Jenkins 2.555.3 LTS - Build Persistence and Security Updates

Jenkins 2.555.3 was released on June 10, 2026. This LTS update fixes a critical regression where active builds were lost during job reloads. The release also modifies security defaults for symbolic link handling to ensure agent compatibility.

The full release notes and downloads are on the GitHub release page.

The regression fixed in this release dates back to version 2.523. Operators running long duration builds noticed that reloading a job configuration would terminate or lose track of active executions. For platform engineers managing thousands of jobs this lack of persistence posed a risk during routine maintenance or automated updates. Jenkins 2.555.3 restores the expected behavior where active builds survive job reloads.

The update also addresses a specific JCasC issue. In previous versions applying a new configuration would wipe the reason an agent was marked offline. If an SRE manually took an agent down for hardware repairs the next configuration sync would clear that status and potentially cause build failures. This version ensures the offline cause remains intact through configuration reapplications.

The fix for build persistence is especially relevant for SREs who manage high throughput CI environments. When active builds are lost during a job reload it can lead to inconsistent state in downstream systems or cloud resources. By ensuring that the build records are properly persisted the Jenkins project reduces the manual toil required to clean up orphaned processes or failed deployments.

The JCasC fix further strengthens the declarative management model. In a modern infrastructure as code approach every configuration sync should be idempotent and non destructive to the current operational state. Preserving the offline cause of an agent is a small but vital step toward that goal.

Security remains a core focus for the Jenkins project. This release refines the implementation of SECURITY-3657. The initial fix intended to protect the system created unintended friction for stashes that utilized symbolic links on agent nodes. By limiting the restriction to the controller JVM the project allows agent based stash operations to proceed as normal while maintaining the necessary safeguards on the main controller. This balance is critical for teams that rely on complex workspace structures involving soft links between build artifacts.

Administrative efficiency is improved through a fix in the plugin manager. A race condition that occasionally corrupted search results in the plugin installation UI has been resolved. This ensures that operators searching for new capabilities receive consistent and accurate data from the central update sites.

The project also promoted Lodash to version 4.18.1. While often seen as a minor change keeping frontend dependencies current is vital for the long term security and performance of the web interface.

Jenkins 2.555.3 belongs to the 2.555.x LTS line which requires Java 21 or Java 25. Java 17 is no longer supported for this release cycle. Operators should verify their JVM version before performing the update. There are no other manual intervention steps required for users already on the 2.555.x line.