Subject: CVS commit: pkgsrc/devel/jenkins
From: Aleksej Saushev
Date: 2015-12-17 21:20:30
Message id:

Log Message:
Update to Jenkins 1.642.

Changes in 1.642 (2015/12/13)

- Various kinds of settings could not be saved since 1.640.
  (issue 31954)

Changes in 1.641 (2015/12/09)

- Important security fixes (CVE-2015-7536, CVE-2015-7537,
  CVE-2015-7538, CVE-2015-7539)

Changes in 1.640 (2015/12/07)

- Added support of default values in the enum.jelly form
  element. (PR 1926)
- Bytecode Compatibility Transformer computes the common super
  class without loading classes. Fixes the ClassCircularityError
  exception in Ruby Runtime Plugin. (issue 31019)
- Extended Choice parameter definitions could not be saved since 1.637.
  (issue 31458)
- Display expected CRON run times even if a warning occurs.
  (issue 29059)
- Rework the online-node command implementation, no functional
  changes. (issue 31776)
- Fix the footer behavior in particular cases. (issue 30304,
  issue 31395)
- API changes: Deprecate subclassing of hudson.Plugin. (PR 1940)

Changes in 1.639 (2015/11/29)

- "Discard old builds" setting would be lost if resaving job
  configuration as of 1.637 without rechecking the box. (issue 31518)
- "Form too large" errors from Jetty when submitting massive
  forms. (issue 20327)
- Multiple workspace browser features broken on Windows masters
  since 1.634. (issue 31015)

Changes in 1.638 (2015/11/11)

- Important security fixes (CVE-2015-5317, CVE-2015-5318,
  CVE-2015-5319, CVE-2015-5320, CVE-2015-5324, CVE-2015-5321,
  CVE-2015-5322, CVE-2015-5323, CVE-2015-5325, CVE-2015-5326,

Changes in 1.637 (2015/11/08)

- Remove useless warnings about a JDK named null. (issue 31217)
- New OptionalJobProperty class to simplify JobProperty
  creation. (pull 1888)

Changes in 1.636 (2015/11/01)

- Add "lastCompletedBuild" job permalink. (issue 26270)

Changes in 1.635 (2015/10/25)

- Make Node implement Saveable. (issue 31055)
- Revert trigger optimizations made in 1.621 by PR 1617.
  (issue 30745)
- Delegate CLI's delete-node command to the overridable
  Computer.doDoDelete() method. Fixes the issue in OpenStack and
  JClouds plugins. (issue 31098, regression in 1.618)
- Prevent autocorrect of username on mobile devices in login
  forms. (PR 1531)
- Describe the built-in JDK as "(System)". (issue 755)
- Update JNA library to 4.2.1 in order to integrate fixes for
  linux-ppc64 and linux-arm platforms. (issue 15792)

Changes in 1.634 (2015/10/18)

- Fix order of builds in new builds history widget introduced
  in 1.633. (issue 30899)
- Bytecode Compatibility Transformer would fail to transform
  some classes resulting in ClassNotFoundException. (issue 30820)
- Prevent ClassCastException in AbstractBuild::reportError() if
  the build step is not Publisher. (issue 30730)
- Trim job names during the rename operation (it is impossible
  to delete or rename jobs with trailing spaces). (issue 30502)
- Add "graphBg" and "plothBg" background color options to plot
  URLs (PR 1769)
- API changes: Add get method for causes of interruption in
  hudson.model.Executor (PR 1712)
- Allow case insensitive file patterns in Artifacts Archiving.
  (issue 5253)
- Prevent NullPointerException while estimating duration of
  Queue executable items. (issue 30456)
- Fix the resolution of Windows symbolic links in
  SecretRewriter. (issue 30456)
- Let a combobox display its drop-down when focused, so users
  can see candidates without entering a letter. (issue 26278)

Changes in 1.633 (2015/10/11)

- Added safari pinned tab icon.
- Plugin Manager UI changes to prevent users from
  enabling/disabling/uninstalling plugins at the "wrong" time.
  (issue 23150)
- bytecode-compatibility-transformer produces malformed
  bytecode. (issue 28781)
- Properly handle RuntimeExceptions in run retention policy
  handler calls. (issue 29888)
- Prevent NullPointerException in CLI if Jenkins cannot find the
  specified job or a job with the nearest name. (issue 30742)
- Do not show REST API link for pages, which have no API
  handlers. (issue 29014)
- JS alert preventing to leave a configuration page without
  changes. (issue 21720)
- JS error triggered by collapsing build history widget. (issue 30569)
- Build history pagination and search. (issue 26445)

Changes in 1.632 (2015/10/05)

- Optimize TagCloud size calculation. (issue 30705)
- FlyWeightTasks tied to a label will not cause node
  provisioning and will be blocked forever. (issue 30084)
- Prevent NullPointerException for disabled builds in
  ReverseBuildTrigger. (issue 29876)
- ConsoleLogFilter wasn't truly global (issue 30777)
- API changes: hudson.Util.isOverridden() now supports protected
  methods. (issue 30002)
- Sidepanel controls with confirmation (lib/layout/task) did not
  assign the proper CSS style. (issue 30787)

Changes in 1.631 (2015/09/27)

- Add proper labels for plugin categories assigned to some
  plugins. (PR 1758)

Changes in 1.630 (2015/09/20)

- Make JenkinsRule useable on systems which don't support JNA
  (issue 29507)

Changes in 1.629 (2015/09/15)

- Old data monitor made Jenkins single-threaded for all saves.
  (issue 30139)

Changes in 1.628 (2015/09/06)

- Replaced all non java.util.logging logging libraries with
  slf4j interceptors. (PR 1816)
- Document allBuilds subtree in remote API for jobs. (PR 1817)

Changes in 1.627 (2015/08/30)

- Race condition in triggers could cause various
  NullPointerExceptions. (issue 29790)
- Archiving of large artifacts. Tar implementation cannot handle
  files having a size >8GB. (issue 10629)
- Allow plugins to augment or replace the plugin manager UI. (PR 1788)

Changes in 1.626 (2015/08/23)

- RunIdMigrator fails to revert Matrix and Maven jobs. (issue 29989)
- Fix error message "Failed to listen to incoming slave connection"
  after fixing port through init.groovy.d. (issue 29798)

Changes in 1.625 (2015/08/17)

- Fixed a deadlock between the old data monitor and
  authorization strategies. (issue 29936)
- Allow rejecting configurations with errors in critical fields
  via REST / CLI. (issue 28440)
- Do not display No changes if changelog is still being computed.
  (issue 2327)

Changes in 1.624 (2015/08/09)

- Allow more job types to use a custom "Build Now" text. (issue 26147)

Changes in 1.623 (2015/08/02)

- No notable changes in this release.

Changes in 1.622 (2015/07/27)

- Jenkins now support self-restart and daemonization in FreeBSD
  (PR 1770)
- Node provisioner may fail to correctly indicate that
  provisioning was finished. (issue 29568)

Changes in 1.621 (2015/07/19)

- Sort by 'Free Disk Space' is incorrect. (issue 29286)
- Label expression help is missing in recent Jenkins versions.
  (issue 29376)
- Pre-emptively break memory cycles causing excessive live-set
  retention in remoting layer. (issue 28844)
- Don't run trigger for disabled/copied projects. (PR 1617)

Changes in 1.620 (2015/07/12)

- Display system info even when slave is temporarily offline.
  (issue 29300)

Changes in 1.619 (2015/07/05)

- Update auto-installer metadata for newly installed plugins.
  (issue 27694)
- Allow plugins to veto process killing. (issue 9104)

Changes in 1.618 (2015/06/29)

- Fix deadlock in hudson.model.Executor. (issue 28690)
- Don't truncate /consoleText output after fixed number of
  lines. (issue 14899)
- Allow delete-* CLI commands to operate on multiple arguments.
  (issue 28041)
- Prevent NullPointerException in Executor/causeOfDeath page if
  there is no exception details. (issue 25734)
- Fixed synchronization issue when setting JDK installations.
  (issue 28292)
- Fix several loggers which are identifying as the wrong class.
  (PR 1651)
- Revert fix for issue 17290 due to the regressions it caused.
  (issue 28601)
- Fix deadlock between hudson.model.Queue and
  hudson.model.Computer. (issue 28840)
- Fix jobs getting stuck in the Queue when there exists a cycle
  of upstream/downstream blocks between them. (issue 28926)
- Always use earlier start time when merging two equivalent
  queue items. (issue 2180)

Changes in 1.617 (2015/06/07)

- Regression in build-history causing ball to not open console
  (issue 28704)
- JNLP slaves did not pick up changes to environment variables.
  (issue 27739)
- NullPointerException in AbstractProject constructor if Jenkins
  nodes has not been loaded yet (issue 28654)

Changes in 1.616 (2015/05/31)

- Job loading can be broken by NullPointerException in a build
  trigger (issue 27549)

Changes in 1.615 (2015/05/25)

- Improper calculation of queue length in UnlabeledLoadStatistics
  causing overheads in Cloud slave provisioning (issue 28446)
- Category titles in Available Plugins list appear wrong in
  reverse sort order (issue 17290)
- CronTab API: Timezone support for scheduling (issue 9283)
- NullPointerException when trying to reset Jenkins admin
  address (issue 28419)
- Reduce the thread overhead in NodeMonitorUpdater (PR 1714)
- Build history overflows (issue 28425)
- Build History badges don't wrap (issue 28455)

Changes in 1.614 (2015/05/17)

- ExtensionList even listener. (issue 28434)
- NullPointerException computing load statistics under some
  conditions. (issue 28384)
- Plugins using class loader masking did not work properly over
  the slave channel. (issue 27289)
- DefaultJnlpSlaveReceiver now returns true when rejecting a
  takeover. (issue 27939)
- Do not follow href after sending POST via l:task (issue 28437)

Changes in 1.613 (2015/05/10)

- Update bundled LDAP plugin in order to restore missing help
  files (issue 28233)
- hudson.model.Run.getLog() throws IndexOutOfBoundsException
  when called with maxLines=0 (issue 27441)

Changes in 1.612 (2015/05/03)

- Jenkins now requires Java 7. (announcement, issue 28120)
- Handle AbortException publisher status in the same way as
  deprecated false boolean status (issue 26964)
- Ensures GlobalSettingsProvider does not swallow fatal
  exceptions (issue 26604)
- add datestamp to node-offline message (issue 23917)
- Larger minimum popup menu height. (issue 27067)
- Descriptor.getId fix in 1.610 introduced regressions affecting
  at least the Performance and NodeJS plugins. (issue 28093 and
  issue 28110)
- Under rare conditions Executor.getProgress() can throw a
  Division by zero exception. (issue 28115)
- The Run from the command line option for launching a JNLP
- slave should display the configured JVM options. (issue 28111)

Changes in 1.611 (2015/04/26)

- Descriptor.getId fix in 1.610 introduced a regression
  affecting at least the Copy Artifacts plugin. (issue 28011)
- Search box did not work well inside folders. (issue 24433)
- Revert changes in 1.610 made to resolve issue 10629. (issue
  28012, issue 28013)
- Advertise JNLP slave agents to the correct host name, even in
  the presence of a reverse proxy. (issue 27218)
- Advertised TCP slave agent port number is made tweakable.
- Correctly identify Channel listener onClose propagated
  exceptions (issue 28062)

Changes in 1.610 (2015/04/19)

- Since 1.598 overrides of Descriptor.getId were not correctly
  handled by form binding, breaking at least the CloudBees
  Templates plugin. (issue 26781)
- Reverted in 1.611, reimplemented in 1.627. Archiving of large
  artifacts. Tar implementation cannot handle files having a
  size >8GB. (issue 10629)
- The queue state was not updated between scheduling builds.
  (issue 27708, issue 27871)

Changes in 1.609 (2015/04/12)

- When concurrent builds are enabled, artifact retention policy
  may delete artifact being used by an actually running build.
  (issue 27836)
- Documentation for $BUILD_ID did not reflect current reality
  (issue 26520)

Changes in 1.608 (2015/04/05)

- PeepholePermalink RunListenerImpl oncompleted should be
  triggered before downstream builds are triggered. (issue 20989)
- NPE when /script used on offline slave. (issue 26751)
- Make periodic workspace cleanup configurable through system
  properties. (issue 21322)
- Do not offer to restart on /restart and /safeRestart if the
  configuration does not support it. (issue 27414)
- Polling was skipped while quieting down, resulting in ignored
  commit notifications. This behavior was changed. (issue 26208)
- Starting this version, native packages are produced from the
  new repository. File issues related to installers and packages
  in the packaging component.

Changes in 1.607 (2015/03/30)

- JSONP served with the wrong MIME type and rejected by Chrome.
  (issue 27607)
- Security file pattern whitelist was broken for some plugins
  since 1.597. (issue 27055)
- Lock an Executor without creating a Thread (issue 25938)
- Hide flyweight master executor when ≥1 heavyweight executors
  running as subtasks (issue 26900)
- Way to mark an Executable that should not block
  isReadyToRestart (issue 22941)
- Refactor the Queue and Nodes to use a consistent locking
  strategy (issue 27565) Note that this change involved moving
  slave definitions outside the main config.xml file. If you
  downgrade after this, your slave settings will be lost.
- Makes the Jenkins is loading screen not block on the
  extensions loading lock (issue 27563)
- AdjunctManager: exception upon startup (issue 15355)
- Removes race condition rendering the list of executors (issue 27564)
- Tidy up the locks that were causing deadlocks with the once
  retention strategy in durable tasks (issue 27476)
- Remove any requirement from Jenkins Core to lock on the Queue
  when rendering the Jenkins UI (issue 27566)
- Prevent lazy loading operation when obtaining label
  information. (issue 26391)
- Ensure that the LoadStatistics return a self-consistent
  result. (issue 21618)
- Build reports to be running for 45 yr and counting. (issue 26777)

Changes in 1.606 (2015/03/23)

- Jenkins CLI doesn't handle arguments with equal signs (issue 21160)
- master/slave communication ping reacts badly if a clock jumps.
  (issue 21251)
- JNLP slaves can now connect to master through HTTP proxy.
  (issue 6167)
- Fixes to several security vulnerabilities. (advisory)

Changes in 1.605 (2015/03/16)

- Integrate Stapler fix for queue item API always returning 404
  Not Found since 1.601. (issue 27256)

Changes in 1.604 (2015/03/15)

- Added a switch (-Dhudson.model.User.allowNonExistentUserToLogin=true)
  to let users login even when the record is not found in the
  backend security realm. (issue 22346)
- Avoid deadlock when using build-monitor-plugin. (issue 27183)
- As security hardening, mark "remember me" cookie as HTTP only
  (issue 27277)
- Show displayName in build remote API. (issue 26723)

Changes in 1.602 (2015/03/08)

- Show Check Now button also on Available and Updates tabs of
  plugin manager. (PR 1593)

Changes in 1.601 (2015/03/03)

- Regression with environment variables in 1.600. (issue 27188)
- Errors with concurrent matrix builds since 1.597. (issue 26739)
- Errors in Dashboard View plugin since 1.597. (issue 26690)
- Robustness improvement when setting up Archive Artifacts
  programmatically. (issue 25779)
- Map onto Run (issue 27096)

Changes in 1.600 (2015/02/28)

- Fixes to multiple security vulnerabilities.
- JDK auto-installer for Mac OSX
- An error thrown in the wrong place in a publisher could result
  in a failure to release a workspace lock. (issue 26698)
- Cache node environment to prevent unnecessary channel usage
  (issue 26755)
- Build history text field wrap fails when containing markup
  (issue 26406)
- Maven build step fail to launch mvn process when special chars
  are present in build variables. (issue 26684)

Changes in 1.599 (2015/02/16)

- Errors in some Maven builds since 1.598. (issue 26601)
- Build format change migrator in 1.597 did not work on some
  Windows systems. (issue 26519)
- Remote FilePath.chmod fails with ClassNotFoundException:
  javax.servlet.ServletException. (issue 26476)
- Added SimpleBuildWrapper API. (issue 24673)
- Animated ball in job's build history widget won't open Console
  Output. (issue 26365)
- Show job name in Schedule Build column tool tip. (issue 25234)
- Allow OldDataMonitor to discard promoted-build-plugin
  Promotions (issue 26718)

Changes in 1.598 (2015/01/25)

- FutureImpl does not cancel its start future. (issue 25514)
- Flyweight tasks were under some conditions actually being run
  on heavyweight executors. (issue 10944) (issue 24519)
- Folder loading broken when child item loading throws
  exception. (issue 22811)
- Plugin icon images were broken when running Jenkins from a UNC
  path. (issue 26203)
- Allow admin signup from /manage as well. (issue 26382)
- Amend JAVA_HOME check to work with JDK 9. (issue 25601)
- CLI list-jobs command should display raw name, not display
  name, where they differ. (issue 25338)
- Show queue item parameters in tool tip. (issue 22311)
- Better support functional tests from Gradle-based plugins.
  (issue 26331)
- Allow users to delete builds even if they are supposed to be
  kept. (issue 26281)
- Fixed side/main panel scrolling issues. (issue 26312, issue
  26298, issue 26306)
- Improve error reporting when channel closed during build.
  (issue 26411)
- Fixed CodeMirror issue with height and re-enabled syntax
  highlighting in shell build step. (issue 25455, issue 23151)

Changes in 1.597 (2015/01/19)

- JENKINS_HOME layout change: builds are now keyed by build
  numbers and not timestamps. See Wiki for details and
  downgrade. (issue 24380)
- Do not throw exception on /signup when not possible. (issue 11172)
- Tool installer which downloads and unpacks archives should not
  fail the build if the tool already exists and the server returns
  an error code. (issue 26196)
- Fingerprint compaction aggravated lazy-loading performance
  issues. (issue 19392)
- Possible unreleased workspace lock if SCM polling fails during
  setup. (issue 26201)
- Misleading description of the 'workspace' permission. (issue 20148)
- Run parameters should show display name if set, rather than
  build numbers. (issue 25174)
- Add range check for H(X-Y) syntax. (issue 25897)

Changes in 1.596 (2015/01/04)

- Build page was broken in Hungarian localization while
  building. (issue 26155)
- Allow breaking label and node lists. (issue 25989)

Changes in 1.595 (2014/12/21)

- Spurious warnings in the log after deleting builds. (issue 25788)
- Master labels disappear when system configuration is updated.
  (issue 23966)
- Updated icon-set dependency to version 1.0.5. (issue 25499,
  issue 25498)

Changes in 1.594 (2014/12/14)

- After recent Java security updates, Jenkins would not
  gracefully recover from a deleted secrets/master.key.
  (issue 25937)
- Restrict where this project can be run regressed in 1.589 when
  using the ClearCase plugin. (issue 25533)

Changes in 1.593 (2014/12/07)

- Dynamic Single/Multi line Build History layout. (issue 25381,
  issue 25393, issue 24687, issue 24589)

Changes in 1.592 (2014/11/30)

- Performance problems on large workspaces associated with
  validating file include patterns. (issue 25759)

Changes in 1.591 (2014/11/25)

- Always use forward slashes in path separators during in ZIP
  archives generated by Directory Browser (issue 22514)

Changes in 1.590 (2014/11/16)

- Basic Authentication in combination with Session is broken
  (issue 25144)
- Some plugins broken since 1.584 if they expected certain
  events to be fired under a specific user ID. (issue 25400)
- Fixed various real or potential resource leaks discovered by
  Coverity Scan (pull request 1434)
- API changes: Expose
  for plugins. (pull request 1456)
- API method to aggregate multiple FormValidations into one.
  (pull request 1458)
- API method to get non-null Jenkins instance with internal
  validation (issue 23339)

Changes in 1.589 (2014/11/09)

- JNA error in WindowsInstallerLink.doDoInstall. (issue 25358)
- Restore compatibility of label assignment for some plugins.
  (issue 25372)

Changes in 1.588 (2014/11/02)

- Unnecessarily slow startup time with a massive number of jobs.
  (issue 25473)
- Custom workspace option did not work under some conditions.
  (issue 25221)

Changes in 1.587 (2014/10/29)

- Queue didn't always leave a trail for cancelled items properly
  (issue 25314)
- JNA update for deprecated JNA-POSIX library. (issue 24527)
- Introduced slave-to-master security mechanism to defend a
  master from slaves. (SECURITY-144)

Changes in 1.586 (2014/10/26)

- Bumping up JNA to 4.10. This is potentially a breaking change
  for plugins that depend on JNA 3.x (issue 24521)
- Prevent empty file creation if file parameter is left empty.
  (issue 3539)
- Servlet containers may refuse to let us set secure cookie
  flag. Deal with it gracefully. (issue 25019)
- Existing FileParameters should be handled as different values
  to avoid merging of queued builds (issue 19017)

Changes in 1.585 (2014/10/19)

- Build health computed repeatedly for a single Weather column
  cell. (issue 25074)
- Missing workspace page should use 404 status code. (issue 10450)
- Fixed memory leak occurring on pages producing incremental
  output with a progress bar. (issue 25081)
- Updated SSH Slaves plugin to 1.8.
- Due to the reaction, default umask in debian package is set
  back to 022 (issue 25065)
- Greater-than characters are not escaped in HTML outputs like
  e-mails (issue 16184)
- Thread starvation from OldDataMonitor. (issue 24763)
- Integer overflow in quiet-down timeout calculation (issue 24914)
- Don't put session IDs in URLs even when cookies are disabled.
  (issue 22358)
- Show keep build log reason in tool tips (pull request 1422)
- Do not disable projects, which do not support such operation
  (like Matrix configurations) (issue 24340)
- Improved the scalability of SSH slaves plugin caused by global
  lock in SecureRandom (issue 20108)
- Incorporated a fix for "Poodle" (CVE-2014-3566) vulnerability
  in the HTTPS connector of "java -jar jenkins.war" (issue 25169)

Changes in 1.584 (2014/10/12)

- Diagnostic thread names are now available while requests are
  still in filters
- When killing Windows processes, check its critical flag to
  avoid BSoD (issue 24453)
- When a user could not see a view, but could delete/move/rename
  jobs contained in it, the view was not properly updated.
  (issue 22769)
- Use POST for cancel quiet down link. (issue 23020, issue 23942)
- Do not consider port in use error to be a successful start of
  Jenkins on Debian. (issue 24966)

Changes in 1.583 (2014/10/01)

- Fixes to multiple security vulnerabilities:
  SECURITY-87/CVE-2014-3661 (anonymous DoS attack through CLI handshake)
  SECURITY-110/CVE-2014-3662 (User name discovery)
  SECURITY-127&128/CVE-2014-3663 (privilege escalation in job configuration \ 
  SECURITY-131/CVE-2014-3664 (directory traversal attack)
  SECURITY-138/CVE-2014-3680 (Password exposure in DOM)
  SECURITY-143/CVE-2014-3681 (XSS vulnerability in Jenkins core)
  SECURITY-150/CVE-2014-3666 (remote code execution from CLI)
  SECURITY-155/CVE-2014-3667 (exposure of plugin code)
  SECURITY-159/CVE-2013-2186 (arbitrary file system write)
  SECURITY-149/CVE-2014-1869 (XSS vulnerabilities in ZeroClipboard)
  SECURITY-113/CVE-2014-3678 (XSS vulnerabilities in monitoring plugin)
  SECURITY-113/CVE-2014-3679 (hole in access control)

Changes in 1.582 (2014/09/28)

- Channel reader thread can end up consuming 100% CPU. (issue 23471)
- CancelledKeyException can cause all JNLP slaves to disconnect
  (and the problem remains until restart). (issue 24050)
- Consider dynamic label assignments for label load statistics.
  (issue 15576)
- Use Windows line endings for batch file build steps. (issue 7478)
- Reduced the logging clutter about the lack of @ExportedBean.
  (issue 24458)
- Character encoding problem in form submission when file
  parameters are present. (issue 11543)
- Improved error handling and "in-progress" UI feedback in JNLP
  slave to service installation.
- Winstone 2.4: reverse proxy support in the logging, request
  header size limit control, and different private key password
  from keystore password. (issue 23665)
- umask setting on Debian did not work. (pull 1397)
- handle job move when buildDir is configured to a custom
  location. (issue 24825)

Changes in 1.581 (2014/09/21)

- Use slightly larger Jenkins head icon. (pull 1360)
- Allow setting a system property to disable X-Frame-Options
  header. (issue 21881)
- Explicitly set background color of various UI elements to
  white. (issue 24625)
- Wrong Hebrew localization resulted in broken console output
  since 1.539. (issue 24614)

Changes in 1.580 (2014/09/14)

- Health reports saved to disk before 1.576 showed no weather
  icon since that version. (issue 24407)
- Renaming jobs fails if parent dir of custom build records
  directory does not exist. (issue 19764)
- Add editable descriptions for label atoms. (issue 6153)

Changes in 1.579 (2014/09/06)

- ConcurrentModificationException in
  RunListProgressiveRendering. (issue 21437)
- StackOverflowError for some old SCMListeners. (issue 23522)
- Job status page shows "Build has been executing for null on
  master" for flyweight tasks. (issue 20307)
- File locking issue when running functional tests on Windows.
  (issue 21977)
- Tolerate ?auto_refresh in reverse proxy check on /manage page.
  (issue 24014)
- Debian package now sets umask to 027 by default for better
  default privacy. See /etc/default/jenkins to change this.
  (issue 24514)

Changes in 1.578 (2014/08/31)

- Added 'no-store' to the 'Cache-Control' header to avoid
  accidental information leak through local cache backup
  (issue 24337)
- Deadlock in OldDataMonitor. (issue 24358)
- Use absolute links for computer sidepanel items so they don't
  break as easily. (issue 23963)

Changes in 1.577 (2014/08/24)

- Failure to migrate legacy user records in 1.576 properly broke
  Jenkins, resulted in NullPointerExceptions. (issue 24317)
- Jenkins did not correctly display icons contributed by plugins
  in 1.576. (issue 24316)
- Moved JUnit reporting functionality to a plugin. (issue 23263)
- Fixed ClassCastException on org.dom4j.DocumentFactory (issue 13709)
- Jenkins now logs warnings when it fails to export objects to
  XML/JSON. This can result in a lot of log output in case of
  heavy API use. We recommend that API users use the ?tree
  parameter instead of ?depth.
- Allow BuildStep to work with non-AbstractProject (issue 23713)
- Improved class loading performance when using Groovy. (issue 24309)
- Prevent NullPointerException from (issue 24110)
- Make the lifetime of queue items cache configurable. (issue 19691)
- Support --username/--password authentication for CLIMethod
  based CLI commands. (issue 23988)
- Don't link to /safeRestart after update if Jenkins cannot
  restart itself. (issue 24032)
- Properly consider busy executors when reducing a node's
  executor count. (issue 24095)

Changes in 1.576 (2014/08/18)

- Worked around "incompatible InnerClasses attribute" bug in IBM
  J9 VM (issue 22525)
- Fixed a file descriptor leak with CLI connections. (issue 23248)
- Fixed a regression that removed all users with uppercase
  letters in the user name since 1.566. (issue 23872)
- Improving security of set-build-parameter and set-build-result
  CLI commands. (issue 24080)
- Startup can be broken by deeply recursive causes in build
  records. (issue 24161)
- Displaying unabridged test result trend on project index page
  defeated lazy loading. (issue 23945)
- Added support for host:port format in X-Forwarded-Host header.
  (commit 19d8b80)
- API to launch processes without printing the command line.
  (issue 23027)
- Added option to increase impact of test failures on the
  weather report. (issue 24006)
- Modernized sidebar <l:pane>s and making them work better with
  new layout. (issue 23810, issue 23829)
- Add option to CLI to skip key authentication (e.g. when
  there's a password on the default key). (issue 23970)
- Modernize tabBar and bigtable. Makes the project view look
  better. Same for Plugin Manager. (issue 24030)

Changes in 1.575 (2014/08/10)

- Move option to fingerprint artifacts to Archive the Artifacts,
  Advanced options. (commit f43a450)
- Move option to keep dependencies (builds) from Fingerprint to
  Advanced Project Options. (commit a8756c6)
- Improved validation of Build Record Root Directory setting.
  (issue 14538)
- Indicate which node the workspace being viewed is on.
  (issue 23636)
- Show full project name for projects in folders. (issue 22971)
- UI redesign: Shrink the top bar, change logo, changed links in
  top bar.
- Killing processes started by builds on Unix was broken as of
  1.553. (issue 22641)
- Should not stop a build from finishing just to compute JUnit
  result difference to a prior build which is still running.
  (issue 10234)
- Do not show link to System Information page for offline
  slaves, make page more robust when offline. (issue 23041)
- Fix link to SCM polling log from downstream job cause.
  (issue 18048)
- Autocomplete logger names. (issue 23994)
- UI redesign: Fix links in header bar when logged in.
- Do not show changes for the build at the lower bound of the
  changes list. (issue 18902)
- Restrict access to SCM trigger status page to administrators.
  (pull 1282)

Changes in 1.574 (2014/07/27)

- UI redesign: Use Helvetica as default font (issue 23840)
- Synchronization issue during tool installation (issue 17667)
- Use native encoding for filenames in downloaded ZIPs. (issue 20663)

Changes in 1.573 (2014/07/20)

- UI redesign: Changed element alignment, removed sidebar link
  underlines (pull 1314, pull 1316)
- Word-break links in build logs to preserve page width (pull 1308)
- Log rotation fails with "...looks to have already been
  deleted" (issue 22395)
- Fixed unnecessary eager loading of build records in certain
  code path. (issue 18065)

Changes in 1.572 (2014/07/13)

- UI redesign: Changed header, made layout <div>-based and
  responsive (pull 1310)
- Improved handling of X-Forwarded-* headers (issue 23294)
- Do not offer automatic upgrade if war parent directory is not
  writable (issue 23683)

Changes in 1.571 (2014/07/07)

- IllegalArgumentException from AbstractProject.getEnvironment
  when trying to get environment variables from an offline
  slave. (issue 23517)
- Overall.READ is sufficient to access
  /administrativeMonitor/hudsonHomeIsFull/ (SECURITY-134)
- Master computer is not notified using ComputerListener (issue 23481)

Changes in 1.570 (2014/06/29)

- Add CLI commands to add jobs to and remove jobs from views
  (add-job-to-view, remove-job-from-view). (issue 23361)
- UI improvements / refreshing. (issue 23492)
- Failed to correctly resave a project configuration containing
  both a forward and a reverse build trigger. (issue 23191)
- Long log output resulted in missing Console link in popup.
  (issue 14264)
- HTTP error 405 when trying to restart ssh host. (issue 23094)
- Move 'None' Source Code Management option to top position.
  (issue 23434)
- Fixed NullPointerException when ArctifactArchiver is called
  for a build with the undefined status. (issue 23526)
- Allow disabling use of default exclude patterns in
  ArctifactArchiver (.git, .svn, etc.). (issue 20086)
- Fixed NullPointerException when "properties" element is
  missing in a job's configuration submission by JSON (issue 23437)

Changes in 1.569 (2014/06/23)

- Jenkins can now kill Win32 processes from Win64 JVMs. (issue 23410)
- Allow custom security realm plugins to fire events to
  SecurityListeners. (issue 23417)
- Recover gracefully if a build permalink has a non-numeric
  value. (issue 21631)
- Fix form submission via the Enter key for Internet Explorer
  version 9. (issue 22373)
- When Jenkins had a lot of jobs, submitting a view
  configuration change could overload the web server, even if
  few of the jobs were selected. (issue 20327)

Changes in 1.568 (2014/06/15)

- Fixed JNLP connection handling problem (issue 22932)
- Fixed NullPointerException caused by the uninitialized
  ProcessStarter environment in build wrappers (issue 20559)
- Support the range notation for pagination in API (issue 23228)
- Incorrect redirect after deleting a folder. (issue 23375)
- Incorrect links from Build History page inside a folder.
  (issue 19310)
- API changes allowing new job types to use SCM plugins. (issue 23365)
- API changes allowing to create nested launchers (DecoratedLauncher)
  (issue 19454)

Changes in 1.567 (2014/06/09)

- Fixed a reference counting bug in the remoting layer.
- Avoid repeatedly reading symlinks from disk to resolve build
  permalinks. (issue 22822)
- Show custom build display name in executors widget. (issue 10477)
- CodeMirror support for shell steps broke initial configuration.
  (issue 23151)
- Jenkins on Linux can not restart after plugin update when
  started without full path to java executable (issue 22818)
- Fixed NullPointerException when a build triggering returns
  null cause (issue 20499)
- Fixed NullPointerException on plugin installations when
  invalid update center is set (issue 20031)
- Use DISABLED_ANIME icon while building a disabled project
  (issue 8358)
- Process the items hierarchy when displaying the Show Poll
  Thread Count option (issue 22934)
- Compressed output was turned on even before Access Denied
  errors were shown for disallowed Remote API requests, yielding
  a confusing error. (issue 17374) (issue 18116)
- Properly close input streams in FileParameterValue (issue 22693)
- Incorrect failure age in the JUnit test results (issue 18626)
- Fixed deletion links for JVM Crash error logs (issue 22617)
- Distinguish "nodes for label offline" from "no nodes for label"
  (issue 17114)
- Add causes to queue item tool tip (issue 19250)
  JENKINS_HTTPS_KEYSTORE_PASSWORD options to Jenkins sysconfig
  file (issue 11673)
- RPM: Do not install jenkins.repo file (issue 22690)
- Don't advertise POSTing config.xml on master (issue 16264)
- Handle null parameter values to avoid massive executor deaths
  (issue 15094)
- Added an option to archive artifacts only when the build is
  successful (issue 22699)

Changes in 1.566 (2014/06/01)

- Configurable case sensitivity mode for user IDs. (issue 22247)
- Extension point for project naming strategies did not work
  from actual plugins. (issue 23127)
- Introduce directly modifiable views (issue 22967)
- Jenkins cannot restart Windows service (issue 22685)