Changelog

Major enhancement

Redesigned login, signup, and Jenkins is (re)starting pages. Existing page decorators like Simple Theme Plugin will no longer work with these redesigned pages. JENKINS-50447 , announcement blog post
Replace single per-user API token with new system of multiple, revocable, unrecoverable API tokens with usage tracking. JENKINS-32442 , JENKINS-32776 , blog post
The deprecated Jenkins CLI Protocol versions 1 and 2, and Java Web Start Agent Protocol versions 1, 2, and 3 have been disabled. If you still use these protocols (e.g. remoting-based CLI, or old slave.jars on agents), you need to re-enable these protocols after upgrade, or upgrade the clients. The same recommendations as in The 2.121.x upgrade guide for remoting changes apply here. JENKINS-48480
Check SHA-512 or SHA-256 checksums of update site and tool installer metadata and core and plugin downloads if the update site provides them. pull 3356
Optional extensions are now loaded without requiring to restart Jenkins after installing an optional dependency. JENKINS-50336

Enhancement

Upgrade Winstone from 4.2 to 4.4 to update Jetty from 9.4.8.v20171121 to 9.4.11.v20180605, adding an option to enable JMX when running Jenkins using java -jar jenkins.war. pull 3422, pull 3497, full changelog, Jetty 9.4.11 changelog, Jetty 9.4.10 changelog, Jetty 9.4.9 changelog, JMX Documentation for Jetty, full list of options
Upgrade Remoting from 3.21.1 to 3.25 to have agents check availability of the controller's TCP Agent Listener port when connecting over TCP. JENKINS-51818 , JENKINS-52204 , Remoting 3.22 changelog
Upgrade Bytecode Compatibility Transformer from 1.8 to 2.0-beta-2, upgrading ASM from 5.0.1 to 6.2 to improve support of Java 9+ runtimes. JENKINS-51837 , supported Java versions
Update Executable WAR from 1.39 to 1.41 to allow running Jenkins with incompatible (too new) Java versions by setting the --enable-future-java flag. JENKINS-51155 , JENKINS-51994 , JENKINS-46622 , Executable WAR 1.40 changelog, Executable WAR 1.41 changelog, supported Java versions
Update instance identity module from 2.1 to 2.2 to improve Java 11 compatibility. JENKINS-51965 , full changelog
Update JNA from 4.2.1 to 4.5.2 to add support for s390x, update GNU C minimal requirement to 2.7 on Unix platforms. JENKINS-52771
Add a new CLI command enable-plugin to enable one or more installed plugins and optionally restart Jenkins. JENKINS-52822
Add support for Zip files larger than 4 GB (Zip64). JENKINS-52356
Add modification timestamp to files in directory browser views such as archived artifacts and workspaces. JENKINS-20998
Export path to agent file system root directory in remote API. pull 3206
Jenkins remote API: Export fingerprints for builds which do not derive from AbstractBuild, like Pipeline builds. JENKINS-51667
Some deserialization rejections are now logged on WARNING log level, instead of only on FINER. JENKINS-51666
Developer: Introduce SimplePageDecorator extension point, which allows decorating the redesigned login page. announcement blog post
Internal: Update parent POM. Jenkins now requires Maven 3.5.4 or newer to build. pull 3567
Internal: Various improvements related to incremental Maven releases. JENKINS-51187 , JENKINS-51247 , pull 3430, JEP-305

Bug fix

Instances of some item types could not be renamed. (regression in 2.110) JENKINS-52164
Don't fail to archive artifacts when attributes cannot be preserved, instead log a message and proceed without preserving attributes. (regression in 2.120) JENKINS-52325
Some types of builds, like pipelines, would sometimes run concurrently even when that was disabled. JENKINS-41127

Changelog for 2.138.1