These changes were suggested by Extra Hints for NetBeans IDE:
http://plugins.netbeans.org/plugin/73447/

Critical favicon change :-)

Pulls in fixes for: JENKINS-48133, JENKINS-48055, JENKINS-37566, JENKINS-48309, JENKINS-47965, JENKINS-48130, JENKINS-37670, JENKINS-37566, JENKINS-46724 

This change also adds some missing null/closing channel checks in the core.
In some cases the change prevents spawning threads if the channel is in the invalid state.

* Use "Files.createTempDirectory" to create temp directory instead
See SonarQube critical vulnerability squid:S2976 (tag: owasp-a9)
https://next.sonarqube.com/sonarqube/coding_rules#rule_key=squid%3AS2976

* [JENKINS-48227]
Creating a utility "static Path toPath(File file) throws IOException" method,
which wraps InvalidPathException to IOException so that it will be checked.
- also fixed public static final reference
- fixed broken test cases
- added new test cases for toPath() and createTempDir()

* Revert back to public static int

* adjustments due to merges

* Add posix check to determine if Posix FileAttributes should be included
in call to Files.createTempDirectory()

* Remove reference to private element

* Updated to use explicit imports

* Deprecate Jenkins.getInstance in favor of (usually) getActiveInstance.

* Introduced get() as a concise non-null accessor.

* May as well suggest rewrites of getActiveInstance too.

 Add Chinese translation

* Ensure all Jelly view have escape-by-default.
- all those views escape the content theirself, so no vulnerability corrected here (for TextParameterDefinition, it's done by textarea.jelly)

* - just a line break at end

* - just a line break at end (part 2)

* - change from st:out to j:out because their content is expected to be html tags

* - st => j for all finally

* Create messages_zh_CN.properties

* Update messages_zh_CN.properties

* Rename messages_zh_CN.properties to message_zh_CN.properties

* Update message_zh_CN.properties

* Add getSystemProperty(key) to fix hudson.consoleTailKB system property

* Add Javadoc, @Restricted and delegate to SystemProperties

These changes were requested by @daniel-beck.

* PR was not merged in time for 2.96

* Changes as requested by @oleg-nenashev

[JENKINS-48604] Do not downgrade plugins that are dependencies of detached plugins when upgrading Jenkins

This reverts commit eb77e5f2.

[JENKINS-48365] Install detached plugins when upgrading Jenkins past the version the plugins were detached

[JENKINS-34254] Fix RequirePOST form

* [JENKINS-22474] API Token does not require CSRF token
- in order to ease the use of the api, we are not requiring the request to have a crumb
- in terms of security it's not a problem normally since the CSRF attacks use the cookies and in case of API Token, it's session-less / cookie-less

* - adjust the license header

* - add test for basic authentication
- add test for login process

* - add test for form submission using ui (htmlunit), not just login form

* - modification requested by Jesse

* - pom.xml update to use the last version of jenkins-test-harness (with the token helper methods)
- beginning of the simplification of tests

* - using the try-with-resource approach to ease readability

* - using closure method now

* - add missing login transformation

* - add unit test

* - use withToken
- remove useless crumb for GET method
- add fail (otherwise the assert in catch is not as useful as it could be)

* another bunch of test cases

* - for HudsonTestCase, some additional modifications are required: changing the view / different type of management for the variable inside the views

* - small other tests

* - last batch for the login method

* - crumb is not more required since we are using API Token

* - converting auth to ApiToken to avoid crumb method

* - converting auth to ApiToken to avoid crumb method (second)

* - remove usage of closure aware methods

* - update the pom using the snapshot as adviced by Jesse
- modifications on other class to adapt to the last modifications in JTH

* - modifications requested during code review

* - also put back my changes to the conflicted file

* - correction of the merge :)

* Use NIO in tryOnceDeleteFile and makeWritable

* Don't try to set PosixFileAttributes on Windows

* Do not create arbitrary exceptions in makeWritable to fix test failures on Windows

* Remove unhelpful layer of exception wrapping

* Add test exercising Util#makeWritable in Util#tryOnceDeleteFile

* Add test for deleting a non-existant file

* Return early if changing permissions with NIO succeeds

[JENKINS-48505] - Invoke optimistic get before computeIfAbsent to avoid contention.

* Move an instance of renameTo() to Files.move()

* Replace an instance of File.toURI() with an instance of Path.toUri()

* Replace mkdirs() with Files.createDirectories()
Replace mkdir() with Files.createTempDirectory()

* Undo addition of createTempDirectory() as per review comments

* Return to use of FilePath#mkdirs(File) and instead modify it to use the new API.

* Undo addition of toPath() in a URI conversion as it brings no benefits.

* Replace new uses of toPath() with Util.fileToPath() to pre-handle runtime exceptions

* Remove * import.
move mkdirs() to using FilePath method instead of File method.

* Make IOUtils.mkdirs(File) use Java7 API calls

* Add back accidentally removed imports.

* Fixed use of wildcard import

* Use utility method fileToPath() to handle potential exception thrown

Fixed typo in German translation.

* Introduce UserIdCause constructor, which accepts userId as an argument.

* [JENKINS-48467] - UserIdCuase: Add issue link in the TODO comment