Last week we hosted our first Hacksgiving event, a two-day virtual hackathon with a number of recorded sessions and plenty of pull requests submitted, I would say it was a success! I would like to thank everybody who took the time to watch, chat and present in the Hacker Hangout. Now that everybody has had time to recover from the turkey and travel, we have...

Next week in the US we have a national holiday where, generally speaking, lots of turkey gets converted into left-over turkey sandwiches. For many software developers the Thanksgiving holiday also represents a lull in project schedules, freeing up some time to hack on pet projects or even contribute to open source projects. Taking a cue from the Adopt a Plugin program that Daniel wrote about...

We just released Jenkins 1.638 and 1.625.2 which contain important security fixes, including a fix for the zero-day vulnerability published on Friday. Please see the security advisory for more information. Want to be kept up to date on Jenkins security releases, including advance notice on scheduled security updates? Subscribe to the jenkinsci-advisories mailing list!...

It is great to see the pick up of local activities through hosted JAMs. In October, the Jenkins community hosted Atlanta JAM and Bay Area JAM. Many thanks to our sponsors: Ericsson, CloudBees, Blazemeter, NetRoadShow. Here’s a summary of what was discussed: Atlanta JAM - Jenkins workflow and Docker to reduce friction in DevOps efforts. Bay Area JAM- Performance testing strategies, incorporating performance tests into Jenkins workflows...

Updated 2015-11-11 15:00 UTC: We have released Jenkins 1.638 and 1.625.2 which contain a fix for this vulnerability. See the security advisory for more information about these releases. Updated 2015-11-06 03:55 UTC: Included a updated mitigation script which doesn’t have a Jenkins boot race condition Earlier today we received numerous reports about a previously undisclosed "https://en.wikipedia.org/wiki/Zero-day_%28computing%29[zero day]" critical remote code execution vulnerability and exploit in Jenkins...

Preceding some of last week’s Jenkins 2.0 discussions, there had been some threads on whether we should move Jenkins to require Java 8. The introduction of Java 8 last year brought performance improvements and highly desirable API changes, which make developing Java-based applications (arguably) much easier than before. The release was followed earlier this year by the end-of-life announcement for Java 7; the writing...

With more than a thousand public plugins in the Jenkins community now, it should come as no surprise that some of them are no longer actively maintained. Plugin authors move on when they change jobs, or lose interest in the plugin, and that’s fine. Plugins are hosted on the Jenkins project infrastructure after all, and when a maintainer moves on, others can continue their...