A bug introduced in Jenkins 2.96 will downgrade Script Security Plugin to version 2.18.1, possibly resulting in cascading failures to load other plugins (and reintroducing security issues). We recommend updating Script Security Plugin to its newest release and immediately restarting Jenkins to resolve this issue.
Major bug fix
-
Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed when upgrading Jenkins past the version at which the plugin was detached.
JENKINS-48365
Enhancement
-
Do not require CSRF crumb to be provided when the request is authenticated using API token.
JENKINS-22474
-
Improve robustness and error handling of various file operations by switching to NIO.
JENKINS-47324, JENKINS-48405
-
Improve Chinese translation.
pull 3176
-
Developer: Capture more authentication-related events in
SecurityListener.
JENKINS-27027
-
Developer: Deprecate
hudson.util.Service in favor of Java's ServiceLoader.
pull 3191
-
Developer: Introduce
Cause.UserIdCause(String) constructor, which allows creating causes for specified users without switching the user context.
pull 3162
Bug fix
-
Update Stapler from 1.253 to 1.254 to make the form that shows up when a URL requiring
POST is accessed using a different HTTP verb work with CSRF protection enabled.
JENKINS-34254, Stapler changelog
-
Fix a performance regression in Jenkins 2.86 due to lock contention in
ExtensionList.
JENKINS-48505
-
Trigger
SecurityListener#loggedIn events on programmatic login during self-registration when using HudsonPrivateSecurityRealm.
JENKINS-48383