Last Friday the Hudson team rolled out a small 1.372 with two enhancements following the critical 1.371 release on Monday. Not a whole lot to say about this release other than go get it!

Enhancements

• Persist matrix-based security settings in a consistent order (issue 7138)
• Jobs can now use boolean expression over labels to control where they run.

The folks over at LMT Software just released their HudsonMobi 2.0 to the Android market. This release of HudsonMobi brings a lot of the features to Android that iPhone/iPad users of HudsonMobi have enjoyed for some time.

Features unleashed to Android users in this revision of the app are:

• Full Android user-experience with Menu and back controls
• Embedded artifact viewer! For archived build artifacts that are text-based, you can view them directly on your handset.
• Access to the build history and changes for a job.
• Quick and easy access to a job's last build\
• Restyled and updated user-experience, making HudsonMobi "feel better" on an Android device

If you want to get HudsonMobi for free from the Android Market, whip our your phone and take a picture of its QR code:

Commits often come in a burst. This seems to happen mainly for two reasons --- people sometimes forget to commit some files, and in the tranquility of waiting for your SCM to finish a commit, people sometimes realize the problems in the commit and they quickly make follow-up changes. The conventional wisdom is that the CI server should wait for the burst to finish before attempting a build. This is said to reduce the chance of having broken build, and it is also sometimes useful in reducing the average turn-around time for builds that take longer.

As such, Hudson is capable of waiting for a commit burst to be over before it triggers a new build, and this feature is called "quiet period." There are two parts in Hudson that interacts with the quiet period. One is the SCM polling behavior and the other is the queue.

The queue portion of the quiet period is straight-forward. When a build is scheduled into the queue with quiet period, the build will sit in the queue until the quiet period expires. If during this period, additional attempts are made to put the same build in the queue, the quiet period resets to its initial value. For example, if the quiet period is 5 minutes, and the build is put into the queue 9:00am and 9:03am, the actual build will only happen after 9:08am.

Hot on the heels of Hudson 1.370, which was released last Friday, the Hudson team released 1.371 which addresses a critical vulnerability in all Hudson versions prior to 1.371. The vulnerability was disclosed by InfraDNA in the following security advisory, which details the issue:

This critical vulnerability allows an attacker to use CLI commands that they are otherwise unauthorized for. CLI commands can perform various administrative operations.

It is advised that all Hudson instances be upgraded immediately to avoid data loss or other ill effects from this issue. If you're upgrading from a version earlier than 1.370, you can consult the changelog for details on the other bug fixes and enhancements covered by the upgrade of your version to 1.371.

If you run a Hudson instance, it is recommended that Hudson system admins subscribe to either the security advisories RSS feed or the advisories@ mailing list

As you may have noticed, thanks to the link on this and the other pages here at hudson-labs.org, the Hudson development community has recently introduced ci.hudson-labs.org, the official Hudson-on-Hudson instance. We're currently building Hudson proper, the Hudson core RC branch, individual builds for the various Hudson plugins and Gerrit, as well as various libraries and infrastructure jobs Hudson depends on.

For as long as Hudson's had a plugin model and development community, we've provided source code and binary hosting through our Subversion repo at java.net. But what if you're a plugin developer and you don't want to use Subversion? Well, we have an alternative for your source code: host it with Hudson on GitHub.

To get this in place, send an email to dev@hudson.dev.java.net (or ask in the IRC channel) asking to get a repository created for your plugin at Github. Make sure to include the name of the plugin and your Github username (and the Github usernames of any other developers who'll be pushing to your plugin's repo). If your plugin is already in Github, include the URL for the existing repo so that we can fork it. One of the Hudson admins will create the repository (forking if appropriate) and add the user(s) to the list of users with push access to the Hudson-hosted repositories at Github. Once you hear back from them, you'll be able to push code to the new repository.

You will need to make a few changes to your plugin's POM, as compared to what works for a plugin POM in the java.net Subversion tree.

Regular readers will recognize that I've been slacking off quite a bit lately with my release announcements, my apologies. With the release of 1.368 on Sunday, which fixed a few fairly important bugs, I figured I'd dusty off my blogging fedora and give this a shot.

This release has three bug fixes in it which were causing some issues for some users, particularly those deploying Hudson inside the recently released Tomcat 7.0 (see issue 6738).

Hudson users utilizing the JDK auto-installation feature between different platforms may have been affected by issue 6880 which was also fixed in this release.

Bringing up the rear is the fix to issue 7004 which detailed a few discrepencies between the /buildWithParameters and the /build remote APIs.

If you're not affected by these issues, you may want to wait for the soon-to-be-released 1.369 which has even more juicy bug fixes in it (with a dash of enhancements) to upgrade.

In my capacity as Build Guy at Digg, I've written up a blog post on our new continuous deployment/code review/pre-tested commit workflow. We're using a combination of Hudson, Git and Gerrit, Selenium and more to make sure that every change going to Digg's new site has been thoroughly tested.

Read the whole post, with all the juicy details over on Digg's Technology Blog!

A few weeks ago, Kohsuke stopped by the San Francisco Selenium Meetup hosted by Sauce Labs to talk about all things Selenium and Hudson related (with a bit of Sauce in there too).

The good folks over at Sauce Labs have gotten around to posting some of the videos taken with Kohsuke.

Instead of embed the videos, I wanted to directly link to the post and make sure that you all went over to check out Sauce Labs, they're up to some interesting things over there.

So you've got your fancy Android cell phone and you're thinking to yourself "besides feeling smugly superior to iPhone users, what can I do with this thing?" Perhaps you should be considering using it as a phone but if that's too boring, check out the new and improved Hudson Mood widget for Android! The latest release brings support for multiple servers and fancier graphics.

If you're interested in installing the widget, search for "Hudson Mood" in the Android Market, and be sure to thank Siarhei Dudzin for creating the widget!