Merge branch 'master' into JENKINS-36718

.gitattributes

@@ -39,4 +39,4 @@
 
 # Yarn
 # https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored
-/war/.yarn/plugins/** binary
+/.yarn/plugins/** binary

.github/workflows/changelog.yml

@@ -67,4 +67,8 @@ jobs:
           GIT_COMMITTER_EMAIL: <86592549+jenkins-infra-changelog-generator[bot]@users.noreply.github.com>
         run: |
           wget --quiet https://raw.githubusercontent.com/jenkinsci/core-changelog-generator/master/generate-weekly-changelog.sh
+          # Create a Python virtual environment for pip install
+          # See https://github.com/jenkinsci/core-changelog-generator/issues/37
+          python3 -m venv venv
+          source venv/bin/activate
           bash generate-weekly-changelog.sh

.github/workflows/publish-release-artifact.yml

@@ -73,7 +73,7 @@ jobs:
           wget -q https://get.jenkins.io/${REPO}/${PROJECT_VERSION}/${FILE_NAME}
       - name: Upload Release Asset
         id: upload-war
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
+        uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -108,7 +108,7 @@ jobs:
       - name: Upload Release Asset
         id: upload-deb
         if: always()
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
+        uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -144,7 +144,7 @@ jobs:
       - name: Upload Release Asset
         id: upload-rpm
         if: always()
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
+        uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -180,7 +180,7 @@ jobs:
       - name: Upload Release Asset
         id: upload-msi
         if: always()
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
+        uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -216,7 +216,7 @@ jobs:
       - name: Upload Release Asset
         id: upload-suse-rpm
         if: always()
-        uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8
+        uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

.gitignore

@@ -65,9 +65,7 @@ junit.xml
 
 # Yarn
 # https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored
-.pnp.*
 .yarn/*
-.yarnrc.yml
 !.yarn/patches
 !.yarn/plugins
 !.yarn/sdks
@@ -78,7 +76,4 @@ node/
 node_modules/
 
 # Generated JavaScript Bundles
-jsbundles
-
-# In case someone accidentally runs npm install instead of yarn install
-package-lock.json
+war/src/main/webapp/jsbundles/

.prettierignore

@@ -7,13 +7,11 @@ node/
 
 .git
 
-.yarnrc.yml
-
 # libraries / external deps / generated files
-war/src/main/js/plugin-setup-wizard/bootstrap-detached.js
+src/main/js/plugin-setup-wizard/bootstrap-detached.js
 war/src/main/webapp/scripts/yui
 war/src/main/webapp/jsbundles/
-war/src/main/scss/_bootstrap.scss
+src/main/scss/_bootstrap.scss
 
 # test files that we don't need formatted
 test/src/test/resources

.stylelintrc.js

@@ -1,7 +1,7 @@
 module.exports = {
   extends: "stylelint-config-standard",
   customSyntax: "postcss-scss",
-  ignoreFiles: ["war/src/main/scss/_bootstrap.scss"],
+  ignoreFiles: ["src/main/scss/_bootstrap.scss"],
   rules: {
     "no-descending-specificity": null,
     "selector-class-pattern": "[a-z]",

.yarnrc.yml

@@ -0,0 +1,2 @@
+enableGlobalCache: false
+nodeLinker: node-modules

CONTRIBUTING.md

@@ -11,7 +11,7 @@ This page provides information about contributing code to the Jenkins core codeb
 3. Install the necessary development tools. In order to develop Jenkins, you need the following:
    - Java Development Kit (JDK) 17 or 21.
      In the Jenkins project we usually use [Eclipse Temurin](https://adoptium.net/) or [OpenJDK](https://openjdk.java.net/), but you can use other JDKs as well.
-   - Apache Maven 3.8.1 or above. You can [download Maven here](https://maven.apache.org/download.cgi).
+   - Apache Maven 3.9.6 or above. You can [download Maven here](https://maven.apache.org/download.cgi).
      In the Jenkins project we usually use the most recent Maven release.
    - Any IDE which supports importing Maven projects.
 4. Set up your development environment as described in [Preparing for Plugin Development](https://www.jenkins.io/doc/developer/tutorial/prepare/)
@@ -53,12 +53,12 @@ MAVEN_OPTS='--add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/ja
 ### Running the Yarn frontend build
 
 > [!TIP]
-> If you already have Node.js installed, you do not need to change your path. Start using `yarn` by enabling [Corepack](https://yarnpkg.com/corepack) with `corepack enable`, if it isn't already; this will add the `yarn` binary to your PATH.
+> If you already have Node.js installed, you do not need to change your path. Start using Yarn by enabling [Corepack](https://yarnpkg.com/corepack) with `corepack enable`, if it isn't already; this will add the `yarn` binary to your path.
 
 To run the Yarn frontend build, after [building the WAR file](#building-the-war-file), add the downloaded versions of Node and Yarn to your path:
 
 ```sh
-export PATH=$PWD/node:$PWD/node/yarn/dist/bin:$PATH
+export PATH=$PWD/node:$PWD/node/node_modules/corepack/shims:$PATH
 ```
 
 Then you can run Yarn with e.g.

ath.sh

@@ -6,7 +6,7 @@ set -o xtrace
 cd "$(dirname "$0")"
 
 # https://github.com/jenkinsci/acceptance-test-harness/releases
-export ATH_VERSION=5997.v2a_1a_696620a_0
+export ATH_VERSION=6059.veb_df63f37069
 
 if [[ $# -eq 0 ]]; then
 	export JDK=17

bom/pom.xml

@@ -62,15 +62,15 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.springframework</groupId>
         <artifactId>spring-framework-bom</artifactId>
-        <version>6.1.13</version>
+        <version>6.1.14</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
       <dependency>
         <!-- https://docs.spring.io/spring-security/reference/6.3/getting-spring-security.html#getting-maven-no-boot -->
         <groupId>org.springframework.security</groupId>
         <artifactId>spring-security-bom</artifactId>
-        <version>6.3.3</version>
+        <version>6.3.4</version>
         <type>pom</type>
         <scope>import</scope>
       </dependency>
@@ -88,7 +88,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>com.google.guava</groupId>
         <artifactId>guava</artifactId>
-        <version>33.3.0-jre</version>
+        <version>33.3.1-jre</version>
       </dependency>
       <dependency>
         <!-- Overriding Stapler’s 1.1.3 version to diagnose JENKINS-20618: -->
@@ -250,7 +250,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.jenkins-ci</groupId>
         <artifactId>annotation-indexer</artifactId>
-        <version>1.17</version>
+        <version>1.18</version>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci</groupId>
@@ -260,27 +260,27 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.jenkins-ci</groupId>
         <artifactId>crypto-util</artifactId>
-        <version>1.9</version>
+        <version>1.10</version>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci</groupId>
         <artifactId>memory-monitor</artifactId>
-        <version>1.12</version>
+        <version>1.13</version>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci</groupId>
         <artifactId>symbol-annotation</artifactId>
-        <version>1.24</version>
+        <version>1.25</version>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci</groupId>
         <artifactId>task-reactor</artifactId>
-        <version>1.8</version>
+        <version>1.9</version>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci</groupId>
         <artifactId>version-number</artifactId>
-        <version>1.11</version>
+        <version>1.12</version>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci.main</groupId>
@@ -352,6 +352,12 @@ THE SOFTWARE.
         <artifactId>stapler-groovy</artifactId>
         <version>${stapler.version}</version>
       </dependency>
+      <!-- Override the outdated managed dependency on asm in guice-parent -->
+      <dependency>
+        <groupId>org.ow2.asm</groupId>
+        <artifactId>asm</artifactId>
+        <version>9.7.1</version>
+      </dependency>
       <dependency>
         <groupId>org.samba.jcifs</groupId>
         <artifactId>jcifs</artifactId>

cli/pom.xml

@@ -15,7 +15,7 @@
   <url>https://github.com/jenkinsci/jenkins</url>
 
   <properties>
-    <mina-sshd.version>2.13.2</mina-sshd.version>
+    <mina-sshd.version>2.14.0</mina-sshd.version>
     <!-- Filled in by jacoco-maven-plugin -->
     <jacocoSurefireArgs />
   </properties>

cli/src/main/java/hudson/cli/FlightRecorderInputStream.java

@@ -21,7 +21,7 @@ class FlightRecorderInputStream extends InputStream {
      * Size (in bytes) of the flight recorder ring buffer used for debugging remoting issues.
      * @since 2.41
      */
-    static final int BUFFER_SIZE = Integer.getInteger("hudson.remoting.FlightRecorderInputStream.BUFFER_SIZE", 1024 * 1024);
+    static final int BUFFER_SIZE = Integer.getInteger("hudson.remoting.FlightRecorderInputStream.BUFFER_SIZE", 1024);
 
     private final InputStream source;
     private ByteArrayRingBuffer recorder = new ByteArrayRingBuffer(BUFFER_SIZE);

core/src/main/java/hudson/TcpSlaveAgentListener.java

@@ -271,14 +271,11 @@ public void run() {
                     String protocol = s.substring(9);
                     AgentProtocol p = AgentProtocol.of(protocol);
                     if (p != null) {
-                        if (Jenkins.get().getAgentProtocols().contains(protocol)) {
-                            LOGGER.log(p instanceof PingAgentProtocol ? Level.FINE : Level.INFO, () -> "Accepted " + protocol + " connection " + connectionInfo);
-                            p.handle(this.s);
-                        } else {
-                            error("Disabled protocol:" + s, this.s);
-                        }
-                    } else
+                        LOGGER.log(p instanceof PingAgentProtocol ? Level.FINE : Level.INFO, () -> "Accepted " + protocol + " connection " + connectionInfo);
+                        p.handle(this.s);
+                    } else {
                         error("Unknown protocol:", this.s);
+                    }
                 } else {
                     error("Unrecognized protocol: " + s, this.s);
                 }
@@ -364,21 +361,11 @@ public PingAgentProtocol() {
             ping = "Ping\n".getBytes(StandardCharsets.UTF_8);
         }
 
-        @Override
-        public boolean isRequired() {
-            return true;
-        }
-
         @Override
         public String getName() {
             return "Ping";
         }
 
-        @Override
-        public String getDisplayName() {
-            return Messages.TcpSlaveAgentListener_PingAgentProtocol_displayName();
-        }
-
         @Override
         public void handle(Socket socket) throws IOException, InterruptedException {
             try (socket) {

core/src/main/java/hudson/Util.java

@@ -1525,6 +1525,10 @@ public static Number tryParseNumber(@CheckForNull String numberStr, @CheckForNul
      *                                  does not contain the specified method.
      */
     public static boolean isOverridden(@NonNull Class<?> base, @NonNull Class<?> derived, @NonNull String methodName, @NonNull Class<?>... types) {
+        if (base == derived) {
+            // If base and derived are the same type, the method is not overridden by definition
+            return false;
+        }
         // If derived is not a subclass or implementor of base, it can't override any method
         // Technically this should also be triggered when base == derived, because it can't override its own method, but
         // the unit tests explicitly test for that as working.

core/src/main/java/hudson/logging/LogRecorder.java

@@ -44,6 +44,7 @@
 import hudson.remoting.VirtualChannel;
 import hudson.slaves.ComputerListener;
 import hudson.util.CopyOnWriteList;
+import hudson.util.FormApply;
 import hudson.util.FormValidation;
 import hudson.util.HttpResponses;
 import hudson.util.RingBufferLogHandler;
@@ -463,7 +464,7 @@ public synchronized void doConfigSubmit(StaplerRequest2 req, StaplerResponse2 rs
 
         save();
         if (oldFile != null) oldFile.delete();
-        rsp.sendRedirect2(redirect);
+        FormApply.success(redirect).generateResponse(req, rsp, null);
     }
 
     @RequirePOST
@@ -556,7 +557,7 @@ public void delete() throws IOException {
         loggers.forEach(Target::disable);
 
         getParent().getRecorders().forEach(logRecorder -> logRecorder.getLoggers().forEach(Target::enable));
-        SaveableListener.fireOnChange(this, getConfigFile());
+        SaveableListener.fireOnDeleted(this, getConfigFile());
     }
 
     /**

core/src/main/java/hudson/markup/MarkupFormatter.java

@@ -62,9 +62,14 @@
  * This is an extension point in Hudson, allowing plugins to implement different markup formatters.
  *
  * <p>
- * Implement the following methods to enable and control CodeMirror syntax highlighting
- * public String getCodeMirrorMode() // return null to disable CodeMirror dynamically
- * public String getCodeMirrorConfig()
+ * Implement the following methods to enable and control CodeMirror syntax highlighting:
+ * <ul>
+ *     <li><code>public String getCodeMirrorMode()</code> (return <code>null</code> to disable CodeMirror dynamically)</li>
+ *     <li>
+ *         <code>public String getCodeMirrorConfig()</code> (JSON snippet without surrounding curly braces, e.g., <code>"mode": "text/css"</code>.
+ *         Historically this allowed invalid JSON, but since TODO it needs to be properly quoted etc.
+ *     </li>
+ * </ul>
  *
  * <h2>Views</h2>
  * <p>

core/src/main/java/hudson/model/AbstractItem.java

@@ -59,8 +59,6 @@
 import java.util.ListIterator;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 import javax.xml.transform.Source;
 import javax.xml.transform.TransformerException;
 import javax.xml.transform.sax.SAXSource;
@@ -70,6 +68,7 @@
 import jenkins.model.Jenkins;
 import jenkins.model.Loadable;
 import jenkins.model.queue.ItemDeletion;
+import jenkins.security.ExtendedReadRedaction;
 import jenkins.security.NotReallyRoleSensitiveCallable;
 import jenkins.security.stapler.StaplerNotDispatchable;
 import jenkins.util.SystemProperties;
@@ -815,6 +814,7 @@ public void delete() throws IOException, InterruptedException {
                 ItemDeletion.deregister(this);
             }
         }
+        SaveableListener.fireOnDeleted(this, getConfigFile());
         getParent().onDeleted(AbstractItem.this);
         Jenkins.get().rebuildDependencyGraphAsync();
     }
@@ -870,11 +870,11 @@ private void doConfigDotXmlImpl(StaplerRequest2 req, StaplerResponse2 rsp)
         rsp.sendError(SC_BAD_REQUEST);
     }
 
-    static final Pattern SECRET_PATTERN = Pattern.compile(">(" + Secret.ENCRYPTED_VALUE_PATTERN + ")<");
     /**
      * Writes {@code config.xml} to the specified output stream.
      * The user must have at least {@link #EXTENDED_READ}.
-     * If he lacks {@link #CONFIGURE}, then any {@link Secret}s detected will be masked out.
+     * If he lacks {@link #CONFIGURE}, then any {@link Secret}s or other sensitive information detected will be masked out.
+     * @see jenkins.security.ExtendedReadRedaction
      */
 
     @Restricted(NoExternalUse.class)
@@ -886,15 +886,13 @@ public void writeConfigDotXml(OutputStream os) throws IOException {
         } else {
             String encoding = configFile.sniffEncoding();
             String xml = Files.readString(Util.fileToPath(configFile.getFile()), Charset.forName(encoding));
-            Matcher matcher = SECRET_PATTERN.matcher(xml);
-            StringBuilder cleanXml = new StringBuilder();
-            while (matcher.find()) {
-                if (Secret.decrypt(matcher.group(1)) != null) {
-                    matcher.appendReplacement(cleanXml, ">********<");
-                }
+
+            for (ExtendedReadRedaction redaction : ExtendedReadRedaction.all()) {
+                LOGGER.log(Level.FINE, () -> "Applying redaction " + redaction.getClass().getName());
+                xml = redaction.apply(xml);
             }
-            matcher.appendTail(cleanXml);
-            org.apache.commons.io.IOUtils.write(cleanXml.toString(), os, encoding);
+
+            org.apache.commons.io.IOUtils.write(xml, os, encoding);
         }
     }