> In our case, per requirements levied upon us, we must maintain compatibility with all active Long Term Support (LTS) versions of Java.
CTC appears to be a government contractor, so I assume that's a government requirement. I would recommend having a hard talk with your security folks about the wisdom of using Java 8 unless they are paying for an Oracle support contract. Otherwise, they're living by the good graces of IBM/Red Hat IIRC. On Wed, Jul 3, 2024 at 1:06 PM Maucieri, Judith <copos...@ctc.com> wrote: > If I may: One large obstacle to "our" shift to v2.x is the absence of > Java 8 support (unless I overlooked updates to the plan stated in November > 2022 during release of version 1.19.0, Java 8 only remains in NiFi 1.x > releases, which you hinted at remaining accurate). > > I make this statement in support of multiple scenarios where we employ > Apache NiFi. CVEs that are not addressed in v1.x would be a major > concern. In our case, per requirements levied upon us, we must maintain > compatibility with all active Long Term Support (LTS) versions of Java. I > feel this is reinforced by LTS of RHEL 7, which just began and extends into > 2028 and employs (by default) Java 8. > > Note the LTS dates currently indicated (reference > https://en.wikipedia.org/wiki/Java_version_history): > - Java 8 December 2030 > - Java 11 January 2032 > - Java 17 September 2029 > - Java 21 September 2031 > > Thank you, > JM > > -----Original Message----- > From: Matt Burgess <mattyb...@apache.org> > Sent: Tuesday, July 2, 2024 4:05 PM > To: dev@nifi.apache.org > Subject: [DISCUSS] 1.x Maintenance > > !-------------------------------------------------------------------| > This Message Is From an External Sender > Please use caution when clicking links or opening > attachments. > |-------------------------------------------------------------------! > > There have been some ongoing discussions [1,2] about what to bring back > for PRs to 1.x vs trying to push forward with 2.x. There are of course > great points from everyone. On the 2.x front, namely that 2.x has many > improvements not just to components but the framework and UI as well, and > that we've seen less contributions to the maintenance on the 1.x line. On > the 1.x front that community members need to support 1.x for their users > for the time being. > > I'm opening this discussion thread so we can collect everyone's thoughts > so the PMC can make a sensible recommendation/decision moving forward. For > myself, I think all bug PRs should be backported where prudent/possible, > and even new features (although that can be a difficult backport due to > moving the extensions in [3], but I recommend a separate PR against 1.x, > hopefully a simple copy-paste if there are no Java 21-specific code issues, > but please run contrib-check against Java 8 first). > > I disagree with the "atrophy" sentiment from [2], a mature release line > normally experiences less contributions because it is mostly stable in its > own right. Guiding users to 2.x IMO is the right call but many of us have > to deal with the fact that it doesn't usually happen overnight, especially > without a GA release. > > I opened this discussion with my opinions but if I may humbly speak for > the PMC, we need your voice, and we look forward to all of your thoughts, > opinions, and questions. > > Thank you, > Matty B > > [1] > https://urldefense.com/v3/__https://issues.apache.org/jira/browse/NIFI-13196__;!!HkW_WPl1peM!oK4J-OlEsDT4Hl0lVpbgtfPr1qvI-MyLLzjIjPmf0O8cfZFlSIaP7B8Ei8u6ou8_hDUuBxGEIQDtUKArfA$ > [2] > https://urldefense.com/v3/__https://github.com/apache/nifi/pull/9018__;!!HkW_WPl1peM!oK4J-OlEsDT4Hl0lVpbgtfPr1qvI-MyLLzjIjPmf0O8cfZFlSIaP7B8Ei8u6ou8_hDUuBxGEIQD2THE6MA$ > [3] > https://urldefense.com/v3/__https://issues.apache.org/jira/browse/NIFI-12998__;!!HkW_WPl1peM!oK4J-OlEsDT4Hl0lVpbgtfPr1qvI-MyLLzjIjPmf0O8cfZFlSIaP7B8Ei8u6ou8_hDUuBxGEIQD3D-iGiA$ > > ----------------------------------------------------------------- > This message and any files transmitted within are intended > solely for the addressee or its representative and may contain > company proprietary information. If you are not the intended > recipient, notify the sender immediately and delete this > message. Publication, reproduction, forwarding, or content > disclosure is prohibited without the consent of the original > sender and may be unlawful. > > Concurrent Technologies Corporation and its Affiliates. > www.ctc.com 1-800-282-4392 > ----------------------------------------------------------------- >
