RELEASED: Public: 2013-11-15
[RM-1600] Tightened security of Groovy/Jelly transformers (and JEXL computed attributes). You can either run a script in a sandbox (and then an administrator can use a link from Manage Jenkins to approve legitimate API usages), or ask an administrator to approve the whole script. (The sandbox option is available only for Groovy.)
serializeOption was broken in 1.483+ for classes defined in plugins.
[ZD-13975] When deciding whether a template name needs disambiguation, consider shadowing by displayName, not name.
See issues in beta 1.
Security system is not polished yet. When creating a job fails due to a security failure, in Jenkins prior to 1.541 a stack trace is printed. Initial allowlist for sandbox is very small and typical scripts will need many entries added. UI-based management of approvals is limited (for example you cannot yet edit existing allowlist grants). Formal documentation not yet available.