"We donot want to be in a boat where a CVE in jetty requires us to upgrade to jetty 12 for a patched release."
Big +1 to Karan's point quoted above. I think most folks in the community would rather know they have to move to java17 for druid 35 and have X months to prepare versus having to move unexpectedly much earlier than promised if a critical CVE is found in an EOL component that we knowingly kept using. The pull forward of dropping hadoop support is an unfortunate side effect. On Wed, Jun 18, 2025 at 12:10 AM Karan Kumar <ka...@apache.org> wrote: > TBH I also think Druid 35 is a better candidate because the jetty 9 is > close to 9 years old and is EOL. We donot want to be in a boat where a CVE > in jetty requires us to upgrade to jetty 12 for a patched release. > Also we want to move to Kafka 4.0 clients sooner rather than later. Kafka 4 > requires druid to move to java 17 since our unit tests use the kafka > embedded server. > > On Wed, Jun 18, 2025 at 3:11 AM Clint Wylie <cwy...@apache.org> wrote: > > > re Druid 35 - since Hadoop doesn't support java 17 yet, I think that > > means we would also have to drop that too. I'm on board, but wondering > > if that Is too aggressive? > > > > On Tue, Jun 17, 2025 at 2:15 PM Gian Merlino <g...@apache.org> wrote: > > > > > > Actually, I wonder if Druid 35 would be a better time to drop Java 11. > > It's a little sooner, but, there are reasons to do this earlier because > of > > Jetty 9 being EOL. It's EOL as of this year. If we need any security > fixes > > they will only be available in Jetty 12, which requires Java 17. We could > > target an upgrade to Jetty 12 and a dropping of Java 11 both for Druid > 35. > > > > > > Gian > > > > > > On 2025/06/17 19:17:22 Gian Merlino wrote: > > > > This sounds good to me. > > > > > > > > On 2025/06/09 20:11:41 Clint Wylie wrote: > > > > > Following up on this, I want to propose the first release of 2026 > for > > > > > removal, which I think would be Druid 36, to give some lead time > for > > > > > those affected to prepare (which is the same timeline I proposed > for > > > > > Hadoop removal). > > > > > > > > > > On Fri, Dec 20, 2024 at 1:39 AM Clint Wylie <cwy...@apache.org> > > wrote: > > > > > > > > > > > > I guess we need to add this to the pile of reasons to drop java > 11: > > > > > > https://lists.apache.org/thread/y35cxlj90hwx6cv3kds9j8yqnmqgcczv > > which > > > > > > if i understand correctly it looks like datasketches is only > doing > > new > > > > > > stuff with java 17, older versions only getting fixes. > > > > > > > > > > > > On Tue, Dec 17, 2024 at 10:36 PM Abhishek Agarwal < > > abhis...@apache.org> wrote: > > > > > > > > > > > > > > oh, good point. I agree then that we should drop Hadoop > support. > > It should > > > > > > > be alarming enough for Hadoop users that it still doesn't > > support Java 17 > > > > > > > while many big data projects have either dropped or considering > > dropping > > > > > > > support for Java 11. We will never see zero Hadoop usage in the > > community. > > > > > > > While dropping Hadoop support will disappoint some users, the > > benefits for > > > > > > > the broader community outweigh the downsides. > > > > > > > > > > > > > > On Tue, Dec 17, 2024 at 11:32 PM Gian Merlino <g...@apache.org > > > > wrote: > > > > > > > > > > > > > > > Regarding Hadoop: if core Druid code starts requiring Java > 17, > > we might > > > > > > > > run into issues with running that core Druid code inside the > > remote Hadoop > > > > > > > > M/R processes. People would need to update their YARN runners > > to Java 17. > > > > > > > > And given Hadoop doesn't officially support Java 17 yet, this > > might cause > > > > > > > > problems with Hadoop itself. This set of challenges would I > > think be more > > > > > > > > troublesome than running the Hadoop client inside Druid > > processes. > > > > > > > > > > > > > > > > To me this is a strong additional reason to stop supporting > > Hadoop sooner > > > > > > > > rather than later. The need for our code to be able to run > > inside Hadoop > > > > > > > > M/R processes, given how slow Hadoop moves, creates a need to > > support older > > > > > > > > Java versions and imposes a limit on our ability to use new > > Java features. > > > > > > > > > > > > > > > > Gian > > > > > > > > > > > > > > > > On 2024/12/17 07:44:12 Abhishek Agarwal wrote: > > > > > > > > > Do we really need to wait for Hadoop runtime to support > Java > > 17 if the > > > > > > > > > Hadoop client jars themselves can be used in JDK 17 > runtime? > > Spark > > > > > > > > dropped > > > > > > > > > support for Java 11 but I think, spark jobs can still use > > Hadoop client > > > > > > > > > code. So I am not sure if Hadoop is really a blocker for us > > to move off > > > > > > > > > Java 11. > > > > > > > > > > > > > > > > > > On Thu, Dec 12, 2024 at 2:08 AM Clint Wylie < > > cwy...@apache.org> wrote: > > > > > > > > > > > > > > > > > > > Now that we have removed support for Java 8, I wanted to > > start a > > > > > > > > > > discussion about dropping support for Java 11 as well > > since it is also > > > > > > > > > > pretty old, and making 17 the minimum supported version. > > There are a > > > > > > > > > > lot of nice language features with newer java versions, > so > > getting a > > > > > > > > > > bit more aggressive about refreshing the minimum > supported > > version > > > > > > > > > > periodically would allow us to begin to take advantage of > > these > > > > > > > > > > improvements, and would also reduce the number of tests > we > > need to run > > > > > > > > > > in the CI pipeline. > > > > > > > > > > > > > > > > > > > > I am aware of a couple of things to consider in this > > discussion, the > > > > > > > > > > first being that Hadoop does not yet support Java 17 as a > > runtime. > > > > > > > > > > Though it does seem to be planned > > > > > > > > > > https://issues.apache.org/jira/browse/HADOOP-17177, I am > > unsure of the > > > > > > > > > > timeline for it to be released, so we might need to wait > > until this > > > > > > > > > > happens before we can totally remove it. I am starting > > another thread > > > > > > > > > > to survey Hadoop usage to see if this actually needs to > be > > a blocker > > > > > > > > > > or not. > > > > > > > > > > > > > > > > > > > > The other thing I believe we would need to resolve is the > > Javascript > > > > > > > > > > based functionality, which is disabled by default in > > Druid, requires > > > > > > > > > > some work to keep being supported. > > > > > > > > > > https://github.com/apache/druid/pull/14795 describes the > > details I > > > > > > > > > > believe, and now that Java 8 has been dropped can > probably > > be > > > > > > > > > > re-opened or at least used as a start to resolve this > > problem. > > > > > > > > > > > > > > > > > > > > Anyone aware of any additional issues with doing this? > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > > > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org > > > > > > > > > > For additional commands, e-mail: > dev-h...@druid.apache.org > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org > > > > > > > > For additional commands, e-mail: dev-h...@druid.apache.org > > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org > > > > > For additional commands, e-mail: dev-h...@druid.apache.org > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org > > > > For additional commands, e-mail: dev-h...@druid.apache.org > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org > > > For additional commands, e-mail: dev-h...@druid.apache.org > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@druid.apache.org > > For additional commands, e-mail: dev-h...@druid.apache.org > > > > >
