CloudBees CI on traditional platforms 2.555.3.36983

Controllers sometimes need to contact the operations center to inspect folders and jobs on the operations center or other connected controllers. As of CloudBees CI 2.426.1.2, this mechanism was switched from remoting to using HTTP, to better support HA controllers, but a system property -Dcom.cloudbees.opscenter.client.plugin.RemoteDirectoryServiceImpl.useHttp=false was retained to permit switching back to the original implementation. This mode has been removed and the property is ignored if set.

When creating a new client controller item, WebSocket is now enabled by default for the connection to the operations center, requiring no special network configuration. WebSocket uses the standard HTTP or HTTPS port, and for deployments using Kubernetes Gateway API, it works with no additional configuration because Gateway API routes HTTP/HTTPS traffic through HTTPRoute resources. This does not affect new controllers defined via Configuration as Code.

A new administrative monitor detects jobs configured to discard artifacts from older builds without deleting the builds altogether, which can cause serious performance problems.

bat Pipeline steps would hang indefinitely on Windows agents connected via SSH after a controller restart. This requires the following variable to be set: -Dorg.jenkinsci.plugins.durabletask.WindowsBatchScript.USE_BINARY_WRAPPER=true

The Amazon EC2 plugin now uses a single SSH client to benefit from an NIO performance enhancement that reduces the number of threads created on controllers using the plugin, and prevents thread leaks when connection errors occur.

A coding pattern used in several administrative monitors present in HA controllers was prone to deadlocks and has been fixed. (An actual deadlock of this form was only observed in a newly introduced monitor prior to its release.)

During HA managed controller startup, replicas come online sequentially, coordinated by an exclusive lock on $JENKINS_HOME/.launching. In rare cases, if a replica was killed abruptly while holding this lock, NFSv3 may not have released it, leaving the lock held by a process that no longer existed. Any subsequent replica attempting startup would block indefinitely waiting to acquire the lock.

If an HA replica crashed while running a build and left behind a file lock that was not immediately released, another replica could have attempted to adopt it, failed to acquire the lock, and permanently given up. The cluster now repeatedly attempts to adopt the build, assuming the lock will eventually be released.

A LinkageError in the Bitbucket Branch Source plugin was caused by duplicate jackson-annotations classes shipped by both Jackson 2 API plugin and Jackson Annotations 2 API plugin.

When a Pipeline build running an sh (or bat or powershell) step is aborted, either directly by a user or in response to an event such as a timeout, the sh step should fail and the abort reason should propagate up to stop the build as a whole. Due to a race condition, if the user process happened to exit with code zero (success) within milliseconds of the abort request, the sh step could succeed and the build continued (potentially to success) and the abort was lost. Any abort received by the step now always fails the step, regardless of exit status or step configuration.

A managed controller is by default given 30 seconds to shut down upon receiving a termination signal. The User Activity Monitoring plugin was allowing up to five seconds to finish writing a single JSON file, which was excessive, especially since this data collection is best-effort. The timeout has been reduced by default to one second to ensure that other more critical shutdown processes have plenty of time to run.

The default fingerprint storage is not compatible with HA managed controllers, yet Jenkins credentials attempted to record build fingerprints by default. Aside from the files becoming potentially corrupt from concurrent access, this could be a performance bottleneck in high-volume builds. Therefore, HA managed controllers now default to -DCredentialsProvider.fingerprintEnabled=false.

When using multiple executors on a permanent agent in an HA controller and reducing the scale, background threads occasionally remained running after the scale-down. These threads appeared to indicate that stopping the extraneous executors had failed, when in fact there was no real issue, forcing the agent JVM to restart unnecessarily.

Previously, the expiring service account tokens monitor triggered expensive Role-Based Access Control permission checks on every folder during page load, causing timeouts on instances with many folders. This has been fixed.

Previously, the list of job instances failed to load when viewing a Multibranch Pipeline Template via the Pipeline Template Catalog folder path.

The Test SSH Connection validation button on shared agents configured with folder-scoped or restricted SSH credentials incorrectly reported credentials cannot be found.

Previously, JMX network policy rules in master-networkpolicy.yaml rendered with incorrect indentation, producing invalid YAML.

The Restart from stage build action was not loaded correctly on HA replicas after a Declarative Pipeline build completed. This caused the Restart from stage button to appear missing when viewing the build from a different replica than the replica it ran on.

Support for running CloudBees CI in Tomcat ended in October 2025. A support bundle component that counted HTTP worker threads was still checking for Tomcat configurations and has been simplified to check for Jetty only.

When you search for a specific plugin under the Available tab in the Operations center Plugin Manager, the search results show duplicate entries for the plugin.