Hi all, I would like to propose backporting, to the release24.09 branch, the Tomcat 10 / Jakarta migration (including the Apache CXF upgrade).
I prepared PR #1259 (framework) and PR #260 (plugins) for this purpose, ready to be merged: https://github.com/apache/ofbiz-framework/pull/1259 https://github.com/apache/ofbiz-plugins/pull/260 I think this migration makes sense for release24.09, since it is an LTS branch already based on Java 17, considering that: * Tomcat 9 will stop receiving security fixes after March 2027 ( https://tomcat.apache.org/tomcat-9.0.x-eos.html). After that date, an LTS branch still tied to Tomcat 9 would no longer be able to receive Tomcat CVE updates. * More third-party libraries are moving away from javax.*. Staying on the old namespace will increasingly make dependency and security updates harder. For example, we currently cannot merge Dependabot PR #1132 ( https://github.com/apache/ofbiz-framework/pull/1132) because newer dependency versions already require jakarta.*. Since the migration, mostly implemented by Gaetan and Deepak, has already been validated on trunk, backporting it now could help keep the LTS branch maintainable and secure for a longer period. What do you think? Best regards, Jacopo
