Each section covers the upgrade from the previous LTS release, the section on 2.541.1 covers the upgrade from 2.528.3.
Jenkins now allows enforcing Content Security Policy. This is a security mechanism that can reduce or eliminate the impact of web security vulnerabilities like cross-site-scripting (XSS). Jenkins core and most popular Jenkins plugins are compatible with Jenkins’s default rule set, but for backwards compatibility, CSP enforcement is disabled by default.
See the Content Security Policy documentation for more information.
Users of Content Security Policy Plugin should disable it or update it to version 2.x.
Red Hat and openSUSE now use the same RPM packages from the same unified repository at https://pkg.jenkins.io/rpm-stable/. Users with an already installed prior version are transparently redirected when refreshing their repositories: https://pkg.jenkins.io/redhat-stable/ and https://pkg.jenkins.io/opensuse-stable/ both redirect to the new URL.
By default, Red Hat and openSUSE package users that upgrade to 2.541.1 will not be able to downgrade to an older version, unless they modify their local yum or zypper repository definitions. The old repositories are retained and allow older versions (before 2.541.1) to be installed by using the following URLs: https://pkg.jenkins.io/redhat-stable-legacy/ for Red Hat distributions and https://pkg.jenkins.io/opensuse-stable-legacy/ for openSUSE distributions.
Note for openSUSE users: the System V initialization scripts are removed for openSUSE installations (details in the blog post).