS-74858]  Added validation for Password length in FIPS mode"
    message: |-
      Added password validation to ensure that existing users cannot create a password of less than 14 characters in length when in FIPS mode.
  - type: rfe
    category: rfe
    pull: 9903
    authors:
      - jglick
    pr_title: Removing configurability of `Jenkins.agentProtocols`
    message: |-
      Stop allowing configuration of the agent protocols list.
  - type: rfe
    category: rfe
    authors:
      - basil
    pr_title: "Winstone 8.2: Upgrade Jetty from 12.0.13 to Jetty 12.0.14"
    references:
      - pull: 9841
      - url: https://github.com/jetty/jetty.project/releases/jetty-12.0.14
        title: Jetty 12.0.14 changelog
      - url: https://github.com/jenkinsci/winstone/releases/winstone-8.2
        title: Winstone 8.2 changelog
    message: |-
      Upgrade Winstone to 8.2 in order to update Jetty from 12.0.13 to 12.0.14.
  - type: bug
    category: bug
    pull: 10106
    issue: 74868
    authors:
      - timja
    pr_title: "[JENKINS-74868] Use new build status symbols in multi branch projects"
    message: |-
      Use refined build status icons in multibranch projects.
  - type: bug
    category: bug
    pull: 10081
    authors:
      - timja
    pr_title: Form checker enhancements for radio
    message: |-
      Form validation that depends on radio buttons now finds the selected one and not the previous one.
  - type: bug
    category: bug
    pull: 10089
    authors:
      - jglick
    pr_title: "`headerCommandPaletteButton` undefined when `JenkinsHeader` not
      loaded"
    message: |-
      Since 2.489, JavaScript errors could be seen in some Jenkins pages, such as the setup wizard, omitting the usual header bar.
  - type: bug
    category: bug
    pull: 10054
    authors:
      - timja
    pr_title: Fix scrolling with keyboard
    message: |-
      Fix scrolling with keyboard.
  - type: bug
    category: bug
    pull: 7078
    issue: 69549
    authors:
      - frankie139506
      - NotMyFault
      - timja
    pr_title: "[JENKINS-69549] Margins for headers and paragraphs make descriptions
      …"
    message: |-
      Reduce spacing in help files.
  - type: bug
    category: bug
    pull: 9739
    issue: 72979
    authors:
      - debayangg
    pr_title: "[JENKINS-72979] Remove trailing space from Windows agent secret
      file instructions"
    message: |-
      Remove trailing space from Windows agent secret file instructions.
  - type: bug
    category: bug
    pull: 10070
    authors:
      - timja
    pr_title: Revert "Update dependency hotkeys-js to v3.13.9"
    message: |-
      Revert update of hotkeys-js dependency introduced in 2.490.
      The hotkeys-js bump caused a regression with Jenkins plugin BOM tests.
  - type: bug
    category: bug
    pull: 10022
    authors:
      - daniel-beck
    pr_title: Revert "Fixed spotbugs `PATH_TRAVERSAL_IN` issue in `FileBoolean`"
    message: |-
      Restore the original behavior of <code>FileBoolean(Class, String)</code>.
  - type: bug
    category: bug
    pull: 9925
    authors:
      - jglick
    pr_title: "Race condition & memory leak in TypedFilter"
    message: |-
      Fix a rare race condition rendering pages soon after startup.
  - type: bug
    category: bug
    pull: 9908
    issue: 73845
    authors:
      - Dohbedoh
    pr_title: "[JENKINS-73845] Fix OperatingSystemEndOfLifeAdminMonitor endOfLifeDate
      displayed on first warning day"
    message: |-
      Fix end of life operating system monitor that shows 2099-12-31 on the first day a warning should be displayed.
  - type: bug
    category: bug
    pull: 9727
    issue: 63343
    authors:
      - dwnusbaum
    pr_title: "[JENKINS-63343] Validate element types for collections and maps
      when deserializing XML files"
    message: |-
      Ignore values with incorrect types when deserializing collections and maps in XML files.

- version: "2.492.2"
  date: 2025-03-05
  changes:
  - type: security
    message: Security fixes.
    references:
      - url: /security/advisory/2025-03-05/
        title: security advisory
  - type: bug
    category: bug
    pull: 10177
    issue: 75163
    authors:
      - mawinter69
    pr_title: "[JENKINS-75163] respect user timezone in historywidget"
    message: |-
      Use correct date in the History widget when a user has configured a dedicated time zone.
  - type: bug
    category: regression
    pull: 10261
    issue: 75265
    authors:
      - mawinter69
    pr_title: "[JENKINS-75265] Fix notification for l:task"
    message: |-
      Fix notification for `l:task` (regression in 2.481).
  - type: bug
    category: regression
    pull: 10259
    issue: 75259
    authors:
      - mawinter69
    pr_title: "[JENKINS-75259] Fix tooltip and console link in progressbar of non pipeline jobs in the executors widget"
    message: |-
      Fix tooltip and console link in progress bar of jobs in the executors widget (regression in 2.480).
  - type: bug
    category: regression
    pull: 10271
    issue: 75255
    authors:
      - jglick
    pr_title: "[JENKINS-75255] Tolerate AccessDeniedException in AtomicFileWriter"
    message: |-
      Fix occasional failures to write files to the Jenkins home directory on Windows servers due to virus scanners (regression in 2.491).

- version: "2.492.3"
  date: 2025-04-02
  changes:
  - type: bug
    category: bug
    pull: 10309
    issue: 75321
    authors:
      - Vlatombe
    pr_title: "[JENKINS-75321] Clarify the message displayed when loading the content of the build history widget"
    message: |-
      Clarify the displayed message while the build history widget initializes.
  - type: bug
    category: bug
    references:
      - pull: 10344
      - issue: 75278
      - url: https://github.com/jetty/jetty.project/releases/jetty-12.0.15
        title: Jetty 12.0.15 changelog
      - url: https://github.com/jetty/jetty.project/releases/jetty-12.0.16
        title: Jetty 12.0.16 changelog
      - url: https://github.com/jetty/jetty.project/releases/jetty-12.0.17
        title: Jetty 12.0.17 changelog
    authors:
      - olamy
    pr_title: "[JENKINS-75278] User pages for users with slash in the user name fail after upgrading to 2.479.1"
    message: |-
      Upgrade to Jetty 12.0.17 to fix User pages for users with a <code>\</code> in their username.

# DO NOT EDIT THIS FILE DIRECTLY
# ALL CHANGES MUST GO THROUGH PULL REQUESTS
# MALFORMED FILE CONTENTS WILL BREAK THE SITE BUILD