❗ Below you can see changelogs for the obsolete Remoting 2.x
baseline.
This version only contains bugfixes and performance improvements.
Current mainline is Remoting 3.x
, changelogs are available here.
There is no plan to release new versions of Remoting 2.x.
Release date: Jun 26, 2017
Fixed issues:
- JENKINS-41852 - Fix exported object pinning logic to prevent release due to the integer overflow. (PR #148)
Release date: Feb 01, 2017
Fixed issues:
- SECURITY-383 -
Blacklist classes vulnerable to a remote code execution involving the deserialization of various types in
javax.imageio.*
,java.util.ServiceLoader
, andjava.net.URLClassLoader
.
Release date: Nov 21, 2016
Fixed issues:
- JENKINS-25218 -
Hardening of FifoBuffer operation logic. The change adds additional minor fixes to the original fix in
remoting-2.54
. (PR #100)
Improvements:
- JENKINS-39150 - Add logic for dumping diagnostics across all the channels. (PR #122, PR #125)
- JENKINS-39543 - Improve the caller/callee correlation diagnostics in thread dumps. (PR #119)
- JENKINS-39290 -
Add the
org.jenkinsci.remoting.nio.NioChannelHub.disabled
flag for disabling NIO (mostly for debugging purposes). (PR #123)
Release date: (Nov 13, 2016) => Jenkins 2.19.3 LTS
- SECURITY-360 - Blacklist serialization of particular classes to close the Remote code execution vulnerability. (Commit #b7ac85ed4ae41482d9754a881df91d2eb86d047d)
Release date: (Oct 7, 2016) => Jenkins 2.19.3 LTS
Fixed issues:
- JENKINS-38539 - Stability: Turn on SO_KEEPALIVE and provide CLI option to turn it off again. (#110)
- JENKINS-37539 -
Prevent
NullPointerException
inEngine#connect()
when host or port parameters arenull
or empty. (#101) - [CID-152201] -
Fix resource leak in
remoting.jnlp.Main
. (#102) - [CID-152200,CID-152202] - Resource leak in Encryption Cipher I/O streams on exceptional paths. (#104)
Release date: (Aug 14, 2016) => Jenkins 2.17, 2.19.1 LTS
Fixed issues:
- JENKINS-22853 - Be robust against the delayed EOF command when unexporting input and output streams. (#97)
- Fixed ~20 minor issues reported by FindBugs. More fixes to be delivered in future versions. (#96)
Enhancements:
- JENKINS-37218 -
Performance:
ClassFilter
does not use Regular Expressions anymore to matchString.startsWith
patterns. (#92) - JENKINS-37031
TcpSlaveAgentListener
now publishes a list of supported agent protocols to speed up connection setup. (#93)
Release date: (Aug 5, 2016) => Jenkins 2.17, 2.19.1 LTS
Fixed issues:
- JENKINS-37140 - JNLP Agent connection issue with JNLP3-connect protocol when the generated encrypted cookie contains a newline symbols. (#95)
- JENKINS-36991 - Unable to load class when remote classloader gets interrupted. (#94)
Enhancements:
- Improve diagnostics for Jar Cache write errors. (#91)
Release date: (June 10, 2016) => Jenkins 2.9, 2.7.2
Fixed issues:
- JENKINS-22722 - Make the channel reader tolerant against Socket timeouts. (#80)
- JENKINS-32326 - Support no_proxy environment variable. (#84)
- JENKINS-35190 - Do not invoke PingFailureAnalyzer for agent=>master ping failures. (#85)
- JENKINS-31256 -
hudson.Remoting.Engine#waitForServerToBack
now uses credentials for connection. (#87) - JENKINS-35494 -
Fix issues in file management in
hudson.remoting.Launcher
(main executable class). (#88)
Enhancements:
- Ensure a message is logged if remoting fails to override the default
ClassFilter
. (#80)
Release date: (May 13, 2016) => Jenkins 2.4, 2.7.1
Enhancements:
- JENKINS-34819 - Allow disabling the remoting protocols individually. Works around issues like JENKINS-34121 (#83)
Release date: (May 11, 2016) => Jenkins 2.4, 2.7.1
Fixes issues:
- JENKINS-34213 - Ensure that the unexporter cleans up whatever it can each sweep. (#81)
- JENKINS-19445 - Force class load on UserRequest in order to prevent deadlock on windows nodes when using JNA and Subversion. (#82)
Enhancements:
- JENKINS-34808 - Allow user to adjust socket timeout in the channel reader. (#68)