Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(java): Require Jenkins core 2.479.3 and Java 17. #16

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat(java): Require Jenkins core 2.479.3 and Java 17. #16

wants to merge 2 commits into from

Conversation

gounthar
Copy link
Contributor

@gounthar gounthar commented Feb 27, 2025
edited
Loading

Hello 42crunch-security-audit developers! 👋

This is an automated pull request created by the Jenkins Plugin Modernizer tool. The tool has applied the following recipes to modernize the plugin:

Upgrade to the next major parent version (5.X) requiring Jenkins 2.479 and Java 17

io.jenkins.tools.pluginmodernizer.UpgradeNextMajorParentVersion

Upgrade to the next major parent version (5.X) requiring Jenkins 2.479 and Java 17.

Why Upgrade to Java 17 and Jenkins 2.479.x?

  • Embrace Java 17 LTS Stability: Benefit from long-term support with modern language features that improve development practice and plugin performance.

  • Harness Jenkins 2.479.x Innovations: Stay aligned with the latest features and stability improvements, ensuring smooth integration and future-proofing.

  • Enhance Security: Protect your plugin with up-to-date security fixes from both Java 17 and Jenkins core improvements.

  • Align with the Community: Keep pace with ecosystem shifts towards Java 17, ensuring compatibility and expanding your plugin's user base.

  • Enjoy a Better Developer Experience: Make the most of advanced tooling support and simplified dependency management with Java 17's enhancements.

Removing developers Tag from pom.xml

Jenkins no longer requires the developers tag in pom.xml, as the developers section was traditionally used to list individuals responsible for the plugin.
Instead, Jenkins now uses the Repository Permission Updater (RPU) to manage permissions and developer information.

Benefits of Removing developers Tag:
  • Simplification: Removes unnecessary metadata from the pom.xml, resulting in a cleaner and more maintainable file.
  • Consistency: Centralizes developer information management through the RPU, minimizing discrepancies.
  • Security: Utilizes the RPU's controlled permission management, enhancing the security of artifact deployments.

Removing the developers tag aligns with modern Jenkins infrastructure standards and prevents outdated or redundant developer information from being included in plugin metadata.

JEP-227: Replace Acegi Security with Spring Security

Migrating Jenkins plugin code from Acegi Security to Spring Security is important for several reasons:

  • Security updates: Spring Security is the modern, actively maintained successor to Acegi Security, providing up-to-date security features and patches.
  • Compatibility: Jenkins core version 2.266 and later have replaced Acegi Security with Spring Security, so plugins need to be updated to remain compatible with newer Jenkins versions.
  • Eliminating false positives: Security scanners often flag the outdated Acegi Security library as vulnerable, causing unnecessary concerns and exemption requests in security-conscious organizations.
  • Reducing technical debt: The Acegi Security code in Jenkins was written over 13 years ago and has barely been touched since, making it difficult to maintain and understand.
  • Access to modern features: Spring Security offers more current security implementations and features that weren't available in Acegi Security.
  • Community support: With the Jenkins ecosystem moving to Spring Security, plugins using the newer library will benefit from better community support and compatibility with other plugins.
  • Simplified API: The migration offers an opportunity to introduce a new simplified security API in Jenkins, potentially making it easier for plugin developers to work with security-related functions.

By migrating to Spring Security, plugin developers ensure their code remains compatible with current Jenkins versions, benefit from modern security features, and contribute to a more secure and maintainable Jenkins ecosystem.

Summary

By upgrading, you'll be positioning your plugin at the forefront of performance, security, and user satisfaction. We encourage you to explore these updates and provide feedback. Let's continue to build a robust Jenkins ecosystem together!

@gounthar
Copy link
Contributor Author

Hi @MarkEWaite,

Would you mind replaying this build with the supplied Jenkinsfile? These modifications build successfully on my machine.

Thanks.

@MarkEWaite
Copy link

@ak1394 this will fix the failing master branch job on ci.jenkins.io

@gounthar
Copy link
Contributor Author

Thanks, Mark! 🚀

@gounthar gounthar changed the title eat: upgrade to Jenkins LTS Core 2.479.3 for Java 17 support feat: upgrade to Jenkins LTS Core 2.479.3 for Java 17 support Mar 7, 2025
@gounthar gounthar force-pushed the plugin-modernizer/upgradenextmajorparentversion branch from b362c9b to 3d4487c Compare March 7, 2025 08:40
@gounthar gounthar changed the title feat: upgrade to Jenkins LTS Core 2.479.3 for Java 17 support feat(java): Require Jenkins core 2.479.3 and Java 17. Mar 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@gounthar @MarkEWaite