Changelog

Major enhancement

Revamp the layout and icons of the header bar and breadcrumbs. Instances with plugins that depend on details of the Jenkins layout (e.g. Simple Theme Plugin) may experience UI/layout problems. A new experimental header color scheme can be enabled by setting the jenkins.ui.refresh system property to true. JENKINS-60920
Add globally configured build discarders that delete old builds not marked as "keep forever" even if there is no, or a less aggressive, per-project build discarder configured, executed periodically and after a build finishes. pull 4368
Move cloud configuration from Configure System into its own configuration form on the Manage Nodes page. pull 4339
Remove Enable Security checkbox in the Global Security configuration. JENKINS-40228
Remove the ability to disable CSRF protection. Instances upgrading from older versions of Jenkins will have CSRF protection enabled and the default issuer set if they currently have it disabled. pull 4509
Redesign password fields to prevent password auto-fill except for the login form. Reduce browsers offering to update stored passwords. Revert by setting the system property hudson.Functions.hidingPasswordFields to false. pull 3991
Deprecate the macOS native installer packaging. Jenkins macOS native installer deprecation
Remove old, deprecated, unsupported agent protocols Inbound TCP Agent Protocol/1, Inbound TCP Agent Protocol/2, and Inbound TCP Agent Protocol/3. Update Remoting from 3.36 to 4.2 to remove unsupported protocols and add WebSocket support. JENKINS-60381 , Remoting 3.40 release notes, Remoting 4.0 release notes, Remoting 4.0.1 release notes, Remoting 4.2 release notes
Add experimental WebSocket support. JEP-222, blog post
Extends the current milestones so plugins can update jobs and configuration during Jenkins initialization. Adds initialization milestones: SYSTEM_CONFIG_LOADED, SYSTEM_CONFIG_ADAPTED, JOB_CONFIG_ADAPTED. JENKINS-51856
Introduce a new experimental UI that can be enabled by setting the jenkins.ui.refresh system property to true. Currently it includes a new header color scheme, more changes to be added as a part of the UI/UX revamp. pull 4463, JENKINS-60920 , JEP-223, Jenkins UX SIG
Add a new experimental Overall/Manage permission which allows a user to configure parts of the global Jenkins configuration without having the Overall/Administer permission. This is an experimental feature, disabled by default, that can be enabled by setting the jenkins.security.ManagePermission system property to true. pull 4501, JENKINS-60266 , JEP-223
Add a new experimental Overall/SystemRead permission, which gives (almost) full read access to the Jenkins instance. The permission is disabled by default, install the Extended Read Permission plugin to activate it. pull 4506, JENKINS-12548 , JEP-224, Extended Read Permission plugin

Enhancement

The environment variable WORKSPACE_TMP may now be used from (non-Pipeline) builds to access a temporary directory associated with the build workspace. JENKINS-60634
Deprecate the Overall/RunScripts, Overall/UploadPlugins, and Overall/ConfigureUpdateCenter permissions. Permissions were announced as dangerous and disabled by default in major authorization plugins in 2017. Custom authorization strategy implementations that grant Overall/Administer without implying one or more of these three permissions will no longer work as expected. Configurations that grant any of these permissions to users without Overall/Administer will no longer work as expected. pull 4365, JENKINS-60266 , JEP-223, 2017-04-10 security advisory for Matrix Authorization plugin, 2017-04-10 security advisory for Role-Based Authorization plugin

Major bug fix

Fix NullPointerException when getting a list of runs with a status threshold (regression in 2.202). JENKINS-60884
User is no longer logged out when authenticating another user. JENKINS-59107

Bug fix

Winstone 5.9: Fix support of system logging customization (regression in 2.204.5) pull 4452, JENKINS-57888 , Winstone 5.9 changelog, Jetty 9.4.27 changelog

Changelog for 2.222.1