Back to changelogs
Changelog for 2.138.2
October 10, 2018
Looking to upgrade?
Check the Upgrade Guide for assistance
Security
Important security fixes.
security advisory
Major enhancement
Security hardening: Escape variables in Jelly views by default.
announcement blog post
,
LTS upgrade guide
,
list of affected plugins
Major bug fix
Update Winstone-Jetty from 4.4 to 5.0 to fix HTTP/2 support and threading problems on hosts with 30+ cores.
JENKINS-53239
,
JENKINS-52804
,
JENKINS-51136
,
JENKINS-52358
Enhancement
Security hardening related to Stapler routing.
SECURITY-595 in the 2018-12-05 security advisory
Security hardening related to HTTP verb restrictions for web methods.
Extend anonymous usage statistics with information about applied security fix escape hatches.
JEP-214
Bug fix
Fix a thread safety issue when creating multiple nodes in parallel.
JENKINS-53401
Nested
f:repeatable
/
f:repeatableProperty
form elements inherited
minimum
when they shouldn't.
JENKINS-37599