Changelog

Major enhancement

Upgrade Groovy from 2.4.8 to 2.4.11. Groovy 2.4.9 changelog, Groovy 2.4.10 changelog, Groovy 2.4.11 changelog
Integration of Winstone 4: Upgrade bundled Jetty from 9.2.15.v20160210 to 9.4.5.v20170502. This removes support for the deprecated SPDY protocol. The --spdy parameter has been removed accordingly and Jenkins may refuse to start if it's set. full changelog
Update Remoting from 3.7 to 3.10 adding opt-in support for work directories and improving logging in Jenkins agents. work directory documentation, logging documentation, remoting changelog, issue 39370
SSHD Module 2.0: Update from SSHD Core 0.14.0 to Apache MINA SSHD 1.6.0 in Jenkins core and Jenkins CLI. changelog, plugin compatibility notice, issue 43668

Bug fix

Jetty 9.4.5: Prevent the 400 Bad Host header error for HttpChannelOverHttp when operating behind reverse proxy. issue 40693 , corresponding Jetty issue
Update jnr-posix from 3.0.1 to 3.0.41 to pick up improvements and fixes in the POSIX platforms support. pull 2904

Enhancement

Winstone 4.1: Add Jetty HTTP/2 connector and corresponding options for Winstone-Jetty. issue 45438 , enabling HTTP/2 support in Winstone-Jetty
Enable Remoting work directories by default for newly created agents launched via JNLP (Java Web Start Launcher). issue 44112 , feature documentation
SSHD Module 2.0: Enable aes192ctr and aes256ctr ciphers if JVM supports unlimited-strength encryption. issue 39738
Update WinP from 1.24 to 1.25 to improve performance and diagnostics of issues like JENKINS-30782. full changelog
Freestyle projects may now list Pipeline jobs as downstream and trigger them, without needing to use the Parameterized Trigger plugin or reverse triggers ("Build after other projects are built"). issue 28113
Internal: Define enabling/disabling in ParameterizedJob rather than AbstractProject. issue 27299
Fixed Pipeline compatibility for a number of CLI commands (delete-builds, list-changes, console, set-build-description, and set-build-display-name), as well as some issues affecting error reporting in other commands when used with Pipeline. issue 30785 , issue 41527
Enable simpler syntax for upstream build trigger in pipelines. issue 34464
Minor optimization to queue maintenance routines and printing of console notes, mainly for the benefit of Pipeline node blocks. issue 45553
If you have the Authorize Project plugin installed and configured, its configuration will now be treated as final with respect to the behavior of Job/Build checks from Build other projects and Build after other projects are built. Formerly, if a Per-project configurable Build Authorization was enabled globally but some projects did not specify an Authorization, the two aforementioned checks would automatically fall back to checking as anonymous (typically denying build permission). To restore the former behavior, explicitly configure a Project default Build Authorization to be Run as anonymous. Note that this will affect all build-scoped permission checks, including for example Agent/Build. issue 22949
Internal API: Tasks.getAuthenticationOf now honors authentication contributed by QueueItemAuthenticatorProvider extensions. pull 2880
Moved agent port and protocol configuration out of "security" (authentication and authorization) block in Configure Global Security. issue 4478
Don't reload user records from disk unless explicitly requested to improve performance of user record access. issue 45737
Plugin Development: Jenkins now no longer publishes a war-for-test artifact. Plugins using 2.64 or a later version of Jenkins (including 2.73.1) as baseline need to use plugin parent POM 2.30 or later. issue 24064

Changelog for 2.73.1