As per JEP-228’s abstract, the XStream serialization library is used to convert most of Jenkins and CloudBees CI’s configuration to and from XML. The XStream library was forked at the outset of Jenkins back when it was called Hudson. It has now been migrated back to the commonly maintained open source version of XStream. Full technical details are available at JEP-228: Unforking XStream.
Having severely out of date libraries in our code base triggers serious warnings during security scans. Moving away from the forked version of this library allows us to benefit from OSS contribution, which improves things like the functionality, performance and security profile of the feature.
A typical effect would be that existing settings would not be interpreted during load from a
config.xml and they would be displayed in
Manage Jenkins ->
Manage Old Data instead. If the configuration for that item was saved in this state, the settings might be written in a slightly different format which can be read back by the plugin running in the new version of Jenkins, but not by the plugin running in the old version of Jenkins, or by the corrected plugin, hence essentially the
config.xml data could be considered corrupted. A stack trace with
NoSuchMethodError may be thrown for
- CloudBees CI (CloudBees Core) - version 2.277.1.2
- CloudBees CI (CloudBees Core) on modern cloud platforms - Managed Master - version 2.277.1.2
- CloudBees CI (CloudBees Core) on modern cloud platforms - Operations Center - version 2.277.1.2
- CloudBees CI (CloudBees Core) on traditional platforms - Client Master - version 2.277.1.2
- CloudBees CI (CloudBees Core) on traditional platforms - Operations Center - version 2.277.1.2
- CloudBees Jenkins Platform - Client Master - version 2.277.1.2
- CloudBees Jenkins Platform - Operations Center - version 2.277.1.2
- Jenkins LTS - version 2.277.1
Many plugins have already been updated to be compatible with this change, if you are using any of these plugins on this list, ensure you upgrade them to at least the version listed in the table below before upgrading your Jenkins version:
If you are using a plugin that is not yet updated to be compatible, you could work to remove your usage of your plugin (for example, in a Pipeline build, is there a command line API you could call from a
sh step instead of using a plugin?), migrate to another plugin with similar or equivalent functionality that is updated, or check if there is an active plugin maintainer who could help. Clients can contact CloudBees Support with any questions about this. We also offer an Assisted Update program to help you with your update planning and testing.