Hello, Thanks for this analyze Jacopo,
I hesitate if we need to backport the jakarta migration, instead to move to next release. Like the Jakarta migration is the most important element currently on trunk, move an OFBiz from 24.09.6 to 24.09.7 appears that the same gap to move a 24.09.6 to a 26.XX.1
Nicolas On 5/24/26 09:52, Jacopo Cappellato wrote:
Hi all, I would like to propose backporting, to the release24.09 branch, the Tomcat 10 / Jakarta migration (including the Apache CXF upgrade). I prepared PR #1259 (framework) and PR #260 (plugins) for this purpose, ready to be merged: https://github.com/apache/ofbiz-framework/pull/1259 https://github.com/apache/ofbiz-plugins/pull/260 I think this migration makes sense for release24.09, since it is an LTS branch already based on Java 17, considering that: * Tomcat 9 will stop receiving security fixes after March 2027 ( https://tomcat.apache.org/tomcat-9.0.x-eos.html). After that date, an LTS branch still tied to Tomcat 9 would no longer be able to receive Tomcat CVE updates. * More third-party libraries are moving away from javax.*. Staying on the old namespace will increasingly make dependency and security updates harder. For example, we currently cannot merge Dependabot PR #1132 ( https://github.com/apache/ofbiz-framework/pull/1132) because newer dependency versions already require jakarta.*. Since the migration, mostly implemented by Gaetan and Deepak, has already been validated on trunk, backporting it now could help keep the LTS branch maintainable and secure for a longer period. What do you think? Best regards, Jacopo
