updated (#2)

* script update for prototype js removal (jenkins-infra#6730) * script update for prototype js removal * script update for prototype js removal * Update content/blog/2023/05/12/2023-05-12-removing-prototype-from-jenkins.adoc Co-authored-by: Zbynek Konecny <[email protected]> --------- Co-authored-by: Zbynek Konecny <[email protected]> * Update dependency bootstrap to v5.3.2 (jenkins-infra#6727) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Automated changelog for 2.426 (jenkins-infra#6707) * Automated changelog for 2.426 * Edits to fix layout * Link to JEP-237 * Add docker container entry to 2.426 changelog * Fix 2.426 release date --------- Co-authored-by: jenkins-infra-changelog-generator <86592549+jenkins-infra-changelog-generator[bot]@users.noreply.github.com> Co-authored-by: Mark Waite <[email protected]> * [JEP-237] Introduce initial documentation for FIPS-140 (jenkins-infra#6675) * [JEP-237] Introduce initial administration documentation for FIPS-140 Add user facing documentation for https://github.com/jenkinsci/jep/blob/master/jep/237/README.adoc * [JEP-237] Introduce initial developer documentaion for FIPS-130 Adds developer facing documentation to allow them to better understand what constitutes compliant vs non compliant code. * Apply suggestions from code review Co-authored-by: Anita Manders <[email protected]> Co-authored-by: Raúl Arabaolaza Barquin <[email protected]> * [JEP-237] add example and document KeyStore * Apply suggestions from code review Co-authored-by: Julie Heard <[email protected]> * Apply suggestions from code review Co-authored-by: Anita Manders <[email protected]> * fix indentation * add admonition * tweaks and s/FIPS/FIPS-140/ * rework note on using libraries * Fix admonition * fix link to system property * update some more links * Apply suggestions from Mark Waite Co-authored-by: Mark Waite <[email protected]> * Add level 1 heading that I mistakenly suggested for removal * Remove trailing blank from new content * Removing trailing blank from new content --------- Co-authored-by: Anita Manders <[email protected]> Co-authored-by: Raúl Arabaolaza Barquin <[email protected]> Co-authored-by: Julie Heard <[email protected]> Co-authored-by: Kevin Martens <[email protected]> Co-authored-by: Mark Waite <[email protected]> * [Python Tutorial] Bump Python alpine docker image version to 3.12.0-alpine3.18 (jenkins-infra#6733) * chore: Update the value of the python docker image for pipelines in t... ... he 'Hello World!' tutorial Made with ❤️️ by updatecli * chore: Update the value of the python docker image for scripts in the... ... 'build-a-python-app-with-pyinstaller.adoc' tutorial Made with ❤️️ by updatecli * chore: Update the value of the python docker image for scripts in the... ... 'Hello World!' tutorial Made with ❤️️ by updatecli --------- Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> * Update dependency faraday to v2.7.11 (jenkins-infra#6734) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency rss to v0.3.0 (jenkins-infra#6737) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update dependency crate-ci/typos to v1.16.17 (jenkins-infra#6738) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Update jenkinsciinfra/builder Docker tag to v2.2.68 (jenkins-infra#6735) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * feat(dependencies): Tracks Jenkins' three last LTS versions. (jenkins-infra#6717) * feat(scripts): Gets the last three LTS releases. * feat(scripts): Gets the last three LTS releases. * fix(scripts): Comments * feat(dependencies): Tracks and updates last three Jenkins LTS versions. * feat(dependencies): Tracks and updates last three Jenkins LTS versions. * feat(dependencies): Tracks last 3 Jenkins' LTS releases. * fix(dependencies): Messages are now more accurate. * fix(dependencies): Posix, mi amor. * fix(dependencies): Posix, mon amour. * fix(dependencies): No need to "x" the script anymore. * fix(dependencies): Removed core-baseline * fix(dependencies): Removes the core-baseline layout. * Update choosing-jenkins-baseline.adoc * Update update-base-jenkins-version.adoc --------- Co-authored-by: Kevin Martens <[email protected]> * Update jenkinsciinfra/builder Docker tag to v3 (jenkins-infra#6740) Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> * Bump Jenkins LTS versions to 2.414.2 in various parts of the documentation (jenkins-infra#6744) * chore: Bump Jenkins minimum BOM artifact version in the "dependency m... ... anagement" page Made with ❤️️ by updatecli * chore: Bump Jenkins minimum BOM artifact in the "plugin-bill-of-mater... ... ials" page Made with ❤️️ by updatecli * chore: Bump Jenkins minimum BOM artifact version in the "plugin-bill-... ... of-materials" page Made with ❤️️ by updatecli * chore: Bump Jenkins minimum BOM artifact in the "dependency managemen... ... t" page Made with ❤️️ by updatecli --------- Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> * Update node.js from 18.x to 20.x (jenkins-infra#6741) * Add redirect for `hudson.model.UsageStatistics.disabled` property (jenkins-infra#6745) Co-authored-by: Daniel Beck <[email protected]> * [Hello World Tutorial] Bump Golang alpine docker image version to 1.21.2-alpine3.18 (jenkins-infra#6746) chore: Update the value of the golang docker image for pipelines in t... ... he 'Hello World!' tutorial Made with ❤️️ by updatecli Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> * Remove link to private topic in community (jenkins-infra#6748) Remove link to private community thread The organizers of the 2021 Hacktoberfest project to localize in French are not participating in HAcktoberfest 2023 in Jenkins. The thread in community.jenkins.io was made private at the end of the 2021 effort. The remaining links are useful and the French localization effort is still a good effort to continue. * Restore placeholder calculation for version selection page (jenkins-infra#6751) Calculate placeholders in the baseline selection file Removing the placeholder processing left placeholder text. Fixes jenkins-infra#6748 * Bump Jenkins LTS versions to 2.414.2 in various parts of the documentation (jenkins-infra#6750) * chore: Bump Jenkins minimum BOM artifact version in the "plugin-bill-... ... of-materials" page Made with ❤️️ by updatecli * chore: Bump Jenkins minimum BOM artifact version in the "dependency m... ... anagement" page Made with ❤️️ by updatecli * chore: Bump Jenkins minimum BOM artifact version in the "improve a pl... ... ugin tutorial" Made with ❤️️ by updatecli --------- Co-authored-by: GitHub Actions <41898282+github-actions[bot]@users.noreply.github.com> * fix(documentation): corebaseline is also used for other versions than LTS. (jenkins-infra#6752) We have to keep it until we address the other uses. * Add "Prototype removed" blog post (jenkins-infra#6742) * Add "Prototype removed" blog post * Update publication date --------- Co-authored-by: Mark Waite <[email protected]> --------- Co-authored-by: Dmitry Platonov <[email protected]> Co-authored-by: Zbynek Konecny <[email protected]> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: jenkins-infra-changelog-generator[bot] <86592549+jenkins-infra-changelog-generator[bot]@users.noreply.github.com> Co-authored-by: Mark Waite <[email protected]> Co-authored-by: James Nord <[email protected]> Co-authored-by: Anita Manders <[email protected]> Co-authored-by: Raúl Arabaolaza Barquin <[email protected]> Co-authored-by: Julie Heard <[email protected]> Co-authored-by: Kevin Martens <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Bruno Verachten <[email protected]> Co-authored-by: Alexander Brandes <[email protected]> Co-authored-by: Daniel Beck <[email protected]> Co-authored-by: Daniel Beck <[email protected]> Co-authored-by: Basil Crow <[email protected]>
abhishekmaity · Oct 9, 2023 · b56d5f4 · b56d5f4
1 parent 507b68a
commit b56d5f4
Show file tree

Hide file tree

Showing 29 changed files with 613 additions and 44 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -13,7 +13,7 @@
     },
     {
       "matchPackageNames": ["node"],
-      "allowedVersions": "/18.[0-9]+.[0-9]+(.[0-9]+)?$/"
+      "allowedVersions": "/20.[0-9]+.[0-9]+(.[0-9]+)?$/"
     }
   ],
   "regexManagers": [

diff --git a/.node-version b/.node-version
@@ -1 +1 @@
-18.17.0
+20.8.0
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM node:18.17.0 as node
+FROM node:20.8.0 as node
 ENV USE_LOCAL_NODE=true
 
 WORKDIR /usr/src/jenkinsio/build/_site/

diff --git a/Gemfile.lock b/Gemfile.lock
@@ -24,6 +24,7 @@ GEM
       rack (~> 2.0)
       rest-client (~> 2.0)
       tilt (~> 2.0, >= 2.0.1)
+    base64 (0.1.1)
     coderay (1.1.3)
     colorize (0.8.1)
     concurrent-ruby (1.2.2)
@@ -33,7 +34,8 @@ GEM
       eventmachine (>= 0.12.9)
       http_parser.rb (~> 0)
     eventmachine (1.2.7)
-    faraday (2.7.10)
+    faraday (2.7.11)
+      base64
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
     faraday-follow_redirects (0.3.0)
@@ -106,9 +108,9 @@ GEM
       http-cookie (>= 1.0.2, < 2.0)
       mime-types (>= 1.16, < 4.0)
       netrc (~> 0.8)
-    rexml (3.2.5)
+    rexml (3.2.6)
     rouge (4.1.3)
-    rss (0.2.9)
+    rss (0.3.0)
       rexml
     ruby-ll (2.1.2)
       ansi

diff --git a/Jenkinsfile_k8s b/Jenkinsfile_k8s
@@ -28,7 +28,7 @@ spec:
   automountServiceAccountToken: false
   containers:
     - name: "jnlp"
-      image: "jenkinsciinfra/builder:2.2.66"
+      image: "jenkinsciinfra/builder:3.0.14"
       resources:
         limits: {}
         requests:

diff --git a/content/_data/changelogs/weekly.yml b/content/_data/changelogs/weekly.yml
@@ -8724,8 +8724,6 @@
           - wadeck
           - Absh-Day
 
-
-
   - version: "2.246"
     date: 2020-07-21
     banner: >
@@ -18144,7 +18142,7 @@
           - url: https://github.com/spring-projects/spring-security/releases/tag/5.7.4
             title: Spring Security Release 5.7.4
         message: |-
-          Upgrade Spring Security from 5.7.3 to 5.7.4. 
+          Upgrade Spring Security from 5.7.3 to 5.7.4.
           Spring Security 5.7.4 includes dependency upgrades and minor fixes.
 
 # pull: 7184 (PR title: Use a destructive button for deleting API tokens)
@@ -18241,7 +18239,7 @@
           - car-roll
         pr_title: Allow detached plugin location to be overridden
         message: |-
-          Developer: Allow detached plugin location to be overridden.          
+          Developer: Allow detached plugin location to be overridden.
       - type: rfe
         category: developer
         pull: 7322
@@ -18256,7 +18254,7 @@
           - url: https://tanzu.vmware.com/security/cve-2022-31692
             title: CVE-2022-31692
         message: |-
-          Upgrade Spring Security from 5.7.4 to 5.7.5. 
+          Upgrade Spring Security from 5.7.4 to 5.7.5.
           Spring Security 5.7.5 includes fixes for two authorization mapping issues affecting the scopes in <code>spring-security-oauth2-client</code> and <code>org.springframework.security.web.access.intercept.AuthorizationFilter</code>.
 
   # pull: 7317 (PR title: Update dependency babel-loader to v9)
@@ -21065,7 +21063,6 @@
         message: |-
           Deprecate <code>findAncestor</code> and <code>findAncestorClass</code> in <code>hudson-behaviour.js</code>.
 
-
   # pull: 8319 (PR title: Replace MD5 digest with SHA256 while logging payload in Mock class called from tests)
   # pull: 8347 (PR title: Update dependency postcss-preset-env to v9.1.1)
   # pull: 8348 (PR title: Update release chat room URL)
@@ -21524,6 +21521,112 @@
   # pull: 8521 (PR title: Update dependency sass to v1.68.0)
   # pull: 8522 (PR title: Bump stapler.version from 1802.1804.va_8d30483a_7f7 to 1814.vdc9dd5217ee2
 
+  - version: '2.426'
+    date: 2023-10-03
+    changes:
+      - type: major rfe
+        category: major rfe
+        pull: 7781
+        issue: 70906
+        authors:
+          - timja
+          - basil
+        pr_title: "[JENKINS-70906] Remove prototype from core"
+        references:
+          - issue: 70906
+          - pull: 7781
+          - url: https://www.jenkins.io/blog/2023/05/12/removing-prototype-from-jenkins/
+            title: blog post
+        message: |-
+          Remove outdated Prototype.js library.
+      - type: major rfe
+        category: major rfe
+        authors:
+          - basil
+        pr_title: "Java 17 by default"
+        references:
+          - url: https://github.com/jenkinsci/docker/pull/1724
+            title: Docker pull request 1724
+        message: |-
+          Use Java 17 as the default Java version in container images that do not specify a Java version in the container label.
+      - type: rfe
+        category: rfe
+        pull: 8526
+        authors:
+          - basil
+        pr_title: Automate Java version recommendation administrative monitor
+        message: |-
+          Automate the display of an administrative monitor when approaching Java end of life (EOL) dates.
+      - type: rfe
+        category: rfe
+        pull: 8528
+        authors:
+          - jglick
+        pr_title: Avoid saving disabled status when deleting a project
+        message: |-
+          Optimized project deletion.
+      - type: rfe
+        category: rfe
+        pull: 8503
+        authors:
+          - basil
+        pr_title: Remove KXML2 library
+        message: |-
+          Stop shipping <code>net.sf.kxml:kxml2</code> because Jenkins no longer depends on it.
+      - type: bug
+        category: regression
+        pull: 8529
+        issue: 72067
+        authors:
+          - basil
+        pr_title: "[JENKINS-72067] High memory usage from `XStream2.AssociatedConverterImpl`"
+        message: |-
+          Reduce high memory usage from <code>XStream2.AssociatedConverterImpl</code> (regression in 2.405).
+      - type: bug
+        category: bug
+        pull: 8511
+        authors:
+          - Vlatombe
+          - NotMyFault
+        pr_title: Add data-bound setters for View
+        message: |-
+          Developer: Added setters for <code>View#filterExecutor</code> and <code>View#filterQueue</code>.
+          Fix missing help sections for view filter executor and queue fields.
+      - type: rfe
+        category: developer
+        pull: 8482
+        authors:
+          - jtnord
+        pr_title: "[JEP-237] introduce FIPS property"
+        references:
+          - url: https://github.com/jenkinsci/jep/blob/master/jep/237/README.adoc
+            title: Jenkins Enhancement Proposal 237
+        message: |-
+          Developer: introduce FIPS property for JEP-237
+
+  # pull: 8473 (PR title: Use `isEmpty()` and simplified assertions in Test)
+  # pull: 8524 (PR title: Bump org.apache.maven.plugins:maven-shade-plugin from 3.5.0 to 3.5.1)
+  # pull: 8525 (PR title: Update dependency eslint to v8.50.0)
+  # pull: 8530 (PR title: Fill in since annotations)
+  # pull: 8531 (PR title: Allow location of `queue.xml` to be overridden)
+  # pull: 8532 (PR title: Tweak changelog entry placeholder)
+  # pull: 8533 (PR title: Update babel monorepo to v7.23.0)
+  # pull: 8535 (PR title: Bump org.jenkins-ci.main:jenkins-test-harness from 2064.vcd3b_b_8f3f2b_a_ to 2085.va_c531db_287b_d)
+  # pull: 8536 (PR title: Bump org.jenkins-ci.plugins:display-url-api from 2.3.9 to 2.200.vb_9327d658781)
+  # pull: 8537 (PR title: Update dependency node to v18.18.0)
+  # pull: 8538 (PR title: Bump io.jenkins.plugins:plugin-util-api from 3.3.0 to 3.4.0)
+  # pull: 8539 (PR title: add gitter link)
+  # pull: 8540 (PR title: Update dependency postcss to v8.4.31)
+  # pull: 8541 (PR title: Update dependency postcss-scss to v4.0.9)
+  # pull: 8543 (PR title: Warn users of old Java version 18 months before end of life)
+  # pull: 8545 (PR title: Bump asm.version from 9.5 to 9.6)
+  # pull: 8547 (PR title: Bump com.puppycrawl.tools:checkstyle from 10.12.3 to 10.12.4)
+  # pull: 8548 (PR title: Bump org.jenkins-ci.plugins:credentials from 1271.v54b_1c2c6388a_ to 1290.v2e5b_13eb_b_127)
+  # pull: 8549 (PR title: Fix encoding of Brazilian Portuguese localization)
+  # pull: 8550 (PR title: Bump org.jenkins-ci:jenkins from 1.105 to 1.106)
+  # pull: 8552 (PR title: Bump bridge-method-injector.version from 1.28 to 1.29)
+  # pull: 8553 (PR title: Tweak changelog guidance in PR template)
+
 # DO NOT EDIT THIS FILE DIRECTLY ON GITHUB IF YOU HAVE COMMIT ACCESS
 # ALL CHANGES MUST GO THROUGH PULL REQUESTS
 # MALFORMED FILE CONTENTS WILL BREAK THE SITE BUILD
diff --git a/content/_layouts/corebaseline.html.haml b/content/_layouts/corebaseline.html.haml
@@ -19,4 +19,4 @@ layout: developersection
     # Surely there's going to be at least one plugin depending on the old .1 by the time the next .1 is available.
     previous_lts_highs = lts.map { |v| v[0...-1] }.uniq[0...-1].map { |l| all_lts.select { |v| v.start_with?(l) }[0] }
 
-= page.content.gsub('PLACEHOLDER_NEWER_LTS_POINT_ONE', next_lts_1).gsub('PLACEHOLDER_RECENT_LTS_POINT_HIGHS', previous_lts_highs[-2...].join(' and ')).gsub('PLACEHOLDER_OLDEST_LTS', oldest_lts).gsub('PLACEHOLDER_OLDEST_WEEKLY', oldest_weekly).gsub('PLACEHOLDER_LATEST_SPLIT', latest_split).gsub('PLACEHOLDER_RECENT_LTS_POINT_HIGH', previous_lts_highs[-1])
+= page.content.gsub('PLACEHOLDER_NEWER_LTS_POINT_ONE', next_lts_1).gsub('PLACEHOLDER_RECENT_LTS_POINT_HIGHS', previous_lts_highs[-2...].join(' and ')).gsub('PLACEHOLDER_OLDEST_LTS', oldest_lts).gsub('PLACEHOLDER_OLDEST_WEEKLY', oldest_weekly).gsub('PLACEHOLDER_LATEST_SPLIT', latest_split).gsub('PLACEHOLDER_RECENT_LTS_POINT_HIGH', previous_lts_highs[-1])
diff --git a/content/blog/2023/05/12/2023-05-12-removing-prototype-from-jenkins.adoc b/content/blog/2023/05/12/2023-05-12-removing-prototype-from-jenkins.adoc
@@ -55,14 +55,15 @@ The following command attempts to search for some common usages in views:
 
 [source,shell]
 ----
-find . -type f \( -name "*.groovy" -o -name "*.jelly" -o -name "*.js" \) -exec grep -HnE '\.each\(|Object\.toJSON|Prototype\.Selector|\$\$\(|\$A|\$F|\.on\(|\.observe\(|\.fire\(|Form\.getInputs|Element\.stopObserving|\.removeClassName\(|\.addClassName\(|\.hasClassName\(|\.nextSiblings\(|\.firstDescendant\(|\.previous\(|\.up\(|\.down\(|\.next\(|\.childElements\(|\.escapeHTML\(|\.show\(\)|\.hide\(\)|\.setStyle\(|\.setOpacity\(|\.getResponseHeader\(|Ajax\.Request|Ajax\.Updater|Ajax\.PeriodicalUpdater' {} \;
+find . -type f \( -name "*.groovy" -o -name "*.jelly" -o -name "*.js" \) -exec grep -HnE '\.each\(|Object\.toJSON|Prototype\.Selector|\$\$\(|\$\(|\$A|\$F|\.on\(|\.observe\(|\.fire\(|Form\.getInputs|Element\.stopObserving|\.getElementsBySelector\(|\.insert\(|\.removeClassName\(|\.addClassName\(|\.hasClassName\(|\.nextSiblings\(|\.firstDescendant\(|\.previous\(|\.up\(|\.down\(|\.next\(|\.childElements\(|\.escapeHTML\(|\.show\(\)|\.hide\(\)|\.getStyle\(|\.setStyle\(|\.setOpacity\(|\.getResponseHeader\(|Ajax\.Request|Ajax\.Updater|Ajax\.PeriodicalUpdater' {} \;
 ----
 
 This is neither an exhaustive list, nor is it guaranteed to be free from false positives.
 But it is a good place to start.
 Below I will give some examples of common usages and their recommended replacements.
 When in doubt, consult the http://api.prototypejs.org/[Prototype API documentation] for information about the old usage,
 and consult the https://developer.mozilla.org/[Web Platform] documentation for information about recommended replacements.
+Keep in mind that script could find false positives as `$` is used in both prototype.js and jQuery.
 
 Once you have removed the usage of Prototype, test your plugin both with and without the user experimental flag enabled.
 If the line you have changed works with and without Prototype (as verified by stepping into the line with the browser's JavaScript debugger), then you are ready to merge and release the change.
@@ -113,6 +114,9 @@ The next most common set of issues is regarding element manipulation.
 * Replace e.g. `element.up("div")` with `element.closest("div")`.
 * Replace e.g. `element.up()` with `element.parentNode`.
 * Replace Prototype-based element creation with `document.createElement`.
+* Replace e.g. `Element.getElementsBySelector` with `document.querySelector`.
+* Replace e.g. `Element.insert` with `element.appendChild`.
+* Replace e.g. `Element.getStyle` with `element.style`.
 
 === Event handling
 

diff --git a/content/blog/2023/10/09/2023-10-09-prototype-removed.adoc b/content/blog/2023/10/09/2023-10-09-prototype-removed.adoc
@@ -0,0 +1,70 @@
+---
+layout: post
+title: "Prototype removed from Jenkins 2.426"
+tags:
+- announcement
+- jenkins
+author: basil
+discourse: true
+opengraph:
+  image: /images/post-images/2023/05/12/2023-05-12-removing-prototype-from-jenkins.png
+---
+
+Following up on my previous post about link:/blog/2023/05/12/removing-prototype-from-jenkins/[removing Prototype from Jenkins],
+Prototype has been removed from the 2.426 weekly release and will be removed from the November LTS release.
+This removal required changes in about 60 plugins.
+**Use the Plugin Manager to upgrade all plugins before and after upgrading to Jenkins 2.426.**
+
+A migration of this scope would not have been possible without the support of the entire Jenkins community.
+In particular, we would like to thank Tim Jacomb and Rahul Somasunderam for doing a large portion of the development work.
+Additionally, we would like to thank the following contributors for participating in the removal of Prototype from the Jenkins project
+by developing, reviewing, or releasing a Prototype-related change in the `jenkinsci` and/or `jenkins-infra` GitHub organizations:
+
+* Adrien Lecharpentier
+* Alexander Brandes
+* Alexis Tual
+* Allan
+* Bhagyashri Sapnar
+* Bruno Kinoshita
+* Bruno Verachten
+* Carroll Chiou
+* Christopher Orr
+* Dan Alvizu
+* Daniel Beck
+* Devin Nusbaum
+* Dmitry Platonov
+* Fred G
+* Gavin McDonald
+* Go Sueyoshi
+* Ioannis Moutsatsos
+* Iurii Ignatko
+* James Nord
+* Jan Faracik
+* Jesse Glick
+* Jiri Vanek
+* Joe Hansche
+* Jose Blas Camacho Taboada
+* Josh Aguilar
+* Kanstantsin Shautsou
+* Kevin Martens
+* Kris Stern
+* Markus Winter
+* Mark Waite
+* Martin Pokorny
+* Michael Tughan
+* Oliver Gondža
+* Olivier Lamy
+* Pierre Beitz
+* Raihaan Shouhell
+* Robert Sandell
+* Roland Asmann
+* Timka Dyussyumbayev
+* Tobias Gruetzmacher
+* Ullrich Hafner
+* Victor Balakine
+* Wadeck Follonier
+* Yaroslav Afenkin
+* Zbynek Konecny
+
+Thank you for your contributions,
+and I hope to see many of you again in the `javax` to `jakarta` API migration.
diff --git a/content/doc/book/managing/system-properties.adoc b/content/doc/book/managing/system-properties.adoc
@@ -1830,6 +1830,19 @@ properties:
     Setting this to `true` is unsafe.
     See link:/redirect/class-filter/[documentation].
 
+- name: jenkins.security.FIPS140.COMPLIANCE
+  tags:
+  - feature
+  - security
+  def: |
+    `false`
+  since: 2.424
+  description: |
+    If Jenkins and plugins systems should prefer link:https://csrc.nist.gov/pubs/fips/140-2/upd2/final[FIPS-140] compliant cryptography.
+    Not all features/plugins have been adapted, and this only indicates a preference.
+    If you set this flag to `true`, it does not make Jenkins and its plugins FIPS-140 compliant.
+    Refer to link:/doc/book/system-administration/FIPS-140/[Jenkins and FIPS-140 Overview] for more information.
+
 - name: jenkins.security.FrameOptionsPageDecorator.enabled
   tags:
   - escape hatch

diff --git a/content/doc/book/system-administration/FIPS-140.adoc b/content/doc/book/system-administration/FIPS-140.adoc
@@ -0,0 +1,51 @@
+---
+layout: section
+---
+ifdef::backend-html5[]
+ifndef::env-github[:imagesdir: ../../resources/managing]
+:notitle:
+:description:
+:author:
+:email: [email protected]
+:sectanchors:
+:toc: left
+endif::[]
+
+= FIPS-140
+
+It may be possible to run Jenkins in a FIPS-140 compliant manner when the <<../managing/system-properties#jenkins-security-fips140-compliance, compliance flag>> is enabled, and the servlet container, the JVM, and the host OS are all appropriately configured.
+How to configure the servlet container, JVM and host are out of scope of the Jenkins community project as this is a complex area with many pitfalls and gotchas.
+Some Jenkins features may not work or be disabled.
+
+[IMPORTANT]
+====
+The Jenkins community does not actively check Jenkins or Plugins for link:https://csrc.nist.gov/pubs/fips/140-2/upd2/final[FIPS-140] compliance issues.
+====
+
+== Plugins
+
+Plugins may or may not honour a request to run in FIPS-140 compliance mode.
+Before you install or upgrade any plugin, you should check the plugin's code to ensure it adheres to the FIPS-140 standard.
+
+== What FIPS-140 mode does
+
+If you enable <<../managing/system-properties#jenkins-security-fips140-compliance, FIPS-140 mode>>, it provides a hint to Jenkins and any plugins that have opted in that they should prefer cryptographic algorithms that *may*.footnote:[Algorithms are not approved, rather a specific implementation of a specific algorithm is approved.
+However, the implementation used at runtime depends on the JVM, JVM configuration, and the host OS.
+As this is outside the scope of the Jenkins project, the algorithms targeted are available from at least one link:https://csrc.nist.gov/projects/cryptographic-module-validation-program/validated-modules/search[FIPS-140 compliant provider], namely the link:https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3514[BouncyCastle FIPS library].] be FIPS-140 approved.
+This may mean that some features are disabled entirely, or may use a less secure (but compliant) form of cryptography than normal.
+
+== What FIPS-140 mode does not do
+
+If any code from the JVM, servlet container, Jenkins, or any plugin requests a non-compliant algorithm, this will still be the case, and the request may be honoured.
+For example, this mode cannot configure the JVM, so TLS connections to external secure web sites might still use non-compliant cryptography.
+Additionally, Jenkins cannot ensure that plugins will even use encryption at all, when appropriate.
+At the end of the day, just because Jenkins and plugins run when FIPS-140 mode is enabled does not mean that it adheres to the USA government standard.
+
+== How to run a fully FIPS-140 compliant Jenkins
+
+As previously mentioned, the host, JVM, and the servlet container all need to be configured appropriately to ensure that Jenkins is FIPS-140 compliant.
+Extreme care should be taken when installing or upgrading plugins as they may or may not be FIPS-140 compliant, and they may introduce code that is non-compliant or otherwise change the JVM configuration so that it breaks compliance.
+
+The Jenkins community does not support Jenkins FIPS-140 mode, and due to the complex nature of JVM and servlet configuration that can change between versions, does not provide documentation for the full configuration required to run Jenkins in a fully FIPS-140 compliant manner.
+If you need to run Jenkins in a way that it is FIPS-140 compliant, it is recommended that you obtain support from a commercial vendor.
+The Jenkins community may be able to fix issues relating to FIPS-140 compliance; these will be treated as any other bug report or feature request.
diff --git a/content/doc/book/system-administration/_chapter.yml b/content/doc/book/system-administration/_chapter.yml
@@ -10,3 +10,4 @@ sections:
   - reverse-proxy-configuration-with-jenkins
   - reverse-proxy-configuration-troubleshooting
   - systemd-services
+  - FIPS-140
diff --git a/content/doc/developer/FIPS-140/_chapter.yml b/content/doc/developer/FIPS-140/_chapter.yml
@@ -0,0 +1,2 @@
+---
+sections: