Child pages
  • Home
86 more child pages
Skip to end of metadata
Go to start of metadata

Jenkins' real top page lives in and link to three pages in the Wiki


Do you blog about Jenkins? Do you have any interesting URL to share with Jenkins community? Check out our News Aggregator.

Evolving Mission of Jenkins
Lately, perhaps subtle but exciting changes are starting to happen in the Jenkins project. The past few weeks have seen the birth of two new initiatives in Jenkins: Jenkins Essentials and Jenkins X. Each is exciting in its own right, and I encourage interested parties to take a look at their goals and missions and participate in them. But in this post, I want to discuss why together these two dots form an important arc, which actually started in the introduction of Jenkins 2 and continued with Blue Ocean. In Jenkins 2, we changed Jenkins so that it starts with richer functionality and more sensible security setup,...
Jenkins community account password audit
Last year, news of compromised passwords being used for accounts able to distribute NPM packages made the rounds. Their system looks similar to how publishing of plugins works in the Jenkins project: Accounts are protected by passwords chosen by users. Individual contributors have permission to release the components they maintain. The components they release are used by millions of developers around the world to deliver their software. In other words, weak passwords are a problem for us just as much as for NPM, and what happened to them could happen to us. To address this problem, the Jenkins security and infra teams have recently collaborated on...
Introducing Jenkins X: a CI/CD solution for modern cloud applications on Kubernetes
We are excited to share and invite the community to join us on a project we’ve been thinking about over the last few months called Jenkins X which extends the Jenkins ecosystem to solve the problem of automating CI/CD in the cloud. Background The last few years have seen massive changes in the software industry: use of immutable container images for distributing software which are smaller, easier to work with and lead to cheaper infrastructure costs than VMs alone (approx 20% less on average) Kubernetes has become the defacto way of installing, upgrading, operating and managing containers at scale on any public or hybrid...
Security hardening: Jenkins LTS 2.107.1 switches XStream / Remoting blacklists to whitelists (JEP-200)
This is a post about a major change in Jenkins, which is available starting from Jenkins 2.102 and Jenkins LTS 2.107.1. This is a change with a serious risk of regressions in plugins. If you are a Jenkins administrator, please read this blogpost and upgrade guidelines BEFORE upgrading. I would like to provide some heads-up about the JEP-200 change, which is included into the new Jenkins LTS 2.107.x baseline. Background For many years Jenkins used to specifically blacklist certain classes and packages according to known or suspected exploits. This approach has been proven unsustainable due to the risk of deserialization attacks via unknown classes from 3rd-party components, after the SECURITY-429/CVE-2017-1000353 fix in 2.46.2 it...
Browser Market Share on
Over the last year, several efforts were done on like security advisories or documentation and I wanted to understand the impact it had on its traffic. I had a look to the Google Analytics account used for and it was interesting to discover which browsers are used by Jenkins visitors and how this compares with other websites. So I decided to analyze one year of data from January 2017 to January 2018. Then I selected statcounter as an external data source in order to compare results from First, let’s talk about numbers: During that period, 3,496,245 users across the world visited this website. This is a growth of...

  • No labels

1 Comment

  1. Issues reported here will almost certainly not been noticed or fixed.
    Please try the users alias to get help, and file an issue if it is determined to be a bug.