❗ Below you can see changelogs for the obsolete Remoting 2.x baseline.
This version only contains bugfixes and performance improvements.
Current mainline is Remoting 3.x, changelogs are available here.
There is no plan to release new versions of Remoting 2.x.
Release date: Jun 26, 2017
Fixed issues:
- JENKINS-41852 - Fix exported object pinning logic to prevent release due to the integer overflow. (PR #148)
Release date: Feb 01, 2017
Fixed issues:
- SECURITY-383 -
Blacklist classes vulnerable to a remote code execution involving the deserialization of various types in
javax.imageio.*,java.util.ServiceLoader, andjava.net.URLClassLoader.
Release date: Nov 21, 2016
Fixed issues:
- JENKINS-25218 -
Hardening of FifoBuffer operation logic. The change adds additional minor fixes to the original fix in
remoting-2.54. (PR #100)
Improvements:
- JENKINS-39150 - Add logic for dumping diagnostics across all the channels. (PR #122, PR #125)
- JENKINS-39543 - Improve the caller/callee correlation diagnostics in thread dumps. (PR #119)
- JENKINS-39290 -
Add the
org.jenkinsci.remoting.nio.NioChannelHub.disabledflag for disabling NIO (mostly for debugging purposes). (PR #123)
Release date: (Nov 13, 2016) => Jenkins 2.19.3 LTS
- SECURITY-360 - Blacklist serialization of particular classes to close the Remote code execution vulnerability. (Commit #b7ac85ed4ae41482d9754a881df91d2eb86d047d)
Release date: (Oct 7, 2016) => Jenkins 2.19.3 LTS
Fixed issues:
- JENKINS-38539 - Stability: Turn on SO_KEEPALIVE and provide CLI option to turn it off again. (#110)
- JENKINS-37539 -
Prevent
NullPointerExceptioninEngine#connect()when host or port parameters arenullor empty. (#101) - [CID-152201] -
Fix resource leak in
remoting.jnlp.Main. (#102) - [CID-152200,CID-152202] - Resource leak in Encryption Cipher I/O streams on exceptional paths. (#104)
Release date: (Aug 14, 2016) => Jenkins 2.17, 2.19.1 LTS
Fixed issues:
- JENKINS-22853 - Be robust against the delayed EOF command when unexporting input and output streams. (#97)
- Fixed ~20 minor issues reported by FindBugs. More fixes to be delivered in future versions. (#96)
Enhancements:
- JENKINS-37218 -
Performance:
ClassFilterdoes not use Regular Expressions anymore to matchString.startsWithpatterns. (#92) - JENKINS-37031
TcpSlaveAgentListenernow publishes a list of supported agent protocols to speed up connection setup. (#93)
Release date: (Aug 5, 2016) => Jenkins 2.17, 2.19.1 LTS
Fixed issues:
- JENKINS-37140 - JNLP Agent connection issue with JNLP3-connect protocol when the generated encrypted cookie contains a newline symbols. (#95)
- JENKINS-36991 - Unable to load class when remote classloader gets interrupted. (#94)
Enhancements:
- Improve diagnostics for Jar Cache write errors. (#91)
Release date: (June 10, 2016) => Jenkins 2.9, 2.7.2
Fixed issues:
- JENKINS-22722 - Make the channel reader tolerant against Socket timeouts. (#80)
- JENKINS-32326 - Support no_proxy environment variable. (#84)
- JENKINS-35190 - Do not invoke PingFailureAnalyzer for agent=>master ping failures. (#85)
- JENKINS-31256 -
hudson.Remoting.Engine#waitForServerToBacknow uses credentials for connection. (#87) - JENKINS-35494 -
Fix issues in file management in
hudson.remoting.Launcher(main executable class). (#88)
Enhancements:
- Ensure a message is logged if remoting fails to override the default
ClassFilter. (#80)
Release date: (May 13, 2016) => Jenkins 2.4, 2.7.1
Enhancements:
- JENKINS-34819 - Allow disabling the remoting protocols individually. Works around issues like JENKINS-34121 (#83)
Release date: (May 11, 2016) => Jenkins 2.4, 2.7.1
Fixes issues:
- JENKINS-34213 - Ensure that the unexporter cleans up whatever it can each sweep. (#81)
- JENKINS-19445 - Force class load on UserRequest in order to prevent deadlock on windows nodes when using JNA and Subversion. (#82)
Enhancements:
- JENKINS-34808 - Allow user to adjust socket timeout in the channel reader. (#68)