The Jenkins Blog

Damien DUPORTAL

Damien is the Jenkins Infrastructure officer and a software engineer at CloudBees working as a Site Reliability Engineer for the Jenkins Infrastructure project. Not only he is a decade-old Hudson/Jenkins user but also an open-source citizen who participates in Updatecli, Asciidoctor, Traefik and many others.

Jenkins August 2023 Newsletter

Key Takeaways Jenkins project reports growth of 79% in Jenkins Pipeline, used to propel software delivery. Contributed by: Wadeck Follonier Andrea Chiera completed his 3 months internship within the Security team, auditing 100 plugins and finding 20+ vulnerabilities. Summer Internship in Jenkins security Thank you very much for your involvement and also to the team for mentoring him. A Plugin security advisory was published on August...

Damien DUPORTAL
Mark Waite
Bruno Verachten
Wadeck Follonier
Kevin Martens
Alyssa Tong September 21, 2023
Stop Caching Maven Central

JFrog has been a sponsor of the Jenkins project for many years. We’re delighted that they continue to sponsor the Jenkins project and continue to provide our artifact hosting service, repo.jenkins-ci.org. Releases, incremental development builds, and snapshots of Jenkins core, Jenkins tooling, Jenkins plugins, and Jenkins infrastructure components are hosted on JFrog Artifactory. The worldwide Jenkins community has been well served for many...

Mark Waite
Damien DUPORTAL September 6, 2023
Linux containers rebuilt

A Jenkins job mistakenly rebuilt the Linux container images for recent Jenkins weekly releases and recent Jenkins LTS releases. Users that downloaded some of those Linux container images received container images that could not run the Jenkins controller. The incorrect container images would fail to run with the message that Jenkins is not supported with Java 8. Running with Java 8 from /usr/lib/jvm/java-1.8-openjdk/jre, which...

Mark Waite
Damien DUPORTAL August 22, 2023
Jenkins July 2023 Newsletter

Key Takeaways A Jenkins Core security advisory was published on July 26 The official documentation has migrated to Java 17 Operating system end of life notifications have been added Contributed by: Wadeck Follonier During July, there were two Security Advisories published: Plugin security advisory published on July 12 Multiple high-score vulnerabilities A total of 16 plugins were affected Jenkins core and plugins security advisory published on July 26 The highest...

Damien DUPORTAL
Mark Waite
Bruno Verachten
Wadeck Follonier
Kevin Martens
Alyssa Tong August 2, 2023
Post Mortem of the 7th July 2023 Jenkins Infrastructure Outage

On Friday 7th of July 2023, the Jenkins infrastructure suffered a major outage from 11:05am UTC until 15:25pm UTC with complete downtime of the following public services: accounts.jenkins.io fallback.get.jenkins.io get.jenkins.io incrementals.jenkins.io javadoc.jenkins.io plugin-health.jenkins.io plugin-site-issues.jenkins.io plugins.origin.jenkins.io plugins.jenkins.io rating.jenkins.io repo.azure.jenkins.io reports.jenkins.io stories.jenkins.io uplink.jenkins.io weekly.ci.jenkins.io www.origin.jenkins.io We also had complete downtime of the following non-public services: ldap.jenkins.io previews of *.jenkins.io pull requests (infra.ci.jenkins.io) In addition, there was disruption (partial or complete) of the following services: ci.jenkins.io infra.ci.jenkins.io issues.jenkins.io plugins.jenkins.io repo.jenkins-ci.org www.jenkins.io The public IPs of these services changed (DNS records...

Damien DUPORTAL July 12, 2023
Jenkins June 2023 Newsletter

Key Takeaways Red Hat Enterprise Linux 7, and derivatives like CentOS 7, reach early end of life. Upgrades and improvements of Jenkins components continue with significant progress towards the eventual removal of Prototype.js from Jenkins core. Thanks to a kind donation from Launchable, pull requests to Jenkins core now complete their evaluation builds in 2 hours rather than the 6 hours that were...

Damien DUPORTAL
Mark Waite
Bruno Verachten
Wadeck Follonier
Kevin Martens July 10, 2023
New Public IPv4 for Jenkins Mirrors

The Jenkins project packages and plugins are hosted through a network of mirror servers (provided by our sponsors) close to your location. It provides a "HTTP redirector" service hosted behind the get.jenkins.io, mirrors.jenkins.io and mirrors.jenkins-ci.org domains, with a new public IP: `20.119.232.75` 20.7.178.24 (as per /blog/2023/07/12/jenkins-mirrors-postmortem-outage/) since the 12th of June 2023. The former redirector service and its previous IPv4 will be...

Damien DUPORTAL June 22, 2023
Jenkins May 2023 Newsletter

Key Takeaways Jenkins plugin updates released to fix security vulnerabilities, advisory published on May 16. JDK8 support has been dropped in favor of JDK11 as the default for running Jenkins agents. Ssh-agent release 5.0.0 introduces breaking changes. Contributed by: Wadeck Follonier A Security Policy was added for the Docker images of the project. Due to multiple reports about CVEs present in the Docker images the project...

Alyssa Tong
Damien DUPORTAL
Mark Waite
Bruno Verachten
Wadeck Follonier June 20, 2023
Jenkins April 2023 Newsletter

Key Takeaways There was one security advisory this month announcing vulnerabilities regarding Jenkins plugins. Cloud Cost Controls with improved resource cleanups and VM usage optimization to face the increased rate of builds on ci.jenkins.io. Thanks to DigitalOcean for their continued support and ($8,400 credit) sponsorship of Jenkins. Ppc64le docker agent images are now available. Jenkins at cdCon + GitOpsCon! Contributed by: Wadeck Follonier In April, there was...

Alyssa Tong
Damien DUPORTAL
Kevin Martens
Mark Waite
Bruno Verachten
Wadeck Follonier May 10, 2023