Last checked and updated on 03 May 2026What Is New in Jenkins 2.479.x
This LTS release marks a major platform shift, requiring Java 17 and upgrading core frameworks. Here's a summary of the key changes.
| Category | Description |
|---|---|
| Platform Requirement | Java 17 or newer is now mandatory for both controllers and agents. |
| Framework Upgrades | Upgraded to Spring Security 6 and Spring Framework 6, requiring plugin updates. |
| Remoting | Increased the minimum required Remoting version to 3107.v665000b_51092. |
| Security | Removed the Windows path traversal escape hatch system property. |
Why is Java 17 now a hard requirement?
Jenkins 2.479.1 drops support for Java 11, making Java 17 the new minimum. This aligns the platform with modern Java LTS releases and their security updates.
You must upgrade the Java runtime on every controller and agent node before applying this Jenkins update. The official Docker images have already been updated, so users on those platforms are unaffected. For Linux package users, you'll need to install Java 17 from your distribution's repository or a vendor like Adoptium.
This matters because agents running older Java versions will be rejected by the controller after the upgrade, breaking your builds.
Which plugins require special attention during upgrade?
Several authentication plugins need to be updated at the same time as the core to maintain compatibility with the new Spring Framework and Security versions.
The LDAP plugin must be upgraded to version 733.vd3700c27b_043. The Reverse Proxy Auth plugin requires version 1.8.0 and also necessitates updating the Mailer plugin to version 489.vd4b_25144138f. The CAS plugin needs version 1.7.0, and the Windows Negotiate SSO plugin must be at least 136.vda_2b_6a_744b_d8.
In practice, the safest approach is to update all your plugins to their latest available versions both before and after the core upgrade to avoid any dependency conflicts.
What changed with the Windows path traversal escape hatch?
The system property hudson.model.DirectoryBrowserSupport.allowAbsolutePath has been completely removed. This property was previously a workaround for a known Windows path traversal vulnerability.
If your setup relied on this property, you must now find an alternative solution. There is no other workaround provided. This change enforces more secure default behavior on Windows systems.
How do I handle agents with old Remoting versions?
The minimum Remoting version is now 3107.v665000b_51092. Agents connecting with older versions will be rejected by the controller.
Before upgrading, ensure all your agents are running a recent version of the agent JAR. You can use the Versions Node Monitors plugin to check agent Java versions remotely. If you absolutely must connect an outdated agent, you can set hudson.slaves.SlaveComputer.allowUnsupportedRemotingVersions=true as a temporary measure, but this is not recommended for production.
What about the Environment Injector plugin warnings?
With Java 17, the Environment Injector plugin may generate illegal reflective access warnings. You have a couple of options to address this.
If you only need to modify existing environment variables (like PATH), upgrade the plugin to version 2.919.v009a_a_1067cd0. If you need to add or remove variables, consider configuring the environment directly when starting the agent process instead of using the plugin. For inbound agents, you can add JVM arguments: java --add-opens java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED -jar agent.jar.
FAQ
Can I upgrade to 2.479.x if I'm still on Java 11?
No. Java 17 or newer is mandatory. Upgrade Java first on all controllers and agents, then upgrade Jenkins.
My agent uses Java 11 for builds - is that still okay?
Yes, but only for build execution. The agent process itself that runs remoting.jar must use Java 17+. You can have multiple Java versions installed on an agent.
What happens if I don't update the required plugins?
Authentication plugins like LDAP, CAS, and Reverse Proxy Auth will likely break, preventing users from logging in.
How do I check my current Remoting version?
Check the agent log files or the Jenkins node management page. The version is typically displayed during agent connection.
Is there a rollback plan if the upgrade fails?
Always backup your JENKINS_HOME before upgrading. To rollback, restore the backup and downgrade to your previous Jenkins version and Java version.