Each section covers the upgrade from the previous LTS release, the section on 2.462.1 covers the upgrade from 2.452.4.
The Apache Commons FileUpload library that Jenkins uses for file upload has been upgraded from 1.5 to 2.0 in preparation for the Spring Security 6.x upgrade.
Users of the SAML Single Sign On (SSO) (miniorange-saml-sp
) plugin should upgrade to a compatible version in lockstep with upgrading Jenkins core.
Users of the OpenText Application Automation Tools (hp-application-automation-tools-plugin
) plugin should wait for a compatible version before upgrading Jenkins core.
The "Disable project" link has been removed from the project (job) page. A project can be disabled from its "Configure" page.
Users that need frequent access to the "Disable project" button can restore it on the project page with the disable job button plugin.
The hudson.model.DirectoryBrowserSupport.allowAbsolutePath
system property that allows the Windows path traversal vulnerability escape hatch has been removed.
Users that rely on it will need to adapt their usage to no longer require the Windows path traversal vulnerability.
No other workaround is planned.
Refer to SECURITY-2481 for details.