v1.29 🌈

🐛 Bug Fixes

• Secret sources get initialized too late (#1006) @Smasherr

📦 Dependency updates

• Bump snakeyaml from 1.23 to 1.25 (#1000) @dependabot
• Bump netty-codec-http from 4.1.17.Final to 4.1.39.Final (#1001) @dependabot
• Bump netty-handler from 4.1.17.Final to 4.1.39.Final (#999) @dependabot
• Bump maven-shade-plugin from 2.3 to 3.2.1 (#1002) @dependabot
• Bump checkstyle from 8.17 to 8.18 (#1009) @dependabot
• remove vault-java-driver dependency inside plugin (#1008) @Casz

👻 Maintenance

• reduce Travis builds to master and pull requests (#1007) @Casz
• switch POM URL to point at GitHub (#1004) @Casz
• add dependencies label (#1005) @Casz

v1.28 🌈

🚨 Removed

• Moved vault secret source resolver to hashicorp vault plugin (#970) @Casz

📝 Documentation updates

• Fix broken sonar config (#996) @yogeek
• Add known JCasC extensions to readme (#995) @Casz
• Remove the JCasC: Support plugin reference from the seed job documentation (#988) @Casz
• Listed External Workspace Manager in yaml demos (#985) @BenjaminBeggs

👻 Maintenance

• add breaking change label (#1003) @Casz
• Enable Dependabot for the repository (#998) @oleg-nenashev
• JENKINS-45740 - Inject plugin changelog and logo URLs into the plugin manifest (#989) @oleg-nenashev
• Added dev-tools label for the Community Bridge project (#993) @sladyn98
• Add @timja and @oleg-nenashev to the list of maintainers in the plugin metadata (#990) @oleg-nenashev
• report coverage to codacy (#981) @Casz
• Fix codacy issues (#977) @Casz

v1.27 🐛

See the Jenkins security advisory here. This is a follow-up to the security fixes in 1.25.

🐛 Bug Fixes

• SECURITY-1497 / CVE-2019-10367 - Prevent exposing secrets as plain text by DataBoundConfigurator in System logs when loading configs

v1.26 🌈

🚨 Removed

• Remove dependency on the interpolatd library which is no longer used after 1.25 (#972) @oleg-nenashev

🚀 New features and improvements

• Reduce logging level for JCasC YAML loading messages (#975) @oleg-nenashev

📝 Documentation updates

• Document the YAML export feature and security considerations (#969) @oleg-nenashev
• Update @since in Javadoc for newly introduced APIs (#974) @oleg-nenashev
• Update the mailer-plugin demo (#971) @h1dden-da3m0n
• Issue #965 - Remove the obsolete plugin management section from the JCasC reference generator screenshot (#966) @agarthetiger

👻 Maintenance

• Add IDEA code styles to align IDE with Checkstyle requirements (#978) @Casz
• Simplify the pull request template and update the checklist (#973) @oleg-nenashev

v1.25 🐛

Important security fixes, see the Jenkins security advisory here. This release might be incompatible with previous ones for some use-cases, documentation and mitigation are available below.

🐛 Bug Fixes

• SECURITY-1279 / CVE-2019-10343 - Prevent exposing secrets from some plugins as plain text in System logs when loading configs. @oleg-nenashev
  • Known affected plugin configurations: password for UsernamePasswordCredentialsImpl from the Credentials plugin, private key for BasicSSHUserPrivateKey from the SSH Credentials plugin, SMTP password in the Mail Ext Plugin
• SECURITY-1290 / CVE-2019-10344 - Do not allow users without Overall/Administer permission to access instance-specific documentation and JSON schema. @varyvol
• SECURITY-1446 / CVE-2019-10362 - Escape Jenkins system configuration variables to prevent their resolution when importing configs. @fcojfernandez @oleg-nenashev
  • See the documentation here
• SECURITY-1458 / CVE-2019-10363 - Prevent exposing secrets from some plugins as plain text in exported YAMLs. @oleg-nenashev
  • Known affected plugin configurations: password in the SGE Cloud Plugin

💥 Breaking changes

• Jenkins admins might need to review the configuration YAML files and to manually escape Jenkins internal variable expressions. See the documentation here
• If anonymous API access is used to access configuration specification or JSON Schema,
  Jenkins admins need to reconfigure the client logic to authenticate as users
  with administrative access (e.g. using an access token)

🚦 Tests

• SECURITY-1303 / CVE-2019-10345 - Add integration test to verify the fix @oleg-nenashev
• Add LoggerRule asserts to io.jenkins.plugins.casc.misc.Util @oleg-nenashev
• Add exportToString() method for YAML export tesing to JenkinsConfiguredWithCodeRule @oleg-nenashev

v1.24 🌈

🚀 New features and improvements

• Data Bound Configurator: Pass empty collections to mandatory fields when the attribute is not specified in configuration YAMLs (#950) @AbhyudayaSharma
• Data Bound Configurator: Take the @ParametersAreNonnullByDefault annotation into account when resolving mandatory fields. Supported scopes: class, package and method (#950) @AbhyudayaSharma
• Print warning when a secret variable cannot be resolved during import (#957) @oleg-nenashev
• Allow Data Bound Configurator to convert and export Sets (#943) @AbhyudayaSharma

🐛 Bug Fixes

• Prevent NumberFormatException in system log when exporting the JSON schema (#945) @varyvol

👻 Maintenance

• Add an issue template for questions and support requests (#952) @oleg-nenashev

🚦 Tests

• JENKINS-52906 - Update JIRA Plugin test dependency to verify the JCasC compatibility and support writing roundtrip tests (#956) @oleg-nenashev
• Fix ToolDefaultPropertiesExportBlacklistTest#export_tool_configuration() when building the plugin on Windows (#946) @Casz

v1.23 🌈

🚀 New features and improvements

• support multi-line string export using literal style (#941) @Casz
• Allow partial selection in export viewer. (#936) @rudolfwalter

🐛 Bug Fixes

• Properly export floating-point values (#940) @rudolfwalter

v1.22 🌈

🚀 New features and improvements

• Added Expected params for databound constructor (#930) @sladyn98
• JENKINS-57122 - Add blacklist for defaultProperties on tools (#925) @timja

🐛 Bug Fixes

• JENKINS-57604 - HeteroDescribableConfigurator now properly matches descriptors for subclass fields, e.g. for Git plugin's SCM Browsers (#932) @oleg-nenashev

📝 Documentation updates

• Fix demo and bump ec2 test version (#931) @res0nance
• Link newbie-friendly issues in CONTRIBUTING.md (#927) @oleg-nenashev

👻 Maintenance

• add repo settings (#856) @Casz

🚦 Tests

• Prevent failure of ConfigurationAsCodeTest.java#init_test_from_accepted_sources() when building on Windows (#929) @sladyn98

v1.21 🌈

WARNING: There are no user-facing changes in the JCasC plugin, the update is not needed

📝 Documentation updates

• EC2 Plugin v1.42 parameters deprecated (#920) @rlnchow
• JENKINS-57928 - Add documentation for JMH benchmarks with JCasC (#921) @AbhyudayaSharma

🚦 Tests

• JENKINS-57928 - Allow configuring JMH benchmarks using CASC (#921) @AbhyudayaSharma

v1.20 🌈

Changes

🐛 Bug Fixes

• SECURITY-1303 / CVE-2019-10345 - Fix Proxy credentials masking in system logs and exported configuration YAMLs (#916) @velma
• Fix ProxyConfigurator does not resolve secrets (#916) @velma
• Prevent null pointer when non-first yml file is empty. (#911) @rudolfwalter
• Do not fail Windows-style path validation. (#915) @rudolfwalter

🚦 Tests

• JENKINS-57761 - Add abstract test for export/configure roundtrip (#908) @MRamonLeon