Upgrading to Jenkins LTS 2.516.x

Each section covers the upgrade from the previous LTS release, the section on 2.516.1 covers the upgrade from 2.504.3.

Upgrading to Jenkins 2.516.1

Jenkins header redesign

With the release of 2.516.1, the Jenkins header has been redesigned for a more modern look and feel.

Jenkins header redesign

The updated header now includes the Manage Jenkins link, which was previously located in the left navigation pane, as well as dropdown menus for additional actions and user management options. Plugins such as Support Core and Design Library will now be added to the More Actions menu, providing a centralized location for plugin-specific actions.

New manage jenkins location in updated header. Additional actions available in updated header.

The top navigation now features direct links to various actions and areas of the pipeline, branch, job, and more.

Updated breadcrumb navigation bar in Jenkins header.

Utilize Spring Security for Jenkins' own user database passwords

Jenkins' own user database no longer supports creating new passwords longer than 72 bytes (UTF-8), which is the maximum length supported by the bcrypt password hashing function it uses. This length corresponds to 72 basic ASCII characters, 24 - 36 CJK characters, or 18 emoji.

Existing passwords longer than 72 bytes can still be used to log in. Users with longer passwords are advised to change their password to be at most 72 bytes, while choosing from a larger character set to achieve the same complexity.

Note that this limit does not apply when operating in FIPS-140 mode.

Remove RunIdMigrator

New jobs no longer create an empty legacyIds marker file in the builds directory. Existing legacyIds files are deleted upon upgrade to reduce inode usage.

No action is required when upgrading from a version prior to 2.516.1. On the first startup after upgrading, you will see an info log: hudson.model.Job#onLoad: Deleting legacyIds file in /…​/JENKINS_HOME/jobs/my-job/builds. See [JENKINS-75465](https://issues.jenkins.io/browse/JENKINS-75465) for more information..

However, if you decide to downgrade after upgrading, you should manually create the legacyIds file in the builds directory to prevent a potential slow startup. This is because the older version will perform migration checks when the file is missing. For reference, refer to this CloudBees knowledge base workaround bash script.

Views tab now configurable per user

As of Jenkins 2.516.1, the configuration as code entry for myViewsTabBar is deprecated. Each user can now select one of the implementations of ViewsTabBar to be used for the My Views dashboard.

Value attribute added to button element in submit.jelly

The button element in submit.jelly now includes a value attribute to handle form submissions better. Plugins that rely on an empty string as the value of the submit button for POST requests must be updated to instead use the displayed value of the button.

Remove jbcrypt library

The jbcrypt library has been removed from Jenkins. Users of the Active Directory plugin must update to version 2.40 before upgrading to Jenkins 2.516.1.

SameSite attribute is set for HTTP cookies

The SameSite attribute is set for HTTP cookies to provide additional protection from some CSRF vulnerabilities when running with the default Jetty container (java -jar jenkins.war). By default this sets the attribute to Lax. This can be changed by setting the Java system property jenkins.security.JettySameSiteCookieSetup.sameSiteDefault. Users of the Microsoft Entra ID (previously Azure AD) Plugin should update the plugin to version 580.v2f665882b_a_71 or newer before upgrading to Jenkins 2.516.1.