Hi Team,
So far, we have only Michael's, Eugen's and Daniel's opinions about releasing
the 22.01.01 version under Gradle 7.6 and JDK 17 (OFBIZ-12400).
To summarize, Michael is against, Eugen and Daniel are for. Daniel suggests that we can use workarounds but need to later update OFBiz to handle
strong encapsulation.
Michael, I was surprised by your opinion, because of
https://markmail.org/message/fq3fpxeg5yfshjwz where you said 1 year ago:
<<I am also in favor of a 22.01. branch and releasing a first stable version
during the year 2022.>>
And that led me to closely verify the situation. Fortunately, after OFBIZ-12726 (integration tests), I believe we can trust using Gradle 7.6 and JDK
17 by using temporary workarounds.
So my question is, should we vote for releasing the 22.01.01 version under
Gradle 7.6 and JDK 17 or should we wait 22.01.02?
I have decided on my side to update GH, BuildBot and demos to run under Gradle
7.6 and JDK 17. If nobody is against of course.
This will take some time, but I don't expect much. For that we need to push the
workarounds in all supported branches. It's not a big deal:
- // jdk.serialFilter is to "Prevent possible DOS attack done using Java
deserialisation" (OFBIZ-12592)
applicationDefaultJvmArgs = project.hasProperty('jvmArgs')
? jvmArgs.tokenize()
- :
['-Xms128M','-Xmx1024M','-Djdk.serialFilter=maxarray=100000;maxdepth=20;maxrefs=1000;maxbytes=500000']
+ : ['-Xms128M','-Xmx1024M',
+
'-Djdk.serialFilter=maxarray=100000;maxdepth=20;maxrefs=1000;maxbytes=500000',
// OFBIZ-12592 and OFBIZ-12716
+ '--add-exports=java.base/sun.util.calendar=ALL-UNNAMED', // OFBIZ-12721
+ '--add-opens=java.base/java.util=ALL-UNNAMED' // OFBIZ-12726
+ ]
To release w/o the workarounds it is enough to remove the 2 "ALL-UNNAMED" lines.
It also would be great to freeze a 23.01 branch and use it as next demos while
replacing the 18.12 by 22.01 as stable.
Looking forward for opinions...
Thanks
Jacques