Skip to content

continuous blog - the official hudson weblog
Syndicate content
Updated: 2 hours 40 min ago

Calling for Columbian Jenkins users!

Thu, 04/27/2017 - 02:00
The Jenkins project has learned that a company is trying to register "Jenkins" as a trademark in Columbia. This is alarming for us, and we are trying to oppose it. In order to do this effectively, we need to hear from Colombian users of Jenkins. The Jenkins project owns a trademark "Jenkins" in the U.S., through a non-profit entity SPI Inc. According to experts on the subject citing the "Washington Convention", our trademark registration in the U.S. does give us some strength in the argument to oppose this. To successfully mount this argument however, we need to be able to show...
Categories: Open Source

Important security updates for Jenkins core

Wed, 04/26/2017 - 02:00
We just released security updates to Jenkins, versions 2.57 and 2.46.2, that fix several security vulnerabilities, including a critical one. That critical vulnerability is an unauthenticated remote code execution via the remoting-based CLI. When I announced the fix for the previous vulnerability of this kind, I announced our plans to revisit the design of the CLI that enabled this class of vulnerabilities. Since Jenkins 2.54, we now have a new CLI implementation that isn’t based on remoting, and deprecated its remoting mode. Despite it being a major feature, we decided to backport it to 2.46.2, so LTS users can also disable the unsafe remoting...
Categories: Open Source

Securing a Jenkins instance on Azure

Thu, 04/20/2017 - 02:00
This is a guest post by Claudiu Guiman and Eric Jizba, Software Engineers in the Azure DevOps team at Microsoft. If you have any questions, please email us at azdevopspub@microsoft.com. One of the most frequently asked questions for managing a Jenkins instance is "How do I make it secure?" Like any other web application, these issues must be solved: How do I securely pass secrets between the browser and the server? How do I hide certain parts from unauthorized users and show other parts to anonymous users? This blog post details how to securely connect to a Jenkins instance and how to setup a read-only public dashboard. ...
Categories: Open Source

Delivery Pipelines, with Jenkins 2, SonarQube, and Artifactory

Tue, 04/18/2017 - 02:00
This is a guest post by Michael Hüttermann. Michael is an expert in Continuous Delivery, DevOps and SCM/ALM. More information about him at huettermann.net, or follow him on Twitter: @huettermann. Continuous Delivery and DevOps are well known and widely spread practices nowadays. It is commonly accepted that it is crucial to form great teams and define shared goals first and then choose and integrate the tools fitting best to given tasks. Often it is a mashup of lightweight tools, which are integrated to build up Continuous Delivery pipelines and underpin DevOps initiatives. In this blog post, we zoom in to an important part of the overall...
Categories: Open Source

Getting Started with the Blue Ocean Dashboard

Wed, 04/12/2017 - 02:00
This is a guest post by Liam Newman, Technical Evangelist at CloudBees. Blue Ocean is a new user experience for Jenkins, and version 1.0 is now live! Blue Ocean makes Jenkins, and continuous delivery, approachable to all team members. In my previous post, I used the Blue Ocean Activity View to track the state of branches and Pull Requests in one project. In this video, I’ll use the Blue Ocean Dashboard get a personalized view of the areas that of my project that are most important to me, and also to monitor multiple projects. Please Enjoy!...
Categories: Open Source

Jenkins World 2017 Agenda is Live!

Wed, 04/12/2017 - 02:00
This is a guest post by Alyssa Tong, who runs the Jenkins Area Meetup program and is also responsible for Marketing & Community Programs at CloudBees, Inc. I am excited to announce the agenda for Jenkins World 2017. This year’s event promises to have something for everyone - whether you are a novice, intermediate, or advanced user…​you are covered. Jenkins World 2017 consists of 6 tracks, 60+ Jenkins and DevOps sessions, 40+ industry speakers, 16+ training and workshops. Here is a sneak peek at Jenkins World 2017: Show 'n Tell It’s all about that demo. These sessions are technically advanced with some code sharing, heavy on demos and just a...
Categories: Open Source

Getting Started with Blue Ocean's Activity View

Tue, 04/11/2017 - 02:00
This is a guest post by Liam Newman, Technical Evangelist at CloudBees. Blue Ocean is a new user experience for Jenkins, and version 1.0 is now live! Blue Ocean makes Jenkins, and continuous delivery, approachable to all team members. In my previous post, I showed how easy it is to create and edit Declarative Pipelines using the Blue Ocean Visual Pipeline Editor. In this video, I’ll use the Blue Ocean Activity View to track the state of branches and Pull Requests in one project. Blue Ocean makes it so much easier to find the logs I need to triage failures. Please Enjoy! In my next video, I’ll switch from looking at...
Categories: Open Source

New, safer CLI in 2.54

Tue, 04/11/2017 - 02:00
In response to the zero-day vulnerability we fixed in November, I wrote the following: Moving forward, the Jenkins security team is revisiting the design of the Jenkins CLI over the coming weeks to prevent this class of vulnerability in the future. If you are interested in participating in that discussion, please join in on the jenkinsci-dev@ mailing list. In early February, several project contributors met after FOSDEM for a one day hackathon. I looked into the feasibility of a purely SSH-based CLI. While I considered the experiment to be a success, it was far from ready to be used in a production environment. A few weeks...
Categories: Open Source

Starting with 2.54, Jenkins now requires Java 8

Mon, 04/10/2017 - 02:00
We announced in January that Jenkins would be upgrading its Java runtime dependency to Java 8 this year. After a sizable amount of preparation, this week’s release of Jenkins 2.54 is the first weekly release to require a Java 8 runtime. For users of the weekly release, this means that Jenkins 2.54 must have a Java 8 runtime installed on the system in order to run. Those using the jenkinsci/jenkins:latest Docker container won’t need to take any action, as the Java runtime environment is already bundled in the container. In addition to upgrading the Java Runtime Environment for the master, any connected agents must upgrade to a Java 8 runtime environment. The Long-Term...
Categories: Open Source

Important Scripting-related Security Advisory

Mon, 04/10/2017 - 02:00
These are not security fixes you can apply blindly. We strongly recommend you read this post, as well as the security advisory to understand what the vulnerabilities are, whether and how they affect you, and what to expect when upgrading plugins. Multiple Jenkins plugins received updates today that fix several security vulnerabilities or other security-related issues: Email Extension (Email-ext) Environment Injector (EnvInject) Extensible Choice Parameter Groovy Job DSL Lockable Resources Matrix Authorization Role Strategy Warnings We also included some plugins that received security fixes in the past that haven’t been mentioned in a security advisory before: Active Choices (uno-choice) Extended Choice Parameter Groovy Postbuild Groovy Label Assignment Additionally, we included other plugins in the advisory that...
Categories: Open Source

Getting Started with Blue Ocean's Visual Pipeline Editor

Thu, 04/06/2017 - 02:00
This is a guest post by Liam Newman, Technical Evangelist at CloudBees. Blue Ocean is a new user experience for Jenkins, and version 1.0 is now live! Blue Ocean makes Jenkins, and continuous delivery, approachable to all team members. In my previous post, I explained how to install Blue Ocean on your local Jenkins instance and switch to using Blue Ocean. As promised, here’s a screencast that picks up where that post left off. Starting from a clean Jenkins install, the video below will guide you through creating and running your first Pipeline in Blue Ocean with the Visual Pipeline Editor. Please Enjoy! In my next video, I’ll go over...
Categories: Open Source

Getting Started with Blue Ocean

Wed, 04/05/2017 - 02:00
This is a guest post by Liam Newman, Technical Evangelist at CloudBees. Welcome to Blue Ocean 1.0! In case you’ve been heads down on other projects for the past 10 months, Blue Ocean is a new user experience for Jenkins, and version 1.0 was released today! Blue Ocean makes Jenkins, and continuous delivery, approachable to all team members. I’ve been working with it for the past several months, and I can tell you it is amazing. I wish all the interactions with Jenkins were as easy as this: 10 minutes to Blue Ocean Blue Ocean is simple to install and will work on basically any Jenkins 2 instance (version 2.7 or...
Categories: Open Source

Say hello to Blue Ocean 1.0

Wed, 04/05/2017 - 02:00
Back in May 2016 we announced our intent to rethink the Jenkins User experience with the Blue Ocean project and today the Jenkins project are pleased to announce the general availability of Blue Ocean 1.0. Blue Ocean is an entirely new, modern and fun way for developers to use Jenkins that has been built from the ground up to help teams of any size approach Continuous Delivery. Easily installed as a plugin for Jenkins and integrated with Jenkins Pipeline, it is available from today for production use. Since the start of the beta at Jenkins World 2016 in September there are now over 7400+ installations making use of Blue...
Categories: Open Source

The State of Jenkins - 2016 Community Survey

Fri, 03/24/2017 - 02:00
This is a guest post by Bhavani Rao, Marketing Manager at CloudBees Last fall, prior to Jenkins World, CloudBees conducted a Community Survey. We received over 1200 responses, and thanks to this input, we have some interesting insights into how Jenkins users and their use of Jenkins are evolving. Based on the survey’s results, Jenkins is increasingly being used to support continuous delivery (CD). Adoption of Jenkins 2, which featured "Pipeline as code" and encouraged users to adopt Jenkins Pipeline, has skyrocketed to more than half of all Jenkins installations. Other data remained consistent with findings year-to-year, for example, the number of Jenkins users continues to increase and 90% of...
Categories: Open Source

Pipeline Workshop & Hackergarten @ ToulouseJAM Feedback

Tue, 03/21/2017 - 02:00
Earlier this month, a full-day event about Jenkins Pipeline was organized in Toulouse, France with the Toulouse JAM. After a warm-up on the previous Tuesday where Michaël Pailloncy had given a talk at the local Toulouse Devops user group about Jenkins Pipeline ecosystem, we were ready for more digging :-). The agenda We had planned the day in two parts: Morning would be a more driven workshop with slides & exercises to be completed Pizzas & beverages to split the day :-) Afternoon would be somehow like an Unconference, where people basically decide by themselves what they want to work on. We planned to have 30 attendees....
Categories: Open Source

Security updates for multiple Jenkins plugins

Mon, 03/20/2017 - 02:00
Multiple Jenkins plugins received updates today that fix several security vulnerabilities: Active Directory Distributed Fork Email Extension (Email-ext) Mailer SSH Slaves For an overview of what was fixed, see the security advisory. Additionally, we also published a security notice for the following plugin and recommend that users disable and uninstall it: Pipeline: Classpath Step This plugin is not part of the Pipeline suite of plugins, despite its name. It’s installed on just several hundred instances. Subscribe to the jenkinsci-advisories mailing list to receive important notifications related to Jenkins security....
Categories: Open Source

Blue Ocean Dev Log: March Week #3

Fri, 03/17/2017 - 02:00
We’re counting down the weeks until Blue Ocean 1.0, and we’re getting close! In this past week, the first release candidate has gone out to the Update Center, along with a new Pipeline Editor plugin. The Blue Ocean Pipeline Editor is its own plugin which integrates into Blue Ocean, so this was a coordinated release with Blue Ocean 1.0 rc1. Noteworthy this week: RC1 includes the Blue Ocean Pipeline Editor, which is integrates support for branch editing and saving the Pipeline back to GitHub (also referred to as "round-tripping"). Many dependencies have been upgraded Per-stage raw logs can be downloaded, this will be included in the next release. Editor design improvements Fixes for...
Categories: Open Source

FOSDEM 2017 Wrap-up

Thu, 03/16/2017 - 02:00
In early February numerous free and open source developers from around the world traveled to Brussels, Belgium, for arguably the largest event of its kind: FOSDEM. Among the thousands of hackers in attendance were a dozen or so Jenkins contributors. We have attended the event in the past, but this year we had a blizzard of activity spanning four days around the FOSDEM weekend. Figure 1. City Hall, photo by Kohsuke Kawaguchi One of our "accidental traditions" has become a happy hour the Friday night before FOSDEM truly begins at Cafe Le Roy d’Espagne on Grand Place right in the middle of Brussels. Conveniently located a few hundred meters away from...
Categories: Open Source

Blue Ocean Dev Log: March Week #2

Fri, 03/10/2017 - 02:00
We’re counting down the weeks until Blue Ocean 1.0. This week was one of continuing consolidation and polish. We also released b25 (beta #25), a collectors edition. The next version we will likely release will be a release candidate (RC). The b25 release however contained a number of fixes and features, such as branch filtering. Some other updates of note from this past week: Updated a bunch of dependencies around Pipeline and fixed a whole lot of long standing bugs. Some work went on to make acceptance tests run on varied browsers via Sauce Labs thanks to @halkeye! The Blue Ocean Pipeline Editor had its Save to SCM/GitHub functionality merged to master branch....
Categories: Open Source