Last checked and updated on 03 May 2026What Is New in Jenkins 2.361.x
Jenkins 2.361.x is a significant Long-Term Support (LTS) release that marks a major platform shift by moving the minimum required Java version from 8 to 11. This update modernizes the core infrastructure and introduces several key enhancements and fixes.
| Category | Key Changes |
|---|---|
| Platform Requirement | Java 11 or newer is now required for both controllers and agents. |
| Removed Features | Java Web Start (JNLP) support for launching agents from a browser has been removed. |
| Core Updates | Jetty was updated to version 10.0.11. The instance-identity module was converted to a separate plugin. |
| Remoting | The minimum required Remoting version for agents was increased to 4.2.1. |
| Security & Configuration | Deprecated TLS flags (--httpsPrivateKey, --httpsCertificate) were removed in favor of the standard --httpsKeyStore flag. |
Why is the Java 11 Requirement a Big Deal?
This is the most critical change in this release. Jenkins now mandates Java 11 or later for all controller and agent JVMs. Attempting to connect a Java 8 agent to a Jenkins 2.361.1 controller will fail with an UnsupportedClassVersionError because the remoting JAR is compiled for a newer Java version.
In practice, this means you must upgrade the Java runtime on every machine hosting a Jenkins agent before upgrading the controller. The official Docker images have already transitioned to using Java 11 or 17 by default. If your build jobs still require Java 8, you'll need to manage two Java runtimes on your agent machines: one for the Jenkins agent process (Java 11+) and one for your build environment.
What Replaced Java Web Start (JNLP) for Agents?
Java Web Start, the old method of launching inbound agents from a browser, has been completely removed. This technology has been deprecated in most browsers and Java distributions for years.
The new standard method is to manually download the agent JAR file from the agent configuration page and run it from the command line with the provided arguments, typically: java -jar agent.jar -url ${JENKINS_URL} -name ${AGENT_NAME}. The control window that previously offered platform-specific installer options is also gone; you now need to set up agent services using your operating system's native methods.
How Do the TLS/SSL Changes Affect Me?
If you run Jenkins with embedded Jetty (Winstone) and use TLS, the old, non-standard method of providing PEM-encoded keys via --httpsPrivateKey and --httpsCertificate has been removed. These flags had been printing deprecation warnings since 2016.
You must now use the standard --httpsKeyStore flag with a PKCS12 keystore file, which is the modern Java standard (JEP 229). This change was necessary because the old method relied on APIs that were removed in Java 17, ensuring future compatibility.
What is the New instance-identity Plugin?
A core module responsible for generating and managing the Jenkins instance's unique identity keys has been extracted into a separate plugin. This plugin is automatically installed during upgrades.
This matters for "as-code" installations or if you maintain a text file list of plugins. You must now explicitly include instance-identity:3.1 or later in that list to ensure the functionality is present, which is critical for inbound agents using TCP transport.
Are There Any Plugin Compatibility Gotchas?
Yes. Upgrading the Java runtime in the Docker images to OpenJDK 11.0.16.1/17.0.4.1 exposed memory leaks in older versions of key plugins. You must upgrade Pipeline: Groovy to version 2705.v0449852ee36f or later and Script Security to 1175.v4b_d517d6db_f0 or later immediately after upgrading Jenkins core to avoid metaspace memory leaks and JVM instability.
Always use the Plugin Manager to update all plugins to their latest compatible versions both before and after the core upgrade to minimize integration issues.
FAQ
I'm on Java 8. Can I upgrade to Jenkins 2.361.x?
No. You must first upgrade your Jenkins controller and all agent machines to Java 11 or Java 17. Attempting to run the new remoting JAR on Java 8 will cause immediate failure.
How do I launch agents now that Java Web Start is gone?
You now use the command-line instructions provided on the agent's configuration page in the Jenkins web UI. Download the agent JAR and run it with the specified java -jar agent.jar ... command.
My HTTPS setup broke after upgrading. What happened?
The deprecated --httpsPrivateKey and --httpsCertificate flags were removed. You need to migrate your TLS configuration to use a PKCS12 keystore file with the --httpsKeyStore flag.
Why do I need to install the instance-identity plugin?
The functionality was split out from core. It will auto-install on upgrade, but if you manage plugins via code (e.g., a plugins.txt file), you must add it explicitly to your list to avoid missing dependency errors.
My Jenkins became unstable after the upgrade, what should I check?
First, verify all agents are on Java 11+. Then, ensure you have updated the Pipeline: Groovy and Script Security plugins to the specific versions mentioned in the release notes to fix critical memory leaks introduced by the newer JDK.