Merge branch 'master' into JENKINS-73813

Author: timja

.gitattributes

@@ -39,4 +39,4 @@
 
 # Yarn
 # https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored
-/war/.yarn/plugins/** binary
+/.yarn/plugins/** binary

.gitignore

@@ -65,9 +65,7 @@ junit.xml
 
 # Yarn
 # https://yarnpkg.com/getting-started/qa#which-files-should-be-gitignored
-.pnp.*
 .yarn/*
-.yarnrc.yml
 !.yarn/patches
 !.yarn/plugins
 !.yarn/sdks
@@ -78,7 +76,4 @@ node/
 node_modules/
 
 # Generated JavaScript Bundles
-jsbundles
-
-# In case someone accidentally runs npm install instead of yarn install
-package-lock.json
+war/src/main/webapp/jsbundles/

.prettierignore

@@ -7,13 +7,11 @@ node/
 
 .git
 
-.yarnrc.yml
-
 # libraries / external deps / generated files
-war/src/main/js/plugin-setup-wizard/bootstrap-detached.js
+src/main/js/plugin-setup-wizard/bootstrap-detached.js
 war/src/main/webapp/scripts/yui
 war/src/main/webapp/jsbundles/
-war/src/main/scss/_bootstrap.scss
+src/main/scss/_bootstrap.scss
 
 # test files that we don't need formatted
 test/src/test/resources

.stylelintrc.js

@@ -1,7 +1,7 @@
 module.exports = {
   extends: "stylelint-config-standard",
   customSyntax: "postcss-scss",
-  ignoreFiles: ["war/src/main/scss/_bootstrap.scss"],
+  ignoreFiles: ["src/main/scss/_bootstrap.scss"],
   rules: {
     "no-descending-specificity": null,
     "selector-class-pattern": "[a-z]",

.yarnrc.yml

@@ -0,0 +1,2 @@
+enableGlobalCache: false
+nodeLinker: node-modules

CONTRIBUTING.md

@@ -11,7 +11,7 @@ This page provides information about contributing code to the Jenkins core codeb
 3. Install the necessary development tools. In order to develop Jenkins, you need the following:
    - Java Development Kit (JDK) 17 or 21.
      In the Jenkins project we usually use [Eclipse Temurin](https://adoptium.net/) or [OpenJDK](https://openjdk.java.net/), but you can use other JDKs as well.
-   - Apache Maven 3.8.1 or above. You can [download Maven here](https://maven.apache.org/download.cgi).
+   - Apache Maven 3.9.6 or above. You can [download Maven here](https://maven.apache.org/download.cgi).
      In the Jenkins project we usually use the most recent Maven release.
    - Any IDE which supports importing Maven projects.
 4. Set up your development environment as described in [Preparing for Plugin Development](https://www.jenkins.io/doc/developer/tutorial/prepare/)
@@ -53,12 +53,12 @@ MAVEN_OPTS='--add-opens java.base/java.lang=ALL-UNNAMED --add-opens java.base/ja
 ### Running the Yarn frontend build
 
 > [!TIP]
-> If you already have Node.js installed, you do not need to change your path. Start using `yarn` by enabling [Corepack](https://yarnpkg.com/corepack) with `corepack enable`, if it isn't already; this will add the `yarn` binary to your PATH.
+> If you already have Node.js installed, you do not need to change your path. Start using Yarn by enabling [Corepack](https://yarnpkg.com/corepack) with `corepack enable`, if it isn't already; this will add the `yarn` binary to your path.
 
 To run the Yarn frontend build, after [building the WAR file](#building-the-war-file), add the downloaded versions of Node and Yarn to your path:
 
 ```sh
-export PATH=$PWD/node:$PWD/node/yarn/dist/bin:$PATH
+export PATH=$PWD/node:$PWD/node/node_modules/corepack/shims:$PATH
 ```
 
 Then you can run Yarn with e.g.

ath.sh

@@ -6,7 +6,7 @@ set -o xtrace
 cd "$(dirname "$0")"
 
 # https://github.com/jenkinsci/acceptance-test-harness/releases
-export ATH_VERSION=5997.v2a_1a_696620a_0
+export ATH_VERSION=6038.v190f938efc87
 
 if [[ $# -eq 0 ]]; then
 	export JDK=17

bom/pom.xml

@@ -88,7 +88,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>com.google.guava</groupId>
         <artifactId>guava</artifactId>
-        <version>33.3.0-jre</version>
+        <version>33.3.1-jre</version>
       </dependency>
       <dependency>
         <!-- Overriding Stapler’s 1.1.3 version to diagnose JENKINS-20618: -->
@@ -250,7 +250,7 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.jenkins-ci</groupId>
         <artifactId>annotation-indexer</artifactId>
-        <version>1.17</version>
+        <version>1.18</version>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci</groupId>
@@ -260,27 +260,27 @@ THE SOFTWARE.
       <dependency>
         <groupId>org.jenkins-ci</groupId>
         <artifactId>crypto-util</artifactId>
-        <version>1.9</version>
+        <version>1.10</version>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci</groupId>
         <artifactId>memory-monitor</artifactId>
-        <version>1.12</version>
+        <version>1.13</version>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci</groupId>
         <artifactId>symbol-annotation</artifactId>
-        <version>1.24</version>
+        <version>1.25</version>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci</groupId>
         <artifactId>task-reactor</artifactId>
-        <version>1.8</version>
+        <version>1.9</version>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci</groupId>
         <artifactId>version-number</artifactId>
-        <version>1.11</version>
+        <version>1.12</version>
       </dependency>
       <dependency>
         <groupId>org.jenkins-ci.main</groupId>
@@ -352,6 +352,12 @@ THE SOFTWARE.
         <artifactId>stapler-groovy</artifactId>
         <version>${stapler.version}</version>
       </dependency>
+      <!-- Override the outdated managed dependency on asm in guice-parent -->
+      <dependency>
+        <groupId>org.ow2.asm</groupId>
+        <artifactId>asm</artifactId>
+        <version>9.7.1</version>
+      </dependency>
       <dependency>
         <groupId>org.samba.jcifs</groupId>
         <artifactId>jcifs</artifactId>

cli/pom.xml

@@ -15,7 +15,7 @@
   <url>https://github.com/jenkinsci/jenkins</url>
 
   <properties>
-    <mina-sshd.version>2.13.2</mina-sshd.version>
+    <mina-sshd.version>2.14.0</mina-sshd.version>
     <!-- Filled in by jacoco-maven-plugin -->
     <jacocoSurefireArgs />
   </properties>

core/src/main/java/hudson/logging/LogRecorder.java

@@ -556,7 +556,7 @@ public void delete() throws IOException {
         loggers.forEach(Target::disable);
 
         getParent().getRecorders().forEach(logRecorder -> logRecorder.getLoggers().forEach(Target::enable));
-        SaveableListener.fireOnChange(this, getConfigFile());
+        SaveableListener.fireOnDeleted(this, getConfigFile());
     }
 
     /**

core/src/main/java/hudson/markup/MarkupFormatter.java

@@ -62,9 +62,14 @@
  * This is an extension point in Hudson, allowing plugins to implement different markup formatters.
  *
  * <p>
- * Implement the following methods to enable and control CodeMirror syntax highlighting
- * public String getCodeMirrorMode() // return null to disable CodeMirror dynamically
- * public String getCodeMirrorConfig()
+ * Implement the following methods to enable and control CodeMirror syntax highlighting:
+ * <ul>
+ *     <li><code>public String getCodeMirrorMode()</code> (return <code>null</code> to disable CodeMirror dynamically)</li>
+ *     <li>
+ *         <code>public String getCodeMirrorConfig()</code> (JSON snippet without surrounding curly braces, e.g., <code>"mode": "text/css"</code>.
+ *         Historically this allowed invalid JSON, but since TODO it needs to be properly quoted etc.
+ *     </li>
+ * </ul>
  *
  * <h2>Views</h2>
  * <p>

core/src/main/java/hudson/model/AbstractItem.java

@@ -59,8 +59,6 @@
 import java.util.ListIterator;
 import java.util.logging.Level;
 import java.util.logging.Logger;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 import javax.xml.transform.Source;
 import javax.xml.transform.TransformerException;
 import javax.xml.transform.sax.SAXSource;
@@ -70,6 +68,7 @@
 import jenkins.model.Jenkins;
 import jenkins.model.Loadable;
 import jenkins.model.queue.ItemDeletion;
+import jenkins.security.ExtendedReadRedaction;
 import jenkins.security.NotReallyRoleSensitiveCallable;
 import jenkins.security.stapler.StaplerNotDispatchable;
 import jenkins.util.SystemProperties;
@@ -815,6 +814,7 @@ public void delete() throws IOException, InterruptedException {
                 ItemDeletion.deregister(this);
             }
         }
+        SaveableListener.fireOnDeleted(this, getConfigFile());
         getParent().onDeleted(AbstractItem.this);
         Jenkins.get().rebuildDependencyGraphAsync();
     }
@@ -870,11 +870,11 @@ private void doConfigDotXmlImpl(StaplerRequest2 req, StaplerResponse2 rsp)
         rsp.sendError(SC_BAD_REQUEST);
     }
 
-    static final Pattern SECRET_PATTERN = Pattern.compile(">(" + Secret.ENCRYPTED_VALUE_PATTERN + ")<");
     /**
      * Writes {@code config.xml} to the specified output stream.
      * The user must have at least {@link #EXTENDED_READ}.
-     * If he lacks {@link #CONFIGURE}, then any {@link Secret}s detected will be masked out.
+     * If he lacks {@link #CONFIGURE}, then any {@link Secret}s or other sensitive information detected will be masked out.
+     * @see jenkins.security.ExtendedReadRedaction
      */
 
     @Restricted(NoExternalUse.class)
@@ -886,15 +886,13 @@ public void writeConfigDotXml(OutputStream os) throws IOException {
         } else {
             String encoding = configFile.sniffEncoding();
             String xml = Files.readString(Util.fileToPath(configFile.getFile()), Charset.forName(encoding));
-            Matcher matcher = SECRET_PATTERN.matcher(xml);
-            StringBuilder cleanXml = new StringBuilder();
-            while (matcher.find()) {
-                if (Secret.decrypt(matcher.group(1)) != null) {
-                    matcher.appendReplacement(cleanXml, ">********<");
-                }
+
+            for (ExtendedReadRedaction redaction : ExtendedReadRedaction.all()) {
+                LOGGER.log(Level.FINE, () -> "Applying redaction " + redaction.getClass().getName());
+                xml = redaction.apply(xml);
             }
-            matcher.appendTail(cleanXml);
-            org.apache.commons.io.IOUtils.write(cleanXml.toString(), os, encoding);
+
+            org.apache.commons.io.IOUtils.write(xml, os, encoding);
         }
     }