Release notes for Version 3.0 and newer are published in GitHub Releases only.
- JENKINS-67311: Fix help button for table (#108)
- JENKINS-67210: Fix broken link to global security configuration from help (#106)
- JENKINS-66964: Fix button tooltips in configuration matrix (#107)
- JENKINS-66170: Apply table style when viewing in read-only mode (Extended Read permission). This fixes a regression in version 2.6.7.
- Internal: Moved JavaScript to resource files (#102)
- Internal: Migrate from RestartableJenkinsRule to JenkinsSessionRule (#101)
- SECURITY-2180: Ensure Item/Read is only granted it all ancestors grant it as well.
- JENKINS-64661: Do not break
properties
in the global Pipeline snippet generator.
- Compatibility with JEP-228 in Jenkins 2.266 and newer.
- JENKINS-56109: Make the plugin compatible with new form layout in Jenkins 2.264 and newer.
- Open links from job, folder, and agent configurations to the Global Security Configuration in a new window.
- Internal: Parent POM update, make test assertions compatible with JEP-295
- Fix SECURITY-1909
- JENKINS-62202: Fix regression introduced in 2.6 that disabled per-job/folder/agent configuration UI for users without Overall/Administer.
- Increase minimum required Jenkins version to 2.222.1.
- Remove support for setting "dangerous permissions" as they are deprecated from Jenkins 2.222.x anyway. (Jenkins LTS upgrade guide, SECURITY-410 in the 2017-04-10 security advisory)
- Add support for Overall/System Read permission (global configuration is rendered with disabled checkboxes).
- JENKINS-36625: Allow wrapping long user and group names to limit width of the configuration table.
- Internal: Parent POM update, update test dependencies (Pipeline: Groovy Plugin, JCasC test harness).
- Fix SECURITY-1909 (backport)
- JENKINS-58703:
Creating items through the remote API (
createItem
) could result in duplicate XML elements. - JENKINS-54568:
Make
authorizationMatrix
work in declarative snippet generator. - JENKINS-46914: Better indicate implied permissions in the checkbox grid by disabling implied permission checkboxes.
- JENKINS-47885: Make node property work in Kubernetes (and old versions of Docker) Plugin templates.
- Move plugin documentation from the Jenkins wiki to GitHub.
- JENKINS-57313: Fix a bug introduced in 2.4 that could result in exception error messages shown on the configuration page when permissions are assigned to valid user accounts that have never logged in to Jenkins.
- Fix a bug introduced in 2.4 that could prevent agent configurations from being loaded
- Increase core dependency from 2.60.1 to 2.138.3
- Configuration as Code compatibility: Integrate configurators for global and agent permissions.
- Job DSL compatibility: Add support for configuring folder permission inheritance using
authorizationMatrix
symbol - Job DSL compatibility: Allow setting permissions using user-friendly names like Overall/Read
- Fix a minor UI glitch on job configuration pages
- JENKINS-52167: Rotate column headers in Google Chrome
- JENKINS-47424: Don't show 'Implied by' note for the Overall/Administer permission
- JENKINS-28668: Use a modal dialog to add users/groups to the list to prevent accidental form submissions
- JENKINS-47885: Work around a JavaScript error in the Configure Jenkins form when the Kubernetes plugin is installed.
- Improve performance of permission checks for internal SYSTEM user.
- Do not show a warning on Jenkins startup when the Folders Plugin is not installed.
- JENKINS-47412: Fix a bug introduced in 2.0 that prevented creation of new agents via the UI.
Note for users of version 2.0-beta-3: There have been no changes since that release.
- This release requires Jenkins 2.60.1 or newer as it makes extensive use of Java 8 features (and there's currently no way to declare a minimum needed Java version other than to depend on a core that requires that Java release).
- This release uses a new on-disk format for permissions inheritance options. Existing options will be retained when upgrading, but downgrading to older versions may result in failures to load job or folder permission data, or different (typically additional) permissions being granted after the downgrade.
- Support for loading permissions last saved before Jenkins 1.300 (April 2009) has been dropped from this release.
- Flexible permission inheritance options
- This replaces the 'blocks inheritance' feature implemented in version 1.2. The on-disk storage format has changed to support this.
- Ensure that even "blocking inheritance" does not block administrator access. (JENKINS-24878)
- Improve wording of inheritance options and include inline explanation about the effects. (JENKINS-39409)
- Allow configuring per-agent permissions. This allows e.g. restricting per-agent build permissions when using the Authorize Project plugin (JENKINS-46654)
- Prevent accidental lockouts and unexpected lack of permissions
- Improvement: When submitting a global matrix auth configuration that does not specify an administrator (often happening in accidental/premature form submissions), give the submitting user Administer permission. Note that this could mean that the 'anonymous' may still have admin permission if the form is submitted as an anonymous user. (JENKINS-46832 / JENKINS-10871)
- Bug: Ensure that users creating a new job, folder, or node have read and configure access when using the project-based matrix authorization strategy. (JENKINS-5277)
- Bug: Save the global security configuration after granting administer permission to the first user to sign up. (JENKINS-20520)
- Bug: Ensure 'empty' matrix permission configurations can be loaded in case this is needed (e.g. programmatically defined). The fix for JENKINS-10871 will prevent this from happening accidentally. (JENKINS-9774)
- Bug: When using container-based authentication and project-based matrix authorization, permissions granted to groups in items inside folders only may not have been granted to members of those groups.
- UX improvements for the matrix configuration table
- Improvement: Indicate whether a permission is implied by another permission in the tool tip, and also indicate when a permission is not implied by Overall/Administer (which is unusual). (JENKINS-32506)
- Improvement: Show the full name of the user, if found, instead of the user ID. The user ID is available in the tool tip. (JENKINS-14563)
- Improvement: Always list the 'authenticated' group, list it and 'anonymous' first, and give both of them friendly localizable display names (JENKINS-30495)
- Improvement: Improve usability of large permission tables: Add tool tips for permission checkboxes indicating the user ID and permission involved, and add tool tips indicating affected user/group for the actions to the right of table rows. (JENKINS-26824)
- Add support for use in the
properties()
pipeline step. For usage example, see the snippet generator. (JENKINS-34616) - Bug: Support case sensitivity for per-folder permissions as well, was missed in 1.7. (JENKINS-23805)
- Bug: Prevent
NullPointerException
getting logged when a matrix auth config form is viewed. (JENKINS-46190) - Use PNG icons with transparent background rather than GIF with white background.
- Major internal cleanup and code simplification
- Drop support for data migration (Item.Read permission) from Jenkins 1.300 and earlier
- Drop support for loading project-based matrix permissions last saved before September 2008
- New Feature: Add support for use in the
properties()
pipeline step. For usage example, see the snippet generator. (JENKINS-34616)
- Fix regression in 2.0-beta-1 that broke compatibility with Role-based Authorization Strategy Plugin (role-strategy). (JENKINS-46923)
- Fix regression in 2.0-beta-1 that made permission tool tips disappear in job, folder, and node property configuration forms.
- Fix regression in 2.0-beta-1 that showed permission group table cells in the config form for groups that did not apply to the current job, folder, or node property.
- Use PNG icons with transparent background rather than GIF with white background.
- Fix label of node property introduced in 2.0-beta-1.
- Show user IDs in tooltips for checkboxes and buttons in newly added rows.
- Internal refactoring to reduce code duplication.
- Restrict external use of some APIs newly introduced since 1.7.
- Most of the features and fixes that made it into version 2.0.
-
JENKINS-44665 Select All/None buttons rather than a button to invert.
-
JENKINS-23805 Support case sensitivity modes of the security realm.
- JENKINS-29815 Add the same tick-box to disable inheritance of global permissions to Folders as already existed for Projects.
- SECURITY-410: plugin allowed configuration of dangerous permissions. See advisory for details.
- Stack trace displayed on startup with Folders plugin disabled or missing.
- Better display of unrecognized usernames in configuration matrix.
- Stack trace displayed when attempting to configure authorization property on a folder.
- Moved forgotten resource from the Folders plugin. Also now forces the Icon Shim update.
- Inverted dependency so this plugin now depends on the CloudBees Folders Plugin. If you accept this update, you must also update the Icon Shim Plugin (to 2.0.3 or later).
- Extended diagnostic fix made in 1.1.
- Silently ignore unknown permissions instead of throwing an
IllegalArgumentException
. - JENKINS-29527 Fixed bug in inheritance blocking.
- JENKINS-31860
ClassCastException
when used with multibranch projects.
- Allow a job to not inherit from global ACL (JENKINS-10593)
- Using an extension point in Jenkins 1.535.
- Better diagnosis for a form-related error.
- Split from Jenkins core.