Switch branches/tags
Find file Copy path
cb340bb Jun 30, 2018
@oleg-nenashev @rysteboe
619 lines (463 sloc) 28.7 KB


Below you can changelogs for the trunk version of remoting. This file also provides links to Jenkins versions, which bundle the specified remoting version. See Jenkins changelog for more details.


Release date: June 29, 2018

  • JENKINS-52204 - Skip Tcp Agent Listener port availability check when -tunnel option is set (regression in 3.22)

Release date: Jun 22, 2018 => 2.129

  • JENKINS-51818 - When connecting over TCP, agents will check availability of the master's TCP Agent Listener port
  • JENKINS-51841 - Extensibility: Offer a new Channel#readFrom(Channel, byte[] payload) method for a standardized command deserialization from the channel
  • PR #277 - API: be explicit that ChannelBuilder#getHeaderStream() may return null

Enhancements: Jun 8, 2018 => Jenkins 2.127

  • JENKINS-51551 - Developer API: Allow creating custom CommandTransport implementation in external components.
  • PR #274 - Do not print channel close reason stack traces for non-sent request responses when hudson.remoting.Request logging level is lower than FINE.

Fixed issues:

  • JENKINS-51223 - no_proxy environment variable parsing logic did not properly support domain suffixes in fully-qualified names. Now it is possible to set suffixes like .com in no_proxy.
  • JENKINS-50965 - Fix malformed log message when loading of classes is forced by the hudson.remoting.RemoteClassLoader.force system property.
  • PR #274 - Prevent exception in IOHub when retrieving base thread name for handlers when NIO selector is already closed (race condition).

Release date: Apr 18, 2018 => Jenkins 2.118, 2.121.1 LTS

  • Refresh the Code-signing certificate
  • No functional changes

Release date: Mar 22, 2018 => Jenkins 2.113

  • JENKINS-49618 - Display Remoting version in the agent log when starting up the agent
  • JENKINS-50237 - Include a ProxyException to responses when returning an exception to a UserRequests.
    • This allows returning the exception details even if Jenkins 2.102+ refuses to deserialize the original exception due to the whitelist violation
    • More info: JEP-200 announcement

Release date: Mar 9, 2018 => Jenkins 2.112

  • JENKINS-49415 - Add uncaught exception handler to the Engine's executor service
  • JENKINS-49472 - Log channel name in StreamCorruptedExceptions
  • JENKINS-48561 - Give precedence to proxy exclusion list system property over environmental vars.
  • JENKINS-49994 - Add infrastructure for warning about remoting serialization of anonymous inner classes.
  • PR #258 - Improve performance by disabling expensive diagnostics in RemoteClassLoader

Release date: Jan 30, 2018 => Jenkins 2.106


Release date: Jan 10, 2018 => Jenkins 2.102

  • PR #208 - Introduce the new ClassFilter.setDefault API which allows replacing the default Class Filter
    • This is a foundation work for JEP-200/JENKINS-47736, which switches the default Remoting/XStream blacklist to whitelist in the Jenkins core
    • Other Remoting API users are adviced to do the same
  • PR #208 - Update the blacklist in the default Class Filter to align it with the Jenkins core. New entries:
    • ^java[.]lang[.]reflect[.]Method$
    • ^net[.]sf[.]json[.].*
    • ^java[.]security[.]SignedObject$ (SECURITY-429 advisory)
  • JENKINS-48686 - Replace the slave term by agent in logging, UI and Javadocs

Release date: Dec 22, 2017 => Jenkins 2.98


  • JENKINS-48133 - Channel exceptions now record the channel name and other information when possible
  • PR #210 - Allow disabling HTTPs certificate validation of JNLP endpoint when starting Remoting
    • WARNING: This option undermines the HTTPs security and opens the connection to MiTM attacks. Use it at your own risk
  • JENKINS-48055 - API: Introduce new getChannelOrFail() and getOpenChannelOrFail() methods in hudson.remoting.Callable.
  • JENKINS-37566 - API: Channel#current() now explicitly requires checking for null.
  • PR #227 - API: Deprecate and restrict the obsolete JNLP3 protocol utility classes

Fixed issues:

  • JENKINS-48309 - Prevent timeout in AsyncFutureImpl#get(timeout) when a spurious thread wakeup happens before the timeout expiration.
    • The issue also impacts FutureImpl in the Jenkins core
  • JENKINS-47965 - Prevent infinite hanging of JNLP4 IOHub selector threads when IOHub does not get closed properly
  • JENKINS-48130 - Prevent fatal failure of NIOChannelHub when an underlying executor service rejects a task execution. After the change such failure terminates only a single channel
    • Affected protocols: JNLP, JNLP2, CLI and CLI2. JNLP4 is not affected
    • The change also improves diagnostics of RejectedExecutionException in other execution services
  • JENKINS-37670 - Throw the standard UnsupportedClassVersionError in RemoteClassLoader when the bytecode is not supported.
  • JENKINS-37566 - Clean up all issues reported by FindBugs. Notable issues:
    • Prevent infinite hanging of Channel#waitForProperty() when the channel hangs in the closing state.
    • Prevent NullPointerExceptions in Command#createdAt handling logic and API
    • Prevent serialization of Callables in NioChannelHub selectors (JNLP1 and JNLP2 protocols)
  • JENKINS-46724 - Remove obsolete reflection calls in RemoteClassloader and Launcher#checkTty()
  • PR #234 - hudson.remoting.Capability preamble initialization cannot longer throw exceptions

Build flow:

  • JENKINS-38696 - Fix Windows tests and enable them in the pull request builder
  • JENKINS-37566 - Enforce FindBugs in the pull request builder

Release date: Nov 10, 2017 => Jenkins 2.90

Fixed issues:

  • JENKINS-45294 - User-space RMI calls (including Jenkins core ones) will be rejected when the channel is being closed (similar to JENKINS-45023 in 3.11). It prevents channel hanging in edge cases.
  • JENKINS-47425 - Do not print full stack traces on network connection errors.
  • JENKINS-37566 - Cleanup a number of issues reported by FindBugs. Notable ones: Unchecked file operations, improper synchronization.
  • JENKINS-47901 - Prevent uncaught InvalidPathException for file operations if and invalid path is passed from command line or API.
  • JENKINS-47942 - Performance: Reduce scope of Channel instance locks by property management.

Build flow:

  • PR #207 - Jacoco does not longer run by default in the build, jacoco profile should be used.
  • PR #207 - Update Jacoco version to make the reports compatible with Jenkins Jacoco Plugin.
3.13 => Jenkins 2.85

Release date: Oct 05, 2017


  • JENKINS-38711 - Add uncaught exception handling logic to remoting threads. Threads now either have failover or proper termination.

Fixed issues:

  • JENKINS-47132 - When an agent is waiting for master to be ready, the port was not filled in the Master isnt ready to talk to us on {0}. Will retry again log message.
3.12 => Jenkins 2.79

Release date: Sep 14, 2017 => Jenkins 2.79

  • JENKINS-45755 - Prevent channel initialization failure when JAR Cache directory is not writable and the channel does not need this cache (regression in 3.10).
    • This issue causes a regression in Jenkins LTS 2.73.1 See the upgrade guide for more info.
  • JENKINS-46140 - Improve representation of remote operation exceptions in logs.

Release date: Aug 18, 2017 => Jenkins 2.76

❗️ Warning! Starting from this release, Jenkins Remoting requires Java 8 to run. In edge cases it may require manual actions during the upgrade. See compatibility notes in this blogpost. Old JNLP-connect and JNLP2-connect agent protocols are now officially deprecated. There are also changes in the JAR signing.


  • JENKINS-43985 - Require Java 8 in the Remoting executable.
  • JENKINS-45841 - Deprecate JNLP-connect and JNLP2-connect agent protocols.
  • JENKINS-45522 - Introduce public API for adding classes to the default blacklist in remote operations.
  • JENKINS-46259 - Log all linkage errors when executing UserRequests (generic remote operations started from API).
  • JENKINS-45233 - Log errors when Response message cannot be delivered due to the closed channel.
  • PR #172 - Improve handling of input/output streams in hudson.remoting.Checksum to suppress static analysis warnings.

Fixed issues:

  • JENKINS-45023 - Prevent execution of UserRequests when the channel is closed or being closed. It prevents hanging of the channel in some cases.

Build Flow:

  • JENKINS-37567 - Code signing: @oleg-nenashev will be releasing Remoting JARs signed with his certificate.
    • The certificate should be trusted by all Java versions by default. Please create an issue to Remoting if it's not.
  • PR #173 - Remoting build was failing when user name contained metacharacters.
  • PR #190 - Enforce code signing verification when building Remoting with the release profile.

Release date: Oct 05, 2017

❗️ This is a backport release for Jenkins 2.73.2, which integrates changes from 3.11 and 3.12.

  • JENKINS-45755 - Prevent channel initialization failure when JAR Cache directory is not writable and the channel does not need this cache (regression in 3.10).
  • JENKINS-45023 - Prevent execution of UserRequests when the channel is closed or being closed. It prevents hanging of the channel in some cases.
  • JENKINS-46259 - Log all linkage errors when executing UserRequests (generic remote operations started from API).
  • JENKINS-45233 - Log errors when Response message cannot be delivered due to the closed channel.

Build Flow:

  • JENKINS-37567 - Code signing: @oleg-nenashev will be releasing Remoting JARs signed with his certificate for the next 3.10.x releases.

This release is burned.


Release date: (Jun 26, 2017) => Jenkins 2.68


  • JENKINS-18578 - Do not use the old cache when starting agents from CLI with work directory.
    • It is a follow-up fix to the 3.8 version.
  • PR #165 - Suppress ClosedSelectorException when it happens in IOHub's Selector keys.
    • This issue impacts Jenkins test suites, there should be no user-visible impact.

Fixed issues:

  • PR #169 - Prevent NullPointerException in ResourceImageBoth if cannot initialize JAR retrieval.
  • PR #170 - Prevent NullPointerException in Remote ClassLoader when not all sources can be converted to URLs.

Release date: (May 19, 2017) => Jenkins 2.68

Fixed issues:

  • JENKINS-44290 - Prevent crash when starting Remoting agents in the default mode (regression in 3.8).

Release date: (May 12, 2017) => Jenkins 2.68

This version of Remoting introduces support for Work Directories (JENKINS-39370). This feature has been implemented as a part of the JENKINS-44108 EPIC, which is devoted to better diagnosability of Jenkins agents.

Work Directory mode is disabled by default. It can be enabled via the -workDir argument in the command line. Once enabled, the following issues are addressed:

  • JENKINS-39369 - Write Remoting agent logs to the disk by default.
  • JENKINS-18578 - Change the default JAR Cache location from ~/.jenkins/cache/jars to ${WORK_DIR}/remoting/jarCache.
  • JENKINS-39130 - If the work directory is not writable, fail the agent initialization.
  • JENKINS-39130 - Add the -failIfWorkDirIsMissing flag to CLI. It may be useful to prevent startup in the case if the shared directory is not mounted.

See the Work Directories page for more information and migration guidelines.

Other changes:

  • PR #129 - Allow configuring java.util.logging settings via a property file (-loggingConfig or system property). See the Logging page for more details.
  • PR #157 - Cleanup FindBugs-reported issues in ExportTable implementation (regression in 2.40).
  • PR #153 - Prevent NullPointerException in hudson.remoting.Channel.Ref() when creating a reference to a null channel.
  • JENKINS-5374 - Plrevent NullPointerException when executing a UserRequest constructed with a null classloader reference.

Release date: (Mar 05, 2017) => Jenkins 2.50, 2.46.1 LTS

Fixed issues:

  • JENKINS-42371 - Properly close the URLConnection when parsing connection arguments from the JNLP file. It was causing a descriptor leak in the case of multiple connection attempts. (PR #152)

The release has been skipped due to the release process issue.


Release date: (Feb 16, 2017) => Jenkins 2.47

Fixed issues:

  • JENKINS-40710 - Match headers case-insensitively in JnlpAgentEndpointResolver in order to be compliant with HTTP2 lower-case headers. (PR #139, PR #140)
  • JENKINS-41513 - Prevent NullPointerException in JnlpAgentEndpointResolver when receiving a header with null name. (PR #140)
  • JENKINS-41852 - Fix exported object pinning logic to prevent release due to the integer overflow. (PR #148)


  • JENKINS-41730 - Add the new org.jenkinsci.remoting.engine.JnlpAgentEndpointResolver.ignoreJenkinsAgentProtocolsHeader property, which allows specifying a custom list of supported protocols instead of the one returned by the Jenkins master. (PR #146)
  • Print the Filesystem Jar Cache directory location in the error message when this cache directory is not writable. (PR #143)
  • Replace MimicException with the older ProxyException when serializing non-serializable exceptions thrown by the remote code. (PR #141)
  • Use OID of the ClassLoaderProxy in error message when the proxy cannot be located in the export table. (PR #147)

Release date: (Feb 01, 2017) => Jenkins 2.44, 2.32.2 LTS

Fixed issues:

  • SECURITY-383 - Blacklist classes vulnerable to a remote code execution involving the deserialization of various types in javax.imageio.*, java.util.ServiceLoader, and

Release date: (Dec 24, 2016) => Jenkins 2.39

Fixed issues:

  • JENKINS-39835 - Be extra defensive about unhandled Errors and Exceptions. In the case of such issues remoting tries to properly terminate the connection instead of just leaving the hanging channel. (PR #133)

Release date: (Dec 16, 2016) => Jenkins 2.37

Fixed issues:

  • JENKINS-25218 - Hardening of FifoBuffer operation logic. The change improves the original fix in remoting-2.54. (PR #100)
  • JENKINS-39547 - Corrupt agent JAR cache causes agents to malfunction. (PR #130)


  • JENKINS-40491 - Improve diagnostics of the preliminary FifoBuffer termination. (PR #138)
  • ProxyException now retains any suppressed exceptions. (PR #136)

Release date: (Nov 13, 2016) => Jenkins 2.32


Release date: (Nov 10, 2016) => Jenkins 2.31


  • JENKINS-39596 - Jenkins URL in hudson.remoting.Engine was always null since 3.0. It was causing connection failures of Jenkins JNLP agents when using Java Web Start. (PR #131)
  • JENKINS-39617 - hudson.remoting.Engine was failing to establish connection if one of the URLs parameter in parameters was malformed. (PR #131)



Release date: (Oct 13, 2016) => Jenkins 2.27

NOTE: This is a new major release of remoting, which is not fully compatible with remoting 2.x. See (see Remoting 3 Compatibility Notes) for more info.



Release date: (Oct 7, 2016) => Jenkins 2.26

This is the last release note for Remoting 2.x in this changelog. See Remoting 2.x Changelog for further releases.

Fixed issues:


Release date: (Aug 14, 2016) => Jenkins 2.17, 2.19.1 LTS

Fixed issues:



Release date: (Aug 5, 2016) => Jenkins 2.17, 2.19.1 LTS

Fixed issues:



Release date: (June 10, 2016) => Jenkins 2.9, 2.7.2

Fixed issues:



Release date: (May 13, 2016) => Jenkins 2.4, 2.7.1



Release date: (May 11, 2016) => Jenkins 2.4, 2.7.1

Fixes issues: