v205.v47f4ee8803d1

Compare Source

🚀 New features and improvements

• style: Use monospace font to render Disk Usage and Amount (#​102) @​rahulsom

v1873.vea_5814ca_9c93

Compare Source

👷 Changes for plugin developers

• Removing tests of Jenkins.agentProtocols (#​2580) @​jglick

📝 Documentation updates

• Add doc for exporting config from a groovy script (#​2564) @​its-dave

📦 Dependency updates

v4295.v7fa_01b_309c95

Compare Source

🚀 New features and improvements

• Copy the whole /usr/share/jenkins path recursively to account for extra files (#​1614) @​Vlatombe

🐛 Bug fixes

• Use configured registry for jenkins-agent when running in agent-injection mode (#​1613) @​iandrewt

📝 Documentation updates

• Update source code url for docker-inbound-agent (#​1610) @​liangxia

v4292.v11898cf8fa_66

Compare Source

🚀 New features and improvements

• Use current context for validation functions (#​1608) @​Dohbedoh

📦 Dependency updates

• Bump org.jenkins-ci.plugins:plugin from 4.87 to 4.88 (#​1607) @​dependabot

v4290.v93ea_4b_b_26a_61

Compare Source

🚀 New features and improvements

• JENKINS-73789 - empty certificate is valid now (#​1605) @​PereBueno

📝 Documentation updates

• Update README with agent injection in mind (#​1606) @​Vlatombe

v4288.v1719f9d0c854

Compare Source

🐛 Bug fixes

• JENKINS-73788 - Reduce metrics bloat relating to provisioning requests (#​1604) @​PayBas

v4.418.vccc7061f5b_6d

Compare Source

🚀 New features and improvements

• Use a FIPS compliant version of nimbus-jose-jwt (#​440) @​fcojfernandez

🐛 Bug fixes

• Resuse the original user principal to avoid crumb issues. (#​426) @​jtnord

📝 Documentation updates

• fix plugin documentation of plugin configuration for endSessionEndpoint (#​439) @​sstoffregen

v4.411.v990b_9d36e74e

Compare Source

🐛 Bug fixes

• Filter missing non-compliant algorithms in FIPS mode (#​435) @​fcojfernandez

v4.409.ve864b_f48b_0f3

Compare Source

🚀 New features and improvements

• JENKINS-73904 - Enable FIPS restrictions in the JWK signing algorithm for Token verification (#​428) @​fcojfernandez

🐛 Bug fixes

• JEP-237 - disable escapeHatch when Jenkins is in FIPS mode (#​418) @​olamy

👻 Maintenance

• JENKINS-73849 - JEP-237 - remove the ability to disable SSL and token validation in FIPS mode (#​423) @​PereBueno

🚦 Tests

• Switching tests to throw generic Exception (#​425) @​PereBueno

✍ Other changes

• JENKINS-73892 - un-inline script in config.jelly and fix existing behavior (#​427) @​shlomomdahan

v4.388.v4f73328eb_d2c

Compare Source

💥 Breaking changes

[!CAUTION]
The plugin now requires that the Issuer is set to enforce security and there is no option to disable this requirement as it is mandated in the Open ID Connect specification.
As such users who do not use automatic configuration via the well-known endpoint must first update to 4.355.v3a_fb_fca_b_96d4 and configure the Issuer before updating to this version.
Failure to do so will result in users unable to login, or Jenkins failing to start.

[!CAUTION]
if using manual configuration and a JWKS Server URL has not been specified then either disable token validation will need to be enabled or the JWKS Server URL will need to be set before upgrading to this version.
Failure to do so will result in users unable to login.

[!WARNING]
The option to send the scopes when requesting the access token has been removed (although is still present in the UI). Users of non conformant OPs that require this functionality should remain on the previous version until the Open ID Connect Originating Party (often referred to as the iDP) fixes their implementation.

• Replace EOL Google Oauth library (#​409) @​jtnord

📝 Documentation updates

• document ADFS token lifetime for devs (#​420) @​jtnord

v4.371.vc7c0c06e8a_f5

Compare Source

🐛 Bug fixes

• Redirect to login page in case token is expired instead of showing an error page (#​395) @​eva-mueller-coremedia

📝 Documentation updates

• Update CasC documentation (#​417) @​fcojfernandez
• Add developer docs (#​410) @​jtnord

v4.355.v3a_fb_fca_b_96d4

Compare Source

🔒 Security fixes

• Fix SECURITY-3441 (1, 2).

[!IMPORTANT]
When using the "Manual entry" configuration mode, the new "Issuer" field must be populated after updating to protect from this issue. When using "Discovery via well-known endpoint", the Issuer will be set automatically.

v4.354.v321ce67a_1de8

Compare Source

🐛 Bug fixes

• Use endSessionUrl instead of endSessionEndpoint for manual configuration in UI (#​402) @​eva-mueller-coremedia

👻 Maintenance

• Remove deprecated constructor (#​401) @​jtnord

v4.350.v347c3b_8b_9d95

Compare Source

💥 Breaking changes

• rework configuration of the plugin (#​399) @​jtnord

[!IMPORTANT]
The configuration format is backwards compatible with previous versions, but the casc format is not.

configuration of the provider side has been moved into a serverConfiguration section and split to 2 different types wellKnown for configuration via a auto discovery and manual for manual configuration.
e.g.
for manual configuration:

securityRealm:
   oic:
    serverConfiguration:
       manual:
         authorizationServerUrl: https://url.example.com/authorize
         jwksServerUrl: https://jwks.example.com/jwks
         tokenAuthMethod: client_secret_post
         tokenServerUrl: https://token.example.com/token
         scopes: scopes

and for auto configuration:

 securityRealm:
   oic:
     serverConfiguration:
       wellKnown:
         wellKnownOpenIDConfigurationUrl: https://idp.example.com:/someRealm/.well-known/openid-configuration

[!CAUTION]
it has been reported #​412 that very old configuration may not be migrated correctly.
it is therefore recommended to explicitly save the configuration in ${JENKINS_URL}/manage/configureSecurity/ before upgrading if the configuration has not been changed recently and you are not using Config-as-Code to manage the settings

✍ Other changes

• use batch mode for running maven (#​400) @​jtnord

v4.346.v10401f543622

Compare Source

🐛 Bug fixes

• Compare username based on ID strategy on token refresh (#​394) @​eva-mueller-coremedia

v787.v52e8f47488fc

Compare Source

✍ Other changes

• Adding configuration option to exclude jobs from Prometheus metrics via Regex (#​699) @​Waschndolos

📦 Dependency updates

• Bump org.jenkins-ci.plugins:plugin from 4.86 to 4.87 (#​693) @​dependabot
• Bump org.mockito:mockito-junit-jupiter from 5.12.0 to 5.13.0 (#​694) @​dependabot

v4.501.v4313a_01e3a_18

Compare Source

🐛 Bug fixes

• fix: JENKINS-73816 - implement missing methods (#​452) @​kuisathaverat

📦 Dependency updates

• chore(deps-dev): bump org.testcontainers:testcontainers from 1.20.2 to 1.20.3 (#​450) @​dependabot
• chore(deps): bump io.jenkins.tools.bom:bom-2.462.x from 3482.vc10d4f6da_28a_ to 3559.vb_5b_81183b_d23 (#​451) @​dependabot
• chore(deps): bump org.jenkins-ci.plugins:plugin from 5.1 to 5.2 (#​448) @​dependabot
• chore(deps): bump io.jenkins.tools.bom:bom-2.462.x from 3435.v238d66a_043fb_ to 3482.vc10d4f6da_28a_ (#​447) @​dependabot

v4.496.v56a_6423dca_35

Compare Source

🚀 New features and improvements

• Upgrade to pac4j 6.x, require Java 17 or newer, and migrate to EE 9 (#​446) @​basil

📝 Documentation updates

• docs: JENKINS-73751 - Redirecting to Base URL Rather than Original Requested URL (#​437) @​kuisathaverat

📦 Dependency updates

• chore(deps): bump io.jenkins.tools.bom:bom-2.462.x from 3413.v0d896b_76a_30d to 3435.v238d66a_043fb_ (#​443) @​dependabot
• chore(deps-dev): bump org.testcontainers:testcontainers from 1.20.1 to 1.20.2 (#​442) @​dependabot
• Upgrade plugin parent POM to latest (#​445) @​basil
• chore(deps): bump io.jenkins.tools.bom:bom-2.462.x from 3387.v0f2773fa_3200 to 3413.v0d896b_76a_30d (#​441) @​dependabot
• chore(deps): bump io.jenkins.tools.bom:bom-2.462.x from 3358.vea_fa_1f41504d to 3387.v0f2773fa_3200 (#​439) @​dependabot
• chore(deps): bump org.jenkins-ci.plugins:plugin from 4.87 to 4.88 (#​440) @​dependabot
• chore(deps): bump io.jenkins.tools.bom:bom-2.462.x from 3334.v18e2a_2f48356 to 3358.vea_fa_1f41504d (#​438) @​dependabot