Hi Francesco and all syncopers,
nice roadmap, LVGTM.
Best regards,
Andrea
On 15/11/24 08:19, Francesco Chicchiriccò wrote:
Hi there,
I was thinking about our next releases, by keeping our dependency
ecosystem into account.
* branch 3_0_X
We have recently cut 3.0.9 and addressed last CVE; since then we are
anyway providing bug fixes and enhancements [1] which will likely
bring to 3.0.10 possibly before end of year.
Since this branch is based on Spring Boot 2.7 which has been out of
open source support for about one year now [2], we have been
overriding the Spring Framework (5.3.x) and Security (5.8.x) versions
for a while to keep up as much as possible; the time has come,
however, for them to end their open source support as well [3] [4].
Moreover, Apereo CAS 6.6 is EOL.
* branch master
I would say that a first milestone release for 4.0 should be cut from
here as soon as we are able to upgrade any SNAPSHOT dependency to
their next stable version. At the moment we have CXF 4.1.0-SNAPSHOT
only, but it seems they could be releasing 4.1.0 at the beginning of
December [5].
Being our next stable version, the work there has been progressing in
the last months [6], including the major upgrade to Jakarta EE and JDK
21.
We are based on Spring Boot 3.3 at present, so we should be good for
open source support for quite some time.
Apereo CAS is set to 7.1, the current stable release set [7].
Once 4.0.0-M0 is out, I think it would also make sense to rename the
current master branch as 4_0_X and upgrade the new master branch to
Spring Boot 3.4 and CAS 7.2, with purpose of potentially releasing 4.1
with some shorter cycle in order to keep up with the faster-releasing
ecosystem we are depending from.
* summary
1. release 3.0.10 as soon as we are good with the amount of
maintenance work, possibly before end of 2024
2. release 4.0.0-M0 as soon as CXF 4.1.0 is out, possibly before end
of 2024
3. start working on 4.1 right afterwards
WDYT?
[1]
https://issues.apache.org/jira/issues/?jql=project%20%3D%20SYNCOPE%20AND%20fixVersion%20%3D%203.0.10
[2] https://spring.io/projects/spring-boot#support
[3] https://spring.io/projects/spring-framework#support
[4] https://spring.io/projects/spring-security#support
[5] https://lists.apache.org/thread/movf2qso9qhrnh9lwx0cfyg11ds11m32
[6]
https://issues.apache.org/jira/issues/?jql=project%20%3D%20SYNCOPE%20AND%20fixVersion%20%3D%204.0.0
[7] https://apereo.github.io/cas/developer/Maintenance-Policy.html
--
Andrea Patricelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope
