
Each section covers the upgrade from the previous LTS release, the section on 2.516.1 covers the upgrade from 2.504.3.
With the release of 2.516.1, the Jenkins header has been redesigned for a more modern look and feel.
The updated header now includes the Manage Jenkins link, which was previously located in the left navigation pane, as well as dropdown menus for additional actions and user management options. Plugins such as Support Core and Design Library will now be added to the More Actions menu, providing a centralized location for plugin-specific actions.
The top navigation now features direct links to various actions and areas of the pipeline, branch, job, and more.
Jenkins' own user database no longer supports creating new passwords longer than 72 bytes (UTF-8), which is the maximum length supported by the bcrypt password hashing function it uses. This length corresponds to 72 basic ASCII characters, 24 - 36 CJK characters, or 18 emoji.
Existing passwords longer than 72 bytes can still be used to log in. Users with longer passwords are advised to change their password to be at most 72 bytes, while choosing from a larger character set to achieve the same complexity.
Note that this limit does not apply when operating in FIPS-140 mode.
New jobs no longer create an empty legacyIds
marker file in the builds directory.
Existing legacyIds
files are deleted upon upgrade to reduce inode usage.
No action is required when upgrading from a version prior to 2.516.1.
On the first startup after upgrading, you will see an info log: hudson.model.Job#onLoad: Deleting legacyIds file in /…/JENKINS_HOME/jobs/my-job/builds. See [JENKINS-75465](https://issues.jenkins.io/browse/JENKINS-75465) for more information.
.
However, if you decide to downgrade after upgrading, you should manually create the legacyIds
file in the builds directory to prevent a potential slow startup.
This is because the older version will perform migration checks when the file is missing.
For reference, refer to this CloudBees knowledge base workaround bash script.
As of Jenkins 2.516.1, the configuration as code entry for myViewsTabBar
is deprecated.
Each user can now select one of the implementations of ViewsTabBar
to be used for the My Views dashboard.
submit.jelly
The button element in submit.jelly
now includes a value attribute to handle form submissions better.
Plugins that rely on an empty string as the value of the submit button for POST requests must be updated to instead use the displayed value of the button.
The jbcrypt
library has been removed from Jenkins.
Users of the Active Directory plugin must update to version 2.40 before upgrading to Jenkins 2.516.1.
SameSite
attribute is set for HTTP cookiesThe SameSite
attribute is set for HTTP cookies to provide additional protection from some CSRF vulnerabilities when running with the default Jetty container (java -jar jenkins.war
).
By default this sets the attribute to Lax
.
This can be changed by setting the Java system property jenkins.security.JettySameSiteCookieSetup.sameSiteDefault
.
Users of the Microsoft Entra ID (previously Azure AD) Plugin should update the plugin to version 580.v2f665882b_a_71 or newer before upgrading to Jenkins 2.516.1.