[JENKINS-44368] - Update WinP to 1.25 in order to improve diagnostics of issues like JENKINS-30782

[FIXED JENKINS-44330] - Prevent classloading of Target comparator in LogRecorder#orderedTargets()

It is just a hotfix, there may be other LogRecorders affected. Ideally we need a response from Jetty maintainers to https://github.com/eclipse/jetty.project/issues/1563. No tests since I see no way to trigger such classloading + no actual need in it.

* Adding some interface default method implementations rather than catching AbstractMethodError or providing partial implementation classes.

* Show Javadoc warnings and errors, but not ‘Generating …/core/target/site/apidocs/jenkins/model/lazy/class-use/AbstractLazyLoadRunMap.html...’ and the like.

* Javadoc fixes.

* Review comments from @oleg-nenashev.

* Test fixes.

* Remove the unused import

[FIXED JENKINS-44120] Bump Trilead version to fix NPE in KEX negotiation

Queue.Item.authenticate honors QueueItemAuthenticatorProvider; Tasks.getAuthenticationOf should as well (#2880)

* Queue.Item.authenticate honors QueueItemAuthenticatorProvider; Tasks.getAuthenticationOf should as well.

* @oleg-nenashev suggested adding some Javadoc to QueueItemAuthenticatorConfiguration.getAuthenticators.

[JENKINS-22949] BuildTrigger & ReverseBuildTrigger should respect QueueItemAuthenticatorConfiguration (#2881)

* [JENKINS-22949] Simplifying behavior of BuildTrigger & ReverseBuildTrigger to honor QueueItemAuthenticator’s as defined, rather than falling back to anonymous.

* There is no need to impersonate what is already the current thread’s authentication.

* [FIX JENKINS-30785] Generalize some CLI stuff to AbstractItem

* Offering default methods on ParameterizedJob.

* Javadoc typo.

* Cleaner use of default methods in ParameterizedJob.

* Need to pick up https://github.com/infradna/bridge-method-injector/pull/15 to be able to build.

* Sketch of pulling disabled functionality into ParameterizedJob.

* EnableJobCommandTest.groovy → EnableJobCommandTest.java, and replacing deprecated Remoting-based CLI calls with CLICommandInvoker.

* All CLI commands could be broken by a missing CLI.*.shortDescription key on just one!

* Forgot to move CLI method short descriptions to new package.

* Needed a @CLIResolver for ParameterizedJob. Adding an OptionHandler while we are here.

* Trying to fix up access-modifier versions; started failing in CI today for unknown reasons.

* Introduced <p:makeDisabled/> by analogy with <p:config-disableBuild/>.

* Using new type bounds.

* access-modifier 1.11 released.

* MatrixProject and MavenModuleSet both expect to have access to makeDisabled.jelly.

* Trying to generalize some more.

* Minor simplification.

* [JENKINS-34716] Generalizing doPolling and schedulePolling.

* isBuildable

* Obsolete comment.

* Updated comments.

* bridge-method-injector 1.17

* Unfortunately AbstractProject.schedulePolling cannot delegate to SCMTriggerItem.

* Making delete-builds and list-changes commands work with Pipeline.

* [FIXED JENKINS-41527] Made console CLI command compatible with Pipeline.

* Fixed set-build-description and set-build-display-name.

* @oleg-nenashev agreed it would be clearer to explicitly mark commands as restricted, not APIs.

* Updated tests to match slight message changes.

* bridge-method-injector 1.17

* @olivergondza pointed out that RunRangeCommand is a better name than JobRangeCommand.

* Offering default methods on ParameterizedJob.

* Javadoc typo.

* Cleaner use of default methods in ParameterizedJob.

* Need to pick up https://github.com/infradna/bridge-method-injector/pull/15 to be able to build.

* Sketch of pulling disabled functionality into ParameterizedJob.

* EnableJobCommandTest.groovy → EnableJobCommandTest.java, and replacing deprecated Remoting-based CLI calls with CLICommandInvoker.

* All CLI commands could be broken by a missing CLI.*.shortDescription key on just one!

* Forgot to move CLI method short descriptions to new package.

* Needed a @CLIResolver for ParameterizedJob. Adding an OptionHandler while we are here.

* Trying to fix up access-modifier versions; started failing in CI today for unknown reasons.

* Introduced <p:makeDisabled/> by analogy with <p:config-disableBuild/>.

* Using new type bounds.

* access-modifier 1.11 released.

* MatrixProject and MavenModuleSet both expect to have access to makeDisabled.jelly.

* Trying to generalize some more.

* Minor simplification.

* [JENKINS-34716] Generalizing doPolling and schedulePolling.

* isBuildable

* Obsolete comment.

* Updated comments.

* bridge-method-injector 1.17

* Unfortunately AbstractProject.schedulePolling cannot delegate to SCMTriggerItem.

* [FIXED JENKINS-28113] Generalize BuildTrigger to be able to trigger non-AbstractProject downstream ParameterizedJob’s without DependencyGraph.

* [JENKINS-22949] Dropping QueueItemAuthenticator trickiness, as in #2881.

* Offering default methods on ParameterizedJob.

* Javadoc typo.

* Cleaner use of default methods in ParameterizedJob.

* Need to pick up https://github.com/infradna/bridge-method-injector/pull/15 to be able to build.

* Sketch of pulling disabled functionality into ParameterizedJob.

* EnableJobCommandTest.groovy → EnableJobCommandTest.java, and replacing deprecated Remoting-based CLI calls with CLICommandInvoker.

* All CLI commands could be broken by a missing CLI.*.shortDescription key on just one!

* Forgot to move CLI method short descriptions to new package.

* Needed a @CLIResolver for ParameterizedJob. Adding an OptionHandler while we are here.

* Trying to fix up access-modifier versions; started failing in CI today for unknown reasons.

* Introduced <p:makeDisabled/> by analogy with <p:config-disableBuild/>.

* Using new type bounds.

* access-modifier 1.11 released.

* MatrixProject and MavenModuleSet both expect to have access to makeDisabled.jelly.

* Trying to generalize some more.

* Minor simplification.

* [JENKINS-34716] Generalizing doPolling and schedulePolling.

* isBuildable

* Obsolete comment.

* Updated comments.

* bridge-method-injector 1.17

* Unfortunately AbstractProject.schedulePolling cannot delegate to SCMTriggerItem.

* bridge-method-injector 1.17

* Offering default methods on ParameterizedJob.

* Javadoc typo.

* Cleaner use of default methods in ParameterizedJob.

* Need to pick up https://github.com/infradna/bridge-method-injector/pull/15 to be able to build.

* Using new type bounds.

* bridge-method-injector 1.17

* [SECURITY-372] Update bundled mailer to 1.20.

* Updated to pick up other detached plugins mentioned in https://jenkins.io/security/advisory/2016-04-11/ or https://jenkins.io/security/advisory/2017-03-20/ while we are here.

* I18nTest.test_baseName_plugin caught that the detached version of credentials was too old to serve as a dependency.
Probably there should be some test case verifying that all detached plugins could be loaded at once,
though it would need to do a topological sort in dependency order.

* Must also include display-url-api as a detached plugin as it is a dependency, even though it was never actually detached from core.

* @oleg-nenashev insists on bundling display-url-api 2.0.

Javadoc fix.

The use of `_` as an identifier is discouraged in the JLS, therefor do
not suggest its use in our javadoc.

ref:
http://docs.oracle.com/javase/specs/jls/se8/html/jls-15.html#jls-15.27.1

> It is a compile-time error if a lambda parameter has the name _ (that
is, a single underscore character).

> The use of the variable name _ in any context is discouraged. Future
versions of the Java programming language may reserve this name as a
keyword and/or give it special semantics.

* use snapshot of winstone with new jetty 9.4.x version
Signed-off-by: Nolivier lamy <olamy@apache.org>

* add jetty snapshot repository until last jetty release deployed
Signed-off-by: Nolivier lamy <olamy@apache.org>

* surefire 2.20
Signed-off-by: Nolivier lamy <olamy@apache.org>

* winstone will be 4.0
Signed-off-by: Nolivier lamy <olamy@apache.org>

* remove jetty snapshot repo
Signed-off-by: Nolivier lamy <olamy@apache.org>

* touch to force pr rebuild as snapshot has been deployed
Signed-off-by: Nolivier lamy <olamy@apache.org>

* use winstone release
Signed-off-by: Nolivier lamy <olamy@apache.org>

* use maven-jenkins-dev-plugin 9.4.5.v20170502-jenkins-1
Signed-off-by: Nolivier lamy <olamy@apache.org>

Upgrade to Groovy 2.4.11

[JENKINS-44117] - use getFullDisplayName for RSS feed name

[JENKINS-24141] Pull ChangeLogSet-related logic out of AbstractBuild

Update WinSW to 2.1.0 and Windows Agent Installer to 1.9

* [FIXED JENKINS-38005] Properly log failure due to empty archive in Pipeline

Since the job result is probably still null at the time that archiving
occurs, we weren't actually logging anything in Pipeline jobs in that
case. That was not ideal. So instead, let's log things, and also let's
update the error message to include a tip to use the allowEmptyArchive
option.

* Reverting to original message

* [JENKINS-42707] AccessDeniedException vulnerability in ReverseBuildTrigger.

* [JENKINS-42707] Added tests to expose the issue

* [JENKINS-42707] Log message according to permission (DISCOVER/READ)

* [JENKINS-42707] Use MockAuthorizationStrategy

* [JENKINS-42707] Remove internationalization for logger

[JENKINS-42959] Correctly compare key algorithms during key verification
[FIXED JENKINS-44046][FIXED JENKINS-43979] Use a larger default key size to fix issues when using SHA256 MACs during Diffe-Helman key exchange against older versions of OpenSSH

Fixes issues encountered following the recent move to the latest Trilead version. These fix 2 underlying issues:

    diffe-helman-sha256 Key Exchange needs at least 2048 bits of data to generate a key against OpenSSH 6.4 and below.
    Known hosts comparison incorrectly compares the hostname against the key value meaning key verification always fails when using known hosts files

Suppressing test flakiness

* [JENKINS-42728] Updating view with CLI using different view type should fail

- Additionally, updating a view using an XML that will be converted by XStream via an alias
  will succeed.

[FIXES JENKINS-42728]

* Remove TestView

* update test