Skip to content

continuous blog - the official hudson weblog
Syndicate content
Updated: 1 hour 12 min ago

What JVM versions are running Jenkins? 2016 Update!

Tue, 11/22/2016 - 02:00
Like for last year’s article about the same subject, yet another recent discussion about finally requiring Java 8 to run future versions Jenkins pushed me to gather some more factual data around it. What follows contains some opinions or statements which may not be seen as purely factual or neutral. Note that this represents by no mean the general position of the Jenkins governance board. This is solely my opinion as a contributor based on the data I gathered, and what I feel from the feedback of the community at large. Java 8 now the most used version, and growing If we look...
Categories: Open Source

Tuning Jenkins GC For Responsiveness and Stability with Large Instances

Mon, 11/21/2016 - 02:00
This is a cross post by Sam Van Oort, Software Engineer at CloudBees and contributor to the Jenkins project. Today I’m going to show you how easy it is to tune Jenkins Java settings to make your masters more responsive and stable, especially with large heap sizes. The Magic Settings: Basics: -server -XX:+AlwaysPreTouch GC Logging: -Xloggc:$JENKINS_HOME/gc-%t.log -XX:NumberOfGCLogFiles=5 -XX:+UseGCLogFileRotation -XX:GCLogFileSize=20m -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails -XX:+PrintHeapAtGC -XX:+PrintGCCause -XX:+PrintTenuringDistribution -XX:+PrintReferenceGC -XX:+PrintAdaptiveSizePolicy G1 GC settings: -XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:+ParallelRefProcEnabled -XX:+UseStringDeduplication -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1 Heap settings: set your minimum heap size (-Xms) to at least 1/2 of your maximum size (-Xmx). Now, let’s look at where those came from! We’re going to focus on garbage collection (GC)...
Categories: Open Source

Security updates addressing zero day vulnerability

Wed, 11/16/2016 - 02:00
A zero-day vulnerability in Jenkins was published on Friday, November 11. Last week we provided an immediate mitigation and today we are releasing updates to Jenkins which fix the vulnerability. We strongly recommend you update Jenkins to 2.32 (main line) or 2.19.3 (LTS) as soon as possible. Today’s security advisory contains more information on the exploit, affected versions, and fixed versions, but in short: An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java object to the Jenkins CLI, making Jenkins connect to an attacker-controlled LDAP server, which in turn can send a serialized payload leading to code execution, bypassing existing protection mechanisms. Moving forward, the Jenkins security team is...
Categories: Open Source

Upcoming November Jenkins Events

Sun, 11/13/2016 - 02:00
November is packed full of meetups and events. If you are in any of the areas below please stop by to say "Hi" and talk Jenkins over beer. North America November 15 | SF JAM: Let’s Talk CI/CD and DevOps with ClusterHQ and Jenkins November 15 | DC JAM: Jenkins and Fannie Mae November 30 | Albuquerque JAM: Learn About Blue Ocean November 30 | Guadalajara JAM: Jenkins Install and Setup Europe November 10 | Amsterdam JAM: Jenkins and Docker - Multiple Uses for Containers and Jenkins November 10 | Milano JAM: Meet and Greet Australia November 15 | Melbourne JAM: Blue Ocean - A New User Experience Asia November 17 | Singapore...
Categories: Open Source

Addressing recently disclosed vulnerabilities in the Jenkins CLI

Sat, 11/12/2016 - 02:00
The Jenkins security team has been made aware of a new attack vector for a remote code execution vulnerability in the Jenkins CLI, according to this advisory by Daniel Beck: We have received a report of a possible unauthenticated remote code execution vulnerability in Jenkins (all versions). We strongly advise anyone running a Jenkins instance on a public network disable the CLI for now. As this uses the same attack vector as SECURITY-218, you can reuse the script and instructions published in this repository: We have since been able to confirm the vulnerability and strongly recommend that everyone follow the instructions in the linked repository. As Daniel mentions in the security advisory, the advised mitigation strategy...
Categories: Open Source

Monthly JAM Recap - October 2016

Fri, 11/11/2016 - 02:00
October has proven to be a busy month within the Jenkins Area Meetup groups. Below is a recap of topics discussed at various JAMS in the month of October. Dallas Forth Worth, Texas (DFW) JAM James Dumay took time out of his vacation to present Blue Ocean, a project that rethinks the user experience of Jenkins, modeling and presenting the process of software delivery by surfacing information that is important to development teams with as few clicks as possible, while still staying true to the extensibility that Jenkins always has had as a core value. See recording HERE. San Francisco, CA JAM Andrey Falko from Salesforce shared how he and his...
Categories: Open Source

xUnit and Pipeline

Mon, 10/31/2016 - 02:00
This is a guest post by Liam Newman, Technical Evangelist at CloudBees. The JUnit plugin is the go-to test result reporter for many Jenkins projects, but the it is not the only one available. The xUnit plugin is a viable alternative that supports JUnit and many other test result file formats. Introduction No matter the project, you need to gather and report test results. JUnit is one of the most widely supported formats for recording test results. For a scenarios where your tests are stable and your framework can produce JUnit output, this makes the JUnit plugin ideal for reporting results in Jenkins. It will consume results from a specified file or...
Categories: Open Source

Jenkins World 2016 Session Videos

Tue, 10/18/2016 - 02:00
This is a guest post by Liam Newman, Technical Evangelist at CloudBees. The videos of the sessions from Jenkins World 2016 are up! I’ve updated the wrap-up posts with links to each of the sessions mentioned: Jenkins Pipeline Scaling Jenkins Ask the Experts & Demos You can also find video from all the sessions here. Enjoy!...
Categories: Open Source

Controlling the Flow with Stage, Lock, and Milestone

Sun, 10/16/2016 - 02:00
This is a guest post by Patrick Wolf, Director of Product Management at CloudBees. Recently the Pipeline team began making several changes to improve the stage step and increase control of concurrent builds in Pipeline. Until now the stage step has been the catch-all for functionality related to the flow of builds through the Pipeline: grouping build steps into visualized stages, limiting concurrent builds, and discarding stale builds. In order to improve upon each of these areas independently we decided to break this functionality into discrete steps rather than push more and more features into an already packed stage step. stage - the stage...
Categories: Open Source