content/_data/changelogs/weekly.yml

# DO NOT EDIT THIS FILE DIRECTLY
# ALL CHANGES MUST GO THROUGH PULL REQUESTS
# MALFORMED FILE CONTENTS WILL BREAK THE SITE BUILD

- version: "2.47"
  date: 2017-02-19
  changes:
    - type: bug
      message: >
        Update Groovy to 2.4.8 to address memory leak issue.
        <strong>Do not use this version if you are running Pipeline builds unless you also update <em>Pipeline: Groovy</em> to 2.28 or higher.</strong>
      references:
        - issue: 33358
        - issue: 42189
    - type: bug
      message: Windows service restart did not retain build queue.
      issue: 32820
    - type: bug
      message: Exceptions during Jenkins cleanup step should not block restart.
      issue: 42164
    - type: rfe
      message: Upgrade remoting to version 3.5.
      references:
        - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#35
          title: full changelog
    - type: bug
      message: >
        Remoting 3.5: Remoting clients now accept lowercase (HTTP 2) headers sent by reverse proxies.
      issue: 40710
    - type: rfe
      message: >
        Remoting 3.5: Add option to specify the remoting protocol to use on the client.
      issue: 41730
    - type: bug
      message: >
        Remoting 3.5: Stability improvements.
      references:
        - issue: 41513
        - issue: 41852
    - type: bug
      message: >
        Developer: Snapshot builds of plugins that had dependencies on other snapshot builds were not having their version numbers compared correctly.
      issue: 41899
    # Not noting PR 847 because it doesn't look significant enough
    # Neither are PRs 2724, 2755, 2753, 2742, 2749, 2747
- version: "2.48"
  date: 2017-02-26
  changes:
    - type: rfe
      message: >
        Upgrade Apache Commons Collections to version 3.2.2.
        <strong>Note:</strong> Jenkins has been using a blacklist to prevent exploiting the serialization vulnerability in 3.2.1 since before 3.2.2 was released.
      issue: 31598
      pull: 2761
    - type: rfe
      message: Use redirect URLs on jenkins.io instead of linking to wiki pages directly, allowing future reorganization of documentation without breaking links in Jenkins.
      pull: 2756
    - type: bug
      message: Fix performance issue in deduplication of lists of tool installers.
      issue: 42141
      pull: 2752
    - type: bug
      message: Use of the remote API to create items in views (<code>/view/…/createItem</code>) didn't actually add items to views since Jenkins 2.22.
      issue: 41128
      pull: 2760
    - type: bug
      message: >
        Do not display a warning when an SCM trigger has no schedules (either to disable SCM post-commit hooks, or to enable them without polling).
      issue: 42194
      pull: 2758
    - type: rfe
      message: >
        Developer: Allow referencing radio buttons in <code>f:validateButton</code> validation methods.
      pull: 2734
- version: "2.49"
  date: 2017-03-05
  changes:
    - type: bug
      message: Do not attempt to find the next occurrence of an impossible date such as June 31st in validation of trigger schedules.
      issue: 41864
      pull: 2759
    - type: bug
      message: Remove invalid translations in Slovene
      issue: 41756
      pull: 2767
- version: "2.50"
  date: 2017-03-11
  changes:
    - type: rfe
      message: >
        Allow searching by build parameter values in the <code>Build History</code> widget.
      issue: 40718
      pull: 2683
    - type: rfe
      message: >
        Searching in the <code>Build History</code> widget takes into account user preferences (case sensitivity by default).
      pull: 2683
    - type: rfe
      message: >
        When creating temporary files, use the <code>jenkins</code> prefix instead of the old <code>hudson</code> one.
      pull: 2778
    - type: bug
      message: >
        Fix relative links in the SCM polling administrative monitor.
      pull: 2780
    - type: bug
      message: >
        Update Remoting from <code>3.5</code> to <code>3.7</code>
        in order to prevent file descriptor leaks on agents in the case of multiple connection attempts.
      references:
        - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#37
          title: full changelog
      issue: 42371
      pull: 2773
    - type: major rfe
      message: > 
        Upgrade the Windows Agent Installer module from <code>1.6</code> to <code>1.7</code>.
        This change picks major updates in Windows service management logic.
        <strong>This fix caused a critical regression in the 
        <a href="https://plugins.jenkins.io/windows-slaves">Windows Slaves Plugin</a> 
        (<a href="https://issues.jenkins-ci.org/browse/JENKINS-42724">JENKINS-42724</a>).
        Update to Windows Slaves 1.3.1 in order to get the fix applied.
        </strong>
      references:
        - url: https://github.com/jenkinsci/windows-slave-installer-module/blob/master/CHANGELOG.md#17
          title: full changelog
        - url: https://github.com/jenkinsci/windows-slave-installer-module#upgrading-old-agents
          title: guide to upgrading old Windows service agents
      pull: 2765
    - type: major rfe
      message: >
        Windows services:
        Upgrade the bundled <a href="https://github.com/kohsuke/winsw">Windows Service Wrapper</a> from <code>1.18</code> to <code>2.0.2</code>. 
      references:
        - url: https://github.com/kohsuke/winsw/blob/master/CHANGELOG.md
          title: full changelog
      pull: 2765   
    - type: rfe
      message: >
        Windows services:
        Enable <a href="https://github.com/kohsuke/winsw/blob/master/doc/extensions/runawayProcessKiller.md">Runaway Process Killer</a> 
        by default in new Agent and Master installations.
      issue: 39231
      pull: 2765
    - type: rfe
      message: >
        Windows services:
        Enable auto-upgrade of remoting on newly installed agents if they are connected by HTTPS. 
      issue: 39237
      pull: 2765
    - type: rfe
      message: >
        Windows services:
        Add support of shared directories mapping in Windows agent services. 
      references:
        - url: https://github.com/kohsuke/winsw/blob/master/doc/extensions/sharedDirectoryMapper.md
          title: Shared Directory Mapper documentation
      issue: 23487
      pull: 2765
    - type: rfe
      message: >
        Windows services:
        Change the default Agent service display name prefix to <code>Jenkins agent %ID%</code>.
      issue: 42468
      pull: 2765
    - type: bug
      message: >
        Windows services:
        Prevent agent connection reset issues when WinSW gets terminated due to the system shutdown.
      issue: 22692
      pull: 2765
    - type: bug
      message: >
        Windows services:
        Integrate various stability and performance fixes in <a href="https://github.com/kohsuke/winsw">Windows Service Wrapper</a> 
        from <code>1.18</code> to <code>2.0.2</code>.
        There are many fixes around configuration options and process termination. 
      pull: 2765
      references:
        - url: https://github.com/kohsuke/winsw/blob/master/CHANGELOG.md
          title: full changelog
    - type: bug
      message: >
        Prevent file descriptor leaks when Windows Service installer fails to read data from the service startup log.
      issue: 42670
      pull: 2793
    - type: rfe
      message: >
        Select controls in Jenkins Web UI now show the spinner icon
        while waiting for the list of possible options during AJAX. requests.
      issue: 42443
      pull: 2771
    - type: rfe
      message: >
        Improve plugin access performance in the default <code>PluginManager</code> implementation.
      issue: 42585
      pull: 2769
    - type: rfe
      message: >
        Internal API: 
        Allow providing a custom task name in Run/Schedule UI via the <code>AlternativeUiTextProvider</code> extension.
      issue: 34522
      pull: 2772
    - type: bug
      message: Search results page did not correctly encode query parameters.
      issue: 42390
      pull: 2781
- version: "2.51"
  date: 2017-03-19
  changes:
    - type: major bug
      pull: 2803
      issue: 42724
      message: Restore Windows Slaves Plugin 1.2 compatibility by restoring <code>windows-service/jenkins.xml</code>, regression in 2.50.
    - type: rfe
      pull: 2796
      message: >
        SSHD 1.10: Move SSH server port configuration to security options page.
    - type: rfe
      message: Update Russian localization.
      pull: 2798
    - type: rfe
      message: Update French localization.
      issue: 42627
      pull: 2787
    - type: bug
      message: >
        Internal: Make sure system threads run as SYSTEM.
      issue: 42556
      pull: 2792
    - type: rfe
      message: >
        Internal API:
        Add the ability for <code>ItemListener</code> to veto copy operations.
      issue: 34691
      pull: 2782
    - type: bug
      message: >
        Internal API: Make <code>Run#compareTo</code> work across jobs.
      issue: 42319
      pull: 2762
    - type: rfe
      message: >
        Internal API: Save <code>Jenkins</code> after calling <code>setSecurityRealm</code> or <code>setAuthorizationStrategy</code>.
      pull: 2790
    - type: rfe
      message: >
        Internal API: Annotate <code>PermissionGroup#owner</code> <code>@Nonnull</code>.
      pull: 2805
- version: "2.52"
  date: 2017-03-26
  changes:
    - type: bug
      message: <code>Computer#addAction</code> would throw an <code>UnsupportedOperationException</code> since Jenkins 2.30. Such a call site was released in SSH Slaves Plugin 1.15 for SECURITY-161.
      references:
        - issue: 42969
        - url: https://jenkins.io/security/advisory/2017-03-20/
          title: security advisory including SECURITY-161
      pull: 2819
    - type: rfe
      message: Update German localization.
      pull: 2777
    - type: rfe
      message: >
        Removed localizations with very low coverage: Albanian, Basque, Belarusian, Bengali, Esperanto, Galician, Georgian, Gujarati, Hindi, Icelandic, Indonesian, Irish, Kannada, Macedonian, Marathi, Mongolian, Occitan, Punjabi, Sinhala, Tamil, Telugu, Thai.
      pull: 2813
- version: "2.53"
  date: 2017-04-02
  changes:
    - type: major bug
      message: >
        Update to Windows Service Wrapper 2.0.3 and Windows Agent Installer 1.8 to prevent conversion of environment variables to lowercase in the agent executable, regression in Jenkins 2.50.
      pull: 2826
      references:
        - issue: 42744
        - url: https://github.com/kohsuke/winsw/blob/master/CHANGELOG.md#203
          title: WinSW Changelog
        - url: https://github.com/jenkinsci/windows-slave-installer-module/blob/master/CHANGELOG.md#18
          title: Windows Agent Installer changelog
    - type: rfe
      message: >
        GC Performance: Avoid using <code>FileInputStream</code> and <code>FileOutputStream</code> in the core codebase.
      references:
        - url: https://bugs.openjdk.java.net/browse/JDK-8080225
          title: JDK-8080225
        - issue: 42934
      pull: 2816
    - type: bug
      message: >
        Packaging:
        Do not invoke recursive <code>chown</code> in <code>JENKINS_HOME</code> during the RPM post-install step unless owned by a different user.
      issue: 23273
    - type: rfe
      issue: 34670
      pull: 2445
      message: >
        Internal API:
        Add support of a new full screen mode in <code>layout.jelly</code>.
- version: "2.54"
  date: 2017-04-09
  changes:
      # Not notable PRs: 2833, 2830, and 2519 were just internal cleanup; #2832 a very minor localization change
    - type: major rfe
      message: >
        <strong>Jenkins (master and agents) now requires Java 8 to run.</strong>
      references:
        - issue: 27624
        - issue: 42709
        - pull: 2802
        - url: /blog/2017/04/10/jenkins-has-upgraded-to-java-8/
          title: announcement blog post
    - type: major rfe
      message: >
        Non-Remoting-based CLI.
      references:
        - issue: 41745
        - pull: 2795
        - url: /blog/2017/04/11/new-cli/
          title: announcement blog post
    - type: rfe
      message: >
        Disable SSH server by default.
      issue: 33595
    - type: rfe
      message: >
        Use case-insensitive search by default for new and anonymous users.
      pull: 2801
      issue: 42645
    - type: bug
      message: >
        Introduce status indicator for skipped download job.
      issue: 40848
      pull: 2705
    - type: bug
      message: >
        Properly handle saving system configuration when disabling all, or all but one, administrative monitors.
      issue: 42852
      pull: 2828
    - type: bug
      message: >
        When validating a cron expression, consider the specified time zone.
      pull: 2824
      issue: 43228
- version: "2.55"
  date: 2017-04-15
  changes:
    - type: major bug
      message: >
        Packaging:
        Debian package now requires Java 8.
        (causes regression since 2.54).
      issue: 43495
    - type: rfe
      message: >
        Added fine-grain logging of <code>FullDuplexHttpService</code> to diagnose issues when establishing an HTTP Duplex connection.
      pull: 2481
    - type: bug
      message: >
        Update LibZFS from 0.5 to 0.8 to fix compatibility issues with ZFS filesystem and illumos distributions.
      issue: 41932
      pull: 2776
    - type: bug
      message: >
        Before deleting jobs, try to abort the running builds.
        Error will be thrown instead of the job deletion if its builds cannot be aborted.
      issue: 35160
      pull: 2789
    - type: bug
      message: >
        Ensure that <code>Cloud.PROVISION</code> is properly initialized during the configuration loading.
      issue: 43279
      pull: 2835
    - type: bug
      message: >
        Fix log message formatting when migrating `AllView` names
        due to <a href="https://issues.jenkins-ci.org/browse/JENKINS-38606">JENKINS-38606"</a>.
      issue: 43611
      pull: 2821
    - type: bug
      message: >
        Setup wizard gets into bad state when failures like network issues happen.
      issue: 41778
      pull: 2825
    - type: bug
      message: >
        Catch and log <code>RuntimeException</code> in <code>Computer#setNode()</code> when updating the Computer list.
      issue: 42043
      pull: 2836
    - type: bug
      message: >
        SSH CLI client authenticator 1.4. Add missing SSH Public Key field validation in user configuration.
      issue: 16337
      pull: 2840
    - type: rfe
      message: >
        Internal API: 
        SSH CLI client authenticator 1.3. 
        Expose <code>PublicKeySignatureWriter</code> to plugins.
      pull: 2840
- version: "2.56"
  date: 2017-04-23
  changes:
    - type: bug
      message: >
        Plugins did not expect <code>InvalidPathException</code> to be thrown in file-related methods, so wrap them in <code>IOException</code> to restore behavior (regression in 2.55).
      issue: 43531
      pull: 2849
    - type: bug
      message: >
        Remove links in stack traces to the <tt>stacktrace.jenkins-ci.org</tt> service that has been shut down.
      issue: 42861
      pull: 2811
    - type: bug
      message: >
        If an exception is thrown while rendering an HTTP response, just log the stack trace on the server side, without trying to send an error page to the client.
      issue: 21695
      pull: 2834
    - type: bug
      message: >
        Prevent <code>NullPointerException</code> when a non-existent default view is specified in <em>Configure System</em>.
      issue: 42717
      pull: 2815
    - type: bug
      message: >
        Deleting jobs with running builds could result in <code>NullPointerException</code> (regression in 2.55).
      issue: 43653
      pull: 2854
    # PR 2856: Not worth noting
- version: "2.57"
  date: 2017-04-26
  changes:
    - type: security
      message: Important security fixes.
      references:
        - url: https://jenkins.io/security/advisory/2017-04-26/
          title: security advisory
- version: "2.58"
  date: 2017-04-30
  changes:
    - type: rfe
      message: Use build display names in RSS feed titles.
      pull: 2845
    - type: rfe
      message: >
        Update the Trilead SSH library to get support of new Mac, Key, and Key Exchange Algorithms.
      references:
        - issue: 33021
        - issue: 26379
        - issue: 31549
      pull: 2848
    - type: rfe
      message: >
        Migrate legacy users only once per restart to improve performance of the user retrieval logic.
      pull: 2862
      issue: 43936
    - type: rfe
      message: >
        Internal: Pick up the latest release of version-number library.
      pull: 2851
      issue: 43733
    - type: rfe
      message: >
        Internal: Refactor <code>ProcessTree.Windows</code> logic to propagate errors.
      pull: 2859
      issue: 43825
- version: "2.59"
  date: 2017-05-07
  changes:
    - type: major bug
      message: Move to latest version of Trilead to fix SSH connection issues following a previous Trilead upgrade.
      references:
        - issue: 42959
        - issue: 43979
        - issue: 44046
      pull: 2872
    - type: rfe
      message: Prevent Internet Explorer from caching AJAX requests using <tt>Cache-Control</tt> header.
      pull: 2861
      issue: 43929
    - type: bug
      message: Properly fail with error when updating view with CLI using input of a different view type.
      pull: 2804
      issue: 42728
    - type: bug
      message: >
        Fix <tt>AccessDeniedException</tt> in "Build after other projects are built" when user has Discover permission but not Read.
      issue: 42707
      pull: 2846
    - type: bug
      message: Properly log failure due to empty archive in Pipeline.
      issue: 38005
      pull: 2823
    - type: bug
      message: Prevent rare <code>NullPointerException</code> if an admin user is created in the setup wizard after first disabling CSRF protection.
      pull: 2868
      issue: 44010
    # not notable:
    # Do not load detached plugins during tests #2829
    # Improved OldDataMonitorTest.unlocatableRun #2860
    # Indicate the actual protocol being served by TcpSlaveAgentListener #2863
    # Suppressing test flakiness #2871
- version: "2.60"
  date: 2017-05-10
  changes:
    - type: rfe
      message: >
        Update to Windows Service Wrapper 2.1.0 to support new features: <tt>download</tt> command with authentication, flag for startup failure on <tt>download</tt> error, Delayed Automatic Start mode.
      issue: 43737
      pull: 2870
    - type: rfe
      message: >
        Windows services: Add system property that allows disabling WinSW automatic upgrade on agents.
      pull: 2870
      references:
        - issue: 43603
        - url: https://github.com/jenkinsci/windows-slave-installer-module#disabling-automatic-upgrade
          title: more information
    - type: bug
      message: >
        Windows services: Restore compatibility of the <code>WindowsSlaveInstaller#generateSlaveXml()</code> method (regression in 2.50, no known external usages).
      issue: 42745
      pull: 2870
    - type: bug
      message: >
        Windows services: Prevent fatal file descriptor leak when agent service installer fails to read data from the service <tt>startup.log</tt>.
      issue: 43930
      pull: 2870
    - type: bug
      message: >
        Use full display name for runs in RSS feed to restore the project name there (regression in 2.59).
      issue: 44117
      pull: 2878
    - type: rfe
      message: >
        Internal: Generalize the changelog API to support non-<code>AbstractBuild</code> run types.
      issue: 24141
      pull: 2730
- version: "2.61"
  date: 2017-05-14
  changes:
    - type: major rfe
      message: >
        Upgrade Groovy from 2.4.8 to 2.4.11.
      references:
        - url: http://groovy-lang.org/changelogs/changelog-2.4.9.html
          title: Groovy 2.4.9 changelog
        - url: http://groovy-lang.org/changelogs/changelog-2.4.10.html
          title: Groovy 2.4.10 changelog
        - url: http://groovy-lang.org/changelogs/changelog-2.4.11.html
          title: Groovy 2.4.11 changelog
        # pull: 2814
    - type: major rfe
      message: >
        Integration of Winstone 4.0: Upgrade bundled Jetty from 9.2.15.v20160210 to 9.4.5.v20170502.
        <strong>This removes support for the deprecated SPDY protocol.
        The <tt>--spdy</tt> parameter has been removed accordingly and Jenkins may refuse to start if it's set.</strong>
      pull: 2850
      issue: 43713
      references:
        - title: full changelog
          url: "https://github.com/jenkinsci/winstone/blob/master/CHANGELOG.md#40"
    - type: bug
      message: >
        Jetty 9.4.5: 
        Prevent the <i>400 Bad Host header</i> error for <code>HttpChannelOverHttp</code> when operating behind reverse proxy.
      pull: 2850
      references:
        - issue: 40693
        - title: corresponding Jetty issue
          url: "https://github.com/eclipse/jetty.project/issues/592"
    - type: rfe
      message: >
        Update the Mailer plugin version installed when updating from very old Jenkins releases to include the fix for SECURITY-372, the SSH Slaves plugin for SECURITY-161, and the Script Security plugin for SECURITY-258.
      references:
        - url: https://jenkins.io/security/advisory/2017-03-20/
          title: SECURITY-372
        - url: https://jenkins.io/security/advisory/2017-03-20/
          title: SECURITY-161
        - url: https://jenkins.io/security/advisory/2016-04-11/
          title: SECURITY-258
        # pull: 2817
    - type: rfe
      message: Freestyle projects may now list Pipeline jobs as downstream and trigger them, without needing to use the Parameterized Trigger plugin or reverse triggers ("Build after other projects are built").
      issue: 28113
      pull: 2873
    - type: rfe
      message: >
        Internal: Define enabling/disabling in <code>ParameterizedJob</code> rather than <code>AbstractProject</code>.
      issue: 27299
      pull: 2866
    - type: rfe
      message: >
        Internal: Offer default methods on <code>ParameterizedJob</code> to have less boilerplate code.
      pull: 2864
  # pull 2884: too minor (Javadoc)
- version: "2.62"
  date: 2017-05-21
  changes:
    - type: rfe
      message: >
        Fixed Pipeline compatibility for a number of CLI commands (<tt>delete-builds</tt>, <tt>list-changes</tt>, <tt>console</tt>, <tt>set-build-description</tt>, and <tt>set-build-display-name</tt>),
        as well as some issues affecting error reporting in other commands when used with Pipeline.
      pull: 2874
      references:
        - issue: 30785
        - issue: 41527
    - type: rfe
      message: >
        If you have the Authorize Project plugin installed and configured, its configuration will now be treated as final with respect to the behavior of <em>Job/Build</em> checks from <strong>Build other projects</strong> and <strong>Build after other projects are built</strong>.
        Formerly, if a <strong>Per-project configurable Build Authorization</strong> was enabled globally but some projects did not specify an <strong>Authorization</strong>, the two aforementioned checks would automatically fall back to checking as anonymous (typically denying build permission).
        To restore the former behavior, explicitly configure a <strong>Project default Build Authorization</strong> to be <strong>Run as anonymous</strong>.
        Note that this will affect all build-scoped permission checks, including for example <em>Agent/Build</em>.
      issue: 22949
      pull: 2881
    - type: rfe
      message: >
        Internal API: <code>Tasks.getAuthenticationOf</code> now honors authentication contributed by <code>QueueItemAuthenticatorProvider</code> extensions.
      pull: 2880
    - type: rfe
      message: >
        Update WinP from 1.24 to 1.25 to improve performance and diagnostics
        of issues like <a href="https://issues.jenkins-ci.org/browse/JENKINS-30782">JENKINS-30782</a>.
      pull: 2893
      references:
        - title: full changelog
          url: "https://github.com/kohsuke/winp/blob/master/CHANGELOG.md#125"
    - type: bug
      message: >
        Fix for <code>NullPointerException</code> while initiating some SSH connections (regression in 2.59).
      issue: 44120
      pull: 2888
    - type: bug
      message: >
        Prevent <code>StackOverflowError</code> in log recorder when Winstone-Jetty debug logging is enabled. (regression in 2.61)
      pull: 2894
      references:
        - issue: 44330
        - title: corresponding Jetty issue
          url: https://github.com/eclipse/jetty.project/issues/1563
    # pull 2879: too minor (interface default methods to get rid of internal hackery)
- version: "2.63"
  date: 2017-05-28
  changes: []
    # pull 2306 too minor and irrelevant for default Jenkins
- version: "2.64"
  date: 2017-06-04
  changes:
    - type: rfe
      message: >
        Moved agent port and protocol configuration out of "security" (authentication and authorization) block in Configure Global Security.
      issue: 4478
      pull: 2900
    - type: rfe
      message: >
        Add section headers for Markup Formatter and CSRF Protection in Configure Global Security form to make these options more obvious.
      pull: 2900
    - type: rfe
      message: >
        Use one-column layout for REST API documentation (<tt>.../api</tt> URLs).
      pull: 2905
      issue: 44563
    - type: bug
      message: >
        Update jnr-posix from 3.0.1 to 3.0.41 to pick up improvements and fixes in the POSIX platforms support.
      pull: 2904
    - type: bug
      message: >
        Jenkins failed to perform some cleanup tasks, including saving the build queue, if stopped via REST <tt>/exit</tt>,
        CLI <tt>shutdown</tt>, or when restarting from <em>Install as Windows Service</em>.
      pull: 2908
      issue: 44589
    - type: bug
      message: >
        Don't check whether disabled administrative monitors are active or not on the <em>Manage Jenkins</em> page.
      issue: 44608
      pull: 2909
    - type: bug
      message: >
        Do not submit form when pressing <kbd>Enter</kbd> in the plugin manager's filter field.
      pull: 2902
      issue: 44523
    - type: rfe
      message: >
        Plugin Development: Jenkins now no longer publishes a <code>war-for-test</code> artifact. Plugins using this or a later version of Jenkins as baseline need to use plugin parent POM 2.30 or later.
      pull: 2899
      issue: 24064
    # pull: 2901 too minor: Annotate Launcher and LauncherDecorator methods
    # pull: 2906 too minor: Make functional tests a little quieter so we can focus on test output rather than boilerplate logging
    # pull: 2907 too minor: Noting functionality which really ought to have been factored out into external-monitor-job but could not be
- version: "2.65"
  date: 2017-06-11
  changes:
    - type: bug
      message: >
        Prevent <code>NullPointerException</code> when calling <code>restart</code> CLI command (regression in 2.57).
      issue: 44769
      pull: 2912
    - type: major bug
      message: >
        Packaging: Docker alpine image had a Jenkins-incompatible JDK installation (regression in 2.64).
      references:
        - issue: 44733
        - title: corresponding Alpine Linux issue
          url: https://bugs.alpinelinux.org/issues/7372
- version: "2.66"
  date: 2017-06-18
  changes:
    - type: bug
      message: >
        When starting the <code>jenkins.war</code> directly, properly check for Java 8 as minimum instead of Java 7 before proceeding.
      issue: 44764
      pull: 2917
    - type: rfe
      message: >
        Allow overriding the Jenkins session ID suffix so it doesn't change on every restart, possibly resulting in too many cookies.
      pull: 2917
      references:
        - url: https://github.com/jenkinsci/extras-executable-war#jetty-session-ids
          title: how to set session ID
        - issue: 25046
        - issue: 44894
    - type: bug
      message: >
        Fix resource loading in plugins using the <code>PluginFirstClassLoader</code>, e.g. loading Groovy classes from plugin resources.
      pull: 2916
      issue: 44898
    - type: bug
      message: >
        Prevent possible <code>NullPointerException</code> when listing remote directories using the <code>FilePath#list()</code> and <code>FilePath#listDirectories()</code> APIs.
      pull: 2914
      issue: 44942
- version: "2.67"
  date: 2017-06-25
  changes:
    - type: rfe
      message: >
        Enable simpler syntax for <code>upstream</code> build trigger in pipelines.
      issue: 34464
      pull: 2895
    - type: rfe
      message: >
        Remove the "JNLP" protocol references from the TCP Agent Listener log messages.
      issue: 44103
      pull: 2896
    - type: bug
      message: >
        Internal: Update Annotation Indexer to 1.12 to work around JRE bug in tests.
      references:
        - url: https://bugs.openjdk.java.net/browse/JDK-8182744
          title: JDK-8182744
      pull: 2924
- version: "2.68"
  date: 2017-07-02
  changes:
    - type: major rfe
      message: >
        Update Remoting from 3.7 to 3.10 adding opt-in support for work directories and improving logging in Jenkins agents.
      references:
        - title: work directory documentation
          url: https://github.com/jenkinsci/remoting/blob/master/docs/workDir.md
        - title: logging documentation
          url: https://github.com/jenkinsci/remoting/blob/master/docs/logging.md
        - title: remoting changelog
          url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#38
        - issue: 39370
    - type: rfe
      message: >
        The <code>reload-configuration</code> CLI command now waits until the reload is finished, and returns an error code if the reload failed.
      issue: 45256
      pull: 2931
    - type: bug
      message: >
        Follow HTTP redirects while initiating CLI connection.
      issue: 44361
      pull: 2897
    - type: bug
      message: >
        Add documentation for time zone specification for cron patterns (e.g. SCM polling).
      issue: 9283
      pull: 2927
    - type: bug
      message: >
        Robustness improvements related to agent connections.
      references:
        - issue: 43496
        - issue: 38527
      pull: 2922
      # also pull: 2923
- version: "2.69"
  date: 2017-07-09
  changes:
    - type: major rfe
      message: >
        SSHD Module 2.0: Update from SSHD Core 0.14.0 to Apache MINA SSHD 1.6.0 in Jenkins core and Jenkins CLI.
      references:
        - title: changelog
          url: https://github.com/jenkinsci/sshd-module/blob/master/CHANGELOG.md#20
        - title: plugin compatibility notice
          url: https://github.com/jenkinsci/sshd-module/blob/master/CHANGELOG.md#20-compatibility-notice
        - issue: 43668
      pull: 2853
    - type: rfe
      message: >
        SSHD Module 2.0: Enable aes192ctr and aes256ctr ciphers if JVM supports unlimited-strength encryption.
      issue: 39738
      pull: 2853
- version: "2.70"
  date: 2017-07-16
  changes:
    - type: bug
      message: >
        Fix version number shown in 2.0 upgrade wizard.
      issue: 45459
- version: "2.71"
  date: 2017-07-23
  changes:
    - type: rfe
      message: >
        Winstone 4.1: Add Jetty HTTP/2 connector and corresponding options for Winstone-Jetty.
      references:
        - issue: 45438
        - url: https://github.com/jenkinsci/winstone#http2-support
          title: enabling HTTP/2 support in Winstone-Jetty
      pull: 2937
    - type: rfe
      message: >
        Don't reload user records from disk unless explicitly requested to improve performance of user record access.
      issue: 45737
      pull: 2928
    - type: bug
      message: >
        Prevent <tt>NullPointerException</tt> in <code>Jenkins#getRootURL()</code> while the instance is not fully loaded yet.
      issue: 34914
      pull: 2935
    - type: bug
      message: >
        Contributions to the PATH environment variable could result in malformed values on agents on a platform different from master's.
      issue: 14807
      pull: 2936
    - type: bug
      message: >
        JNLP for launching agents now requests Java 8.
      pull: 2944
      issue: 45679
    - type: bug
      message: >
        Prevent <tt>NullPointerException</tt> when a previous completed build is missing for upstream culprits check.
      issue: 45516
      pull: 2941
    - type: bug
      message: >
        Correctly show or suppress warnings about undefined parameters based on <code>hudson.model.ParametersAction.keepUndefinedParameters</code> system property.
      issue: 45519
      pull: 2939
    - type: bug
      message: >
        Internal: Delete obsolete SECURITY-144-compat exclusion that can break tests.
      pull: 2940
      issue: 25625
- version: "2.72"
  date: 2017-07-30
  changes:
    - type: rfe
      message: >
        Enable remoting work directories by default for newly created agents launched via JNLP (Java Web Start Launcher).
      pull: 2945
      references:
        - issue: 44112
        - url: https://github.com/jenkinsci/remoting/blob/master/docs/workDir.md
          title: feature documentation
    - type: rfe
      message: >
        Always follow redirects for downloading update center metadata, so misbehaving plugins cannot break it.
      pull: 2951
      issue: 38185
    - type: rfe
      message: >
        Minor optimization to queue maintenance routines and printing of console notes, mainly for the benefit of Pipeline node blocks.
      issue: 45553
      pull: 2947 # and 2948
    - type: bug
      message: >
        Don't monitor response time on offline agents.
      issue: 20272
      pull: 2911
- version: "2.73"
  date: 2017-08-06
  changes:
    - type: rfe
      message: >
        Avoid unnecessary locking to improve performance related to actions.
      issue: 45244
      pull: 2933
    - type: rfe
      message: >
        Improve performance when reading the console text of a build.
      issue: 45915
      pull: 2958
    - type: rfe
      message: >
        Add Polish translations for setup wizard.
      pull: 2952
    - type: bug
      message: >
        Reliably close build log file when using chained <code>BuildListener</code>s.
      references:
        - issue: 45057
        - issue: 43199
      pull: 2954
    - type: bug
      message: >
        Modify the JNLPLauncher configuration page to work around regression in Docker Plugin (regression in 2.72).
      issue: 45895
      pull: 2962
    # pull: 2960 not notable enough
    # pull: 2963 not notable enough
    # pull: 2964 not notable enough
- version: "2.74"
  date: 2017-08-15
  changes:
    - type: major rfe
      message: >
        Upgrade Stapler library from 1.250 to 1.252.
      references:
        - pull: 2956
        - url: https://github.com/stapler/stapler/blob/master/CHANGELOG.md
          title: Stapler changelog
    - type: major bug
      message: >
         Stapler 1.252: Prevent file handle leak in <code>LargeText#GzipAwareSession</code>.
      issue: 45903
      pull: 2956
    - type: major bug
      message: >
        Prevent core or plugin code from mistakenly attempting to serialize jobs, builds, and users except in their intended top-level XML file positions, preventing a class of serious deserialization-related errors.
      issue: 45892
      pull: 2957
    - type: bug
      message: >
        Stapler 1.252: Restore ability to attach views to interfaces (regression in Jenkins 2.46).
      issue: 43715
      pull: 2956
    - type: rfe
      message: >
        Improve Polish localization.
      pull: 2974
    - type: rfe
      message: >
        Log name of the executor thread that died to improve diagnosability.
      issue: 42376
      pull: 2970
    - type: bug
      message: >
        Prevent caching of the item categories list by the browser to prevent stale data.
      pull: 2973
      issue: 43848
    - type: rfe
      message: >
        Update Agent Installer module to 1.6 for minor fixes and enhancements.
      references:
        - pull: 2965
        - url: https://github.com/jenkinsci/slave-installer-module/blob/master/CHANGELOG.md#16
          title: changelog
    - type: bug
      message: >
        Show display name of the current view in window title.
      # Improvement too minor: Only use the special 'Dashboard' label outside any folder
      pull: 2969
    - type: bug
      message: >
        Include culprits in XML and JSON API again (regression in 2.60).
      issue: 46082
      pull: 2978
    - type: bug
      message: >
        Improve robustness of the reverse build trigger ("Build after other projects are built").
      pull: 2966
      issue: 45909
    - type: rfe
      message: >
        Internal: Cleanup of Maven dependencies in Jenkins core, allowing plugins depending on this version or later to build without “upper bound” dependency warnings on recent Maven HPI Plugin releases.
      pull: 2956
    # pull: 2971 not notable enough
    # pull: 2968 not notable enough
- version: "2.75"
  date: 2017-08-20
  changes:
    - type: rfe
      message: >
        Update Windows service wrapper from 2.1.0 to 2.1.2 and Windows Agent Installer from 1.9 to 1.9.1.
      references:
        - url: https://github.com/kohsuke/winsw/blob/master/CHANGELOG.md
          title: Windows service wrapper changelog
        - url: https://github.com/jenkinsci/windows-slave-installer-module/blob/master/CHANGELOG.md
          title: Windows agent installer changelog
        - pull: 2987
        - issue: 46282
    - type: rfe
      message: >
        Disable obsolete JNLP, JNLP2, and CLI protocols on new Jenkins installations during Setup Wizard.
      references:
        - issue: 45841
        - url: /blog/2017/08/11/remoting-update/
          title: announcement blog post
      pull: 2950
    - type: bug
      message: >
        Button to validate proxy configuration in Manage Plugins now works correctly with NTLM authorization.
      pull: 2984
      issue: 46288
    # pull: 2981 not notable
- version: "2.76"
  date: 2017-08-27
  changes:
    - type: major rfe
      message: >
        Update remoting from 3.10 to 3.11 to improve stability and diagnosability.
      references:
        - issue: 37567
        - issue: 43985
        - issue: 45023
        - issue: 45233
        - issue: 45522
        - issue: 46259
        - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#311
          title: full changelog
      pull: 2988
    - type: rfe
      message: >
        Major update of the Bulgarian translation.
      pull: 2983
    - type: rfe
      message: >
        Internal: Allow <code>EnvironmentContributingAction</code> to support <code>Run</code> in addition to <code>AbstractProject</code>.
      issue: 29537
      pull: 2993 # amends 2975
    - type: rfe
      message: >
        Internal: Updated parent POM; Jenkins core now requires Maven 3.3.9 or newer to build.
      pull: 2985
- version: "2.77"
  date: 2017-09-03
  changes:
    - type: rfe
      message: >
        Default the built-in Jenkins Update Center URL to <code>https://updates.jenkins.io</code> instead of obsolete HTTP endpoint.
        <strong>This requires a JRE compatible with <a href="https://letsencrypt.org/docs/certificate-compatibility/#known-compatible">Let's Encrypt</a>, e.g. Oracle JRE 8u101.</strong>
      pull: 2996
    - type: bug
      message: >
        Fix problem with auto upgrade when using custom <code>JENKINS_HOME</code> on Windows.
      issue: 13153
      pull: 2992
    - type: bug
      message: >
        Administrative monitor did not detect when Tomcat's URL escaping does not permit forward slashes.
      issue: 31068
      pull: 2977
    - type: bug
      message: >
        Fix broken UI for users with Discover permission when renaming a job.
      issue: 41637
      pull: 2910
    - type: rfe
      message: >
        Internal: Avoid code duplication using default methods.
      pull: 2999
    # pull: 2997 too minor
    # pull: 2989 too minor / don't want to give impression that this use is supported
- version: "2.78"
  date: 2017-09-10
  changes:
    - type: rfe
      message: >
        Moved Jenkins agent runtime to <code>agent.jar</code> file name, and deprecate (but still support) use of legacy <code>slave.jar</code>.
        Introduce the <code>AGENTJAR_URL</code> environment variable as replacement for <code>SLAVEJAR_URL</code>.
      pull: 3004
      issue: 35451
    - type: bug
      message: >
        Accept <code>Basic</code> authentication headers case-insensitively.
      pull: 3002
      issue: 44663
    - type: rfe
      message: >
        Internal: Implement <code>DescriptorByNameOwner</code> using Java 8 interface default method.
        Make <code>Computer</code> a <code>DescriptorByNameOwner</code> allowing its use as <code>@AncestorInPath</code>.
      pull: 3009
    # pull: 2959 not notable enough
    # pull: 3001 not notable enough
    # pull: 2995 not notable enough
    # pull: 2986 was reverted by 3013
- version: "2.79"
  date: 2017-09-17
  changes:
    - type: major bug
      message: >
        Fix random failures to use passphrase-protected ed25519 SSH private keys (regression in 2.73).
      issue: 46754
      pull: 3026
    - type: major bug
      message: >
        Update remoting library from 3.11 to 3.12 to fix regression in Jenkins 2.68 when using non-writable home directories.
      references:
        - issue: 45755
        - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#312
          title: full changelog
        - url: https://jenkins.io/doc/upgrade-guide/2.73/#known-issue-agent-connection-failures-involving-jenkins-masters-with-undefined-or-non-writable-home-directory
          title: issue description in 2.73.1 upgrade guide
      pull: 3025
    - type: rfe
      message: >
        Add description of nodes to their remote API.
      issue: 42854
      pull: 2807
    - type: bug
      message: >
        Disconnect node on ping timeout instead of leaving the channel half open.
      pull: 3005
      issue: 46680
    - type: rfe
      message: >
        Internal: Require Java 8u101 to build Jenkins, as that's the minimum required to run it since 2.77.
      pull: 3015
    # pull 2998 (parent POM) doesn't seem notable enough
    # pull 3000 impact unknown. Just some minor robustness fix?
    # pull 3023 too minor
- version: "2.80"
  date: 2017-09-24
  changes:
    - type: rfe
      message: >
        Improve error reporting when failing to archive artifacts.
      pull: 2976
    - type: bug
      message: >
        Save the current Jenkins version whenever saving the Jenkins object, e.g. when saving the global security configuration.
        Plugins may rely on this information for data migration that would be triggered unnecessarily.
      pull: 3010
      issue: 42577
    - type: bug
      message: >
        Prevent possible <code>NullPointerException</code> when removing an item from a list view due to a race condition.
      pull: 3007
      issue: 23411
    - type: bug
      message: >
        Avoid a possible server-side timeout on long-running CLI commands using plain HTTP mode by sending periodic pings from the client.
      pull: 3011
      issue: 46659
    - type: bug
      message: >
        Renaming or moving a folder failed to properly move build directories of its children when using custom build directory, resulting of loss of their builds.
      pull: 2932
      issue: 44657
    - type: rfe
      message: >
        Developer: Deprecate <code>hudson.util.TimeUnit2</code> and replace with <code>java.util.concurrent.TimeUnit</code>.
      pull: 2892
    # pull 3019 too minor (CLI crumb code cleanup)
    # pull 3024 too minor (JTH update)
    # pull 3027 too minor (clean up tests)
    # pull 3020 too minor (suppress compiler warnings)
    # pull 3032 too minor (imports)
    # pull 3039 too minor (test fixed)
- version: "2.81"
  date: 2017-09-27
  changes:
    - type: security
      message: >
        Jenkins 2.80 did not initialize the setup wizard on new installations, causing various security options including authentication and authorization to be turned off by default, granting anonymous administrator access.
      references:
        - url: /security/advisory/2017-09-27/
          title: security advisory
        - url: https://groups.google.com/d/msg/jenkinsci-advisories/4fo3FKaLPeg/OuCcovu3AgAJ
          title: notification
        - issue: 47139
      pull: 3050
- version: "2.82"
  date: 2017-10-01
  changes:
    - type: major bug
      message: >
        <tt>favicon.ico</tt> and other binary resource files were broken since 2.79 because they were incorrectly filtered during the build.
      issue: 47127
      pull: 3052
    - type: bug
      message: >
        Don't log warning when an anonymous user sends an invalid crumb, usually just an expired session.
      issue: 40344
      pull: 3049
    - type: major bug
      message: >
        Developer: Fix <code>TimeDuration</code> time unit handling and its incorrect usage.
        <code>TimeDuration</code> uses milliseconds as the default unit.
        It was supposed to parse <code>sec</code> or <code>secs</code> suffix to interpret the number as seconds, but that never worked.
      issue: 44052
      pull: 3043
    - type: bug
      message: >
        Developer: Create a copy of a list of parameters in <code>ParametersAction</code> constructor before storing them to improve robustness when the caller reuses that list.
      issue: 45472
      pull: 3028
    # pull 3054 too minor (Chinese translation)
    # pull 3053 too minor (JTH update)
    # pull 3058 too minor (followup to #3043)
- version: "2.83"
  date: 2017-10-08
  changes:
    - type: bug
      message: >
        Fix potential HTTP 414 error in form validation of long Batch/Shell tool installer scripts.
      issue: 47058
      pull: 3037
    - type: bug
      message: >
        Fix link from build cause or page header to user profile in case of unusual user names.
      pull: 3046
      issue: 32623
    - type: bug
      message: >
        Properly display agent launch arguments when using nested launch methods.
      issue: 47056
      pull: 3034
    # pull 3056 too minor (Chinese l10n)
    # pull 3041 fixed a test
    # pull 3031 got reverted
    # pull 3062 reverted 2031
    # pull 3040 reduces log clutter only
- version: "2.84"
  date: 2017-10-11
  changes:
    - type: security
      message: Important security fixes.
      references:
        - url: https://jenkins.io/security/advisory/2017-10-11/
          title: security advisory
- version: "2.85"
  date: 2017-10-15
  changes:
    - type: rfe
      message: >
        Upgrade Remoting from 3.12 to 3.13.
      pull: 3061
      references:
        - issue: 47132
        - issue: 38711
        - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#313
          title: full changelog
    - type: rfe
      message: >
        Restart agent communication related threads on both master and agents when encountering an unhandled exception, if possible, to improve stability.
      issue: 38711
      pull: 3017 # and 3061
    - type: rfe
      message: >
        Improve performance by not querying queue dispatchers from the UI.
      issue: 20046
      pull: 3038
    - type: rfe
      message: >
        Use node display name when printing "built on" message in the build log.
      pull: 3051
      issue: 47168
    - type: rfe
      message: >
        Enable <code>cc.xml</code> to export jobs in folders recursively when accessed with a query parameter named <code>recursive</code>.
      pull: 3060
      issue: 36282
    - type: rfe
      message: >
        Add new administrative monitor warning users about disabled CSRF protection.
      issue: 47372
      pull: 3072
    - type: bug
      message: >
        In rare configurations, agents tried to load unloadable classes from the master, resulting in <code>ClassNotFoundException: javax.servlet.ServletContextListener</code> on agents.
      pull: 3067
      issue: 46386
    - type: bug
      message: >
        Jenkins did not correctly show parts of pipeline builds in side panel widgets if the current view is configured to filter their content.
      pull: 3008
      issue: 46759
    - type: rfe
      message: >
        Developer: Make <code>Xstream2#addCriticalField</code> available for use in plugins.
      pull: 3066
    # pull: 3055 too minor (test fix)
    # pull: 3063 too minor (test fix)
    # pull: 3070 too minor (suppress test)
- version: "2.86"
  date: 2017-10-22
  changes:
    - type: major rfe
      pull: 3076
      message: >
        <em>Launch agent via execution of command on the master</em> has been moved to a new <em>Command Launcher</em> plugin and integrated with the <em>Script Security</em> plugin.
      references:
        - issue: 47393
        - url: https://plugins.jenkins.io/command-launcher
          title: Command Launcher plugin site entry
        - url: https://jenkins.io/security/advisory/2017-10-11/#arbitrary-shell-command-execution-on-master-by-users-with-agent-related-permissions
          title: related security advisory
    - type: rfe
      issue: 36282
      pull: 3081
      message: >
        Add link to recursive <code>cc.xml</code> output on build history page.
    - type: major bug
      issue: 47448
      pull: 3093
      message: >
        Fix <em>Download from java.sun.com</em> installation method for JDK for downloads requiring an Oracle login after change to the Oracle site.
    - type: bug
      pull: 3097
      issue: 47500
      message: >
        <code>Secret</code> threw <code>ArrayIndexOutOfBoundsException</code> trying to decrypt <code>{}</code>.
    - type: bug
      issue: 47455
      pull: 3090
      message: >
        Race conditions in agents going offline could result in an exception when picking a workspace for a build.
    - type: bug
      issue: 35459
      pull: 2994 # and 3089
      message: >
        Prevent duplicated elements with incorrect URL when using the search on Dashboard View plugin based views.
    - type: bug
      pull: 3099
      issue: 47517
      message: >
        <code>StackOverflowError</code> thrown under some conditions when using Pipeline on 2.85.
    - type: bug
      issue: 47416
      pull: 3088
      message: >
        Prevent <code>NullPointerException</code> updating a folder with a primary view specified in Folders plugin 6.2.0.
    - type: rfe
      pull: 3077
      message: >
        Developer: Add an empty default implementation for previously <code>abstract</code> methods of <code>SecurityListener</code>.
    - type: rfe
      pull: 3091
      message: >
        Developer: Deprecate <code>hudson.util.Memoizer</code> and replace its usage in core.
    - type: bug
      pull: 3069
      message: >
        Developer: <code>Slave.JnlpJar.getURL</code> did not work in some modes when core had a snapshot dependency on <code>remoting</code>.
    # pull: 3092 too minor (fix README typos)
    # pull: 3068 too minor (Chinese l10n)
    # pull: 3085 too minor (Chinese l10n)
    # pull: 3096 internal cleanup
    # pull: 3098 flaky test
- version: "2.87"
  date: 2017-10-29
  changes:
    - type: rfe
      message: >
        Stapler library upgraded from 1.252 to 1.253 with Servlet 3.1 support, improved Blue Ocean performance and changes of interest to plugin developers.
      references:
        - issue: 37062
        - url: https://github.com/stapler/stapler/blob/master/CHANGELOG.md#1253
          title: Stapler changelog
      pull: 3033
    - type: rfe
      message: >
        Commons Codec library upgraded from 1.8 to 1.9.
      pull: 3033
    - type: rfe
      message: >
        Agents JVM must be 1.8+ and a clear message is shown in connection logs if it is not.
      pull: 2915
      issue: 44851
    - type: rfe
      message: >
        Major improvement to Italian localization.
      pull: 3075
    - type: rfe
      message: >
        Improvements to Chinese localization.
      references:
        - pull: 3104
        - pull: 3105
    - type: rfe
      message: >
        Retrieving the list of installed plugins now consumes much less memory.
      issue: 47713
      pull: 3109
    - type: bug
      message: >
        When the Jenkins root URL was not configured, the <code>login</code> CLI command did not work.
    - type: bug
      message: >
        Allow users with <code>Job/Cancel</code> permission to abort pipeline builds from the builds history widget.
      pull: 3101
    - type: bug
      message: >
        Jobs no longer disappear from NestedView lists after renaming.
      pull: 1798
      issue: 25276
    - type: rfe
      message: >
        Internal: Move metadata about plugins split from core into a resource file.
      pull: 3110
    - type: rfe
      message: >
        Developer: Add <code>ExtensionList#lookupSingleton</code> convenience method.
      pull: 3021
    # pull: 3102 too minor (some pt-BR translations)
- version: "2.88"
  date: 2017-11-05
  changes:
    - type: rfe
      message: >
        Add sidebar link to create new view.
      pull: 3086
      issue: 6290
    - type: rfe
      message: >
        Improve robustness of the <code>/user/(username)/configure</code> page when a <code>UserProperty</code> is missing its descriptor.
      pull: 3121
      issue: 45977
    - type: rfe
      message: >
        Improve Russian localization.
      references:
        - pull: 3113
        - pull: 3115
    # pull: 3117 too minor (remove log message)
    # pull: 3108 too minor (Maven profile change)
    # pull: 3118 test fixes
    # pull: 3119 test fix
- version: "2.89"
  date: 2017-11-08
  changes:
    - type: security
      message: Security fixes.
      references:
        - url: https://jenkins.io/security/advisory/2017-11-08/
          title: security advisory
- version: "2.90"
  date: 2017-11-12
  changes:
    - type: major bug
      message: >
        Recover from legacy user configuration folders with <code>$</code> characters that are not part of hex escape sequences. (Regression in 2.89)
      issue: 47909
      pull: 3134
    - type: major bug
      message: >
        Fix <em>Download from java.sun.com</em> installation method for JDK for downloads requiring an Oracle login after change to the Oracle site (again).
      pull: 3136
      issue: 47448
    - type: rfe
      message: >
        Update Remoting from 3.13 to 3.14 in order to apply various performance and stability improvements.
      pull: 3138
      references:
        - url: https://github.com/jenkinsci/remoting/blob/master/CHANGELOG.md#314
          title: full changelog
        - issue: 37566
        - issue: 45294
        - issue: 47425
        - issue: 47901
        - issue: 47942
    - type: rfe
      message: >
        Add option to trim specified string parameter values.
      issue: 47115
      pull: 3106
    - type: rfe
      message: >
        Update Windows Agent Installer from 1.9.1 to 1.9.2:
        Do not try to update <code>jenkins-slave.exe</code> on Unix agents when they connect.
      pull: 3130
      references:
        - url: https://github.com/jenkinsci/windows-slave-installer-module/blob/master/CHANGELOG.md#192
          title: full changelog
        - issue: 47015
    - type: rfe
      message: >
        Add a note explaining that the nodes count in label selection does not take into account permissions or other plugins.
      issue: 47940
      pull: 3137
    - type: rfe
      message: >
        Improve Chinese localization.
      pull: 3127
    - type: rfe
      message: >
        Updated default workspace directory naming for new installations to use filesystem-safe variable <code>ITEM_FULL_NAME</code>.
      pull: 3124
      issue: JENKINS-12251
    - type: bug
      message: >
        Fix icon for Manage Jenkins link in the sidebar of the Global Tool Configuration form.
      pull: 3139
    - type: bug
      message: >
        Prevent caching of captcha on the login form.
      pull: 3126
      issue: 43852
    - type: bug
      message: >
        Ensure that the <em>authenticated</em> group is not added twice to the authorities for a user.
      issue: 47768
      pull: 3123
    # pull: 3131 too minor (French translation fix)
    # pull: 3132 too minor (Javadoc)
- version: "2.91"
  date: 2017-11-19
  changes:
    - type: major rfe
      references:
        - issue: 36088
        - issue: 39179
      pull: 3133
      message: >
        Use Java NIO library instead of native code to create and detect symbolic links and Windows junctions to improve compatibility and robustness.
    - type: bug
      issue: 34138
      pull: 3042
      message: >
        Prevent concurrent installation of Maven on the same node to prevent problems.
    - type: rfe
      issue: 47718
      pull: 3114
      message: >
        Developer: Deprecate the ambiguous <code>User#getUser(String)</code> in favor of the <code>User#getById()</code> or the new <code>User#getOrCreateByIdOrFullName()</code> methods.
    - type: rfe
      pull: 3122
      message: >
        Developer: Implement default methods in <code>TaskListener</code> and <code>BuildListener</code> interfaces so they don't have to be implemented in subclasses.
- version: "2.92"
  date: 2017-11-26
  changes:
    - type: rfe # https://github.com/jenkinsci/jenkins/pull/3154#issuecomment-345983962
      pull: 3154
      issue: 48116
      message: >
        Revert internal change that broke assumption in <code>ruby-runtime</code> in 2.91, impacting plugins based on it.
    - type: rfe
      pull: 3143
      issue: 48350
      message: >
        Improve UI performance with long list of running builds by caching the estimated duration.
    - type: rfe
      pull: 3155
      issue: 48349
      message: >
        Cache permission names, allowing Jenkins to recover faster after "stop-the-world" Java GC pauses.
    - type: bug
      pull: 3156
      issue: 48157
      message: >
        Prevent potential <code>NullPointerException</code> when migrating the default "All View" name for a "My Views" user property.
    - type: rfe
      pull: 3149
      message: >
        Developer: Add <code>AccessControlled#hasPermission(Authentication, Permission)</code> for convenience.
    # pull: 3153 too minor: Grammar fixes
    # pull: 3151 internal: Jenkinsfile
    # pull: 3158 internal: disable flaky test
- version: "2.93"
  date: 2017-12-03
  changes:
    - type: rfe
      pull: 3135
      message: >
        Use Java NIO to read and write Unix file permissions by default.
        The previous behavior can be restored by setting the Java system property <code>hudson.Util.useNativeChmodAndMode</code> to <code>true</code>.
      references:
        - issue: 36088
        - url: https://wiki.jenkins-ci.org/display/JENKINS/Features+controlled+by+system+properties
          title: Jenkins features controlled by system properties
    - type: rfe
      pull: 3167
      message: >
        Better handling of certain unreproducible XML file load/save errors.
    - type: rfe
      issue: 47429
      pull: 3150
      message: >
        Improve user lookup performance, for example from Git changelog calculation.
    - type: rfe
      issue: 48348
      pull: 3157
      message: >
        Reduce memory usage when scheduling pipelines on big clusters.
    - type: rfe
      issue: 34855
      pull: 2548
      message: >
        Use atomic file moves if available on the underlying file system from <code>AtomicFileWriter</code>.
    - type: bug
      pull: 3164
      issue: 48080
      message: >
        Prevent setup wizard from hanging when the two provided passwords differ, instead show a validation error.
    - type: rfe
      pull: 3148
      message: >
        Developer: Add <code>ItemGroup#allItems</code> and similar default methods to <code>ItemGroup</code>.
    - type: rfe
      pull: 3142
      message: >
        Developer: Add default implementations of deprecated methods to <code>BuildableItem</code> and <code>Item</code> so they don't need to be implemented.
    - type: rfe
      pull: 3140
      message: >
        Internal: Add documentation and convenience methods for the <code>User.CanonicalIdResolver</code> extension point.
    # pull: 3165 tests only (JENKINS-34855)
- version: "2.94"
  date: 2017-12-11
  changes:
    - type: rfe
      issue: 25286
      pull: 1437
      message: >
        Export <tt>assignedLabels</tt> for agents and <tt>labelExpression</tt> for applicable job types in remote API.
    - type: rfe
      issue: 20474
      pull: 3177
      message: >
        Optimization: Don't consult the authorization strategy about whether the internal <tt>SYSTEM</tt> pseudo-user has a given permission.
    - type: rfe
      pull: 3111
      message: >
        Update SSHD Module 2.0 to 2.3 to fire authentication events in <tt>SecurityListener</tt>s when a user connects using SSH.
      references:
        - url: https://github.com/jenkinsci/sshd-module/blob/master/CHANGELOG.md
          title: changelog
    - type: bug
      issue: 47439
      pull: 3166
      message: >
        The setup wizard is now resumed upon restart if it hasn't been completed yet, instead of showing the regular login screen (regression in 2.81).
    # pull: 3168 internal/build
    # pull: 3160 too minor (one file translated to Chinese)
    # pull: 3182 internal/build
    # pull: 3183 internal/build (update PowerMock and Objenesis)
    # pull: 3184 internal (GMaven cleanup)
- version: "2.95"
  date: 2017-12-14
  changes:
    - type: security
      message: >
        Security fixes.
      references:
        - url: /security/advisory/2017-12-14/
          title: security advisory
        - url: /blog/2017/12/14/security-update/
          title: announcement blog post
- version: "2.96"
  date: 2017-12-17
  banner: >
    A bug introduced in Jenkins 2.96 will downgrade Script Security Plugin to version 2.18.1, possibly resulting in cascading failures to load other plugins (and reintroducing security issues). We recommend updating Script Security Plugin to its newest release and immediately restarting Jenkins to resolve this issue.
  changes:
    - type: major bug
      pull: 3193
      issue: 48365
      message: >
        Make sure detached plugins (plugins whose functionality used to be part of Jenkins itself) are installed when upgrading Jenkins past the version at which the plugin was detached.

    - type: rfe
      pull: 3129
      issue: 22474
      message: >
        Do not require CSRF crumb to be provided when the request is authenticated using API token.
    - type: rfe
      references:
      - issue: 47324
      - issue: 48405
      pull: 3169 # and 3173
      message: >
        Improve robustness and error handling of various file operations by switching to NIO.
    - type: rfe
      pull: 3176
      message: >
        Improve Chinese translation.

    - type: bug
      pull: 3187
      message: >
        Update Stapler from 1.253 to 1.254 to make the form that shows up when a URL requiring <code>POST</code> is accessed using a different HTTP verb work with CSRF protection enabled.
      references:
        - issue: 34254
        - url: https://github.com/stapler/stapler/blob/master/CHANGELOG.md#1254
          title: Stapler changelog
    - type: bug
      pull: 3198
      issue: 48505
      message: >
        Fix a performance regression in Jenkins 2.86 due to lock contention in <code>ExtensionList</code>.
    - type: bug
      pull: 3175
      issue: 48383
      message: >
        Trigger <code>SecurityListener#loggedIn</code> events on programmatic login during self-registration when using <code>HudsonPrivateSecurityRealm</code>.

    - type: rfe
      pull: 3074
      issue: 27027
      message: >
        Developer: Capture more authentication-related events in <code>SecurityListener</code>.
    - type: rfe
      pull: 3191
      message: >
        Developer: Deprecate <code>hudson.util.Service</code> in favor of Java's <code>ServiceLoader</code>.
    - type: rfe
      pull: 3162
      message: >
        Developer: Introduce <code>Cause.UserIdCause(String)</code> constructor, which allows creating causes for specified users without switching the user context.
    # pull: 3159 too minor (localized file encoding)
    # pull: 3194 too minor (typo in German i18n)
    # pull: 3190 too minor (remove a flaky test)
- version: "2.97"
  date: 2017-12-19
  changes:
    - type: major bug
      issue: 48604
      pull: 3201
      message: >
        Fix regression in 2.96 that caused a downgrade of Script Security when upgrading Jenkins.


# DO NOT EDIT THIS FILE DIRECTLY
# ALL CHANGES MUST GO THROUGH PULL REQUESTS
# MALFORMED FILE CONTENTS WILL BREAK THE SITE BUILD