Now that hopefully the dust has settled, I don't think anyone is arguing for supporting Java6, so let's start by moving up the dependency to Java7.
The usual steps are to do these 3 things over a period of time: - Announcement in the blog and users list to advertise that we are going to do this. (T0) - Start producing new 51.0 class file images, without linking to new APIs. This gives a warning period for people not following our PR outlets to notice the hard way and complain. (T0+2 weeks) - Animal sniffer check is lifted to allow Java7 APIs, and we get to a point of no return. (T0+6 weeks?) 2015-03-27 14:16 GMT-07:00 James Nord <[email protected]>: > Oracle aren't very forthcoming with details but the last big security pack > (Jan 2015) contained CVE-2015-0410 which is marked remotely exploitable via > the network. Whilst some things may not seem exploitable some plugins do > things like image manipulation which has been exploitable in the past and > will run on the master. > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Developers" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/jenkinsci-dev/2a193d09-7090-4ae3-b7d5-3fa2fa6713d9%40googlegroups.com > . > For more options, visit https://groups.google.com/d/optout. > -- Kohsuke Kawaguchi -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAN4CQ4wEqcXD2Pv%3D5CWy-5yhMFfJXbu7473hoqZvX-vr9anxtA%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
