Some thoughts on Apache file uploader 2.x As far as I know, Apache file uploader 2.x has not been able to release the GA version and is still in the snapshot version status. https://mvnrepository.com/artifact/commons-fileupload/commons-fileupload
In addition, the apache file uploader package name has been changed from org.apache.commons.fileupload to org.apache.commons.fileupload2 Introducing this upgrade would seem to run counter to our ongoing vision of reducing the API surface area of Jenkins core. In addition, in version 1.3 of Apache file uploader, we used our own patch branch for a long time and did not reuse the upstream version until 1.4. https://github.com/jenkinsci/jenkins/pull/5174 Is it possible to consider reverting our fork version and self-releasing fork file uploader 1.6 version using jakarta api I tried this modification in my own repository https://github.com/BobDu/commons-fileupload/pull/1/files It looks like it compiles easily and passes the internal unit tests Is this solution feasible? 在2024年3月29日星期五 UTC+8 06:42:11<Mark Waite> 写道: > The Spring project has announced that Spring Security 5.8.x and Spring > Framework 5.3.x will be end of life on August 31, 2024 > <https://spring.io/blog/2024/03/01/support-timeline-announcement-for-spring-framework-6-0-x-and-5-3-x>. > > Jenkins currently uses Spring Security 5.8.x and Spring Framework 5.3.x. > > Jenkins needs to upgrade to Spring Security 6.x. Spring Security 6.x in > Jenkins requires: > > - Spring Framework 6.x which requires Java 17 and Jakarta EE 9 > > <https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Versions#jdk-version-range> > > When Jenkins transitions from Jakarta EE 8 to Jakarta EE 9, we'll also > need to use: > > - Jetty 12 > - Apache file uploader 2.x > > Given the size of that change and its dependency on Java 17 as a minimum > Jenkins version, I think that we want to switch Jenkins to require Java 17 > as soon as possible after the last Java 11 LTS baseline is selected. > > *Proposed Timeline* > > - 26 Jun 2024 - Choose LTS baseline for last LTS to support Java 11 > - 3 Jul 2024 - Require Java 17 in Jenkins weekly release > - 7 Aug 2024 -Last LTS.1 release to support Java 11 (likely 2.464.1) > - 31 Aug 2024 Spring Security 5.8.x public support ends > - 18 Sep 2024 - Choose LTS baseline to require Java 17 > - 2 Oct 2024 - Last LTS.3 to support Java 11 > - 30 Oct 2024 - First LTS.1 to require Java 17 (likely 2.476.1) > > Basil prototyped the Jakarta EE 9 upgrade in August 2023. The prototype > showed that the bridge method injector may help with the transition. The > prototype showed that there is a lot of work to be done in order to upgrade > Spring Security in Jenkins from 5.x to 6.x > > I noted the timeline because I had initially assumed that we would > transition Jenkins weekly to require Java 17 in late August or early > September 2024. Based on the large amount of work that is needed for the > Spring Security upgrade from 5.x to 6.x, I think that we should require > Java 17 the week after we've selected the baseline for the final LTS line > that will support Java 11. > > If you're willing to help with the Spring Security upgrade project, I'd > love to have you respond to this email message. If you have strong > objections to the timeline, please respond with your concerns. > > I will share more details as I learn more. > > Thanks, > Mark Waite > -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-dev+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/fbe515c7-6dab-48d3-9bca-ea7924f41093n%40googlegroups.com.
