Re: Spring Security upgrade from 5.x to 6.x

Spring Security 6.x (including EE 9) was delivered in 2.475, with two follow-on regression fixes in 2.476 and 2.477 respectively. At the time of this writing, I am not aware of any unresolved issues with Spring Security 6.x or EE 9. I recommend either 2.476 or 2.477 be chosen as the next LTS line,

Re: Spring Security upgrade from 5.x to 6.x

On Tue, Jun 4, 2024 at 5:21 PM Basil Crow wrote: > By creating a backport branch of the test harness that > continues to be based on Java 11 bytecode, and using this backport > branch in the plugin parent POM until we decide to drop Java 11 > support in the plugin parent POM (most likely around th

Re: Spring Security upgrade from 5.x to 6.x

On Tue, Jun 4, 2024 at 5:21 PM Basil Crow wrote: > I am planning to follow a lazy consensus approach with this plan. If > nobody objects to this lazy consensus decision by the end of next > week, I will consider the matter settled and start executing on the > plan the week after that, with a weekl

Re: Spring Security upgrade from 5.x to 6.x

On Sat, May 11, 2024 at 1:34 AM Ivan Fernandez Calvo wrote: > > Please do it, I am waiting for this change to update the SAML plugin to the > latest PAC4J version Your wish is my command, Ivan! As discussed at the last governance board meeting, we are going to do it in a weekly release before th

Re: Spring Security upgrade from 5.x to 6.x

On Sat, May 11, 2024 at 8:43 PM Bob Du wrote: > > I am willing to contribute code to achieve this long-term goal. Great! I have filed https://issues.jenkins.io/browse/JENKINS-73169 with more details about this long-term removal, explaining the reasoning behind the removal, the relevant portions o

Re: Spring Security upgrade from 5.x to 6.x

Unlike snapshot releases, milestone releases are tagged and published in Maven Central, so I don't see any issues with upgrading to 2.0.0-M2 immediately. In practice, if a Commons FileUpload v2 API did change between now and GA, it wouldn't be too much work to adapt the few plugins that consume it.

Re: Spring Security upgrade from 5.x to 6.x

I see. As stated above Spring Security 5.x EOL deadline. We have until August 31, 2024 to move to jakarta api. To be honest, I have doubts about whether commons-uploadfile can release the 2.x GA version within 3 months. Then we have to think about a problem in advance. If there is no 2.x GA v

Re: Spring Security upgrade from 5.x to 6.x

When speaking of migrating Jenkins to Jakarta EE/jakarta.servlet api, a number of Jenkins plugins depends on the javax.servlet api, either in their code or in their dependencies. They will need to migrate too, except there is an automatic compatibility or migration tool like "". Perhaps a first

Re: Spring Security upgrade from 5.x to 6.x

While still in milestone status, Commons FileUpload 2.x is being recommended on the project's home page and GitHub page , and hopefully it will reach G

Re: Spring Security upgrade from 5.x to 6.x

> transition Jenkins weekly to require Java 17 in late August or early > September 2024. Based on the large amount of work that is needed for the > Spring Security upgrade from 5.x to 6.x, I think that we should require > Java 17 the week after we've selected the baseline for t

Re: Spring Security upgrade from 5.x to 6.x

Please do it, I am waiting for this change to update the SAML plugin to the latest PAC4J version On Saturday, May 11, 2024 at 8:48:51 AM UTC+2 timja...@gmail.com wrote: > Sounds good to me > > On Sat, 11 May 2024 at 04:08, Mark Waite wrote: > >> >> >> On Friday, May 10, 2024 at 12:51:46 PM UTC-

Re: Spring Security upgrade from 5.x to 6.x

Sounds good to me On Sat, 11 May 2024 at 04:08, Mark Waite wrote: > > > On Friday, May 10, 2024 at 12:51:46 PM UTC-6 Basil wrote: > > Based on my prototyping in JENKINS-73120, there is quite a bit of work > to support Jetty 12 (even just EE 8 with javax imports), blocked on > the requirement of

Re: Spring Security upgrade from 5.x to 6.x

On Friday, May 10, 2024 at 12:51:46 PM UTC-6 Basil wrote: Based on my prototyping in JENKINS-73120, there is quite a bit of work to support Jetty 12 (even just EE 8 with javax imports), blocked on the requirement of Java 17. From my perspective the sooner we require Java 17, the better. Perha

Re: Spring Security upgrade from 5.x to 6.x

ekly to require Java 17 in late August or early September 2024. > Based on the large amount of work that is needed for the Spring Security > upgrade from 5.x to 6.x, I think that we should require Java 17 the week > after we've selected the baseline for the final LTS line that w

Re: Spring Security upgrade from 5.x to 6.x

e is a lot of work to be done in order to upgrade > Spring Security in Jenkins from 5.x to 6.x > > I noted the timeline because I had initially assumed that we would > transition Jenkins weekly to require Java 17 in late August or early > September 2024. Based on the large amount

Spring Security upgrade from 5.x to 6.x

e August or early September 2024. Based on the large amount of work that is needed for the Spring Security upgrade from 5.x to 6.x, I think that we should require Java 17 the week after we've selected the baseline for the final LTS line that will support Java 11. If you're willing to he