ANN: JEP-200 - Class serialization rules hardening in Jenkins LTS 2.107.1+, please read upgrade guidelines
Dear Jenkins users,
As you probably know, in Jenkins 2.107.1 we are going to introduce a serious security hardening change. XStream and Remoting blacklists will be replaced by whitelists, so that Jenkins will become more restrictive about class serialization over the channel. You can find more technical details about this change in this blogpost.
Before upgrading to the new LTS, make sure to read the Upgrade Guidelines. There are about 50 plugins affected, so it is important to carefully read the guidelines and follow the upgrade procedure. More information will be posted soon in an additional blogpost.
There are the following steps to perform during the upgrade: