Script Console

import hudson.util.RemotingDiagnostics
import jenkins.model.Jenkins

String agentName = 'your agent name'
//groovy script you want executed on an agent
groovy_script = '''
println System.getenv("PATH")
println "uname -a".execute().text
'''.trim()

String result
Jenkins.instance.slaves.find { agent ->
    agent.name == agentName
}.with { agent ->
    result = RemotingDiagnostics.executeGroovy(groovy_script, agent.channel)
}
println result

new File('/tmp/file.txt').withWriter('UTF-8') { writer ->
    try {
        writer << 'hello world\n'
    } finally {
        writer.close()
    }
}

new File('/tmp/file.txt').text

import hudson.FilePath
import hudson.remoting.Channel
import jenkins.model.Jenkins

String agentName = 'some-agent'
String filePath = '/tmp/file.txt'

Channel agentChannel = Jenkins.instance.slaves.find { agent ->
    agent.name == agentName
}.channel

new FilePath(agentChannel, filePath).write().with { os ->
    try {
        os << 'hello world\n'
    } finally {
        os.close()
    }
}

import hudson.FilePath
import hudson.remoting.Channel
import jenkins.model.Jenkins

import java.io.BufferedReader
import java.io.InputStreamReader
import java.nio.charset.StandardCharsets
import java.util.stream.Collectors

String agentName = 'some-agent'
String filePath = '/tmp/file.txt'

Channel agentChannel = Jenkins.instance.slaves.find { agent ->
    agent.name == agentName
}.channel

String fileContents = ''
new FilePath(agentChannel, filePath).read().with { is ->
    try {
        fileContents = new BufferedReader(
            new InputStreamReader(is, StandardCharsets.UTF_8))
                .lines()
                .collect(Collectors.joining("\n"))
    } finally {
        is.close()
    }
}

// print contents of the file from the agent
println '==='
println(fileContents)
println '==='

curl -d "script=<your_script_here>" https://jenkins/script
# or to get output as a plain text result (no HTML)
curl -d "script=<your_script_here>" https://jenkins/scriptText

curl --data-urlencode "script=$(< ./somescript.groovy)" https://jenkins/scriptText

curl --user 'username:api-token' --data-urlencode \
  "script=$(< ./somescript.groovy)" https://jenkins/scriptText

with open('somescript.groovy', 'r') as fd:
    data = fd.read()
r = requests.post('https://jenkins/scriptText', auth=('username', 'api-token'), data={'script': data})

export JENKINS_HOME="./my_jenkins_home"
java -jar jenkins.war

Spawning Processes From Build

daemonize -E BUILD_ID=dontKillMe /path/to/your/command

<scriptdef name="get-next-minute" language="beanshell">
  <attribute name="property" />

  date = new java.text.SimpleDateFormat("HH:mm")
    .format(new Date(System.currentTimeMillis() + 60000));
  project.setProperty(attributes.get("property"), date);
</scriptdef>

<get-next-minute property="next-minute" />
<exec executable="at">
  <arg value="${next-minute}" />
  <arg value="/interactive" />
  <arg value="${jboss.home}\bin\run.bat" />
</exec>

// antRunAsync.js - Wrapper script to run an executable detached in the
// background from Ant's <exec> task.  This works by running the executable
// using the Windows Scripting Host WshShell.Run method which doesn't copy
// the standard filehandles stdin, stdout and stderr. Ant finds them closed
// and doesn't wait for the program to exit.
//
// requirements:
//   Windows Scripting Host 1.0 or better.  This is included with Windows
//   98/Me/2000/XP.  Users of Windows 95 or Windows NT 4.0 need to download
//   and install WSH support from
//   http://msdn.microsoft.com/scripting/.
//
// usage:
// <exec executable="cscript.exe">
//   <env key="ANTRUN_TITLE" value="Title for Window" />  <!-- optional -->
//   <env key="ANTRUN_OUTPUT" value="output.log" />  <!-- optional -->
//   <arg value="//NoLogo" />
//   <arg value="antRunAsync.js" />  <!-- this script -->
//   <arg value="real executable" />
// </exec>


var WshShell = WScript.CreateObject("WScript.Shell");
var exeStr = "%comspec% /c";
var arg = "";
var windowStyle = 1;
var WshProcessEnv = WshShell.Environment("PROCESS");
var windowTitle = WshProcessEnv("ANTRUN_TITLE");
var outputFile = WshProcessEnv("ANTRUN_OUTPUT");
var OS = WshProcessEnv("OS");
var isWindowsNT = (OS == "Windows_NT");

// On Windows NT/2000/XP, specify a title for the window.  If the environment
// variable ANTRUN_TITLE is specified, that will be used instead of a default.
if (isWindowsNT) {
  if (windowTitle == "")
     windowTitle = "Ant - " + WScript.Arguments(i);
  exeStr += "title " + windowTitle + " &&";
}

// Loop through arguments quoting ones with spaces
for (var i = 0; i < WScript.Arguments.count(); i++) {
  arg = WScript.Arguments(i);
  if (arg.indexOf(' ') > 0)
    exeStr += " \"" + arg + "\"";
  else
    exeStr += " " + arg;
}

// If the environment variable ANTRUN_OUTPUT was specified, redirect
// output to that file.
if (outputFile != "") {
  windowStyle = 7;  // new window is minimized
  exeStr += " > \"" + outputFile + "\"";
  if (isWindowsNT)
    exeStr += " 2>&1";
}

// WScript.Echo(exeStr);
// WshShell.Run(exeStr);
WshShell.Run(exeStr, windowStyle, false);

<exec executable="cscript.exe">
   <env key="ANTRUN_TITLE" value="Title for Window" />  <!-- optional -->
   <env key="ANTRUN_OUTPUT" value="output.log" />  <!-- optional -->
   <arg value="//NoLogo" />
   <arg value="antRunAsync.js" />  <!-- this script -->
   <arg value="real executable" />
</exec>

C:\>SCHTASKS /Create /RU SYSTEM /SC ONSTART /TN Tomcat /TR
"C:\Program Files\Apache Software Foundation\Tomcat 6.0\bin\startup.bat"

<exec executable="SCHTASKS">
    <arg value="/Run"/>
    <arg value="/TN"/>
    <arg value="Tomcat"/>
</exec>

Configuring the System

System Information

Jenkins Features Controlled with System Properties

java -Dhudson.footerURL=http://example.org -jar jenkins.war

debug.YUI

development

Since: December 2006

Default:

false

Description:

Whether to use the minified ( false ) or debug ( true ) JS files for the YUI library.

executable-war

packaging

Since: Undocumented

Default:

Path to jenkins.war when invoked as java -jar jenkins.war , undefined otherwise.

Description:

This is the path to jenkins.war and set by the executable-war wrapper when invoked using java -jar jenkins.war . This allows Jenkins to find its own .war file and e.g. replace it to apply an update. If undefined, Jenkins will not e.g. offer to update itself.

historyWidget.descriptionLimit

feature UI

Since: 2.223

Default:

100

Description:

Defines a limit for the characters shown in the description field for each build row in the Build History column. A positive integer (e.g. 300 ) will define the limit. After the limit is reached (…​) will be shown. The value -1 disables the limit and allows unlimited characters in the build description. The value 0 shows no description.

hudson.bundled.plugins

development

Since: Undocumented

Default:

undefined

Description:

Specify a location for additional bundled plugins during plugin development ( hpi:run ). There is no reason this would be set by an administrator.

hudson.ClassicPluginStrategy.noBytecodeTransformer

escape hatch obsolete

Since: 1.538

Default:

false

Description:

Disable the bytecode transformer that retains compatibility at runtime after changing public Java APIs. Has no effect since 2.296, as the bytecode transformer has been removed.

hudson.ClassicPluginStrategy.useAntClassLoader

escape hatch

Since: 1.316

Default:

false (until 2.309 and since 2.348), true (from 2.310 to 2.347)

Description:

Unused between 1.527 and 2.309. Since 2.310, can be set to false to use URLClassLoader instead. This is the default since 2.347.

hudson.cli.CLI.pingInterval

tuning

Since: 2.199

Default:

3000

Description:

Client-side HTTP CLI ping interval in milliseconds. Set on the CLI client ( java -jar jenkins-cli.jar ), not Jenkins server process.

hudson.ConsoleNote.INSECURE

escape hatch security

Since: 2.44 / 2.32.2

Default:

false

Description:

Whether to load unsigned console notes. See SECURITY-382 on Jenkins Security Advisory 2017-02-01.

hudson.consoleTailKB

tuning

Since: March 2009

Default:

150

Description:

How many KB of console log to show in default console view. This property had no effect from Jenkins 2.4 (inclusive) until 2.98/2.89.3 (exclusive), see JENKINS-48593.

hudson.diagnosis.HudsonHomeDiskUsageChecker.freeSpaceThreshold

tuning

Since: 1.339

Default:

1073741824 (1 GB, up to 2.39), 10737418240 (10 GB, from 2.40)

Description:

If there’s less than this amount of free disk space, in bytes, on the disk with the Jenkins home directory, and the disk is 90% or more full, a warning will be shown to administrators.

hudson.diyChunking

feature

Since: May 2009

Default:

false

Description:

Set to true if the servlet container doesn’t support chunked encoding.

hudson.DNSMultiCast.disabled

escape hatch obsolete

Since: 1.359

Default:

false until 2.218, true in 2.219

Description:

Set to true to disable DNS multicast. Has no effect since 2.220 as the feature has been removed. See SECURITY-1641

hudson.FilePath.VALIDATE_ANT_FILE_MASK_BOUND

tuning

Since: 1.592

Default:

10000

Description:

Max. number of operations to validate a file mask (e.g. pattern to archive artifacts).

hudson.footerURL

feature

Since: 1.416

Default:

https://jenkins.io

Description:

Allows tweaking the URL displayed at the bottom of Jenkins' UI

hudson.Functions.autoRefreshSeconds

obsolete tuning

Since: 1.365

Default:

10

Description:

Number of seconds between reloads when Auto Refresh is enabled. Obsolete since the feature was removed in Jenkins 2.223.

hudson.Functions.hidingPasswordFields

security escape hatch

Since: 2.205

Default:

true

Description:

Jenkins 2.205 and newer attempts to prevent browsers from offering to auto-fill password form fields by using a custom password control. Setting this to false reverts to the legacy behavior of using mostly standard password form fields.

hudson.lifecycle

packaging

Since: Undocumented

Default:

automatically determined based on environment, see hudson.lifecycle.Lifecycle

Description:

Specify full class name for Lifecycle implementation to override default. See documentation for class names.

hudson.logging.LogRecorderManager.skipPermissionCheck

security escape hatch

Since: 2.121.3 and 2.138

Default:

false

Description:

Disable security hardening for LogRecorderManager Stapler access. Possibly unsafe, see 2018-12-05 security advisory.

hudson.Main.development

development

Since: Undocumented

Default:

false in production, true in development

Description:

This is set to true by the development tooling to identify when Jenkins is running via jetty:run or hpi:run . Can be used to distinguish between development and production use; most prominently used to bypass the setup wizard when running with an empty Jenkins home directory during development.

hudson.Main.timeout

tuning

Since: Undocumented

Default:

15000

Description:

When using jenkins-core.jar from the CLI, this is the connection timeout connecting to Jenkins to report a build result.

hudson.markup.MarkupFormatter.previewsAllowGET

security escape hatch

Since: 2.263.2 / 2.275

Default:

false

Description:

Controls whether URLs implementing markup formatter previews are accessible via GET. See 2021-01-13 security advisory.

hudson.markup.MarkupFormatter.previewsSetCSP

security escape hatch

Since: 2.263.2 / 2.275

Default:

true

Description:

Controls whether to set restrictive Content-Security-Policy headers on URLs implementing markup formatter previews. See 2021-01-13 security advisory.

hudson.matrix.MatrixConfiguration.useShortWorkspaceName

feature

Since: Undocumented

Default:

false

Description:

Use shorter but cryptic names in matrix build workspace directories. Avoids problems with 256 character limit on paths in Cygwin, path depths problems on Windows, and shell metacharacter problems with label expressions on most platforms. See JENKINS-25783.

hudson.model.AbstractItem.skipPermissionCheck

security escape hatch

Since: 2.121.3 / 2.138

Default:

false

Description:

Disable security hardening related to Stapler routing for AbstractItem. Possibly unsafe, see 2018-12-05 security advisory.

hudson.model.Api.INSECURE

security escape hatch obsolete

Since: 1.502

Default:

false

Description:

Set to true to permit accessing the Jenkins remote API in an unsafe manner. See SECURITY-47. Deprecated, use e.g. Secure Requester Whitelist instead.

hudson.model.AsyncAperiodicWork.logRotateMinutes

tuning

Since: 1.651

Default:

1440

Description:

The number of minutes after which to try and rotate the log file used by any AsyncAperiodicWork extension. For fine-grained control of a specific extension you can use the FullyQualifiedClassName .logRotateMinutes system property to only affect a specific extension. It is not anticipated that you will ever need to change these defaults.

hudson.model.AsyncAperiodicWork.logRotateSize

tuning

Since: 1.651

Default:

-1

Description:

When starting a new run of any AsyncAperiodicWork extension, if this value is non-negative and the existing log file is larger than the specified number of bytes then the log file will be rotated. For fine-grained control of a specific extension you can use theÂ FullyQualifiedClassName .logRotateSize system property to only affect a specific extension. It is not anticipated that you will ever need to change these defaults.

hudson.model.AsyncPeriodicWork.logRotateMinutes

tuning

Since: 1.651

Default:

1440

Description:

The number of minutes after which to try and rotate the log file used by any AsyncPeriodicWork extension. For fine-grained control of a specific extension you can use theÂ FullyQualifiedClassName .logRotateMinutes system property to only affect a specific extension. It is not anticipated that you will ever need to change these defaults.

Some implementations that can be individually configured (see FullyQualifiedClassName above):

• hudson.model.WorkspaceCleanupThread

• hudson.model.FingerprintCleanupThread

• hudson.slaves.ConnectionActivityMonitor

• jenkins.DailyCheck

• jenkins.model.BackgroundGlobalBuildDiscarder

• jenkins.telemetry.Telemetry$TelemetryReporter

hudson.model.AsyncPeriodicWork.logRotateSize

tuning

Since: 1.651

Default:

-1

Description:

When starting a new run of any AsyncPeriodicWork extension, if this value is non-negative and the existing log file is larger than the specified number of bytes then the log file will be rotated. For fine-grained control of a specific extension you can use theÂ FullyQualifiedClassName .logRotateSize system property to only affect a specific extension. It is not anticipated that you will ever need to change these defaults

Some implementations that can be individually configured (see FullyQualifiedClassName above):

• hudson.model.WorkspaceCleanupThread

• hudson.model.FingerprintCleanupThread

• hudson.slaves.ConnectionActivityMonitor

• jenkins.DailyCheck

• jenkins.model.BackgroundGlobalBuildDiscarder

• jenkins.telemetry.Telemetry$TelemetryReporter

hudson.model.DirectoryBrowserSupport.allowAbsolutePath

security escape hatch

Since: 2.315 and 2.303.2

Default:

false

Description:

Escape hatch for SECURITY-2481. Set this to true to allow browsing to absolute paths.

hudson.model.DirectoryBrowserSupport.allowSymlinkEscape

security escape hatch

Since: 2.154 and 2.138.4

Default:

false

Description:

Escape hatch for SECURITY-904 and SECURITY-1452.

hudson.model.DirectoryBrowserSupport.CSP

security escape hatch

Since: 1.625.3, 1.641

Default:

sandbox; default-src 'none'; image-src 'self'; style-src 'self';

Description:

Determines the Content Security Policy header sent for static files served by Jenkins. Only affects instances that don’t have a resource root URL set up. See Configuring Content Security Policy for more details.

hudson.model.DownloadService$Downloadable.defaultInterval

tuning

Since: 1.500

Default:

86400000 (1 day)

Description:

Interval between periodic downloads of Downloadables , typically tool installer metadata.

hudson.model.DownloadService.never

obsolete escape hatch

Since: 1.319

Default:

false

Description:

Suppress the periodic download of data files for plugins via browser-based download. Since Jenkins 2.200, this has no effect.

hudson.model.DownloadService.noSignatureCheck

security escape hatch

Since: 1.482

Default:

false

Description:

Skip the update site signature check. Setting this to true can be unsafe.

hudson.model.Hudson.flyweightSupport

obsolete feature escape hatch

Since: 1.318

Default:

false before 1.337; true from 1.337; unused since 1.598

Description:

Matrix parent job and other flyweight tasks (e.g. Build Flow plugin) won’t consume an executor when true . Unused since 1.598, flyweight support is now always enabled.

hudson.model.Hudson.initLogLevel

obsolete

Since: Undocumented

Default: Undocumented

Description:

Deprecated: Backward-compatible fallback for jenkins.model.Jenkins.initLogLevel . Removed since 2.272.

hudson.model.Hudson.killAfterLoad

obsolete

Since: Undocumented

Default: Undocumented

Description:

Deprecated: Backward-compatible fallback for jenkins.model.Jenkins.killAfterLoad . Removed since 2.272.

hudson.model.Hudson.logStartupPerformance

obsolete

Since: Undocumented

Default: Undocumented

Description:

Deprecated: Backward-compatible fallback for jenkins.model.Jenkins.logStartupPerformance . Removed since 2.272.

hudson.model.Hudson.parallelLoad

obsolete

Since: Undocumented

Default: Undocumented

Description:

Deprecated: Backward-compatible fallback for jenkins.model.Jenkins.parallelLoad . Removed since 2.272.

hudson.model.Hudson.workspaceDirName

obsolete

Since: Undocumented

Default: Undocumented

Description:

Deprecated: Backward-compatible fallback for jenkins.model.Jenkins.workspaceDirName . Removed since 2.272.

hudson.model.LabelAtom.allowFolderTraversal

security escape hatch

Since: 2.263.2 / 2.275

Default:

false

Description:

Controls whether label names containing unsafe characters that lead to path traversal can be saved. See 2.263.2 upgrade guide.

hudson.model.LoadStatistics.clock

tuning

Since: January 2009

Default:

10000 (10 seconds)

Description:

Load statistics clock cycle in milliseconds.

hudson.model.LoadStatistics.decay

tuning

Since: January 2009

Default:

0.9

Description:

Decay ratio for every clock cycle in node utilization charts.

hudson.model.MultiStageTimeSeries.chartFont

feature UI

Since: 1.562

Default:

SansSerif-10

Description:

Font used for load statistics. See Java documentation on how the value is decoded.

hudson.model.Node.SKIP_BUILD_CHECK_ON_FLYWEIGHTS

security escape hatch

Since: 2.111

Default:

true

Description:

Whether to allow building flyweight tasks even if the necessary permission (Computer/Build) is missing. See JENKINS-46652.

hudson.model.ParametersAction.keepUndefinedParameters

security escape hatch

Since: 1.651.2 / 2.3

Default:

undefined

Description:

If true, not discard parameters for builds that are not defined on the job. Enabling this can be unsafe. Since Jenkins 2.40, if set to false, will not log a warning message that parameters were defined but ignored.

hudson.model.ParametersAction.safeParameters

security escape hatch

Since: 1.651.2 / 2.3

Default:

undefined

Description:

Comma-separated list of additional build parameter names that should not be discarded even when not defined on the job.

hudson.model.Queue.cacheRefreshPeriod

tuning

Since: 1.577 up to 1.647

Default:

1000

Description:

Defines the refresh period for the internal queue cache (in milliseconds). The greater period workarounds web UI delays on large installations, which may be caused by locking of the build queue by build executors. Downside: Builds appear in the queue with a noticeable delay.

hudson.model.Queue.Saver.DELAY_SECONDS

tuning

Since: 2.109

Default:

60

Description:

Maximal delay of a save operation when content of Jenkins queue changes. This works as a balancing factor between queue consistency guarantee in case of Jenkins crash (short delay) and decreasing IO activity based on Jenkins load (long delay).

hudson.model.Run.ArtifactList.listCutoff

tuning UI

Since: 1.33

Default:

16

Description:

More artifacts than this will use tree view or simple link rather than listing out artifacts

hudson.model.Run.ArtifactList.treeCutoff

tuning UI

Since: 1.33

Default:

40

Description:

More artifacts than this will show a simple link to directory browser rather than showing artifacts in tree view

hudson.model.Slave.workspaceRoot

tuning

Since: 1.341?

Default:

workspace

Description:

name of the folder within the agent root directory to contain workspaces

hudson.model.UpdateCenter.className

packaging

Since: 2.4

Default:

effectively hudson.model.UpdateCenter

Description:

This allows overriding the implementation class for update center when customizing the .war packaging of Jenkins. Cannot be used for plugins.

hudson.model.UpdateCenter.defaultUpdateSiteId

Uncategorized

Since: 2.4

Default:

default

Description:

Configure a different ID for the default update site. Useful for custom war distributions or externally provided UC data files.

hudson.model.UpdateCenter.never

Uncategorized

Since: Undocumented

Default:

false

Description:

When true, don’t automatically check for new versions

hudson.model.UpdateCenter.pluginDownloadReadTimeoutSeconds

tuning

Since: Undocumented

Default:

60

Description:

Read timeout in seconds for downloading plugins.

hudson.model.UpdateCenter.skipPermissionCheck

security escape hatch

Since: 2.121.3 / 2.138

Default:

false

Description:

Disable security hardening related to Stapler routing for UpdateCenter. Possibly unsafe, see 2018-12-05 security advisory.

hudson.model.UpdateCenter.updateCenterUrl

obsolete

Since: Undocumented

Default:

https://updates.jenkins.io/

Description:

Deprecated: Override the default update site URL. May have no effect since Jenkins 1.333.

hudson.model.UsageStatistics.disabled

feature

Since: May 2009

Default:

false

Description:

Set to true to opt out of usage statistics collection, independent of UI option.

hudson.model.User.allowNonExistentUserToLogin

security escape hatch

Since: 1.602

Default:

false

Description:

When true , does not check auth realm for existence of user if there’s a record in Jenkins. Unsafe, but may be used on some instances for service accounts

hudson.model.User.allowUserCreationViaUrl

security escape hatch

Since: 2.44 / 2.32.2

Default:

false

Description:

Whether admins accessing /user/example creates a user record (see SECURITY-406 on Jenkins Security Advisory 2017-02-01)

hudson.model.User.SECURITY_243_FULL_DEFENSE

security escape hatch

Since: 1.651.2 / 2.3

Default:

true

Description:

When false, skips part of the fix that tries to determine whether a given user ID exists, and if so, doesn’t consider users with the same full name during resolution.

hudson.model.User.skipPermissionCheck

security escape hatch

Since: 2.121.3 / 2.138

Default:

false

Description:

Disable security hardening related to Stapler routing for User. Possibly unsafe, see 2018-12-05 security advisory.

hudson.model.WorkspaceCleanupThread.disabled

escape hatch

Since: June 2009

Default:

false

Description:

Don’t clean up old workspaces on agent nodes

hudson.model.WorkspaceCleanupThread.recurrencePeriodHours

tuning

Since: 1.608

Default:

24

Description:

How frequently workspace cleanup should run, in hours.

hudson.model.WorkspaceCleanupThread.retainForDays

tuning

Since: 1.608

Default:

30

Description:

Unused workspaces are retained for this many days before qualifying for deletion.

hudson.node_monitors.AbstractNodeMonitorDescriptor.periodMinutes

tuning

Since: Undocumented

Default:

60 (1 hour)

Description:

How frequently to update node monitors by default, in minutes.

hudson.PluginManager.checkUpdateAttempts

tuning

Since: 2.152

Default:

1

Description:

Number of attempts to check the updates sites.

hudson.PluginManager.checkUpdateSleepTimeMillis

tuning

Since: 2.152

Default:

1000

Description:

Time (milliseconds) elapsed between retries to check the updates sites.

hudson.PluginManager.className

packaging

Since: Undocumented

Default:

effectively hudson.LocalPluginManager

Description:

Can be used to specify a different PluginManager implementation when customizing the .war packaging of Jenkins. Cannot be used for plugins.

hudson.PluginManager.noFastLookup

escape hatch

Since: Undocumented

Default:

false

Description:

Disable fast lookup using ClassLoaderReflectionToolkit which reflectively accesses internal methods of ClassLoader .

hudson.PluginManager.skipPermissionCheck

security escape hatch

Since: 2.121.3 / 2.138

Default:

false

Description:

Disable security hardening related to Stapler routing for PluginManager. Possibly unsafe, see 2018-12-05 security advisory.

hudson.PluginManager.workDir

feature

Since: 1.649

Default:

undefined

Description:

Location of the base directory for all exploded .hpi/.jpi plugins. By default the plugins will be extracted under $JENKINS_HOME/plugins/ .

hudson.PluginStrategy

packaging

Since: Undocumented

Default:

effectively hudson.ClassicPluginStrategy

Description:

Allow plugins to be loaded into a different environment, such as an existing DI container like Plexus. Specify the full class name of a hudson.PluginStrategy implementation to override the default.

hudson.PluginWrapper.dependenciesVersionCheck.enabled

escape hatch

Since: 2.0

Default:

true

Description:

Set to false to skip the version check for plugin dependencies.

hudson.ProxyConfiguration.DEFAULT_CONNECT_TIMEOUT_MILLIS

tuning

Since: 2.0

Default:

20000

Description:

Connection timeout applied to connections e.g. to the update site.

hudson.remoting.ChannelBuilder.allCallablesCanIgnoreRoleChecker

security scape hatch

Since: 2.319 and 2.303.3

Default:

false

Description:

Disable requirement for remoting callables to perform a role check. See the description in the upgrade guide.

hudson.remoting.ChannelBuilder.specificCallablesCanIgnoreRoleChecker

security scape hatch

Since: 2.319 and 2.303.3

Default:

undefined

Description:

Comma-separated list of class names allowed to bypass role check requirement. See the description in the upgrade guide.

hudson.remoting.ClassFilter

security escape hatch

Since: Undocumented

Default:

undefined

Description:

Allow or disallow the deserialization of specified types. Comma-separated class names, entries are whitelisted unless prefixed with ! . See JEP-200#backwards-compatibility: JEP-200 and JENKINS-47736.

hudson.scheduledRetention

obsolete

Since: Up to 1.354

Default:

false

Description:

Control a agent based on a schedule

hudson.scm.SCM.useAutoBrowserHolder

feature

Since: Undocumented

Default:

false since Jenkins 2.9, true before

Description:

When set to true , Jenkins will guess the repository browser used to render links in the changelog.

hudson.script.noCache

development

Since: Undocumented

Default:

false in production, true during development

Description:

When set to true, Jenkins will not reference resource files through the /static/…​/ URL space, preventing their caching. This is set to true during development by default, and false otherwise.

hudson.search.Search.skipPermissionCheck

security escape hatch

Since: 2.121.3 / 2.138

Default:

false

Description:

Disable security hardening related to Stapler routing for Search. Possibly unsafe, see 2018-12-05 security advisory.

hudson.security.AccessDeniedException2.REPORT_GROUP_HEADERS

escape hatch

Since: 2.46 / 2.32.3

Default:

false

Description:

If set to true, restore pre-2.46 behavior of sending HTTP headers on "access denied" pages listing group memberships.

hudson.security.ArtifactsPermission

security escape hatch

Since: 1.374

Default:

false

Description:

The Artifacts permission allows to control access to artifacts; When this property is unset or set to false, access to artifacts is not controlled

hudson.security.csrf.CrumbFilter.UNPROCESSED_PATHINFO

security escape hatch

Since: 2.228 and 2.204.6

Default:

false

Description:

Escape hatch for SECURITY-1774.

hudson.security.csrf.DefaultCrumbIssuer.EXCLUDE_SESSION_ID

security escape hatch

Since: 2.186 and 2.176.2

Default:

false

Description:

Escape hatch for SECURITY-626.

hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION

security escape hatch

Since: 2.222

Default:

false

Description:

Restore the ability to disable CSRF protection after the UI for doing so was removed from Jenkins 2.222.

hudson.security.csrf.requestfield

security tuning

Since: 1.31

Default:

.crumb (Jenkins 1.x), Jenkins-Crumb (Jenkins 2.0)

Description:

Parameter name that contains a crumb value on POST requests

hudson.security.ExtendedReadPermission

security feature

Since: 1.324

Default:

false

Description:

The ExtendedReadPermission allows read-only access to "Configure" pages; can also enable with extended-read-permission plugin

hudson.security.HudsonPrivateSecurityRealm.ID_REGEX

security escape hatch

Since: 2.121 and 2.107.3

Default:

[a-zA-Z0-9_-]+

Description:

Regex for legal user names in Jenkins user database. See SECURITY-786.

hudson.security.HudsonPrivateSecurityRealm.maximumBCryptLogRound

security escape hatch

Since: 2.161

Default:

18

Description:

Limits the number of rounds for pre-computed BCrypt hashes of user passwords for the Jenkins user database to prevent excessive computation.

hudson.security.LDAPSecurityRealm.groupSearch

Uncategorized

Since: Undocumented

Default: Undocumented

Description:

LDAP filter to look for groups by their names

hudson.security.SecurityRealm.sessionFixationProtectionMode

security escape hatch

Since: 2.300 and 2.289.2

Default:

1

Description:

Escape hatch for SECURITY-2371. Set to 0 to disable the fix or to 2 to select an alternative implementation.

hudson.security.TokenBasedRememberMeServices2.skipTooFarExpirationDateCheck

security escape hatch

Since: 2.160 and 2.150.2

Default:

false

Description:

Escape hatch for SECURITY-868

hudson.security.WipeOutPermission

security feature

Since: 1.416

Default:

false

Description:

The WipeOut permission allows to control access to the "Wipe Out Workspace" action, which is normally available as soon as the Build permission is granted

hudson.slaves.ChannelPinger.pingInterval

tuning obsolete

Since: 1.405

Default:

5

Description:

Frequency (in minutes) of pings between the controller and agents. Deprecated since 2.37, use hudson.slaves.ChannelPinger.pingIntervalSeconds instead.

hudson.slaves.ChannelPinger.pingIntervalSeconds

tuning

Since: 2.37

Default:

300

Description:

Frequency of pings between the controller and agents, in seconds

hudson.slaves.ChannelPinger.pingTimeoutSeconds

tuning

Since: 2.37

Default:

240

Description:

Timeout for each ping between the controller and agents, in seconds

hudson.slaves.ConnectionActivityMonitor.enabled

feature

Since: 1.326

Default:

false

Description:

Whether to enable this feature that checks whether agents are alive and cuts them off if not.

hudson.slaves.ConnectionActivityMonitor.frequency

tuning

Since: 1.326

Default:

10000 (10 seconds)

Description:

How frequently to check for channel activity, in milliseconds.

hudson.slaves.ConnectionActivityMonitor.timeToPing

tuning

Since: 1.326

Default:

180000 (3 minutes)

Description:

How long to wait after startup to start checking agent connections, in milliseconds.

hudson.slaves.NodeProvisioner.initialDelay

tuning

Since: Undocumented

Default:

10 times hudson.model.LoadStatistics.clock , typically 100 seconds

Description:

How long to wait after startup before starting to provision nodes from clouds. This will allow static agents to start and handle the load first.

hudson.slaves.NodeProvisioner.MARGIN

tuning

Since: Undocumented

Default: Undocumented

Description: Undocumented

hudson.slaves.NodeProvisioner.MARGIN0

tuning

Since: Undocumented

Default: Undocumented

Description: Undocumented

hudson.slaves.NodeProvisioner.MARGIN_DECAY

tuning

Since: Undocumented

Default: Undocumented

Description: Undocumented

hudson.slaves.NodeProvisioner.recurrencePeriod

tuning

Since: Undocumented

Default:

Equal to hudson.model.LoadStatistics.clock , typically 10 seconds

Description:

How frequently to possibly provision nodes.

hudson.slaves.SlaveComputer.allowUnsupportedRemotingVersions

escape hatch

Since: 2.343

Default:

false

Description:

Allow connection by agents running unsupported remoting versions.

hudson.slaves.WorkspaceList

tuning

Since: 1.424

Default:

@

Description:

When concurrent builds is enabled, a unique workspace directory name is required for each concurrent build. To create this name, this token is placed between project name and a unique ID, e.g. "my-project@123".

hudson.tasks.ArtifactArchiver.warnOnEmpty

feature

Since: Undocumented

Default:

false

Description:

When true, builds don’t fail when there is nothing to archive

hudson.tasks.Fingerprinter.enableFingerprintsInDependencyGraph

feature

Since: 1.43

Default:

false

Description:

When true, jobs associated through fingerprints are added to the dependency graph, even when there is no configured upstream/downstream relationship between them.

hudson.tasks.MailSender.maxLogLines

Uncategorized

Since: Undocumented

Default:

250

Description:

Number of lines of console output to include in emails

hudson.TcpSlaveAgentListener.hostName

feature

Since: Undocumented

Default:

Same as the configured Jenkins root URL

Description:

Host name that Jenkins advertises to inbound TCP agents. Especially useful when running Jenkins behind a reverse proxy.

hudson.TcpSlaveAgentListener.port

feature

Since: Undocumented

Default:

Same as the configured TCP agent port

Description:

Port that Jenkins advertises to inbound TCP agents. Especially useful when running Jenkins behind a reverse proxy.

hudson.TreeView

feature obsolete

Since: Undocumented

Default:

false

Description:

Enables the experimental nested views feature. Has no effect since 2.302, as the experimental nested views feature has been removed.

hudson.triggers.SafeTimerTask.logsTargetDir

feature

Since: 2.114

Default:

$JENKINS_HOME/logs

Description:

Allows to move the logs usually found under $JENKINS_HOME/logs to another location. Beware that no migration is handled if you change it on an existing instance.

hudson.triggers.SCMTrigger.starvationThreshold

tuning

Since: Undocumented

Default:

3600000 (1 hour)

Description:

Milliseconds waiting for polling executor before trigger reports it is clogged.

hudson.udp

escape hatch obsolete tuning

Since: Undocumented

Default:

33848 until 2.218, -1 in 2.219

Description:

Port for UDP multicast broadcast. Set to -1 to disable. Has no effect since 2.220 as the feature has been removed. See SECURITY-1641

hudson.upstreamCulprits

feature

Since: 1.327

Default:

false

Description:

Pass blame information to downstream jobs.

hudson.util.AtomicFileWriter.DISABLE_FORCED_FLUSH

escape hatch

Since: 2.102

Default:

false

Description:

Disables the forced flushing when calling #close() . Not expected to be used.

hudson.util.CharacterEncodingFilter.disableFilter

escape hatch

Since: Undocumented

Default:

false

Description:

Set to true to disable the filter that sets request encoding to UTF-8 if it’s undefined and its content type is text/xml or application/xml (API submissions).

hudson.util.CharacterEncodingFilter.forceEncoding

feature

Since: Undocumented

Default:

false

Description:

Set to true to force the request encoding to UTF-8 even if a different character set is declared.

hudson.Util.deletionRetryWait

tuning

Since: 2.2

Default:

100

Description:

The time (in milliseconds) to wait between attempts to delete files when retrying. This has no effect unless hudson.Util.maxFileDeletionRetries is greater than 1. If zero, there will be no delay between attempts. If negative, the delay will be a (linearly) increasing multiple of this value between attempts.

hudson.util.Digester2.UNSAFE

security escape hatch obsolete

Since: 2.263.2 / 2.275

Default:

false

Description:

Opts out of a change in default behavior that disables the processing of XML external entities (XXE) for the Digester2 class in Jenkins if set to true . This system property can be changed while Jenkins is running and the change is effective immediately. See 2.263.2 upgrade guide. Has no effect since 2.297, as the Digester2 class has been removed.

hudson.util.FormValidation.applyContentSecurityPolicyHeaders

security escape hatch

Since: 2.263.2 / 2.275

Default:

true

Description:

Controls whether to set restrictive Content-Security-Policy headers on URLs implementing form validation responses. This reduces the impact of cross-site scripting (XSS) vulnerabilities in form validation output. See 2.263.2 upgrade guide.

hudson.util.Graph.maxArea

security escape hatch

Since: 2.263.2 / 2.275

Default:

10000000 (10 million)

Description:

Controls the maximum size (area) for requests to render graphs like load statistics. See 2021-01-13 security advisory.

hudson.Util.maxFileDeletionRetries

tuning

Since: 2.2

Default:

3

Description:

The number of times to attempt to delete files/directory trees before giving up and throwing an exception. Specifying a value less than 1 is invalid and will be treated as if a value of 1 (i.e. one attempt, no retries) was specified. See JENKINS-10113 and JENKINS-15331.

hudson.Util.noSymLink

feature

Since: Undocumented

Default:

false

Description:

True to disable creation of symbolic links in job/builds directories

hudson.Util.performGCOnFailedDelete

tuning

Since: 2.2

Default:

false

Description:

If this flag is set to true then we will request a garbage collection after a deletion failure before we next retry the delete. It is ignored unless hudson.Util.maxFileDeletionRetries is greater than 1. Setting this flag to true may resolve some problems on Windows, and also for directory trees residing on an NFS share, but it can have a negative impact on performance and may have no effect at all (GC behavior is JVM-specific). Warning : This should only ever be used if you find that your builds are failing because Jenkins is unable to delete files, that this failure is because Jenkins itself has those files locked "open", and even then it should only be used on agents with relatively few executors (because the garbage collection can impact the performance of all job executors on that agent). Setting this flag is a act of last resort - it is not recommended, and should not be used on your main Jenkins server unless you can tolerate the performance impact .

hudson.util.ProcessTree.disable

feature

Since: Undocumented

Default:

false

Description:

True to disable cleanup of child processes.

hudson.util.RingBufferLogHandler.defaultSize

tuning

Since: 1.563

Default:

256

Description:

Number of log entries in loggers available on the UI at /log/

hudson.util.RobustReflectionConverter.recordFailuresForAdmins

security escape hatch

Since: 2.263.2 / 2.275

Default:

false

Description:

If set to true , Old Data Monitor will record some failures to load data submitted by users with Overall/Administer permission, partially disabling a security fix. See 2021-01-13 security advisory and hudson.util.RobustReflectionConverter.recordFailuresForAllAuthentications .

hudson.util.RobustReflectionConverter.recordFailuresForAllAuthentications

security escape hatch

Since: 2.263.2 / 2.275

Default:

false

Description:

If set to true , Old Data Monitor will record some failures to load data submitted by all authorized users, completely disabling a security fix. See 2021-01-13 security advisory and hudson.util.RobustReflectionConverter.recordFailuresForAdmins .

hudson.util.Secret.AUTO_ENCRYPT_PASSWORD_CONTROL

security escape hatch

Since: 2.236

Default:

true

Description:

Jenkins automatically round-trips f:password based form fields as encrypted Secret even if the field is not of type Secret . Set this to false to disable this behavior, doing so is discouraged.

hudson.util.Secret.BLANK_NONSECRET_PASSWORD_FIELDS_WITHOUT_ITEM_CONFIGURE

escape hatch security

Since: 2.236

Default:

true

Description:

If the user is missing Item/Configure permission, Jenkins 2.236 and newer will blank out the password value automatically even if the form field is not backed by a Secret . Set this to false to disable this behavior, doing so is discouraged.

hudson.util.Secret.provider

escape hatch

Since: 1.36

Default:

system default

Description:

Force a particular crypto provider; with Glassfish Enterprise set value to SunJCE to workaround JENKINS-6459 and GLASSFISH-11862.

hudson.util.StreamTaskListener.AUTO_FLUSH

escape hatch

Since: 2.173

Default:

false

Description:

Jenkins no longer automatically flushes streams for code running remotely on agents for better performance. This may lead to loss of messages for plugins which print to a build log from the agent machine but do not flush their output. Use this flag to restore the previous behavior for freestyle builds.

hudson.Util.symlinkEscapeHatch

escape hatch

Since: Undocumented

Default:

false

Description:

True to use exec of "ln" binary to create symbolic links instead of native code

hudson.Util.useNativeChmodAndMode

escape hatch

Since: 2.93

Default:

false

Description:

True to use native (JNA/JNR) implementation to set file permissions instead of NIO. Removed without replacement in 2.304.

hudson.util.XStream2.collectionUpdateLimit

security tuning escape hatch

Since: 2.334 and 2.319.3

Default:

5

Description:

The maximum number of seconds that adding elements to collections may cumulatively take when loading an XML document using XStream, or -1 to disable. See 2022-02-09 security advisory for context.

hudson.WebAppMain.forceSessionTrackingByCookie

escape hatch security

Since: 2.234

Default:

true

Description:

Set to false to not force session tracking to be done via cookie. Escape hatch for JENKINS-61738.

hudson.widgets.HistoryWidget.threshold

tuning

Since: 1.433

Default:

30

Description:

How many builds to show in the build history side panel widget.

HUDSON_HOME

obsolete

Since: Undocumented

Default:

n/a

Description:

Backward compatible fallback name for JENKINS_HOME . See documentation there.

jekins.SoloFilePathFilter.redactErrors

escape hatch security

Since: 2.319 and 2.303.3

Default:

true

Description:

Set to false to not redact error messages when the agent-to-controller file path filters reject a file access. This can give attackers information about files and directories on the Jenkins controller file system.

jenkins.CLI.disabled

feature

Since: 2.32 and 2.19.3

Default:

false

Description:

true to disable Jenkins CLI via JNLP and HTTP (SSHD can still be enabled)

jenkins.InitReactorRunner.concurrency

tuning

Since: Undocumented

Default:

2x of CPU

Description:

During start of Jenkins, loading of jobs in parallel have a fixed number of threads by default (twice the CPU). To make Jenkins load time 8x faster (assuming sufficient IO), increase it to 8x. For example, 24 CPU Jenkins controller host use this: -Dhudson.InitReactorRunner.concurrency=192

jenkins.install.runSetupWizard

feature

Since: 2.0

Default:

undefined

Description:

Set to false to skip install wizard. Note that doing so leaves Jenkins unsecured. Development-mode only: Set to true to not skip showing the setup wizard during Jenkins development. This property is only effective the first time you run Jenkins in given JENKINS_HOME .

jenkins.install.SetupWizard.adminInitialApiToken

security packaging

Since: 2.260

Default:

The default admin account will not have an API Token unless a value is provided for this system property

Description:

This property determines the behavior during the SetupWizard install phase concerning the API Token creation for the initial admin account. The behavior depends on the provided value:

true

A token is generated using random value at startup and the information is put in the file $JENKINS_HOME/secrets/initialAdminApiToken .

"token" in plain text

A fixed API Token will be created for the user with provided value as the token.

"@[file-location]" which contains plain text value of the token

A fixed API Token will be created for the user with the value read from the file. Jenkins will not delete the file after read, so the script is responsible to remove it when no longer needed.

Token format is [2-char hash version][32-hex-char of secret] , where the hash version is currently only 11, e.g., 110123456789abcdef0123456789abcdef . For example can be generated in following ways:

• manually by prepending 11 to output of random generator website. Ask for 32 hex digits or 16 bytes in hex, e.g. https://www.browserling.com/tools/random-hex, https://www.random.org/bytes/

• in a shell: echo "11$(openssl rand -hex 16)"

• in JavaScript: const genRanHex = size ⇒ […​Array(size)].map) ⇒ Math.floor(Math.random() * 16).toString(16.join(''); console.log('11' + genRanHex(32));

When the API Token is generated using this system property, it should be revoked during the installation script using the other ways at your disposal so that you have a fresh (random) token with less traces for your script. See ApiTokenProperty#generateNewToken(String) and ApiTokenProperty#revokeAllTokensExceptOne(String) for scripting methods or using the web API calls: /user/[user-login]/descriptorByName/jenkins.security.ApiTokenProperty/generateNewToken and /user/[user-login]/descriptorByName/jenkins.security.ApiTokenProperty/revokeAllExcept

jenkins.model.Jenkins.additionalReadablePaths

security escape hatch

Since: 2.263.2 / 2.275

Default:

undefined

Description:

A comma-separated list of additional top level path segments that should be accessible to users without Overall/Read permission. See 2021-01-13 security advisory.

jenkins.model.Jenkins.buildsDir

feature

Since: 2.119

Default:

${ITEM_ROOTDIR}/builds

Description:

The configuration of a given job is located underÂ $JENKINS_HOME/jobs/[JOB_NAME]/config.xml  and its builds are underÂ $JENKINS_HOME/jobs/[JOB_NAME]/builds by default. This option allows you to store builds elsewhere, which can be useful with finer-grained backup policies, or to store the build data on a faster disk such as an SSD. The following placeholders are supported for this value:

• ${JENKINS_HOME}   – Resolves to the Jenkins home directory.

• ${ITEM_ROOTDIR} – The directory containing the job metadata within Jenkins home.

• ${ITEM_FULL_NAME} – The full name of the item, with file system unsafe characters replaced by others.

• ${ITEM_FULLNAME} – See above, but does not replace unsafe characters. This is a legacy option and should not be used.

For instance, if you would like to store builds outside of Jenkins home, you can use a value like the following:Â /some_other_root/builds/${ITEM_FULL_NAME} This used to be a UI setting, but was removed in 2.119 as it did not support migration of existing build records and could lead to build-related errors until restart.

To manually migrate existing build records when starting to use this option ( TARGET_DIR is the value supplied to jenkins.model.Jenkins.buildsDir ):

For Pipeline and Freestyle job types, run this for each JOB_NAME :

mkdir -p [TARGET_DIR]
mv $JENKINS_HOME/jobs/[JOB_NAME]/builds [TARGET_DIR]/[JOB_NAME]

For Multibranch Pipeline jobs, run for each BRANCH_NAME :

mkdir -p [TARGET_DIR]/[JOB_NAME]/branches/
mv $JENKINS_HOME/jobs/[JOB_NAME]/branches/[BRANCH_NAME]/builds \
    [TARGET_DIR]/[JOB_NAME]/branches/[BRANCH_NAME]

For Organization Folders, run this for each REPO_NAME and BRANCH_NAME :

mkdir -p [TARGET_DIR]/[ORG_NAME]/jobs/[REPO_NAME]/branches/
mv $JENKINS_HOME/jobs/[ORG_NAME]/jobs/[REPO_NAME]/branches/[BRANCH_NAME]/builds \
    [TARGET_DIR]/[ORG_NAME]/jobs/[REPO_NAME]/branches/[BRANCH_NAME]

jenkins.model.Jenkins.crumbIssuerProxyCompatibility

escape hatch feature

Since: 2.119

Default:

false

Description:

true to enable crumb proxy compatibility when running the Setup Wizard for the first time.

jenkins.model.Jenkins.disableExceptionOnNullInstance

escape hatch

Since: 2.4 *only*, replaced in 2.5+ by jenkins.model.Jenkins.enableExceptionOnNullInstance

Default:

false

Description:

true to disable throwing an IllegalStateException when Jenkins.getInstance() returns null

jenkins.model.Jenkins.enableExceptionOnNullInstance

escape hatch

Since: 2.5

Default:

false

Description:

true to enable throwing an IllegalStateException when Jenkins.getInstance() returns null

jenkins.model.Jenkins.exitCodeOnRestart

packaging

Since: 2.102

Default:

5

Description:

When using the -Dhudson.lifecycle=hudson.lifecycle.ExitLifecycle , exit using this exit code when Jenkins is restarted

jenkins.model.Jenkins.initLogLevel

Uncategorized

Since: Undocumented

Default:

FINE

Description:

Log level for verbose messages from the init reactor listener.

jenkins.model.Jenkins.killAfterLoad

Uncategorized

Since: Undocumented

Default:

false

Description:

Exit Jenkins right after loading. Intended as a development/testing aid only.

jenkins.model.Jenkins.logStartupPerformance

Uncategorized

Since: Undocumented

Default:

false

Description:

Log startup timing info. Note that some messages are not logged on levels visible by default (i.e. INFO and up).

jenkins.model.Jenkins.nameValidationRejectsTrailingDot

security escape hatch

Since: 2.315 and 2.303.2

Default:

true

Description:

Set to false to allow names to end with a trailing . character, which can cause problems on Windows. Escape hatch for SECURITY-2424.

jenkins.model.Jenkins.parallelLoad

escape hatch

Since: Undocumented

Default:

true

Description:

Loads job configurations in parallel on startup.

jenkins.model.Jenkins.slaveAgentPort

feature

Since: 1.643

Default:

-1 (disabled) since 2.0, 0 in Jenkins 1.x.

Description:

Specifies the default TCP agent port unless/until configured differently on the UI. -1 to disable, 0 for random port, other values for fixed port.

jenkins.model.Jenkins.slaveAgentPortEnforce

feature

Since: 2.19.4 and 2.24

Default:

false

Description:

If true, enforces the specified jenkins.model.Jenkins.slaveAgentPort on startup and will not allow changing it through the UI

jenkins.model.Jenkins.workspaceDirName

obsolete

Since: Undocumented

Default:

workspace

Description:

Obsolete: Was used as the default workspace directory name in the legacy workspace directory layout (workspace directories within job directories).

jenkins.model.Jenkins.workspacesDir

feature

Since: 2.119

Default:

${JENKINS_HOME}/workspace/${ITEM_FULL_NAME}

Description:

Allows to change the directory layout for the job workspaces on the controller node. SeeÂ jenkins.model.Jenkins.buildsDir for supported placeholders.

jenkins.model.JenkinsLocationConfiguration.disableUrlValidation

escape hatch

Since: 2.197 / LTS 2.176.4

Default:

false

Description:

Disable URL validation intended to prevent an XSS vulnerability. See SECURITY-1471 for details.

jenkins.model.lazy.BuildReference.MODE

development tuning

Since: 1.548

Default:

soft

Description:

Configure the kind of reference Jenkins uses to hold builds in memory. Choose from among soft , weak , strong , and not (do not hold builds in memory at all). Intended mostly as a debugging aid. See JENKINS-19400.

jenkins.model.Nodes.enforceNameRestrictions

security escape hatch

Since: 2.263.2 / 2.275

Default:

true

Description:

Whether to enforce new name restrictions for agent names. See 2021-01-13 security advisory.

jenkins.model.StandardArtifactManager.disableTrafficCompression

tuning feature

Since: 2.196

Default:

false

Description:

true to disable GZIP compression of artifacts when they’re transferred from agent nodes to controller.  Uses less CPU at the cost of increased network traffic.

jenkins.monitor.JavaVersionRecommendationAdminMonitor.disable

feature

Since: 2.305

Default:

false

Description:

true to disable the monitor that recommends Java 11.

jenkins.security.ApiTokenProperty.adminCanGenerateNewTokensÂ

escape hatch security

Since: 2.129

Default:

false

Description:

true to allow users with Overall/Administer permission to create API tokens using the new system for any user. Note that the user will not be able to use that token since it’s only displayed to the creator, once.

jenkins.security.ApiTokenProperty.showTokenToAdmins

escape hatch security

Since: 1.638

Default:

false

Description:

True to show API tokens for users to administrators on the user configuration page. This was set to false as part of SECURITY-200

jenkins.security.ClassFilterImpl.SUPPRESS_ALL

escape hatch security

Since: 2.102

Default:

false

Description:

Do not perform any JEP-200 class filtering when deserializing data. Setting this to true is unsafe. See documentation.

jenkins.security.ClassFilterImpl.SUPPRESS_WHITELIST

escape hatch security

Since: 2.102

Default:

false

Description:

Do not perform whitelist-based JEP-200 class filtering when deserializing data. With this flag set, only explicitly blacklisted types will be rejected. Setting this to true is unsafe. See documentation.

jenkins.security.FrameOptionsPageDecorator.enabled

escape hatch security

Since: 1.581

Default:

true

Description:

Whether to send X-Frame-Options: sameorigin header, set to false to disable and make Jenkins embeddable

jenkins.security.ignoreBasicAuth

feature security

Since: 1.421

Default:

false

Description:

When set to true , disable Basic authentication with username and password (rather than API token).

jenkins.security.ManagePermission

feature security

Since: 2.222

Default:

false

Description:

Enable the optional Overall/Manage permission that allows limited access to administrative features suitable for a hosted Jenkins environment. See JEP-223.

jenkins.security.ResourceDomainRootAction.validForMinutes

tuning security

Since: 2.2

Default:

30

Description:

How long a resource URL served from the resource root URL will be valid for before users are required to reauthenticate to access it. See inline documentation in Jenkins for details.

jenkins.security.s2m.CallableDirectionChecker.allow

security escape hatch

Since: 1.587 and 1.580.1

Default:

false

Description:

This flag can be set to true to disable the agent-to-controller security system entirely. Since Jenkins 2.326, this is the only way to do that, as the UI option has been removed.

jenkins.security.s2m.CallableDirectionChecker.allowAnyRole

security obsolete

Since: 2.319 and 2.303.3

Default:

true

Description:

This flag can be set to false to explicitly reject Callable implementations that do not declare any required role. It is unclear whether this can safely be set to false in Jenkins before 2.335, or whether that would cause problems with some remoting built-in callables. This flag was removed in Jenkins 2.335.

jenkins.security.s2m.DefaultFilePathFilter.allow

escape hatch security

Since: 1.587 and 1.580.1

Default:

false

Description:

Allow all file paths on the Jenkins controller to be accessed from agents. This disables a big part of SECURITY-144 protections.

jenkins.security.s2m.RunningBuildFilePathFilter.FAIL

escape hatch security

Since: 2.319 and 2.303.3

Default:

true

Description:

Set to false to not reject attempts to access file paths in build directories of builds not currently being built on the accessing agent. Instead, only a warning is logged. Attempts to access file paths in build directories from other processes will still fail. See the description of the SECURITY-2458 security fix for context.

jenkins.security.s2m.RunningBuildFilePathFilter.SKIP

escape hatch security

Since: 2.319 and 2.303.3

Default:

false

Description:

Set to true to disable the additional protection to not reject attempts to access file paths in build directories. This will restore access to any build directories both from agents and from other processes with a remoting channel, like Maven Integration Plugin. See the description of the SECURITY-2458 security fix for context.

jenkins.security.seed.UserSeedProperty.disableUserSeed

escape hatch security

Since: 2.160 and 2.105.2

Default:

false

Description:

Disables user seed . Escape hatch for SECURITY-901.

jenkins.security.seed.UserSeedProperty.hideUserSeedSection

UI security

Since: 2.160 and 2.105.2

Default:

false

Description:

Hide the UI for user seed introduced for SECURITY-901.

jenkins.security.stapler.StaplerDispatchValidator.disabled

escape hatch security

Since: 2.186 and 2.176.2

Default:

false

Description:

Escape hatch for SECURITY-534.

jenkins.security.stapler.StaplerDispatchValidator.whitelist

escape hatch security

Since: 2.186 and 2.176.2

Default:

stapler-views-whitelist.txt in JENKINS_HOME

Description:

Override the location of the user configurable whitelist for stapler view dispatches. This augments the built-in whitelist for SECURITY-534 that allows dispatches to views that would otherwise be prohibited.

jenkins.security.stapler.StaticRoutingDecisionProvider.whitelist

escape hatch security

Since: 2.154 and 2.138.4

Default:

stapler-whitelist.txt in JENKINS_HOME

Description:

Override the location of the user configurable whitelist for stapler request routing. This augments the built-in whitelist for SECURITY-595 that allows routing requests through methods that would otherwise be prohibited.

jenkins.security.stapler.TypedFilter.prohibitStaticAccess

escape hatch security

Since: 2.154 and 2.138.4

Default:

true

Description:

Prohibits access to public static fields when routing requests in Stapler. Escape hatch for SECURITY-595.

jenkins.security.stapler.TypedFilter.skipTypeCheck

escape hatch security

Since: 2.154 and 2.138.4

Default:

false

Description:

Skip (return) type check when determining whether a method or field should be routable with Stapler (i.e. allow any return type). Escape hatch for SECURITY-595.

jenkins.security.SuspiciousRequestFilter.allowSemicolonsInPath

escape hatch security

Since: 2.228 and 2.204.6

Default:

false

Description:

Escape hatch for SECURITY-1774. Allows requests to URLs with semicolon characters ( ; ) in the request path.

jenkins.security.SystemReadPermission

feature security

Since: 2.222

Default:

false

Description:

Enable the optional Overall/SystemRead permission that allows read-only access to administrative features suitable for a managed Jenkins Configuration as Code environment. See JEP-224.

jenkins.security.UserDetailsCache.EXPIRE_AFTER_WRITE_SEC

tuning security

Since: 2.15

Default:

120 (2 minutes)

Description:

How long a cache for UserDetails should be valid for before it is looked up again from the security realm. See JENKINS-35493.

jenkins.slaves.DefaultJnlpSlaveReceiver.disableStrictVerification

security

Since: 2.28

Default:

false

Description: Undocumented

jenkins.slaves.JnlpSlaveAgentProtocol3.enabled

obsolete

Since: 1.653

Default:

undefined

Description:

false to disable the JNLP3 agent protocol, true to enable it. Otherwise it’s randomly enabled/disabled to A/B test it. Obsolete since the protocol was removed in 2.214.

jenkins.slaves.NioChannelSelector.disabled

escape hatch

Since: 1.56

Default:

false

Description:

true to disable Nio for JNLP agents

jenkins.slaves.StandardOutputSwapper.disabled

escape hatch

Since: 1.429

Default:

false

Description:

Some Unix-like agents (e.g. SSH Build Agents) can communicate via stdin/stdout, which is very convenient. Unfortunately, some JVM output (e.g. related to GC) also goes to standard out. This will swap output streams around to prevent stream corruption through unexpected writes to standard out.

jenkins.telemetry.Telemetry.endpoint

development

Since: 2.143

Default:

https://uplink.jenkins.io/events

Description:

Change the endpoint that JEP-214/Uplink telemetry sends data to. Expected to be used for testing only.

jenkins.ui.refresh

UI feature

Since: 2.222

Default:

false

Description:

true to enable the new experimental UX on Jenkins. See JENKINS-60920. Also see Jenkins UX SIG. Has no effect since 2.344 as the feature has been removed.

jenkins.util.groovy.GroovyHookScript.ROOT_PATH

packaging

Since: 2.273

Default:

$JENKINS_HOME

Description:

Set the root directory used to load groovy hooks scripts.

jenkins.util.ProgressiveRendering.DEBUG_SLEEP

Uncategorized

Since: Undocumented

Default:

0

Description:

Debug/development option to slow down the cancelling of progressive rendering when the client fails to send a heartbeat.

JENKINS_HOME

feature

Since: Undocumented

Default:

~/.jenkins

Description:

While typically set as an environment variable, Jenkins also looks up the path to its home directory as a system property. JENKINS_HOME set via JNDI context has higher priority than this, but this takes precedence over the environment variable.

org.jenkinsci.main.modules.sshd.SSHD.idle-timeout

tuning

Since: 2.22

Default:

undefined

Description:

Allows to configure the SSHD client idle timeout (value in milliseconds). Default value is 10min (600000ms).

org.jenkinsci.plugins.workflow.steps.durable_task.DurableTaskStep.REMOTE_TIMEOUT

tuning

Since: workflow-durable-task-step-plugin 2.29

Default:

20 seconds

Description:

How long to wait, in seconds, before interrupting remote calls and forcing cleanup when the step is stopped. See JENKINS-46507 for more information.

org.jenkinsci.plugins.workflow.steps.durable_task.DurableTaskStep.USE_WATCHING

feature

Since: workflow-durable-task-step-plugin 2.22

Default:

false

Description:

true to enable the experimental push mode for durable task logging. See JENKINS-52165 for more information.

org.jenkinsci.plugins.workflow.support.pickles.ExecutorPickle.timeoutForNodeMillis

tuning

Since: workflow-durable-task-step-plugin 2.14

Default:

5 minutes (300,000 milliseconds)

Description:

How long to wait, in milliseconds, before aborting the build if an agent has been removed. See JENKINS-36013 for more information.

org.jenkinsci.plugins.workflow.support.steps.ExecutorStepExecution.REMOVED_NODE_DETECTION

feature

Since: workflow-durable-task-step-plugin 2.32

Default:

true

Description:

false to prevent Jenkins from aborting the build if an agent has been removed. See JENKINS-49707 for more information.

org.kohsuke.stapler.Facet.allowViewNamePathTraversal

escape hatch security

Since: 2.138.2, 2.146

Default:

false

Description:

Allows specifying non-simple names for views, including ones resulting in path traversal. This is an escape hatch for the SECURITY-867 fix.

org.kohsuke.stapler.jelly.IncludeTag.skipLoggingClassSetter

escape hatch

Since: 2.288

Default:

false

Description:

Do not log attempts to set the class property of st:include tags directly. No log messages should be emitted in regular use, but they can be disabled if they cause unnecessary noise in the system log.

org.kohsuke.stapler.RequestImpl.ALLOWED_HTTP_VERBS_FOR_FORMS

escape hatch security

Since: 2.277.2, 2.287

Default:

POST

Description:

HTTP verbs of requests that are allowed to provide StaplerRequest#getSubmittedForm or @SubmittedForm . Escape hatch for a security hardening, see 2.277.2 upgrade guide.

stapler.jelly.noCache

development

Since: Undocumented

Default:

false

Description:

Controls both caching of various cacheable resources (Jelly scripts etc.) as well as the Expires HTTP response header for some static resources. Useful during development to see the effect of changes after reload.

stapler.jelly.trace

development

Since: Undocumented

Default:

false

Description:

Enables tracing of Jelly view composition. View the resulting page source to see comments indicating which parts of the view were created from which view fragments.

stapler.legacyGetterDispatcherMode

security escape hatch

Since: Undocumented

Default:

false

Description:

Do not filter get methods at the Stapler framework level. Escape hatch for SECURITY-595.

stapler.legacyWebMethodDispatcherMode

security escape hatch

Since: Undocumented

Default:

false

Description:

Do not filter web methods ("do" actions) at the Stapler framework level. Escape hatch for SECURITY-595.

stapler.resourcePath

development

Since: Undocumented

Default:

undefined

Description:

Additional debug resource paths. Set by the core development tooling so developers can see the effect of changes immediately after reloading the page.

stapler.trace

development

Since: Undocumented

Default:

true when run using mvn jetty:run (core war) or mvn hpi:run (plugins), false otherwise

Description:

Trace request handling and report the result using Stapler-Trace-…​ response headers. Additionally renders a diagnostic HTTP 404 error page when the request could not be processed.

stapler.trace.per-request

development

Since: Undocumented

Default:

false

Description:

Trace request handling (see above) for requests with the X-Stapler-Trace request header set.

References

• Administering Jenkins
• Configuring HTTP in Jenkins
• Remoting configuration