Guidance Needed for Upgrading Jenkins from 2.412 to 2.462.1 with Java 21

Hello Jenkins Community,

We need to upgrade Jenkins from version 2.412 to 2.462.1 to support Java 21, as 2.412 will soon stop supporting Java 11. Our setup includes Jenkins running in a Kubernetes pod (using Helm charts from charts/stable/jenkins at master · helm/charts · GitHub) and two agent nodes as compute instances.
Could someone guide us on the steps to upgrade Jenkins without disrupting our setup?

Jenkins Setup:

*Jenkins Version: 2.412
*Java Version: 11.0.19
*Plugins:

  • apache-httpcomponents-client-4-api: 4.5.14-150.v7a_b_9d17134a_5
  • lockable-resources: 1131.vb_7c3d377e723
  • jdk-tool: 66.vd8fa_64ee91b_d
  • javax-mail-api: 1.6.2-9
  • structs: 324.va_f5d6774f3a_d
  • pipeline-model-extensions: 2.2133.ve46a_6113dfc3
  • timestamper: 1.25
  • workflow-job: 1308.v58d48a_763b_31
  • bootstrap5-api: 5.3.0-1
  • build-name-setter: 2.2.0
  • matrix-project: 789.v57a_725b_63c79
  • token-macro: 359.vb_cde11682e0c
  • ssh-slaves: 2.877.v365f5eb_a_b_eec
  • pipeline-stage-view: 2.33
  • pipeline-stage-step: 305.ve96d0205c1c6
  • workflow-cps: 3673.v5b_dd74276262
  • cloudbees-folder: 6.758.vfd75d09eea_a_1
  • pam-auth: 1.10
  • caffeine-api: 3.1.6-115.vb_8b_b_328e59d8
  • build-timeout: 1.26
  • echarts-api: 5.4.0-5
  • pipeline-input-step: 468.va_5db_051498a_4
  • script-security: 1251.vfe552ed55f8d
  • ant: 487.vd79d090d4ea_e
  • handlebars: 3.0.8
  • variant: 59.vf075fe829ccb
  • gradle: 2.8
  • workflow-cps-global-lib: 609.vd95673f149b_b
  • checks-api: 2.0.0
  • mailer: 457.v3f72cb_e015e5
  • commons-text-api: 1.10.0-36.vc008c8fcda_7b_
  • jquery3-api: 3.7.0-1
  • git-server: 99.va_0826a_b_cdfa_d
  • plain-credentials: 143.v1b_df8b_d3b_e48
  • command-launcher: 100.v2f6722292ee8
  • branch-api: 2.1105.v472604208c55
  • scm-api: 676.v886669a_199a_a_
  • jakarta-mail-api: 2.0.1-3
  • ws-cleanup: 0.45
  • workflow-aggregator: 596.v8c21c963d92d
  • git-client: 4.3.0
  • pipeline-groovy-lib: 656.va_a_ceeb_6ffb_f7
  • github: 1.37.1
  • pipeline-milestone-step: 111.v449306f708b_7
  • commons-lang3-api: 3.12.0-36.vd97de6465d5b_
  • bouncycastle-api: 2.28
  • ionicons-api: 56.v1b_1c8c49374e
  • momentjs: 1.1.1
  • credentials: 1189.vf61b_a_5e2f62e
  • pipeline-model-definition: 2.2133.ve46a_6113dfc3
  • ssh-credentials: 305.v8f4381501156
  • workflow-scm-step: 408.v7d5b_135a_b_d49
  • workflow-multibranch: 746.v05814d19c001
  • workflow-api: 1215.v2b_ee3e1b_dd39
  • credentials-binding: 604.vb_64480b_c56ca_
  • trilead-api: 2.84.v72119de229b_7
  • ssh: 2.6.1
  • docker-workflow: 563.vd5d2e5c4007f
  • workflow-support: 839.v35e2736cfd5c
  • plugin-util-api: 3.3.0
  • jaxb: 2.3.8-1
  • slack: 664.vc9a_90f8b_c24a_
  • workflow-durable-task-step: 1247.v7f9dfea_b_4fd0
  • instance-identity: 173.va_37c494ec4e5
  • pipeline-build-step: 491.v1fec530da_858
  • build-token-root: 151.va_e52fe3215fc
  • jackson2-api: 2.15.2-350.v0c2f3f8fc595
  • jakarta-activation-api: 2.0.1-3
  • pipeline-rest-api: 2.33
  • mina-sshd-api-common: 2.10.0-69.v28e3e36d18eb_
  • antisamy-markup-formatter: 159.v25b_c67cd35fb_
  • matrix-auth: 3.1.8
  • pipeline-stage-tags-metadata: 2.2133.ve46a_6113dfc3
  • pipeline-graph-analysis: 202.va_d268e64deb_3
  • display-url-api: 2.3.7
  • jjwt-api: 0.11.5-77.v646c772fddb_0
  • ace-editor: 1.1
  • popper2-api: 2.11.6-2
  • jquery-detached: 1.2.1
  • docker-commons: 419.v8e3cd84ef49c
  • pipeline-model-api: 2.2133.ve46a_6113dfc3
  • data-tables-api: 1.12.1-4
  • font-awesome-api: 6.4.0-1
  • durable-task: 507.v050055d0cb_dd
  • javax-activation-api: 1.2.0-6
  • git: 5.0.2
  • jsch: 0.2.8-65.v052c39de79b_2
  • resource-disposer: 0.22
  • authentication-tokens: 1.4
  • github-api: 1.314-431.v78d72a_3fe4c3
  • snakeyaml-api: 1.33-95.va_b_a_e3e47b_fa_4
  • role-strategy: 633.v836e5b_3e80a_5
  • email-ext: 2.99
  • junit: 1207.va_09d5100410f
  • workflow-step-api: 639.v6eca_cd8c04a_a_
  • build-with-parameters: 76.v9382db_f78962
  • pipeline-model-declarative-agent: 1.1.1
  • okhttp-api: 4.11.0-145.vcb_8de402ef81
  • github-branch-source: 1728.v859147241f49
  • sshd: 3.303.vefc7119b_ec23
  • ldap: 725.v3cb_b_711b_1a_ef
  • workflow-basic-steps: 1017.vb_45b_302f0cea_

First of all Jenkins 2.412 will keep running on Java 11. But the weekly releases since 2.463 and the next LTS baseline that is scheduled for end of October will require at least Java 17.
But 2.412 is a quite old weekly and contains several security vulnerabilities so upgrading to a recent LTS is good idea.
There is no one guide for upgrading Jenkins. It all also depends on the details of the current installation.
Some general guidance:

  • take a backup
  • work with a test system
  • look over all installed plugins if they are still required (e.g. you have several deprecated plugins you can remove like ace-editor, handlebars, but you also have matrix-auth and role-strategy, you will need only one of them, or ldap and pam-auth)
  • update all plugins before and after the upgrade, it is really important to do this. We can see it frequently that people report problems after doing a larger jump of the Jenkins core version that they have problems just because they didn’t update all plugins.
  • In the future regularly upgrade your Jenkins to the latest LTS and update plugins, ideally every 4 weeks.

Some way to do it you can find here Back of the Napkin Guide to Updating Jenkins, for the uninitiated
doing it in many small steps.
But you can also try to it as a one shot upgrade.