Last checked and updated on 03 May 2026What Is New in Jenkins 2.401.x
Jenkins 2.401.x LTS introduces significant UI modernization, security enhancements, and foundational changes to the CLI connection protocol. This release focuses on improving the user experience and preparing the platform for future developments.
| Category | Key Changes |
|---|---|
| New Features & Enhancements | WebSocket as default CLI mode, UI modernization for logs and forms, Java 17 as default in containers, new Appearance configuration page. |
| Security | Multiple important security advisories addressed, Content Security Policy (CSP) improvements, enhanced HTTP headers. |
| Bug Fixes | Fixes for form validation, agent allocation, memory leaks, and UI regressions from previous versions. |
| Deprecations & Removals | Deprecation of JNLP-based agent connection arguments, removal of the legacy jenkins-js-modules library. |
| Infrastructure | Updated base Docker images, upgraded bundled libraries (Winstone, Jetty, Spring), and telemetry for environment data. |
Why Did the Default CLI Connection Change to WebSocket?
The default transport for the Jenkins CLI client is now WebSocket (-webSocket) instead of HTTP. This change was made because WebSocket offers a more reliable and performant connection for remoting operations.
In practice, if your network or reverse proxy doesn't support WebSocket connections, you must explicitly specify -http or -ssh when using the CLI client. This matters because automated scripts that relied on the old default might break if they don't handle the new protocol.
What UI Modernization Was Done?
This release continues a major effort to modernize the Jenkins UI. Key updates include a revamped Log Recorder with better visual feedback, modernized form controls and buttons, and the replacement of old browser confirmation dialogs with consistent modal dialogs.
The new Appearance system configuration page allows administrators to customize the look and feel of Jenkins. The People view was also removed from core and is now available as a separate plugin.
How Does This Release Handle Security?
Multiple important security vulnerabilities were patched across the 2.401.x LTS line. The release also enhances security by adding the X-Content-Type-Options header to agent listener responses and improving Content Security Policy (CSP) compatibility for artifact and workspace browsers.
These fixes address specific security advisories and help silence false positives from security scanners that incorrectly flagged missing headers.
What Was Removed and What Plugins Are Affected?
The legacy jenkins-js-modules JavaScript library was removed from core. This is a breaking change for plugins that directly depended on it.
Specifically, users of the OWASP Dependency Track plugin must upgrade to version 4.3.1 or newer. Users of the ServiceNow CI/CD plugin must upgrade to version 2.1 or newer to maintain compatibility.
What Are the Key Infrastructure and Packaging Changes?
The default Java version in Docker images changed from Java 11 to Java 17 for tags without a JDK suffix (e.g., jenkins/jenkins:2.414.3). Java 11 images are still available with the -jdk11 tag suffix.
Debian-based container images were updated to Debian 12 (Bookworm). Numerous underlying libraries were upgraded, including Winstone, Jetty, and Spring Framework, for improved performance and security.
FAQ
My CLI scripts stopped working after upgrade. What happened?
The default CLI connection mode is now WebSocket. If your network doesn't support it, add the -http flag to your java -jar jenkins-cli.jar commands.
I use the People page. Where did it go?
The People view was removed from core Jenkins. You can install the separate "People View" plugin from the update center to restore this functionality.
Do I have to use Java 17 now?
No. While the default container images use Java 17, you can still use Java 11 or Java 17. For containers, use tags with the -jdk11 suffix to stay on Java 11.
Why am I getting warnings about plugin dependencies after upgrading?
The removal of jenkins-js-modules breaks plugins that haven't been updated. Check for new versions of the OWASP Dependency Track and ServiceNow CI/CD plugins.
Are there any changes to how agents connect?
Yes. Using jnlpUrl in agent launch arguments is now deprecated. You should use the url and name arguments instead for inbound agents.