CHANGELOG-2.x.md

Remoting 2.x Changelog

❗ Below you can see changelogs for the obsolete Remoting 2.x baseline. This version only contains bugfixes and performance improvements. Current mainline is Remoting 3.x, changelogs are available here. There is no plan to release new versions of Remoting 2.x.

2.62.6

Release date: Jun 26, 2017

Fixed issues:

• JENKINS-41852 - Fix exported object pinning logic to prevent release due to the integer overflow. (PR #148)

2.62.5

Release date: Feb 01, 2017

Fixed issues:

• SECURITY-383 - Blacklist classes vulnerable to a remote code execution involving the deserialization of various types in javax.imageio.*, java.util.ServiceLoader, and java.net.URLClassLoader.

2.62.4

Release date: Nov 21, 2016

Fixed issues:

• JENKINS-25218 - Hardening of FifoBuffer operation logic. The change adds additional minor fixes to the original fix in remoting-2.54. (PR #100)

Improvements:

• JENKINS-39150 - Add logic for dumping diagnostics across all the channels. (PR #122, PR #125)
• JENKINS-39543 - Improve the caller/callee correlation diagnostics in thread dumps. (PR #119)
• JENKINS-39290 - Add the org.jenkinsci.remoting.nio.NioChannelHub.disabled flag for disabling NIO (mostly for debugging purposes). (PR #123)

2.62.3

Release date: (Nov 13, 2016) => Jenkins 2.19.3 LTS

• SECURITY-360 - Blacklist serialization of particular classes to close the Remote code execution vulnerability. (Commit #b7ac85ed4ae41482d9754a881df91d2eb86d047d)

2.62.2

Release date: (Oct 7, 2016) => Jenkins 2.19.3 LTS

Fixed issues:

• JENKINS-38539 - Stability: Turn on SO_KEEPALIVE and provide CLI option to turn it off again. (jenkinsci#110)
• JENKINS-37539 - Prevent NullPointerException in Engine#connect() when host or port parameters are null or empty. (jenkinsci#101)
• [CID-152201] - Fix resource leak in remoting.jnlp.Main. (jenkinsci#102)
• [CID-152200,CID-152202] - Resource leak in Encryption Cipher I/O streams on exceptional paths. (jenkinsci#104)

2.62

Release date: (Aug 14, 2016) => Jenkins 2.17, 2.19.1 LTS

Fixed issues:

• JENKINS-22853 - Be robust against the delayed EOF command when unexporting input and output streams. (jenkinsci#97)
• Fixed ~20 minor issues reported by FindBugs. More fixes to be delivered in future versions. (jenkinsci#96)

Enhancements:

• JENKINS-37218 - Performance: ClassFilter does not use Regular Expressions anymore to match String.startsWith patterns. (jenkinsci#92)
• JENKINS-37031 TcpSlaveAgentListener now publishes a list of supported agent protocols to speed up connection setup. (jenkinsci#93)

2.61

Release date: (Aug 5, 2016) => Jenkins 2.17, 2.19.1 LTS

Fixed issues:

• JENKINS-37140 - JNLP Agent connection issue with JNLP3-connect protocol when the generated encrypted cookie contains a newline symbols. (jenkinsci#95)
• JENKINS-36991 - Unable to load class when remote classloader gets interrupted. (jenkinsci#94)

Enhancements:

• Improve diagnostics for Jar Cache write errors. (jenkinsci#91)

2.60

Release date: (June 10, 2016) => Jenkins 2.9, 2.7.2

Fixed issues:

• JENKINS-22722 - Make the channel reader tolerant against Socket timeouts. (jenkinsci#80)
• JENKINS-32326 - Support no_proxy environment variable. (jenkinsci#84)
• JENKINS-35190 - Do not invoke PingFailureAnalyzer for agent=>master ping failures. (jenkinsci#85)
• JENKINS-31256 - hudson.Remoting.Engine#waitForServerToBack now uses credentials for connection. (jenkinsci#87)
• JENKINS-35494 - Fix issues in file management in hudson.remoting.Launcher (main executable class). (jenkinsci#88)

Enhancements:

• Ensure a message is logged if remoting fails to override the default ClassFilter. (jenkinsci#80)

2.59

Release date: (May 13, 2016) => Jenkins 2.4, 2.7.1

Enhancements:

• JENKINS-34819 - Allow disabling the remoting protocols individually. Works around issues like JENKINS-34121 (jenkinsci#83)

2.58

Release date: (May 11, 2016) => Jenkins 2.4, 2.7.1

Fixes issues:

• JENKINS-34213 - Ensure that the unexporter cleans up whatever it can each sweep. (jenkinsci#81)
• JENKINS-19445 - Force class load on UserRequest in order to prevent deadlock on windows nodes when using JNA and Subversion. (jenkinsci#82)

Enhancements:

• JENKINS-34808 - Allow user to adjust socket timeout in the channel reader. (jenkinsci#68)