Mark Waite
Mark is a member of the Jenkins governing board, a long-time Jenkins user and contributor, a core maintainer, and maintainer of the git plugin, the git client plugin, the platform labeler plugin, the embeddable build status plugin, and several others. He is one of the authors of the "Improve a plugin" tutorial.
Many new contributors may hesitate to contribute to a Jenkins plugin. They may be concerned that the time commitment is too great. They may be worried that they lack the technical skills to maintain a plugin. They may not feel adequate to handle issues related to a Jenkins plugin. This blog post introduces the "Improve a plugin" developer tutorial for new contributors. The tutorial is...
For the first time in three years, the Jenkins community and Jenkins users will be united at DevOps World 2022 on September 27-29, 2022 in beautiful Orlando, Florida. (It really is a magical place.) Following Jenkins' recent move to Java 11 and significant security advisories for plugin users, the Jenkins community has the opportunity to come together to discuss Jenkins success...
Open source software has changed software development. Companies readily use open source as a key part of their software development and delivery. Open source operating systems dominate cloud computing operating systems. Open source JavaScript libraries and frameworks like Angular, Vue.js, and React are key components in web applications. Open source Java libraries and frameworks like Spring Framework, Spring Boot, Hibernate, and Grails provide effective...
The Jenkins infrastructure team has extended the reach of the ci.jenkins.io agents. We’re grateful that DigitalOcean has donated $2760 to the Jenkins project. The donation has allowed us to run jobs from ci.jenkins.io on an additional cluster hosted by DigitalOcean. Easy setup We defined a new Kubernetes cluster on DigitalOcean with the DigitalOcean Terraform provider. The infrastructure is defined as code in our DigitalOcean infrastructure...
The She Code Africa Contributhon started April 5, 2022. The She Code Africa Contributhon is a boot camp where African women are paid to work with open source organizations on selected projects with dedicated mentors. This program aims to create a more diverse, inclusive, and innovative culture within the African open source ecosystem by matching African women in technology with sponsor and...
A remote code execution vulnerability has been identified in the Spring Framework. This vulnerability is identified as CVE-2022-22965. Spring officially reacted early in an early announcement. SpringShell in Jenkins Core and Plugins The Jenkins security team has confirmed that the Spring vulnerability is not affecting Jenkins Core. There is no impact because we are using Stapler as a servlet, and neither Spring MVC nor Spring...
Special thanks from the Jenkins project to users and contributors with the New Year! Let’s take a look at some changes this year. Highlights Major events including Google Summer of Code, Hacktoberfest, She Code Africa Contributhon, and three Contributor Summits Strong support from new and continuing Sponsors Core features for configuration form modernization, upgrades to key dependencies, continuous delivery for plugins, and Java 11 as...
10 years ago, the Jenkins ruby-runtime was first released. It was an experiment to let plugins be written in ruby but still get integrated into the main Java Virtual Machine runtime with help of JRuby. A similar extension was made to allow plugins to be written in Python but still integrated into the Java Virtual Machine with Jython. Over the years though, the experiments...
A critical security vulnerability has been identified in the popular "Apache Log4j 2" library. This vulnerability is identified as CVE-2021-44228. Log4j in Jenkins The Jenkins security team has confirmed that Log4j is not used in Jenkins core. Jenkins plugins may be using Log4j. You can identify whether Log4j is included with any plugin by running the following Groovy script in the Script Console: org.apache.logging.log4j.core.lookup.JndiLookup.class.protectionDomain.codeSource If this results...