Last checked and updated on 03 May 2026What Is New in Jenkins 2.387.x
This release focuses on security hardening, logging improvements, and infrastructure modernization. The most critical change is the update to repository signing keys, which requires administrator action before upgrading.
| Category | Changes |
|---|---|
| Security | New GPG signing keys for package repositories |
| Infrastructure | Remoting version requirement increased to 4.7 |
| Logging | Removed SIGALRM rotation, added size-based rotation for periodic tasks |
| Compatibility | XStream2 no longer handles ASCII NUL characters |
Why Did Jenkins Change Its Repository Signing Keys?
Starting with 2.387.2, stable repositories now use the same GPG keys as weekly releases. This simplifies key management and aligns signing practices across release channels.
You must update your package manager configuration before installing 2.387.2. For Debian/Ubuntu, import the new keyring and update your sources list. For Red Hat systems, import the new RPM key. The old keys will no longer be valid for new releases.
What Changed in Remoting Requirements?
Jenkins now requires Remoting version 4.7 or newer for agent connections. This version was released in February 2021, so most modern agents should already meet this requirement.
Agents with older Remoting versions will be rejected during connection attempts. If you have legacy agents, set the hudson.slaves.SlaveComputer.allowUnsupportedRemotingVersions system property to true as a temporary workaround while you update them.
How Did Log Rotation Change?
Support for log rotation via SIGALRM has been completely removed. The --daemon command-line argument is also gone.
If you use custom log rotation, ensure your configuration uses the copytruncate option instead of relying on signal-based rotation. Periodic task logs now rotate at 10MB by default, which you can disable by setting specific system properties to -1.
What's the Deal with XStream and ASCII NUL?
Jenkins switched from KXml2Driver to StandardStaxDriver for XML processing, which means it can no longer handle files containing ASCII NUL characters (U+0000).
This particularly affects the JUnit plugin - make sure you update it to the latest version before processing new test results. Existing test results with NUL characters may become unreadable, so check your plugins for compatibility.
FAQ
What happens if I don't update the GPG keys before upgrading?
Your package manager will fail to verify the package signatures and refuse to install Jenkins 2.387.2 or later. The update will be blocked until you import the new keys.
How can I check my current Remoting version?
Check the agent log files or the Jenkins computer list - the version appears during agent connection. You can also check the remoting.jar file version directly on agent machines.
Will my existing log rotation setup break?
Only if you relied on SIGALRM for rotation. If you use copytruncate (like the official packages), you're fine. Check your logrotate configs for signal-based rotation.
Which plugins might be affected by the XStream NUL character change?
Primarily plugins that store XML data with null characters. The JUnit plugin is the main one mentioned, but any plugin storing binary data in XML fields could have issues.
Can I downgrade if I have problems with 2.387.x?
Yes, but you'll need to revert your package repository configuration to the old keys if you downgrade to pre-2.387.2 versions. The old keys still work for older releases.