Jenkins Features Controlled with System Properties
Jenkins has several "hidden" features that can be enabled with system properties. This page documents many of them and explain how to configure them on your instance.
Some system properties related to the Remoting library used for communication between controller and agents are documented in that component’s repository. == Usage
System properties are defined by passing -Dproperty=value
to the java
command line to start Jenkins. Make sure to pass all of these arguments before the -jar
argument, otherwise they will be ignored. Example:
java -Dhudson.footerURL=http://example.org -jar jenkins.war
The following lists the properties and the version of Jenkins they were introduced in.
-
Property - Java property name
-
Default - Default value if not explicitly set
-
Since - The version of Jenkins the property was introduced in
-
Description - Other notes
Compatibility
We do NOT guarantee that system properties will remain unchanged and functional indefinitely. These switches are often experimental in nature, and subject to change without notice. If you find these useful, please file a ticket to promote it to an official feature.
Properties in Jenkins Core
Due to the very large number of system properties used, often just added as a "safety valve" or "escape hatch" in case a change causes problems, this list is not expected to be complete. |
-
name: debug.YUI tags:
-
development since: December 2006 # https://github.com/jenkinsci/jenkins/commit/ab68a9fce7672649b797ea6ff46f88c965e2404b def: |
false
description: | Whether to use the minified (false
) or debug (true
) JS files for the YUI library. -
name: executable-war def: | Path to
jenkins.war
when invoked asjava -jar jenkins.war
, undefined otherwise. tags: -
packaging description: | This is the path to
jenkins.war
and set by theexecutable-war
wrapper when invoked usingjava -jar jenkins.war
. This allows Jenkins to find its own.war
file and e.g. replace it to apply an update. If undefined, Jenkins will not e.g. offer to update itself. -
name: hudson.bundled.plugins tags:
-
development def: undefined description: | Specify a location for additional bundled plugins during plugin development (
hpi:run
). There is no reason this would be set by an administrator. -
name: hudson.ClassicPluginStrategy.noBytecodeTransformer tags:
-
escape hatch
-
obsolete def: |
false
since: 1.538 # https://github.com/jenkinsci/jenkins/commit/f98c4627da3c21e37aff82c75c0ef7240e60b4da description: | Disable the bytecode transformer that retains compatibility at runtime after changing public Java APIs. Has no effect since 2.296, as the bytecode transformer has been removed. -
name: hudson.ClassicPluginStrategy.useAntClassLoader tags:
-
escape hatch def: |
false
(until 2.309 and since 2.348),true
(from 2.310 to 2.347) since: 1.316 # Unused since https://github.com/jenkinsci/jenkins/commit/47de54d070f67af95b4fefb6d006a72bb31a5cb8 # Restored and default in https://github.com/jenkinsci/jenkins/pull/5698 # Disabled since https://github.com/jenkinsci/jenkins/pull/6571 description: | Unused between 1.527 and 2.309. Since 2.310, can be set tofalse
to useURLClassLoader
instead. This is the default since 2.347. -
name: hudson.cli.CLI.pingInterval tags:
-
tuning def: |
3000
since: 2.199 description: | Client-side HTTP CLI ping interval in milliseconds. Set on the CLI client (java -jar jenkins-cli.jar
), not Jenkins server process. -
name: hudson.ConsoleNote.INSECURE tags:
-
escape hatch
-
security def: |
false
since: 2.44 / 2.32.2 description: | Whether to load unsigned console notes. See SECURITY-382 on Jenkins Security Advisory 2017-02-01. -
name: hudson.consoleTailKB tags:
-
tuning def: |
150
since: March 2009 # https://github.com/jenkinsci/jenkins/commit/bf81f96ab3d5e90bca0963c51c40a62d2642548d description: | How many KB of console log to show in default console view. This property had no effect from Jenkins 2.4 (inclusive) until 2.98/2.89.3 (exclusive), see JENKINS-48593. -
name: hudson.diagnosis.HudsonHomeDiskUsageChecker.freeSpaceThreshold tags:
-
tuning def: |
1073741824
(1 GB, up to 2.39),10737418240
(10 GB, from 2.40) since: 1.339 description: | If there’s less than this amount of free disk space, in bytes, on the disk with the Jenkins home directory, and the disk is 90% or more full, a warning will be shown to administrators. -
name: hudson.diyChunking tags:
-
feature def: |
false
since: May 2009 # https://github.com/jenkinsci/jenkins/commit/703c50cf62dedfb7085d345ec102df7395cf7fca description: | Set totrue
if the servlet container doesn’t support chunked encoding. -
name: hudson.DNSMultiCast.disabled tags:
-
escape hatch
-
obsolete def: |
false
until 2.218,true
in 2.219 since: 1.359 description: | Set totrue
to disable DNS multicast. Has no effect since 2.220 as the feature has been removed. See SECURITY-1641 -
name: hudson.FilePath.VALIDATE_ANT_FILE_MASK_BOUND tags:
-
tuning def: |
10000
since: 1.592 description: | Max. number of operations to validate a file mask (e.g. pattern to archive artifacts). -
name: hudson.footerURL tags:
-
feature def: |
https://jenkins.io
since: 1.416 description: | Allows tweaking the URL displayed at the bottom of Jenkins' UI -
name: hudson.Functions.autoRefreshSeconds tags:
-
obsolete
-
tuning def: |
10
since: 1.365 description: | Number of seconds between reloads when Auto Refresh is enabled. Obsolete since the feature was removed in Jenkins 2.223. -
name: hudson.Functions.hidingPasswordFields tags:
-
security
-
escape hatch def: |
true
since: 2.205 description: | Jenkins 2.205 and newer attempts to prevent browsers from offering to auto-fill password form fields by using a custom password control. Setting this tofalse
reverts to the legacy behavior of using mostly standard password form fields. -
name: hudson.lifecycle tags:
-
packaging def: | automatically determined based on environment, see
hudson.lifecycle.Lifecycle
description: | Specify full class name for Lifecycle implementation to override default. See documentation for class names. -
name: hudson.logging.LogRecorderManager.skipPermissionCheck tags:
-
security
-
escape hatch def: |
false
since: 2.121.3 and 2.138 description: | Disable security hardening for LogRecorderManager Stapler access. Possibly unsafe, see 2018-12-05 security advisory. -
name: hudson.Main.development tags:
-
development def: |
false
in production,true
in development description: | This is set totrue
by the development tooling to identify when Jenkins is running viajetty:run
orhpi:run
. Can be used to distinguish between development and production use; most prominently used to bypass the setup wizard when running with an empty Jenkins home directory during development. -
name: hudson.Main.timeout tags:
-
tuning def: |
15000
description: | When usingjenkins-core.jar
from the CLI, this is the connection timeout connecting to Jenkins to report a build result. -
name: hudson.markup.MarkupFormatter.previewsAllowGET tags:
-
security
-
escape hatch def: |
false
since: 2.263.2 / 2.275 description: | Controls whether URLs implementing markup formatter previews are accessible via GET. See 2021-01-13 security advisory. -
name: hudson.markup.MarkupFormatter.previewsSetCSP tags:
-
security
-
escape hatch def: |
true
since: 2.263.2 / 2.275 description: | Controls whether to set restrictive Content-Security-Policy headers on URLs implementing markup formatter previews. See 2021-01-13 security advisory. -
name: hudson.matrix.MatrixConfiguration.useShortWorkspaceName # TODO move to matrix-project plugin documentation tags:
-
feature def: |
false
description: | Use shorter but cryptic names in matrix build workspace directories. Avoids problems with 256 character limit on paths in Cygwin, path depths problems on Windows, and shell metacharacter problems with label expressions on most platforms. See JENKINS-25783. -
name: hudson.model.AbstractItem.skipPermissionCheck tags:
-
security
-
escape hatch def: |
false
since: 2.121.3 / 2.138 description: | Disable security hardening related to Stapler routing for AbstractItem. Possibly unsafe, see 2018-12-05 security advisory. -
name: hudson.model.Api.INSECURE tags:
-
security
-
escape hatch
-
obsolete def: |
false
since: 1.502 description: | Set totrue
to permit accessing the Jenkins remote API in an unsafe manner. See SECURITY-47. Deprecated, use e.g. Secure Requester Whitelist instead. -
name: hudson.model.AsyncAperiodicWork.logRotateMinutes tags:
-
tuning def: |
1440
since: 1.651 description: | The number of minutes after which to try and rotate the log file used by any AsyncAperiodicWork extension. For fine-grained control of a specific extension you can use theFullyQualifiedClassName.logRotateMinutes
system property to only affect a specific extension. It is not anticipated that you will ever need to change these defaults. -
name: hudson.model.AsyncAperiodicWork.logRotateSize tags:
-
tuning def: |
-1
since: 1.651 description: | When starting a new run of any AsyncAperiodicWork extension, if this value is non-negative and the existing log file is larger than the specified number of bytes then the log file will be rotated. For fine-grained control of a specific extension you can use theFullyQualifiedClassName.logRotateSize
system property to only affect a specific extension. It is not anticipated that you will ever need to change these defaults. -
name: hudson.model.AsyncPeriodicWork.logRotateMinutes tags:
-
tuning def: |
1440
since: 1.651 description: | The number of minutes after which to try and rotate the log file used by any AsyncPeriodicWork extension. For fine-grained control of a specific extension you can use theFullyQualifiedClassName.logRotateMinutes
system property to only affect a specific extension. It is not anticipated that you will ever need to change these defaults.Some implementations that can be individually configured (see _FullyQualifiedClassName_ above):
-
hudson.model.WorkspaceCleanupThread
-
hudson.model.FingerprintCleanupThread
-
hudson.slaves.ConnectionActivityMonitor
-
jenkins.DailyCheck
-
jenkins.model.BackgroundGlobalBuildDiscarder
-
jenkins.telemetry.Telemetry$TelemetryReporter
-
-
name: hudson.model.AsyncPeriodicWork.logRotateSize tags:
-
tuning def: |
-1
since: 1.651 description: | When starting a new run of any AsyncPeriodicWork extension, if this value is non-negative and the existing log file is larger than the specified number of bytes then the log file will be rotated. For fine-grained control of a specific extension you can use theFullyQualifiedClassName.logRotateSize
system property to only affect a specific extension. It is not anticipated that you will ever need to change these defaultsSome implementations that can be individually configured (see _FullyQualifiedClassName_ above):
-
hudson.model.WorkspaceCleanupThread
-
hudson.model.FingerprintCleanupThread
-
hudson.slaves.ConnectionActivityMonitor
-
jenkins.DailyCheck
-
jenkins.model.BackgroundGlobalBuildDiscarder
-
jenkins.telemetry.Telemetry$TelemetryReporter
-
-
name: hudson.model.DirectoryBrowserSupport.allowAbsolutePath tags:
-
security
-
escape hatch def: |
false
since: 2.315 and 2.303.2 description: | Escape hatch for SECURITY-2481. Set this totrue
to allow browsing to absolute paths. -
name: hudson.model.DirectoryBrowserSupport.allowSymlinkEscape tags:
-
security
-
escape hatch def: |
false
since: 2.154 and 2.138.4 description: | Escape hatch for SECURITY-904 and SECURITY-1452. -
name: hudson.model.DirectoryBrowserSupport.allowTmpEscape tags:
-
security
-
escape hatch def: |
false
since: 2.394 and 2.375.4 description: | Escape hatch for SECURITY-1807. -
name: hudson.model.DirectoryBrowserSupport.CSP tags:
-
security
-
escape hatch def: |
sandbox; default-src 'none'; image-src 'self'; style-src 'self';
since: 1.625.3, 1.641 description: | Determines the Content Security Policy header sent for static files served by Jenkins. Only affects instances that don’t have a resource root URL set up. See Configuring Content Security Policy for more details. -
name: hudson.model.DownloadService$Downloadable.defaultInterval tags:
-
tuning def: |
86400000
(1 day) since: '1.500' description: | Interval between periodic downloads of Downloadables, typically tool installer metadata. -
name: hudson.model.DownloadService.never tags:
-
obsolete
-
escape hatch def: |
false
since: 1.319 # https://github.com/jenkinsci/jenkins/commit/163c08003eb25cbe259fc8a8277bb3e264e36d18 description: | Suppress the periodic download of data files for plugins via browser-based download. Since Jenkins 2.200, this has no effect. -
name: hudson.model.DownloadService.noSignatureCheck tags:
-
security
-
escape hatch def: |
false
since: 1.482 # https://github.com/jenkinsci/jenkins/commit/62f66f899c95ccdfdc7a5d3346240988b42a9aad description: | Skip the update site signature check. Setting this totrue
can be unsafe. -
name: hudson.model.Hudson.flyweightSupport tags:
-
obsolete
-
feature
-
escape hatch def: |
false
before 1.337;true
from 1.337; unused since 1.598 since: 1.318 description: | Matrix parent job and other flyweight tasks (e.g. Build Flow plugin) won’t consume an executor whentrue
. Unused since 1.598, flyweight support is now always enabled. -
name: hudson.model.Hudson.initLogLevel tags:
-
obsolete description: | Deprecated: Backward-compatible fallback for
jenkins.model.Jenkins.initLogLevel
. Removed since 2.272. -
name: hudson.model.Hudson.killAfterLoad tags:
-
obsolete description: | Deprecated: Backward-compatible fallback for
jenkins.model.Jenkins.killAfterLoad
. Removed since 2.272. -
name: hudson.model.Hudson.logStartupPerformance tags:
-
obsolete description: | Deprecated: Backward-compatible fallback for
jenkins.model.Jenkins.logStartupPerformance
. Removed since 2.272. -
name: hudson.model.Hudson.parallelLoad tags:
-
obsolete description: | Deprecated: Backward-compatible fallback for
jenkins.model.Jenkins.parallelLoad
. Removed since 2.272. -
name: hudson.model.Hudson.workspaceDirName tags:
-
obsolete description: | Deprecated: Backward-compatible fallback for
jenkins.model.Jenkins.workspaceDirName
. Removed since 2.272. -
name: hudson.model.LabelAtom.allowFolderTraversal tags:
-
security
-
escape hatch def: |
false
since: 2.263.2 / 2.275 description: | Controls whether label names containing unsafe characters that lead to path traversal can be saved. See 2.263.2 upgrade guide. -
name: hudson.model.LoadStatistics.clock tags:
-
tuning def: |
10000
(10 seconds) since: January 2009 # https://github.com/jenkinsci/jenkins/commit/8d771bc2e335fea5369ba06066c87866494fa5e3 description: | Load statistics clock cycle in milliseconds. -
name: hudson.model.LoadStatistics.decay tags:
-
tuning def: |
0.9
since: January 2009 # https://github.com/jenkinsci/jenkins/commit/8d771bc2e335fea5369ba06066c87866494fa5e3 description: | Decay ratio for every clock cycle in node utilization charts. -
name: hudson.model.MultiStageTimeSeries.chartFont tags:
-
feature
-
ui def: |
SansSerif-10
since: 1.562 description: | Font used for load statistics. See Java documentation on how the value is decoded. -
name: hudson.model.Node.SKIP_BUILD_CHECK_ON_FLYWEIGHTS tags:
-
security
-
escape hatch def: |
true
since: 2.111 # https://github.com/jenkinsci/jenkins/commit/036e0ce6bb0f257c1e90d49a0af907adf6bb79f7 description: | Whether to allow building flyweight tasks even if the necessary permission (Computer/Build) is missing. See JENKINS-46652. -
name: hudson.model.ParametersAction.keepUndefinedParameters tags:
-
security
-
escape hatch def: undefined since: 1.651.2 / 2.3 # TODO add advisory reference description: | If true, not discard parameters for builds that are not defined on the job. Enabling this can be unsafe. Since Jenkins 2.40, if set to false, will not log a warning message that parameters were defined but ignored.
-
name: hudson.model.ParametersAction.safeParameters tags:
-
security
-
escape hatch def: undefined since: 1.651.2 / 2.3 # TODO add advisory reference description: | Comma-separated list of additional build parameter names that should not be discarded even when not defined on the job.
-
name: hudson.model.Queue.cacheRefreshPeriod tags:
-
tuning def: |
1000
since: 1.577 up to 1.647 description: | Defines the refresh period for the internal queue cache (in milliseconds). The greater period workarounds web UI delays on large installations, which may be caused by locking of the build queue by build executors. Downside: Builds appear in the queue with a noticeable delay. -
name: hudson.model.Queue.Saver.DELAY_SECONDS tags:
-
tuning def: |
60
since: 2.109 description: | Maximal delay of a save operation when content of Jenkins queue changes. This works as a balancing factor between queue consistency guarantee in case of Jenkins crash (short delay) and decreasing IO activity based on Jenkins load (long delay). -
name: hudson.model.Run.ArtifactList.listCutoff tags:
-
tuning
-
ui def: |
16
since: 1.330 description: | More artifacts than this will use tree view or simple link rather than listing out artifacts -
name: hudson.model.Run.ArtifactList.treeCutoff tags:
-
tuning
-
ui def: |
40
since: 1.330 description: | More artifacts than this will show a simple link to directory browser rather than showing artifacts in tree view -
name: hudson.model.Slave.workspaceRoot tags:
-
tuning def: |
workspace
since: 1.341? description: | name of the folder within the agent root directory to contain workspaces -
name: hudson.model.UpdateCenter.className tags:
-
packaging def: | effectively
hudson.model.UpdateCenter
since: 2.4 description: | This allows overriding the implementation class for update center when customizing the.war
packaging of Jenkins. Cannot be used for plugins. -
name: hudson.model.UpdateCenter.defaultUpdateSiteId def: |
default
since: 2.4 # TODO figure out what this even does, IIRC Jenkins doesn’t care about the ID other than distinguish on the UI? description: | Configure a different ID for the default update site. Useful for custom war distributions or externally provided UC data files. -
name: hudson.model.UpdateCenter.never def: |
false
description: | When true, don’t automatically check for new versions -
name: hudson.model.UpdateCenter.pluginDownloadReadTimeoutSeconds tags:
-
tuning def: |
60
description: | Read timeout in seconds for downloading plugins. -
name: hudson.model.UpdateCenter.skipPermissionCheck tags:
-
security
-
escape hatch def: |
false
since: 2.121.3 / 2.138 description: | Disable security hardening related to Stapler routing for UpdateCenter. Possibly unsafe, see 2018-12-05 security advisory. -
name: hudson.model.UpdateCenter.updateCenterUrl tags:
-
obsolete def: |
https://updates.jenkins.io/
description: | Deprecated: Override the default update site URL. May have no effect since Jenkins 1.333. -
name: hudson.model.UsageStatistics.disabled tags:
-
feature def: |
false
since: May 2009 # https://github.com/jenkinsci/jenkins/commit/49ace47432e473b8f5febb6cc00f177be5854ffb looks like a rename # but it was originally added the same day https://github.com/jenkinsci/jenkins/commit/10cc0441aeaf7c042dc1ecca674a7cf9b8375863 just a typo description: | Set totrue
to opt out of usage statistics collection, independent of UI option. -
name: hudson.model.User.allowNonExistentUserToLogin tags:
-
security
-
escape hatch def: |
false
since: 1.602 description: | Whentrue
, does not check auth realm for existence of user if there’s a record in Jenkins. Unsafe, but may be used on some instances for service accounts -
name: hudson.model.User.allowUserCreationViaUrl tags:
-
security
-
escape hatch def: |
false
since: 2.44 / 2.32.2 description: | Whether admins accessing/user/example
creates a user record (see SECURITY-406 on Jenkins Security Advisory 2017-02-01) -
name: hudson.model.User.SECURITY_243_FULL_DEFENSE tags:
-
security
-
escape hatch def: |
true
since: 1.651.2 / 2.3 description: | When false, skips part of the fix that tries to determine whether a given user ID exists, and if so, doesn’t consider users with the same full name during resolution. -
name: hudson.model.User.skipPermissionCheck tags:
-
security
-
escape hatch def: |
false
since: 2.121.3 / 2.138 description: | Disable security hardening related to Stapler routing for User. Possibly unsafe, see 2018-12-05 security advisory. -
name: hudson.model.WorkspaceCleanupThread.disabled tags:
-
escape hatch def: |
false
since: June 2009 # https://github.com/jenkinsci/jenkins/commit/ee5cba8fac256580ac30878ed28cf3330cc9d4a4 description: | Don’t clean up old workspaces on agent nodes -
name: hudson.model.WorkspaceCleanupThread.recurrencePeriodHours tags:
-
tuning def: |
24
since: 1.608 description: | How frequently workspace cleanup should run, in hours. -
name: hudson.model.WorkspaceCleanupThread.retainForDays tags:
-
tuning def: |
30
since: 1.608 description: | Unused workspaces are retained for this many days before qualifying for deletion. -
name: hudson.node_monitors.AbstractNodeMonitorDescriptor.periodMinutes tags:
-
tuning def: |
60
(1 hour) description: | How frequently to update node monitors by default, in minutes. -
name: hudson.PluginManager.checkUpdateAttempts tags:
-
tuning def: |
1
since: 2.152 description: | Number of attempts to check the updates sites. -
name: hudson.PluginManager.checkUpdateSleepTimeMillis tags:
-
tuning def: |
1000
since: 2.152 description: | Time (milliseconds) elapsed between retries to check the updates sites. -
name: hudson.PluginManager.className tags:
-
packaging def: | effectively
hudson.LocalPluginManager
description: | Can be used to specify a differentPluginManager
implementation when customizing the.war
packaging of Jenkins. Cannot be used for plugins. -
name: hudson.PluginManager.noFastLookup tags:
-
escape hatch def: |
false
description: | Disable fast lookup usingClassLoaderReflectionToolkit
which reflectively accesses internal methods ofClassLoader
. -
name: hudson.PluginManager.skipPermissionCheck tags:
-
security
-
escape hatch def: |
false
since: 2.121.3 / 2.138 description: | Disable security hardening related to Stapler routing for PluginManager. Possibly unsafe, see 2018-12-05 security advisory. -
name: hudson.PluginManager.workDir tags:
-
feature def: undefined since: 1.649 description: | Location of the base directory for all exploded .hpi/.jpi plugins. By default the plugins will be extracted under
$JENKINS_HOME/plugins/
. -
name: hudson.PluginStrategy tags:
-
packaging def: | effectively
hudson.ClassicPluginStrategy
description: | Allow plugins to be loaded into a different environment, such as an existing DI container like Plexus. Specify the full class name of ahudson.PluginStrategy
implementation to override the default. -
name: hudson.PluginWrapper.dependenciesVersionCheck.enabled tags:
-
escape hatch def: |
true
since: 2.0 description: | Set tofalse
to skip the version check for plugin dependencies. -
name: hudson.ProxyConfiguration.DEFAULT_CONNECT_TIMEOUT_MILLIS tags:
-
tuning def: |
20000
since: 2.0 description: | Connection timeout applied to connections e.g. to the update site. -
name: hudson.remoting.ChannelBuilder.allCallablesCanIgnoreRoleChecker tags:
-
security
-
scape hatch def: |
false
since: 2.319 and 2.303.3 description: | Disable requirement for remoting callables to perform a role check. See the description in the upgrade guide. -
name: hudson.remoting.ChannelBuilder.specificCallablesCanIgnoreRoleChecker tags:
-
security
-
scape hatch def: undefined since: 2.319 and 2.303.3 description: | Comma-separated list of class names allowed to bypass role check requirement. See the description in the upgrade guide.
-
name: hudson.remoting.ClassFilter tags:
-
security
-
escape hatch def: undefined description: | Allow or disallow the deserialization of specified types. Comma-separated class names, entries are whitelisted unless prefixed with
!
. See JEP-200 and JENKINS-47736. -
name: hudson.scheduledRetention tags:
-
obsolete # TODO figure out what this does def: |
false
since: Up to 1.354 description: | Control a agent based on a schedule -
name: hudson.scm.SCM.useAutoBrowserHolder tags:
-
feature def: |
false
since Jenkins 2.9,true
before description: | When set totrue
, Jenkins will guess the repository browser used to render links in the changelog. -
name: hudson.script.noCache tags:
-
development def: |
false
in production,true
during development description: | When set to true, Jenkins will not reference resource files through the/static/…/
URL space, preventing their caching. This is set totrue
during development by default, andfalse
otherwise. -
name: hudson.search.Search.MAX_SEARCH_SIZE tags:
-
security
-
escape hatch def: |
500
since: 2.375.4 / 2.394 description: | Limits the number of results a search can render. -
name: hudson.search.Search.skipPermissionCheck tags:
-
security
-
escape hatch def: |
false
since: 2.121.3 / 2.138 description: | Disable security hardening related to Stapler routing for Search. Possibly unsafe, see 2018-12-05 security advisory. -
name: hudson.security.AccessDeniedException2.REPORT_GROUP_HEADERS tags:
-
escape hatch def: |
false
since: 2.46 / 2.32.3 description: | If set to true, restore pre-2.46 behavior of sending HTTP headers on "access denied" pages listing group memberships. -
name: hudson.security.ArtifactsPermission tags:
-
security
-
escape hatch def: |
false
since: 1.374 description: | The Artifacts permission allows to control access to artifacts; When this property is unset or set to false, access to artifacts is not controlled -
name: hudson.security.csrf.CrumbFilter.UNPROCESSED_PATHINFO tags:
-
security
-
escape hatch def: |
false
since: 2.228 and 2.204.6 description: | Escape hatch for SECURITY-1774. -
name: hudson.security.csrf.DefaultCrumbIssuer.EXCLUDE_SESSION_ID tags:
-
security
-
escape hatch def: |
false
since: 2.186 and 2.176.2 description: | Escape hatch for SECURITY-626. -
name: hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION tags:
-
security
-
escape hatch def: |
false
since: 2.222 description: | Restore the ability to disable CSRF protection after the UI for doing so was removed from Jenkins 2.222. -
name: hudson.security.csrf.requestfield tags:
-
security
-
tuning def: |
.crumb
(Jenkins 1.x),Jenkins-Crumb
(Jenkins 2.0) since: 1.310 description: | Parameter name that contains a crumb value on POST requests -
name: hudson.security.ExtendedReadPermission tags:
-
security
-
feature def: |
false
since: 1.324 description: | The ExtendedReadPermission allows read-only access to "Configure" pages; can also enable with extended-read-permission plugin -
name: hudson.security.HudsonPrivateSecurityRealm.ID_REGEX tags:
-
security
-
escape hatch def: |
[a-zA-Z0-9_-]+
since: 2.121 and 2.107.3 description: | Regex for legal user names in Jenkins user database. See SECURITY-786. -
name: hudson.security.HudsonPrivateSecurityRealm.maximumBCryptLogRound tags:
-
security
-
escape hatch def: |
18
since: 2.161 description: | Limits the number of rounds for pre-computed BCrypt hashes of user passwords for the Jenkins user database to prevent excessive computation. -
name: hudson.security.LDAPSecurityRealm.groupSearch # TODO move out, it’s LDAP plugin # def: TODO recover default that was apparently lost after wiki description: | LDAP filter to look for groups by their names
-
name: hudson.security.SecurityRealm.sessionFixationProtectionMode tags:
-
security
-
escape hatch def: |
1
since: 2.300 and 2.289.2 description: | Escape hatch for SECURITY-2371. Set to0
to disable the fix or to2
to select an alternative implementation. -
name: hudson.security.TokenBasedRememberMeServices2.skipTooFarExpirationDateCheck tags:
-
security
-
escape hatch def: |
false
since: 2.160 and 2.150.2 description: | Escape hatch for SECURITY-868 -
name: hudson.security.WipeOutPermission tags:
-
security
-
feature def: |
false
since: 1.416 description: | The WipeOut permission allows to control access to the "Wipe Out Workspace" action, which is normally available as soon as the Build permission is granted -
name: hudson.slaves.ChannelPinger.pingInterval tags:
-
tuning
-
obsolete def: |
5
since: 1.405 description: | Frequency (in minutes) of pings between the controller and agents. Deprecated since 2.37, usehudson.slaves.ChannelPinger.pingIntervalSeconds
instead. -
name: hudson.slaves.ChannelPinger.pingIntervalSeconds tags:
-
tuning def: |
300
since: 2.37 description: | Frequency of https://wiki.jenkins.io/display/JENKINS/Ping+Thread[pings between the controller and agents], in seconds -
name: hudson.slaves.ChannelPinger.pingTimeoutSeconds tags:
-
tuning def: |
240
since: 2.37 description: | Timeout for each https://wiki.jenkins.io/display/JENKINS/Ping+Thread[ping between the controller and agents], in seconds -
name: hudson.slaves.ConnectionActivityMonitor.enabled tags:
-
feature # TODO: This looks like a dead feature? Introduced 2011 and disabled by default? def: |
false
since: 1.326 description: | Whether to enable this feature that checks whether agents are alive and cuts them off if not. -
name: hudson.slaves.ConnectionActivityMonitor.frequency tags:
-
tuning # TODO: Actually dual use: Both for timeout (4 minutes) and time to ping (3 minutes). Possibly copy & paste issue and bug in core? def: |
10000
(10 seconds) since: 1.326 description: | How frequently to check for channel activity, in milliseconds. -
name: hudson.slaves.ConnectionActivityMonitor.timeToPing tags:
-
tuning def: |
180000
(3 minutes) since: 1.326 description: | How long to wait after startup to start checking agent connections, in milliseconds. -
name: hudson.slaves.NodeProvisioner.initialDelay tags:
-
tuning def: | 10 times
hudson.model.LoadStatistics.clock
, typically 100 seconds description: | How long to wait after startup before starting to provision nodes from clouds. This will allow static agents to start and handle the load first. -
name: hudson.slaves.NodeProvisioner.MARGIN tags:
-
tuning
-
name: hudson.slaves.NodeProvisioner.MARGIN0 tags:
-
tuning
-
name: hudson.slaves.NodeProvisioner.MARGIN_DECAY tags:
-
tuning
-
name: hudson.slaves.NodeProvisioner.recurrencePeriod tags:
-
tuning def: | Equal to
hudson.model.LoadStatistics.clock
, typically 10 seconds description: | How frequently to possibly provision nodes. -
name: hudson.slaves.SlaveComputer.allowUnsupportedRemotingVersions tags:
-
escape hatch def: |
false
since: 2.343 description: | Allow connection by agents running unsupported remoting versions. -
name: hudson.slaves.WorkspaceList tags:
-
tuning def: |
@
since: 1.424 description: | When concurrent builds is enabled, a unique workspace directory name is required for each concurrent build. To create this name, this token is placed between project name and a unique ID, e.g. "my-project@123". -
name: hudson.tasks.ArtifactArchiver.warnOnEmpty tags:
-
feature def: |
false
description: | When true, builds don’t fail when there is nothing to archive -
name: hudson.tasks.Fingerprinter.enableFingerprintsInDependencyGraph tags:
-
feature def: |
false
since: 1.430 description: | When true, jobs associated through fingerprints are added to the dependency graph, even when there is no configured upstream/downstream relationship between them. -
name: hudson.tasks.MailSender.maxLogLines # TODO is this mailer plugin now? def: |
250
description: | Number of lines of console output to include in emails -
name: hudson.TcpSlaveAgentListener.hostName tags:
-
feature def: | Same as the configured Jenkins root URL description: | Host name that Jenkins advertises to inbound TCP agents. Especially useful when running Jenkins behind a reverse proxy.
-
name: hudson.TcpSlaveAgentListener.port tags:
-
feature def: | Same as the configured TCP agent port description: | Port that Jenkins advertises to inbound TCP agents. Especially useful when running Jenkins behind a reverse proxy.
-
name: hudson.TreeView tags:
-
feature
-
obsolete def: |
false
description: | Enables the experimental nested views feature. Has no effect since 2.302, as the experimental nested views feature has been removed. -
name: hudson.triggers.SafeTimerTask.logsTargetDir tags:
-
feature def: |
$JENKINS_HOME/logs
since: 2.114 description: | Allows to move the logs usually found under$JENKINS_HOME/logs
to another location. Beware that no migration is handled if you change it on an existing instance. -
name: hudson.triggers.SCMTrigger.starvationThreshold tags:
-
tuning def: |
3600000
(1 hour) description: | Milliseconds waiting for polling executor before trigger reports it is clogged. -
name: hudson.udp tags:
-
escape hatch
-
obsolete
-
tuning def: |
33848
until 2.218,-1
in 2.219 description: | Port for UDP multicast broadcast. Set to -1 to disable. Has no effect since 2.220 as the feature has been removed. See SECURITY-1641 -
name: hudson.upstreamCulprits tags:
-
feature def: |
false
since: 1.327 description: | Pass blame information to downstream jobs. -
name: hudson.util.AtomicFileWriter.DISABLE_FORCED_FLUSH tags:
-
escape hatch # The code is really confusing; there are two flags, one is always false, and will be forcibly set to false here, except using a new constructor that was deprecated in the same PR it was introduced in. def: |
false
since: 2.102 description: | Disables the forced flushing when calling#close()
. Not expected to be used. -
name: hudson.util.CharacterEncodingFilter.disableFilter tags:
-
escape hatch def: |
false
description: | Set totrue
to disable the filter that sets request encoding to UTF-8 if it’s undefined and its content type istext/xml
orapplication/xml
(API submissions). -
name: hudson.util.CharacterEncodingFilter.forceEncoding tags:
-
feature def: |
false
description: | Set totrue
to force the request encoding to UTF-8 even if a different character set is declared. -
name: hudson.Util.deletionRetryWait tags:
-
tuning def: |
100
since: 2.2 description: | The time (in milliseconds) to wait between attempts to delete files when retrying. This has no effect unless hudson.Util.maxFileDeletionRetries is greater than 1. If zero, there will be no delay between attempts. If negative, the delay will be a (linearly) increasing multiple of this value between attempts. -
name: hudson.util.Digester2.UNSAFE tags:
-
security
-
escape hatch
-
obsolete def: |
false
since: 2.263.2 / 2.275 description: | Opts out of a change in default behavior that disables the processing of XML external entities (XXE) for theDigester2
class in Jenkins if set totrue
. This system property can be changed while Jenkins is running and the change is effective immediately. See 2.263.2 upgrade guide. Has no effect since 2.297, as theDigester2
class has been removed. -
name: hudson.util.FormValidation.applyContentSecurityPolicyHeaders tags:
-
security
-
escape hatch def: |
true
since: 2.263.2 / 2.275 description: | Controls whether to set restrictive Content-Security-Policy headers on URLs implementing form validation responses. This reduces the impact of cross-site scripting (XSS) vulnerabilities in form validation output. See 2.263.2 upgrade guide. -
name: hudson.util.Graph.maxArea tags:
-
security
-
escape hatch def: |
10000000
(10 million) since: 2.263.2 / 2.275 description: | Controls the maximum size (area) for requests to render graphs like load statistics. See 2021-01-13 security advisory. -
name: hudson.Util.maxFileDeletionRetries tags:
-
tuning def: |
3
since: 2.2 description: | The number of times to attempt to delete files/directory trees before giving up and throwing an exception. Specifying a value less than 1 is invalid and will be treated as if a value of 1 (i.e. one attempt, no retries) was specified. See JENKINS-10113 and JENKINS-15331. -
name: hudson.util.MultipartFormDataParser.FILEUPLOAD_MAX_FILES tags:
-
escape hatch
-
tuning
-
security def: |
1000
since: 2.375.4, 2.394 description: | Limits the number of form fields that can be processed in onemultipart/form-data
request. Used to setorg.apache.commons.fileupload.servlet.ServletFileUpload#setFileCountMax(long)
. Despite the name, this applies to all form fields, not just actual file attachments.-1
disables this limit. -
name: hudson.util.MultipartFormDataParser.FILEUPLOAD_MAX_FILE_SIZE tags: # Not an escape hatch since it’s disabled by default
-
tuning
-
security def: |
-1
since: 2.375.4, 2.394 description: | Limits the size (in bytes) of individual fields that can be processed in onemultipart/form-data
request. Despite the name, this applies to all form fields, not just actual file attachments.-1
disables this limit. -
name: hudson.util.MultipartFormDataParser.FILEUPLOAD_MAX_SIZE tags: # Not an escape hatch since it’s disabled by default
-
tuning
-
security def: |
-1
since: 2.375.4, 2.394 description: | Limits the total request size (in bytes) that can be processed in onemultipart/form-data
request. Used to setorg.apache.commons.fileupload.servlet.ServletFileUpload#setSizeMax(long)
.-1
disables this limit. -
name: hudson.Util.noSymLink tags:
-
feature # TODO this is now in a plugin I think? def: |
false
description: | True to disable creation of symbolic links in job/builds directories -
name: hudson.Util.performGCOnFailedDelete tags:
-
tuning def: |
false
since: 2.2 description: | If this flag is set totrue
then we will request a garbage collection after a deletion failure before we next retry the delete. It is ignored unless hudson.Util.maxFileDeletionRetries is greater than 1. Setting this flag totrue
may resolve some problems on Windows, and also for directory trees residing on an NFS share, but it can have a negative impact on performance and may have no effect at all (GC behavior is JVM-specific). Warning: This should only ever be used if you find that your builds are failing because Jenkins is unable to delete files, that this failure is because Jenkins itself has those files locked "open", and even then it should only be used on agents with relatively few executors (because the garbage collection can impact the performance of all job executors on that agent). Setting this flag is a act of last resort - it is not recommended, and should not be used on your main Jenkins server unless you can tolerate the performance impact. -
name: hudson.util.ProcessTree.disable tags:
-
feature def: |
false
description: | True to disable cleanup of child processes. -
name: hudson.util.RingBufferLogHandler.defaultSize tags:
-
tuning def: |
256
since: 1.563 description: | Number of log entries in loggers available on the UI at/log/
-
name: hudson.util.RobustReflectionConverter.recordFailuresForAdmins tags:
-
security
-
escape hatch def: |
false
since: 2.263.2 / 2.275 description: | If set totrue
, Old Data Monitor will record some failures to load data submitted by users with Overall/Administer permission, partially disabling a security fix. See 2021-01-13 security advisory andhudson.util.RobustReflectionConverter.recordFailuresForAllAuthentications
. -
name: hudson.util.RobustReflectionConverter.recordFailuresForAllAuthentications tags:
-
security
-
escape hatch def: |
false
since: 2.263.2 / 2.275 description: | If set totrue
, Old Data Monitor will record some failures to load data submitted by all authorized users, completely disabling a security fix. See 2021-01-13 security advisory andhudson.util.RobustReflectionConverter.recordFailuresForAdmins
. -
name: hudson.util.Secret.AUTO_ENCRYPT_PASSWORD_CONTROL tags:
-
security
-
escape hatch def: |
true
since: 2.236 description: | Jenkins automatically round-tripsf:password
based form fields as encryptedSecret
even if the field is not of typeSecret
. Set this tofalse
to disable this behavior, doing so is discouraged. -
name: hudson.util.Secret.BLANK_NONSECRET_PASSWORD_FIELDS_WITHOUT_ITEM_CONFIGURE tags:
-
escape hatch
-
security def: |
true
since: 2.236 description: | If the user is missing Item/Configure permission, Jenkins 2.236 and newer will blank out the password value automatically even if the form field is not backed by aSecret
. Set this tofalse
to disable this behavior, doing so is discouraged. -
name: hudson.util.Secret.provider tags:
-
escape hatch def: system default since: 1.360 description: | Force a particular crypto provider; with Glassfish Enterprise set value to
SunJCE
to workaround JENKINS-6459 and GLASSFISH-11862. -
name: hudson.util.StreamTaskListener.AUTO_FLUSH tags:
-
escape hatch # https://github.com/jenkinsci/jenkins/pull/3961 def: |
false
since: 2.173 description: | Jenkins no longer automatically flushes streams for code running remotely on agents for better performance. This may lead to loss of messages for plugins which print to a build log from the agent machine but do not flush their output. Use this flag to restore the previous behavior for freestyle builds. -
name: hudson.Util.symlinkEscapeHatch tags:
-
escape hatch def: |
false
description: | True to use exec of "ln" binary to create symbolic links instead of native code -
name: hudson.Util.useNativeChmodAndMode tags:
-
escape hatch def: |
false
since: 2.93 description: | True to use native (JNA/JNR) implementation to set file permissions instead of NIO. Removed without replacement in 2.304. -
name: hudson.util.XStream2.collectionUpdateLimit tags:
-
security
-
tuning
-
escape hatch def: |
5
since: 2.334 and 2.319.3 description: | The maximum number of seconds that adding elements to collections may cumulatively take when loading an XML document using XStream, or-1
to disable. See 2022-02-09 security advisory for context. -
name: hudson.WebAppMain.forceSessionTrackingByCookie tags:
-
escape hatch
-
security def: |
true
since: 2.234 description: | Set tofalse
to not force session tracking to be done via cookie. Escape hatch for JENKINS-61738. -
name: hudson.widgets.HistoryWidget.threshold tags:
-
tuning def: |
30
since: 1.433 description: | How many builds to show in the build history side panel widget. -
name: historyWidget.descriptionLimit tags:
-
feature
-
UI def: |
100
since: 2.223 description: | Defines a limit for the characters shown in the description field for each build row in the Build History column. A positive integer (e.g.300
) will define the limit. After the limit is reached (…) will be shown. The value-1
disables the limit and allows unlimited characters in the build description. The value0
shows no description. -
name: HUDSON_HOME def: n/a tags:
-
obsolete description: | Backward compatible fallback name for
JENKINS_HOME
. See documentation there. -
name: jenkins.CLI.disabled # TODO Understand how this currently (2.138+) works tags:
-
feature def: |
false
since: 2.32 and 2.19.3 description: |true
to disable Jenkins CLI via JNLP and HTTP (SSHD can still be enabled) -
name: jenkins.InitReactorRunner.concurrency tags:
-
tuning def: 2x of CPU description: | During start of Jenkins, loading of jobs in parallel have a fixed number of threads by default (twice the CPU). To make Jenkins load time 8x faster (assuming sufficient IO), increase it to 8x. For example, 24 CPU Jenkins controller host use this:
-Dhudson.InitReactorRunner.concurrency=192
-
name: jenkins.install.runSetupWizard tags:
-
feature def: undefined since: 2.0 description: | Set to
false
to skip install wizard. Note that doing so leaves Jenkins unsecured. Development-mode only: Set totrue
to not skip showing the setup wizard during Jenkins development. This property is only effective the first time you run Jenkins in givenJENKINS_HOME
. -
name: jenkins.install.SetupWizard.adminInitialApiToken tags:
-
security
-
packaging def: The default admin account will not have an API Token unless a value is provided for this system property since: "2.260" description: | This property determines the behavior during the SetupWizard install phase concerning the API Token creation for the initial admin account. The behavior depends on the provided value:
true
-
A token is generated using random value at startup and the information is put in the file
$JENKINS_HOME/secrets/initialAdminApiToken
. - "token" in plain text
-
A fixed API Token will be created for the user with provided value as the token.
- "@[file-location]" which contains plain text value of the token
-
A fixed API Token will be created for the user with the value read from the file. Jenkins will not delete the file after read, so the script is responsible to remove it when no longer needed.
Token format is `[2-char hash version][32-hex-char of secret]`, where the hash version is currently only 11, e.g., `110123456789abcdef0123456789abcdef`. For example can be generated in following ways:
-
manually by prepending
11
to output of random generator website. Ask for 32 hex digits or 16 bytes in hex, e.g. https://www.browserling.com/tools/random-hex, https://www.random.org/bytes/ -
in a shell:
echo "11$(openssl rand -hex 16)"
-
in JavaScript:
const genRanHex = size ⇒ […Array(size)].map) ⇒ Math.floor(Math.random() * 16).toString(16.join(''); console.log('11' + genRanHex(32));
When the API Token is generated using this system property, it should be revoked during the installation script using the other ways at your disposal so that you have a fresh (random) token with less traces for your script. See https://javadoc.jenkins.io/jenkins/security/ApiTokenProperty.html#generateNewToken-java.lang.String-[ApiTokenProperty#generateNewToken(String)] and https://javadoc.jenkins.io/jenkins/security/ApiTokenProperty.html#revokeAllTokensExceptOne-java.lang.String-[ApiTokenProperty#revokeAllTokensExceptOne(String)] for scripting methods or using the web API calls: `/user/[user-login]/descriptorByName/jenkins.security.ApiTokenProperty/generateNewToken` and `/user/[user-login]/descriptorByName/jenkins.security.ApiTokenProperty/revokeAllExcept`
-
-
name: jenkins.model.Jenkins.additionalReadablePaths tags:
-
security
-
escape hatch def: | undefined since: 2.263.2 / 2.275 description: | A comma-separated list of additional top level path segments that should be accessible to users without Overall/Read permission. See 2021-01-13 security advisory.
-
name: jenkins.model.Jenkins.buildsDir tags:
-
feature def: |
${ITEM_ROOTDIR}/builds
since: 2.119 description: | The configuration of a given job is located under$JENKINS_HOME/jobs/[JOB_NAME]/config.xml
and its builds are under$JENKINS_HOME/jobs/[JOB_NAME]/builds
by default. This option allows you to store builds elsewhere, which can be useful with finer-grained backup policies, or to store the build data on a faster disk such as an SSD. The following placeholders are supported for this value:-
${JENKINS_HOME}
– Resolves to the Jenkins home directory. -
${ITEM_ROOTDIR}
– The directory containing the job metadata within Jenkins home. -
${ITEM_FULL_NAME}
– The full name of the item, with file system unsafe characters replaced by others. -
${ITEM_FULLNAME}
– See above, but does not replace unsafe characters. This is a legacy option and should not be used.For instance, if you would like to store builds outside of Jenkins home, you can use a value like the following: `/some_other_root/builds/${ITEM_FULL_NAME}` This used to be a UI setting, but was removed in 2.119 as it did not support migration of existing build records and could lead to build-related errors until restart.
To manually migrate existing build records when starting to use this option (`TARGET_DIR` is the value supplied to `jenkins.model.Jenkins.buildsDir`):
For xref:pipeline:index.adoc[Pipeline] and Freestyle job types, run this for each `JOB_NAME`:
```sh mkdir -p [TARGET_DIR] mv $JENKINS_HOME/jobs/[JOB_NAME]/builds [TARGET_DIR]/[JOB_NAME] ```
For link:/doc/book/pipeline/multibranch/#creating-a-multibranch-pipeline[Multibranch Pipeline] jobs, run for each `BRANCH_NAME`:
```sh mkdir -p [TARGET_DIR]/[JOB_NAME]/branches/ mv $JENKINS_HOME/jobs/[JOB_NAME]/branches/[BRANCH_NAME]/builds \ [TARGET_DIR]/[JOB_NAME]/branches/[BRANCH_NAME] ```
For link:/doc/book/pipeline/multibranch/#organization-folders[Organization Folders], run this for each `REPO_NAME` and `BRANCH_NAME`:
```sh mkdir -p [TARGET_DIR]/[ORG_NAME]/jobs/[REPO_NAME]/branches/ mv $JENKINS_HOME/jobs/[ORG_NAME]/jobs/[REPO_NAME]/branches/[BRANCH_NAME]/builds \ [TARGET_DIR]/[ORG_NAME]/jobs/[REPO_NAME]/branches/[BRANCH_NAME] ```
-
-
name: jenkins.model.Jenkins.crumbIssuerProxyCompatibility tags:
-
escape hatch
-
feature def: |
false
since: 2.119 description: |true
to enable crumb proxy compatibility when running the Setup Wizard for the first time. -
name: jenkins.model.Jenkins.disableExceptionOnNullInstance tags:
-
escape hatch def: |
false
since: 2.4 only, replaced in 2.5+ by jenkins.model.Jenkins.enableExceptionOnNullInstance description: |true
to disable throwing anIllegalStateException
whenJenkins.getInstance()
returnsnull
-
name: jenkins.model.Jenkins.enableExceptionOnNullInstance tags:
-
escape hatch def: |
false
since: 2.5 description: |true
to enable throwing anIllegalStateException
whenJenkins.getInstance()
returnsnull
-
name: jenkins.model.Jenkins.exitCodeOnRestart tags:
-
packaging def: |
5
since: 2.102 description: | When using the-Dhudson.lifecycle=hudson.lifecycle.ExitLifecycle
, exit using this exit code when Jenkins is restarted -
name: jenkins.model.Jenkins.initLogLevel def: |
FINE
description: | Log level for verbose messages from the init reactor listener. -
name: jenkins.model.Jenkins.killAfterLoad def: |
false
description: | Exit Jenkins right after loading. Intended as a development/testing aid only. -
name: jenkins.model.Jenkins.logStartupPerformance def: |
false
description: | Log startup timing info. Note that some messages are not logged on levels visible by default (i.e. INFO and up). -
name: jenkins.model.Jenkins.nameValidationRejectsTrailingDot tags:
-
security
-
escape hatch def: |
true
since: 2.315 and 2.303.2 description: | Set tofalse
to allow names to end with a trailing.
character, which can cause problems on Windows. Escape hatch for SECURITY-2424. -
name: jenkins.model.Jenkins.parallelLoad tags:
-
escape hatch def: |
true
description: | Loads job configurations in parallel on startup. -
name: jenkins.model.Jenkins.slaveAgentPort tags:
-
feature def: |
-1
(disabled) since 2.0,0
in Jenkins 1.x. since: 1.643 description: | Specifies the default TCP agent port unless/until configured differently on the UI.-1
to disable,0
for random port, other values for fixed port. -
name: jenkins.model.Jenkins.slaveAgentPortEnforce tags:
-
feature def: |
false
since: 2.19.4 and 2.24 description: | If true, enforces the specifiedjenkins.model.Jenkins.slaveAgentPort
on startup and will not allow changing it through the UI -
name: jenkins.model.Jenkins.workspaceDirName tags:
-
obsolete def: |
workspace
description: | Obsolete: Was used as the default workspace directory name in the legacy workspace directory layout (workspace directories within job directories). -
name: jenkins.model.Jenkins.workspacesDir tags:
-
feature def: |
${JENKINS_HOME}/workspace/${ITEM_FULL_NAME}
since: 2.119 description: | Allows to change the directory layout for the job workspaces on the controller node. Seejenkins.model.Jenkins.buildsDir
for supported placeholders. -
name: jenkins.model.JenkinsLocationConfiguration.disableUrlValidation tags:
-
escape hatch def: |
false
since: 2.197 / LTS 2.176.4 description: | Disable URL validation intended to prevent an XSS vulnerability. See SECURITY-1471 for details. -
name: jenkins.model.lazy.BuildReference.MODE tags:
-
development
-
tuning def: |
soft
since: 1.548 description: | Configure the kind of reference Jenkins uses to hold builds in memory. Choose from amongsoft
,weak
,strong
, andnot
(do not hold builds in memory at all). Intended mostly as a debugging aid. See JENKINS-19400. -
name: jenkins.model.Nodes.enforceNameRestrictions tags:
-
security
-
escape hatch def: |
true
since: 2.263.2 / 2.275 description: | Whether to enforce new name restrictions for agent names. See 2021-01-13 security advisory. -
name: jenkins.model.StandardArtifactManager.disableTrafficCompression tags:
-
tuning
-
feature def: |
false
since: 2.196 description: |true
to disable GZIP compression of artifacts when they’re transferred from agent nodes to controller. Uses less CPU at the cost of increased network traffic. -
name: jenkins.monitor.JavaVersionRecommendationAdminMonitor.disable tags:
-
feature def: |
false
since: 2.305 description: |true
to disable the monitor that recommends Java 11. -
name: jenkins.security.ApiTokenProperty.adminCanGenerateNewTokens tags:
-
escape hatch
-
security def: |
false
since: 2.129 description: |true
to allow users with Overall/Administer permission to create API tokens using the new system for any user. Note that the user will not be able to use that token since it’s only displayed to the creator, once. -
name: jenkins.security.ApiTokenProperty.showTokenToAdmins tags:
-
escape hatch
-
security def: |
false
since: 1.638 description: | True to show API tokens for users to administrators on the user configuration page. This was set tofalse
as part of SECURITY-200 -
name: jenkins.security.ClassFilterImpl.SUPPRESS_ALL tags:
-
escape hatch
-
security def: |
false
since: 2.102 description: | Do not perform any JEP-200 class filtering when deserializing data. Setting this totrue
is unsafe. See documentation. -
name: jenkins.security.ClassFilterImpl.SUPPRESS_WHITELIST tags:
-
escape hatch
-
security def: |
false
since: 2.102 description: | Do not perform whitelist-based JEP-200 class filtering when deserializing data. With this flag set, only explicitly blacklisted types will be rejected. Setting this totrue
is unsafe. See documentation. -
name: jenkins.security.FrameOptionsPageDecorator.enabled tags:
-
escape hatch
-
security def: |
true
since: 1.581 description: | Whether to sendX-Frame-Options: sameorigin
header, set tofalse
to disable and make Jenkins embeddable -
name: jenkins.security.ignoreBasicAuth # TODO test whether this actually works tags:
-
feature
-
security def: |
false
since: 1.421 description: | When set totrue
, disableBasic
authentication with username and password (rather than API token). -
name: jenkins.security.ManagePermission tags:
-
feature
-
security def: |
false
since: 2.222 description: | Enable the optional Overall/Manage permission that allows limited access to administrative features suitable for a hosted Jenkins environment. See JEP-223. -
name: jenkins.security.ResourceDomainRootAction.validForMinutes tags:
-
tuning
-
security def: |
30
since: 2.200 description: | How long a resource URL served from the resource root URL will be valid for before users are required to reauthenticate to access it. See inline documentation in Jenkins for details. -
name: jenkins.security.s2m.CallableDirectionChecker.allow tags:
-
security
-
escape hatch def: |
false
since: 1.587 and 1.580.1 description: | This flag can be set totrue
to disable the agent-to-controller security system entirely. Since Jenkins 2.326, this is the only way to do that, as the UI option has been removed. -
name: jenkins.security.s2m.CallableDirectionChecker.allowAnyRole tags:
-
security
-
obsolete def: |
true
since: 2.319 and 2.303.3 description: | This flag can be set tofalse
to explicitly rejectCallable
implementations that do not declare any required role. It is unclear whether this can safely be set tofalse
in Jenkins before 2.335, or whether that would cause problems with some remoting built-in callables. This flag was removed in Jenkins 2.335. -
name: jenkins.security.s2m.DefaultFilePathFilter.allow tags:
-
escape hatch
-
security def: |
false
since: 1.587 and 1.580.1 description: | Allow all file paths on the Jenkins controller to be accessed from agents. This disables a big part of SECURITY-144 protections. -
name: jenkins.security.s2m.RunningBuildFilePathFilter.FAIL tags:
-
escape hatch
-
security def: |
true
since: 2.319 and 2.303.3 description: | Set tofalse
to not reject attempts to access file paths in build directories of builds not currently being built on the accessing agent. Instead, only a warning is logged. Attempts to access file paths in build directories from other processes will still fail. See the description of the SECURITY-2458 security fix for context. -
name: jenkins.security.s2m.RunningBuildFilePathFilter.SKIP tags:
-
escape hatch
-
security def: |
false
since: 2.319 and 2.303.3 description: | Set totrue
to disable the additional protection to not reject attempts to access file paths in build directories. This will restore access to any build directories both from agents and from other processes with a remoting channel, like Maven Integration Plugin. See the description of the SECURITY-2458 security fix for context. -
name: jenkins.security.seed.UserSeedProperty.disableUserSeed tags:
-
escape hatch
-
security def: |
false
since: 2.160 and 2.105.2 description: | Disables user seed. Escape hatch for SECURITY-901. -
name: jenkins.security.seed.UserSeedProperty.hideUserSeedSection tags:
-
ui
-
security def: |
false
since: 2.160 and 2.105.2 description: | Hide the UI for user seed introduced for SECURITY-901. -
name: jenkins.security.stapler.StaplerDispatchValidator.disabled tags:
-
escape hatch
-
security def: |
false
since: 2.186 and 2.176.2 description: | Escape hatch for SECURITY-534. -
name: jenkins.security.stapler.StaplerDispatchValidator.whitelist tags:
-
escape hatch
-
security def: |
stapler-views-whitelist.txt
inJENKINS_HOME
since: 2.186 and 2.176.2 description: | Override the location of the user configurable whitelist for stapler view dispatches. This augments the built-in whitelist for SECURITY-534 that allows dispatches to views that would otherwise be prohibited. -
name: jenkins.security.stapler.StaticRoutingDecisionProvider.whitelist tags:
-
escape hatch
-
security def: |
stapler-whitelist.txt
inJENKINS_HOME
since: 2.154 and 2.138.4 description: | Override the location of the user configurable whitelist for stapler request routing. This augments the built-in whitelist for SECURITY-595 that allows routing requests through methods that would otherwise be prohibited. -
name: jenkins.security.stapler.TypedFilter.prohibitStaticAccess tags:
-
escape hatch
-
security def: |
true
since: 2.154 and 2.138.4 description: | Prohibits access topublic static
fields when routing requests in Stapler. Escape hatch for SECURITY-595. -
name: jenkins.security.stapler.TypedFilter.skipTypeCheck tags:
-
escape hatch
-
security def: |
false
since: 2.154 and 2.138.4 description: | Skip (return) type check when determining whether a method or field should be routable with Stapler (i.e. allow any return type). Escape hatch for SECURITY-595. -
name: jenkins.security.SuspiciousRequestFilter.allowSemicolonsInPath tags:
-
escape hatch
-
security def: |
false
since: 2.228 and 2.204.6 description: | Escape hatch for SECURITY-1774. Allows requests to URLs with semicolon characters (;
) in the request path. -
name: jenkins.security.SystemReadPermission tags:
-
feature
-
security def: |
false
since: 2.222 description: | Enable the optional Overall/SystemRead permission that allows read-only access to administrative features suitable for a managed Jenkins Configuration as Code environment. See JEP-224. -
name: jenkins.security.UserDetailsCache.EXPIRE_AFTER_WRITE_SEC tags:
-
tuning
-
security def: |
120
(2 minutes) since: 2.15 description: | How long a cache forUserDetails
should be valid for before it is looked up again from the security realm. See JENKINS-35493. -
name: jenkins.slaves.DefaultJnlpSlaveReceiver.disableStrictVerification tags:
-
security def: |
false
since: 2.28 #description: '' # TODO describe -
name: jenkins.slaves.JnlpSlaveAgentProtocol3.enabled tags:
-
obsolete # TODO update this def: undefined since: 1.653 description: |
false
to disable the JNLP3 agent protocol,true
to enable it. Otherwise it’s randomly enabled/disabled to A/B test it. Obsolete since the protocol was removed in 2.214. -
name: jenkins.slaves.NioChannelSelector.disabled tags:
-
escape hatch def: |
false
since: 1.560 description: |true
to disable Nio for JNLP agents -
name: jenkins.slaves.StandardOutputSwapper.disabled tags:
-
escape hatch # TODO Unsure how this works. References: # - https://github.com/jenkinsci/jenkins/blob/3fd66ff22051a3309b8dc5130d8da0759ee27f48/core/src/main/java/jenkins/slaves/StandardOutputSwapper.java # - https://github.com/jenkinsci/remoting/commit/fad8c38724068dfbd155e64508e5d4c154240b87 def: |
false
since: 1.429 description: | Some Unix-like agents (e.g. SSH Build Agents) can communicate via stdin/stdout, which is very convenient. Unfortunately, some JVM output (e.g. related to GC) also goes to standard out. This will swap output streams around to prevent stream corruption through unexpected writes to standard out. -
name: jekins.SoloFilePathFilter.redactErrors tags:
-
escape hatch
-
security def: |
true
since: 2.319 and 2.303.3 description: | Set tofalse
to not redact error messages when the agent-to-controller file path filters reject a file access. This can give attackers information about files and directories on the Jenkins controller file system. -
name: jenkins.telemetry.Telemetry.endpoint tags:
-
development # https://github.com/jenkinsci/jenkins/pull/3604 def: |
https://uplink.jenkins.io/events
since: 2.143 description: | Change the endpoint that JEP-214/Uplink telemetry sends data to. Expected to be used for testing only. -
name: jenkins.ui.refresh tags:
-
ui
-
feature def: |
false
since: 2.222 description: |true
to enable the new experimental UX on Jenkins. See JENKINS-60920. Also see Jenkins UX SIG. Has no effect since 2.344 as the feature has been removed. -
name: jenkins.websocket.idleTimeout tags:
-
tuning def: |
60
since: 2.395 description: | Number of seconds a WebSocket agent connection may stay idle until it expires.0
to disable. Must be higher thanjenkins.websocket.pingInterval
. -
name: jenkins.websocket.pingInterval tags:
-
tuning def: |
30
since: 2.217 description: | Number of seconds between server-sent pings over WebSocket agent connections.0
to disable. Must be lower thanjenkins.websocket.idleTimeout
. -
name: jenkins.util.ProgressiveRendering.DEBUG_SLEEP def: |
0
description: | Debug/development option to slow down the cancelling of progressive rendering when the client fails to send a heartbeat. -
name: JENKINS_HOME tags:
-
feature def: |
~/.jenkins
description: | While typically set as an environment variable, Jenkins also looks up the path to its home directory as a system property.JENKINS_HOME
set via JNDI context has higher priority than this, but this takes precedence over the environment variable. -
name: org.jenkinsci.main.modules.sshd.SSHD.idle-timeout tags:
-
tuning # This is a core module, so this documentation should remain here. def: undefined since: 2.22 description: | Allows to configure the SSHD client idle timeout (value in milliseconds). Default value is 10min (600000ms).
-
name: org.jenkinsci.plugins.workflow.steps.durable_task.DurableTaskStep.REMOTE_TIMEOUT tags:
-
tuning # TODO move to plugin documentation def: 20 seconds since: workflow-durable-task-step-plugin 2.29 description: | How long to wait, in seconds, before interrupting remote calls and forcing cleanup when the step is stopped. See JENKINS-46507 for more information.
-
name: org.jenkinsci.plugins.workflow.steps.durable_task.DurableTaskStep.USE_WATCHING tags:
-
feature def: |
false
since: workflow-durable-task-step-plugin 2.22 description: |true
to enable the experimental push mode for durable task logging. See JENKINS-52165 for more information. -
name: org.jenkinsci.plugins.workflow.support.pickles.ExecutorPickle.timeoutForNodeMillis tags:
-
tuning def: 5 minutes (300,000 milliseconds) since: workflow-durable-task-step-plugin 2.14 description: | How long to wait, in milliseconds, before aborting the build if an agent has been removed. See JENKINS-36013 for more information.
-
name: org.jenkinsci.plugins.workflow.support.steps.ExecutorStepExecution.REMOVED_NODE_DETECTION tags:
-
feature def: |
true
since: workflow-durable-task-step-plugin 2.32 description: |false
to prevent Jenkins from aborting the build if an agent has been removed. See JENKINS-49707 for more information. -
name: org.kohsuke.stapler.Facet.allowViewNamePathTraversal tags:
-
escape hatch
-
security def: |
false
since: 2.138.2, 2.146 description: | Allows specifying non-simple names for views, including ones resulting in path traversal. This is an escape hatch for the SECURITY-867 fix. -
name: org.kohsuke.stapler.jelly.IncludeTag.skipLoggingClassSetter tags:
-
escape hatch def: |
false
since: '2.288' description: | Do not log attempts to set theclass
property ofst:include
tags directly. No log messages should be emitted in regular use, but they can be disabled if they cause unnecessary noise in the system log. -
name: org.kohsuke.stapler.RequestImpl.ALLOWED_HTTP_VERBS_FOR_FORMS tags:
-
escape hatch
-
security def: |
POST
since: 2.277.2, 2.287 description: | HTTP verbs of requests that are allowed to provideStaplerRequest#getSubmittedForm
or@SubmittedForm
. Escape hatch for a security hardening, see 2.277.2 upgrade guide. -
name: org.kohsuke.stapler.RequestImpl.FILEUPLOAD_MAX_FILES tags:
-
escape hatch
-
tuning
-
security def: |
1000
since: 2.375.4, 2.394 description: | Limits the number of form fields that can be processed in onemultipart/form-data
request. Used to setorg.apache.commons.fileupload.servlet.ServletFileUpload#setFileCountMax(long)
. Despite the name, this applies to all form fields, not just actual file attachments.-1
disables this limit. -
name: org.kohsuke.stapler.RequestImpl.FILEUPLOAD_MAX_FILE_SIZE tags: # Not an escape hatch since it’s disabled by default
-
tuning
-
security def: |
-1
since: 2.375.4, 2.394 description: | Limits the size (in bytes) of individual fields that can be processed in onemultipart/form-data
request. Despite the name, this applies to all form fields, not just actual file attachments.-1
disables this limit. -
name: org.kohsuke.stapler.RequestImpl.FILEUPLOAD_MAX_SIZE tags: # Not an escape hatch since it’s disabled by default
-
tuning
-
security def: |
-1
since: 2.375.4, 2.394 description: | Limits the total request size (in bytes) that can be processed in onemultipart/form-data
request. Used to setorg.apache.commons.fileupload.servlet.ServletFileUpload#setSizeMax(long)
.-1
disables this limit. -
name: stapler.jelly.noCache tags:
-
development def: |
false
description: | Controls both caching of various cacheable resources (Jelly scripts etc.) as well as theExpires
HTTP response header for some static resources. Useful during development to see the effect of changes after reload. -
name: stapler.jelly.trace tags:
-
development def: |
false
description: | Enables tracing of Jelly view composition. View the resulting page source to see comments indicating which parts of the view were created from which view fragments. -
name: stapler.legacyGetterDispatcherMode tags:
-
security
-
escape hatch def: |
false
description: | Do not filter get methods at the Stapler framework level. Escape hatch for SECURITY-595. -
name: stapler.legacyWebMethodDispatcherMode tags:
-
security
-
escape hatch def: |
false
description: | Do not filter web methods ("do" actions) at the Stapler framework level. Escape hatch for SECURITY-595. -
name: stapler.resourcePath tags:
-
development def: undefined description: | Additional debug resource paths. Set by the core development tooling so developers can see the effect of changes immediately after reloading the page.
-
name: stapler.trace tags:
-
development def: |
true
when run usingmvn jetty:run
(core war) ormvn hpi:run
(plugins),false
otherwise description: | Trace request handling and report the result usingStapler-Trace-…
response headers. Additionally renders a diagnostic HTTP 404 error page when the request could not be processed. -
name: stapler.trace.per-request tags:
-
development def: |
false
description: | Trace request handling (see above) for requests with theX-Stapler-Trace
request header set. -
name: jenkins.util.groovy.GroovyHookScript.ROOT_PATH since: 2.273 tags:
-
packaging def: |
$JENKINS_HOME
description: | Set the root directory used to load groovy hooks scripts. ---
Jenkins Features Controlled with System Properties
Jenkins has several "hidden" features that can be enabled with system properties. This page documents many of them and explain how to configure them on your instance.
Some system properties related to the Remoting library used for communication between controller and agents are documented in that component’s repository.
Usage
System properties are defined by passing -Dproperty=value
to the java
command line to start Jenkins.
Make sure to pass all of these arguments before the -jar
argument, otherwise they will be ignored.
Example:
java -Dhudson.footerURL=http://example.org -jar jenkins.war
The following lists the properties and the version of Jenkins they were introduced in.
-
Property
- Java property name -
Default - Default value if not explicitly set
-
Since - The version of Jenkins the property was introduced in
-
Description - Other notes