1251.vfe552ed55f8d

👷 Changes for plugin developers

• Replace Prototype.js with native JavaScript (#501) @basil

📦 Dependency updates

• Bump plugin from 4.62 to 4.65 (#507) @dependabot
• Bump plugin from 4.61 to 4.62 (#499) @dependabot
• Bump plugin from 4.60 to 4.61 (#497) @dependabot

1244.ve463715a_f89c

🐛 Bug fixes

• Bump groovy-sandbox from 1.32 to 1.33 (#495) @dependabot
  • JENKINS-70080: Fixes VerifyError when using compound assignment operators in sandboxed Groovy scripts
  • jenkinsci/groovy-sandbox#59: Fixes MissingPropertyException for closure parameters when using closures in loop condition expressions in sandboxed Groovy scripts

👻 Maintenance

• Use SpotBugs null annotation (#492) @basil
• Add missing nullability annotations (#472) @offa
• Migrate to Spring Security (#470) @offa

📦 Dependency updates

• Bump plugin from 4.54 to 4.60 (#494) @dependabot
• Bump git-changelist-maven-extension from 1.4 to 1.6 (#490) @dependabot
• Bump to 2.361.x (#488) @jglick

1229.v4880b_b_e905a_6

🔒 Security

• Fix SECURITY-3016

1228.vd93135a_2fb_25

🐛 Bug fixes

• Fix interception of return statements in closures in sandboxed Groovy scripts (#479) @dwnusbaum

👻 Maintenance

• Reduce reflection in SecureGroovyScript (#478) @basil
• Override getCategory() instead of getCategoryName() (#473) @offa
• Replace deprecated RUN_SCRIPTS with ADMINISTER permission (#471) @offa

📦 Dependency updates

• Bump bom-2.346.x from 1382.v7d694476f340 to 1742.vb_70478c1b_25f (#480) @dependabot

1218.v39ca_7f7ed0a_c

🐛 Bug fixes

• JENKINS-42214 - Prevent the Groovy sandbox from using invalid signatures when static class members are accessed via objects instead of class references (e.g. new String().valueOf(...) instead of String.valueOf(...)) (#298) @dwnusbaum
  • ⚠️ If you had previously approved an invalid signature due to this bug, any code that uses that signature will fail after the update, and the correct signature will need to be approved by a Jenkins administrator

1209.v50b_005db_19db

👷 Changes for plugin developers

• Workaround for JDK-8231454 on Java 11 is no longer necessary as of 11.0.17 (#459) @basil

👻 Maintenance

• Code cleanup (#423) @offa
• SpotBugs fix (#468) @jglick

🚦 Tests

• Add Java 17 to test matrix (owner-filed) (#467) @jglick
• Never try to treat URL.path as a file path (#465) @jglick

📦 Dependency updates

• Bump plugin from 4.47 to 4.50 (#463) @dependabot

1190.v65867a_a_47126

🔒 Security

• Fix SECURITY-2564

1189.vb_a_b_7c8fd5fde

🐛 Bug fixes

• JENKINS-69899 - Do not visit EmptyExpression when transforming fields declared using @Field (#457) @dwnusbaum

1184.v85d16b_d851b_3

🔒 Security

• Fix SECURITY-2824
  • Pipeline: Groovy Plugin must be updated to 2803.v1a_f77ffcc773 simultaneously to avoid API incompatibility issues

1183.v774b_0b_0a_a_451

🐛 Bug fixes

• Adapt generic-whitelist to handle addition of String#stripIndent method in Java 15 (#453) @steven-aerts

📦 Dependency updates

• Bump plugin from 4.40 to 4.47 (#451) @dependabot
• Bump git-changelist-maven-extension from 1.3 to 1.4 (#439) @dependabot
• chore: use jenkins infra maven cd reusable workflow (#427) @jetersen