Subversion Plugin

Skip to end of metadata
Go to start of metadata

This plugin adds the Subversion support (via SVNKit) to Jenkins.This plugin is bundled inside jenkins.war.

Plugin Information

Plugin ID subversion Changes In Latest Release
Since Latest Release
Latest Release
Latest Release Date
Required Core
2.5.2 (archives)
Aug 19, 2015
scm-api (version:0.2)
credentials (version:1.10)
ssh-credentials (version:1.6.1)
mapdb-api (version:
Source Code
Issue Tracking
Pull Requests
Open Issues
Pull Requests
Many (id: kohsuke abayer dodok1 dty huybrechts mindless pgweiss stephenconnolly rseguy kutzi etc)
Usage Installations 2014-Aug 87249
2014-Sep 91663
2014-Oct 94788
2014-Nov 94602
2014-Dec 94462
2015-Jan 98692
2015-Feb 99500
2015-Mar 107862
2015-Apr 107211
2015-May 107091
2015-Jun 112787
2015-Jul 116038

Basic Usage

Once this plugin is installed, you'll see Subversion as one of the options in the SCM section of job configurations. See inline help for more information about how to use it.

Usage with Server Certificates

An important note for those wanting to use client certificates to authenticate to your subversion server.   Your PKCS12 cert file must not have a blank passphrase or a blank export password as it will cause authentication to fail. Refer to SVNKit:0000271 for more details.

Advanced Features/Configurations


You can set the proxy in C:/Users/<user>/AppData/Roaming/Subversion/servers (Windows)  or ~/.subversion/servers (Linux)

(Jenkins as a service on Windows : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Subversion\servers)

There's a tension between doing this in Jenkins vs following the existing Subversion convention — the former has a benefit of being available on all the slaves. In this case, the proxy is a system dependent setting, which might be different between different slaves, so I think it makes sense to keep it in ~/.subversion/servers. (See

Post-commit hook

Jenkins can poll Subversion repositories for changes, and while this is reasonably efficient, this can only happen up to every once a minute, so you may still have to wait a full minute before Jenkins detects a change.

To reduce this delay, you can set up a post commit hook so the Subversion repository can notify Jenkins whenever a change is made to that repository. To do this, put the following script in your post-commit file (in the $REPOSITORY/hooks directory):

UUID=`svnlook uuid $REPOS`
/usr/bin/wget \
  --header "Content-Type:text/plain;charset=UTF-8" \
  --post-data "`svnlook changed --revision $REV $REPOS`" \
  --output-document "-" \
  --timeout=2 \
Notice the rev=$REV parameter, this tells Jenkins to check out exactly the revision which was reported by the hook. If your job has multiple Subversion module locations defined, this may lead to inconsistent checkouts - so it's recommended to leave out '?rev=$REV' in that case.
You may also want to leave out the '?rev=$REV' parameter if you are using Maven to release your projects and do not want Jenkins to build the intermediate prepare-release commit (ie: the released artifacts).
See issue #14254 for details.
Jobs on Jenkins need to be configured with the SCM polling option to benefit from this behavior. This is so that you can have some jobs that are never triggered by the post-commit hook (in the $REPOSITORY/hooks directory), such as release related tasks, by omitting the SCM polling option.
The configured polling can have any schedule (probably infrequent like monthly or yearly). The net effect is as if polling happens out of their usual cycles.
For this to work, your Jenkins has to allow anonymous read access (specifically, "Job > Read" access) to the system. If access control to your Jenkins is more restrictive, you may need to specify the username and password, depending on how your authentication is configured.
If your Jenkins uses the "Prevent Cross Site Request Forgery exploits" security option, the above request will be rejected with 403 errors ("No valid crumb was included"). The crumb needed in this request can be obtained from the URL http://server/crumbIssuer/api/xml (or /api/json). This can be included in the wget call above with something like this:
--header `wget -q --output-document - \


Since wget by default retries up to 20 times when not succeeding within the given timeout, --timeout=2 on a slow SVN server may cause Jenkins to scan the repository many more times than needed, further slowing down the SVN Server which after a while makes Jenkins unresponsive.

Possible solutions to this problem are to increase the timeout, to add a lower maximum number of retries using the argument --retries=3 or to make the wget call asynchronous (and thus ignoring any communication errors) by adding 2>&1 & last on the wget call.

Having the timeout too low can also cause your commits to hang and throw either 502 errors if you are behind a proxy, or post-commit errors if not.  Increasing the timeout until you no longer see wget retrying should fix the issue.

 More robust *nix post-commit hook example

The basic script above is fine if your server does not do authentication or you have no problem providing anonymous read access to Jenkins (as well as anonymous read to all the individual jobs you want to trigger if you are using project-based matrix authorization). Here is a script that includes the more robust security concepts hinted at in the basic example. 


# No environment is passed to svn hook scripts; set paths to external tools explicitly:

# If your server requires authentication, it is recommended that you set up a .netrc file to store your username and password
# Better yet, since Jenkins v. 1.426, use the generated API Token in place of the password
# See
# Since no environment is passed to hook scripts, you need to set $HOME (where your .netrc lives)
# By convention, this should be the home dir of whichever user is running the svn process (i.e. apache)


function notifyCI {
	# URL to Hudson/Jenkins server application (with protocol, hostname, port and deployment descriptor if needed)

	# Check if "[X] Prevent Cross Site Request Forgery exploits" is activated
	# so we can present a valid crumb or a proper header
	CRUMB=`$WGET --auth-no-challenge --output-document - ${CISERVER}/${CRUMB_ISSUER_URL}`
	if [ "$CRUMB" != "" ]; then HEADER=$CRUMB; fi

	$WGET \
		--auth-no-challenge \
		--header $HEADER \
		--post-data "`$SVNLOOK changed --revision $REV $REPOS`" \
		--output-document "-"\
		--timeout=2 \

# The code above was placed in a function so you can easily notify multiple Jenkins/Hudson servers:
notifyCI ""
notifyCI ""

The script above takes care of the Prevent Cross Site Request Forgery exploits option if you have it enabled on your server. If you do not have that option enabled, the extra wget call is harmless, but feel free to remove it if you do not need it. The script above also requires that you set up a .netrc file in the home directory of the user you are running subversion as (either the svnserve process or httpd). For more info on .netrc file syntax, look here. The script above makes it easy to notify multiple Jenkins servers of the same SVN commit. If you have a .netrc file, it keeps it easy even if they have different admin users set up. If you don't want to mess with a .netrc file, you could just hard-code the user and password (or API Token) info in the file and add --username=user and --password="pass" flags to the wget calls. 

Windows specific post-commit hook

The above script is difficult under the Windows command processor seeing as there is no support for backtick output extraction and there is no built in wget command. Instead the following contents can be added to post-commit.bat (in the $REPOSITORY/hooks directory):

SET CSCRIPT=%windir%\system32\cscript.exe
SET VBSCRIPT=C:\Repositories\post-commit-hook-jenkins.vbs
SET SVNLOOK=C:\Subversion\svnlook.exe
SET JENKINS=http://server/

The batch file relies on the following VBScript being available in the file designated by the VBSCRIPT variable above:

repos   = WScript.Arguments.Item(0)
rev     = WScript.Arguments.Item(1)
svnlook = WScript.Arguments.Item(2)
jenkins = WScript.Arguments.Item(3)

Set shell = WScript.CreateObject("WScript.Shell")

Set uuidExec = shell.Exec(svnlook & " uuid " & repos)
Do Until uuidExec.StdOut.AtEndOfStream
  uuid = uuidExec.StdOut.ReadLine()
Wscript.Echo "uuid=" & uuid

Set changedExec = shell.Exec(svnlook & " changed --revision " & rev & " " & repos)
Do Until changedExec.StdOut.AtEndOfStream
  changed = changed + changedExec.StdOut.ReadLine() + Chr(10)
Wscript.Echo "changed=" & changed

url = jenkins + "crumbIssuer/api/xml?xpath=concat(//crumbRequestField,"":"",//crumb)"
Set http = CreateObject("Microsoft.XMLHTTP") "GET", url, False
http.setRequestHeader "Content-Type", "text/plain;charset=UTF-8"
crumb = null
if http.status = 200 then
  crumb = split(http.responseText,":")
end if

url = jenkins + "subversion/" + uuid + "/notifyCommit?rev=" + rev
Wscript.Echo url

Set http = CreateObject("Microsoft.XMLHTTP") "POST", url, False
http.setRequestHeader "Content-Type", "text/plain;charset=UTF-8"
if not isnull(crumb) then 
  http.setRequestHeader crumb(0),crumb(1)
  http.send changed
  if http.status <> 200 then
    Wscript.Echo "Error. HTTP Status: " & http.status & ". Body: " & http.responseText
  end if
end if

Perform Polling from the Master

JIRA issue #5413 documents problems with running the SCM polling trigger on slaves. Version 1.21 of the Subversion plugin can perform the polling on the Jenkins master if the hudson.scm.SubversionSCM.pollFromMaster system property is set to true.

Subversion Revision and URL information as Environment Variables

The Subversion SCM plugin exports the svn revisions and URLs of the build's subversion modules as environment variables. These are $SVN_REVISION_n and $SVN_URL_n, where n is the 1-based index of the module in the configuration.

For backwards compatibility if there's only a single module, its values are also exported as $SVN_REVISION and $SVN_URL.

Note that the revision number exposed is the 'last-changed' revision number of the particular directory and not the current revision of the repository. (See What are these two revision numbers in svn info?)

Kerberos authentication

To connect to a Kerberos authenticated SVN repository see the Subversion Plugin HTTPS Kerberos authentication page.


Someone suggested in the Jenkins IRC channel that if you are getting an error and a long svnkit stack trace that looks like:

 ERROR: svn: authentication cancelled

org.tmatesoft.svn.core.SVNCancelException: svn: authentication cancelled


Change Log

Version 2.5.1 (Jul 8, 2015)

  • issue #29211 E200015: ISVNAuthentication provider did not provide credentials
  • issue #29225 Failed to tag
  • issue #20103 ListTagParameter value doesn't show up in build API
  • issue #27084 SVN authentication (NTLM) fails using Subversion Plugin v.2.5
  • Update the version of Maven Release Plugin.

Version 2.5 (Jan 2, 2015)

  • Replace custom SVNKit library in exchange for using the default binaries.
  • issue #18935 Upgrade to svn 1.8.
  • issue #25241 Upgrade trilead-ssh.

Version 2.5-beta-4 (Oct 29, 2014)

  • issue #24341 Check if the project can be disabled before the disabling
  • Fixes to form validation and pulldowns when used from unusual contexts, such as Workflow.
  • NPE when showing Workflow build index page.

Version 2.5-beta-3 (Oct 08, 2014)

  • SECURITY-158 fix.
  • issue #22568 Subversion polling does not work with parameters.
  • issue #18574 issue #23146 Fixed behavior for multiple locations in same repo.
  • issue #18534 Prevent queue items with distinct Subversion tag parameters from being collapsed.

Version 2.5-beta-2 (Jun 16, 2014)

(2.5-beta-1 botched due to upload error)

Version 2.4.5 (Nov 10, 2014)

Version 2.4.4 (Oct 08, 2014)

  • SECURITY-158 fix.

Version 2.4.3 (Aug 20, 2014)

Version 2.4.2 (Aug 18, 2014)

Version 2.4.1 (Jul 16, 2014)

  • issue #22568 Subversion polling does not work with parameters.
  • issue #18534 Prevent queue items with distinct Subversion tag parameters from being collapsed.

Version 2.4 (May 16, 2014)

Known issues introduced in this version: JENKINS-23146
  • svnexternals causing issue with concurrent builds (issue 15098)
  • Fix additional credentials help (pull request 69)
  • changelog use external path for affected path, not workspace related (issue 18574)
  • Call to doCheckRevisionPropertiesSupported broken (issue 22859)
  • Subversion Parameters show "Repository URL" instead of the name (issue 22930)
  • Plugin takes not excluded revprops from global configuration into account (issue 18099)
  • Update MapDB dependency (for multi-branch project types support) to 1.0.1
  • Change default of ignoreExternalsOption to true. Add help text explaining some of the security risks involved in checking out externals (namely that they can be a route to hijacking credentials that in most cases have full read access to the entire repository and not just the limited subset of the repository that an individual committer's credentials may have read access to. The recommended way to handle externals is to add those as additional modules directly. Thus ensuring that even if a committers machine is hacked or otherwise compromised, their credentials cannot be used to commit a modified build script and svn:external definition that allows the entire contents of the Subversion repository to be zipped up and FTP'd to a remote server)

Version 2.3 (May 1, 2014)

Note: Version 2.0 contained a fix for issue #18574. However, the fix caused 2 regressions, so it was reverted in this version

Version 2.2 (Feb 18, 2014)

  • issue #21679 (side report) failure to find Subversion SCM descriptor if anonymous is missing the credential management permissions
  • (pull #67) Improve List Subversion Tags parameter definition performance
  • (pull #66) ListSubversionTagsParameterDefinition form validation broken

Version 2.1 (Feb 11, 2014)

  • issue #21712 requires an upgrade of the minimum version of the credentials plugin to 1.9.4 and a switch to using the <c:select/> jelly tag for selecting the credentials.
  • issue #21701 Added credentials support for the tag parameter type.
  • Added credentials support for the tag action.
  • issue #18250 (pull #37) Improved authorization check for legacy (pre-credentials) authentication.
  • (pull #60) Fixed post-commit cache.

Version 2.0 (Jan 31, 2014)

  • Credentials management switched to credentials plugin based implementation. Upgrading to 2.0 will migrate your existing credentials from the semi-random scattered store that pre-2.0 used to the credentials plugin's store. You are advised to take a backup of your Jenkins instance if you have many jobs using different credentials against similar repositories. The following issues have been encountered by users upgrading.
    • The same username required different passwords when accessing a repository from a windows slave or from a *nix slave. Only one password (appears to be random as to which) was imported into the credentials store. Jobs that required the other password had their credentials reset to "none". Solution was to manually add the credential and configure the affected jobs to use the correct credentials.

Version 1.54 (Nov 19, 2013)

  • prefer trilead-ssh from plugin vs core classloader (issue #19600)
  • SVN_REVISION is not exported if server url end by / with further @HEAD suffix (issue #20344)
  • encryption of passphrases wasn't sufficiently secure (issue #SECURITY-58)

Version 1.53 (Oct 15, 2013)

Version 1.52 (skipped)

Version does not exist

Version 1.51 (Sep 15, 2013)

  • new depth option to leave --depth values as they are (issue #17974)
  • Fixed support for pinned externals (issue #16533)
  • Fixed: HTTPS with Client Certificates gives 'handshake_failure' (issue #19175)
  • Upgrade to SVNKit 1.7.10 (minor bugfixes)

Version 1.50 (Jun 02, 2013)

  • added files merged from a branch results in those files having doubled content (issue #14551)

Version 1.48 (May 20, 2013)

  • Use svn switch instead of checkout if changed module location stays within the same Subversion repository. (issue #2556)
  • Fixed: change information was lost if build failed during svn checkout. (issue #16160)

Version 1.45 (Jan 22, 2013)

  • Update svnkit library to 1.7.6
  • New option to filter changelog based on the same inclusion/exclusion filters used to detect changes. (issue #10449)
  • New options for ignoring externals and setting the repository depth (issue #777)
  • Fixed: support for svn:externals (issue #16217 and issue #13790)
  • Remove MailAddressResolverImpl that has serious negative impact on UI performance (issue #15440). Moved to dedicated plugin subversion-mail-address-resolver-plugin.

Version 1.44 (Dec 16, 2012)

  • switch to ignore property-only changes on directories (issue #14685)
  • support ignoring post-commit hooks (needs Jenkins 1.493+) (issue #6846)
  • ignore disabled projects when evaluating post-commit notifications (issue #15794)
  • fixed a problem with working copy cleanup under svn 1.7

Version 1.43 (Sept 24, 2012)

  • additional logging about the revision being checked out
  • fail build on update/checkout failure (issue #14629)
  • switch to fresh checkout on corrupted workspace detection - workaround for (issue #14550)
  • support for Assembla browser

Version 1.42 (June 22, 2012)

  • Fixed svn:external handling (issue #13790)
  • Fixed a problem where SVNKit was dropping some of the chained exceptions (issue #13835)

Version 1.40 (May 11, 2012)

Version 1.39 (Feb 16, 2012)

  • Fixed an invalid assumption in processing post-commit hooks, namely that all jobs are immediate children of the Jenkins singleton. For quite some time there has been an extension point that allows this assumption to be broken (the CloudBees Folders plugin is one example plugin that invalidates the assumption).

Version 1.38 (Feb 14, 2012)

  • Fixed issue #10227: Parameter "List subversion tag" was not displaying tags which have the same date.
  • Fixed issue #12201: NullPointerException during SVN update.
  • Fixed issue #8036: Subversion plugin to support SVN::Web browser.
  • Fixed issue #12525: SVN URL converted to lowercase -> Changes found every time it has an pull request.
  • Fixed issue #12113: Local module directories weren't expanded with environment variables.

Version 1.37 (Dec 2, 2011)

Version 1.36 (NOT SAFE FOR USE)

Version 1.35 (Nov 19, 2011)

  • Build aborted during checkout/update should be marked as ABORTED instead of FAILURE. Note: fix needs Jenkins 1.440 to be effective (issue #4605).
  • ListSubversionTagsParameterValue doesn't implement getShortDescription() (issue #11558).
  • Changelog shouldn't be duplicated because of svn:externals (issue #2344).

Version 1.34 (Oct 31, 2011)

  • SCM build trigger not working correctly with variables in SVN URL (issue #10628).
  • Setting SVN credentials for a job should not require administer permission (issue #11415).
  • List Subversion tags: Tags filter were blank when re-configuring a job (issue #11055)
  • When adding a new module location to an existing one, Jenkins re-checks out all module locations (issue #7461).
  • accept parameter for checkout to local module-path (issue #7136).

Version 1.33 (Oct 11, 2011)

  • Broken link in help text of Subversion configuration (issue #11050).
  • tag this build is missing the tag url field (issue #10857).
  • Subversion no longer passes revision information to other plugins via SubversionTagAction(issue #11032).
  • Subversion Tagging does not work correctly with alternate credentials(issue #10461).
  • SVN post-commit hook doesn't work at root of repository (issue #11263).
  • SubversionChangeLogSet does now implement getCommitId() (issue #11027).

Version 1.32 (Sep 15, 2011)

  • Increased functionality of List Subversion tags build parameter (issue #10678)
  • Hudson mentioned in SVN credentials confirmation page (issue #10733).
  • Variables (build parameters and environment variables) are now expanded in Local module directory (issue #4547)
  • SVN_URL and SVN_REVISION are not set when using @NNN in Subversion URL (issue #10942)
  • Local module directory contains @NNN when @NNN is used in Subversion repository URL.(issue #10943)

Version 1.31 (Aug 19, 2011)

  • URL that receives POST doesn't need to be protected. It is properly hardened to deal with malicious inputs.

Version 1.31 (Aug 13, 2011)

  • Fixed a build error if build is running with different VM than Jenkins is (issue #10030).

Version 1.30 (Aug 12, 2011)

  • Fixed the symlink handling problem with "emulate clean checkout" update strategy (issue #9856)
  • Fixed a continuous polling bug (issue #6209)

Version 1.29 (July 24, 2011)

Version 1.28 (June 15, 2011)

  • Added a new Sort newest first option to List Subversion tags build parameters (issue #9828).
  • Repository URL is now expanded based on all environment variables (including build parameters) rather than just build parameters (issue #9925).

Version 1.27 (June 7, 2011)

  • Added new Tags filter and Sort Z-A options to List Subversion tags build parameters (issue #9826).
  • Added global configuration opt-out for storing native command line authentication (issue #8059).

Version 1.26 (May 10, 2011)

  • plugin breaks native svn command line authentication (issue #8059).
  • svn revision number returns an error (issue #9525).
  • replaced Hudson with Jenkins.

Version 1.25 (Apr 1, 2011)

  • Check and Remove empty Repository URL from List (issue #9143).
  • 1.24 had accidental Java6 dependency (issue #9222).

Version 1.24 (Mar 22, 2011)

  • Added a new job parameter allowing to dynamically list svn tags.
  • Improved error diagnostics in case of failed WebDAV authentication

Version 1.23 (Jan 6, 2011)

  • Introduced a new extension point to control the checkout behaviour.
  • Added a new checkout strategy that emulates "svn checkout" by "svn update" + file deletion.
  • Fixed revision number pinning problem (issue #8266)
  • Fixed a per-job credential store persistence problem (issue #8061)
  • Fixed a commit notify hook problem with Jetty (issue #8056)

Version 1.22 (Dec 10, 2010)

  • Support revision keywords such as HEAD in repository URL configurations.
  • Fixed StringOutOfBoundException. (issue #8142)
  • Fixed "Unable to locate a login configuration" error with Windows Subversion server (issue #8153)

Version 1.21 (Nov 18, 2010)

  • Expose Subversion URL and revision information for all modules in environment variables (issue #3445)
  • Added system property to control whether SCM polling runs on the Hudson master or on slaves (issue #5413)
  • Make sure stored credentials have restricted file permissions

Version 1.20 (Nov 1, 2010)

  • Fixed a serialization issue.

Version 1.19 (Oct 29, 2010)

  • Fixed a configuration roundtrip regression introduced in 1.18 (issue #7944)
  • Supported svn:externals to files (issue #7539)

Version 1.18 (Oct 27, 2010)

  • Requires Hudson 1.375 or newer.
  • Builds triggered via the post-commit hook check out from the revision specified by the hook. The hook specifies the revision with either the rev query parameter, or the X-Hudson-Subversion-Revision HTTP header.
  • Uses svnkit 1.3.4 now. (issue #6417)

Version 1.17 (Apr 21, 2010)

  • Failure to retrieve remote revisions shouldn't result in a new build (issue #6136)
  • Updated German & Japanese localization.
  • Fixed that "svn log copier thread" is nerver destoryed if exception is thrown while checking out.(issue #6144)

Version 1.16 (Mar 23, 2010)

  • Fixed issue #6030, where the new includedRegions feature broke the excludedRegions.

Version 1.15 (Mar 22, 2010)

  • Added Spanish translation.

Version 1.14 (Mar 17, 2010)

  • Add includedRegions feature, analogous to the excludedRegions feature (issue #5954).

Version 1.13 (Mar 8, 2010)

  • Fixing polling for projects where last build was run on Hudson 1.345+ with Subversion plugin 1.11 or older (issue #5827)

Version 1.12 (Mar 3, 2010)

  • Polling period can be set shorter than the quiet period now. (issue #2180)
  • Exposed properties to the remote API. (report)
  • Validation for "excluded users" field was too restrictive. (issue #5684)
  • Avoid ClassCastException in change log computation if job SCM is changed from Subversion to something else. (issue #5705)

Version 1.11 (Feb 11, 2010)

  • Allow commit comment to be provided when tagging. (issue #1725)
  • Fix display of existing tags when there are multiple repositories.
  • Minor updates to aid in debugging problems triggering jobs from a post-commit hook.

Version 1.10 (Jan 27, 2010)

  • SSL client certificate authentication was not working (issue #5349)
  • Make all links from help text open a new window/tab, to avoid leaving the config page when there are unsaved changes (issue #5348)
  • Export tag information via remote API (issue #882)

Version 1.9 (Jan 16, 2010)

  • SSL client certificate authentication was not working (issue #5230)
  • Tagging UI allows users to specify one-time credential for tagging (issue #2053)
  • Fix a bug in the notifyCommit post-commit hook wrt a commit spanning multiple jobs (issue #4741)

Version 1.8 (Dec 23, 2009)

  • Polling can now ignore commits based on configurable keywords in the commit messages. (patch)
  • Several minor bug fixes

Version 1.7 (Sep 3, 2009)

  • Fixed a bug in the exclusion pattern matching
  • Fixed a bug in an interaction with the Trac plugin.
  • Fixed a bug in the interaction of concurrent builds and Subversion polling (issue #4270)

Version 1.6 (Aug 28, 2009)

Version 1.5 (Aug 19, 2009)

  • Polling is performed on the slaves now (report)
  • "Tag this Build" fails for 1.311+ with SVN Plugin (issue #4018)

Version 1.3 (July 8, 2009)

  • Subversion checkouts created files for symlinks (issue #3949)

Version 1.2 (June 24, 2009)

  • Fixed "endless authentication to SVN when invalid user/password" issue (issue #2909)

Version 1.0 (June 15, 2009)


Apache, Apache Subversion and Subversion are trademarks of the Apache Software Foundation


plugin-scm plugin-scm Delete
credentials-consumer credentials-consumer Delete
Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Add Comment