Effectively implemented towards 2.0 as part of JENKINS-9598:
https://jenkins.io/2.0/

>> In the case of plugins detached from core, this means shipping with the plugins, because otherwise the upgrade experience from a version when it was a core feature will be horrible

Ok, fair point. There is a whole discussion to be had about what to do with bundled plugins in core, so I'm will close this call and refer interested parties to JENKINS-9598. Actually, this probably needs to be discussed on the developer mailing list rather than via Jira comments.

In the meantime, I'll put a note on the wiki entries for plugins that have been moved out of core, but for which old versions remain bundlded.

Jenkins is committed to remain backwards compatible. In the case of plugins detached from core, this means shipping with the plugins, because otherwise the upgrade experience from a version when it was a core feature will be horrible. In the case of LDAP plugin, it only was detached in 1.466, not even two years ago.

the version bundled with Jenkins is old and buggy

You mean unlike 1.10 and 1.10.1, released not even a week ago, which both contained serious bugs? Note that occasionally, bundled plugin versions are updated. I guess the approach there is safety over being up-to-date (if you use Subversion Plugin, you know what I mean!). If this is a concern for you, it's trivial to create a pull request that changes the bundled version (here's the relevant file).

One possibility would be to only extract bundled plugins if there's already a JENKINS_HOME with e.g. global config.xml that indicates a version older than when it was detached. But that should probably be covered in the context of JENKINS-9598.

I recommend this should be resolved again.

I'm re-opening this ticket, since I think it's time to remove the old versions of these non-core plugins from the .war.

I know they were left there for "backwards compatibility", but in the case of the LDaP plugin at least, the version bundled with Jenkins is old and buggy. There's no point in keeping it there, since anyone who actually uses it would presumably upgrade it anyhow.

CSV and LDAP plugins have been already moved from the core.
You can just disable them...

Moved it to component "core", because it has nothing to do with the Jenkow plugin.

I believe there has been steady progress on moving components from core to plugins. However, there is also a commitment to backwards compatibility which is maintained and on which many Jenkins users depend. I don't know all the details of the progress in moving components from core to plugins, but I've been the grateful beneficiary of the compatibility work which has kept me running Jenkins for many years.

Could you reassign this to the Jenkins core project, rather than assigning it to the jenkow-plugin? I don't think it has any relationship to the jenkow-plugin.