Update: votes for 3.0.10 and 4.0.0-M0 were started earlier today, following the plan below.
Regards. On 15/11/24 08:19, Francesco Chicchiriccò wrote:
Hi there, I was thinking about our next releases, by keeping our dependency ecosystem into account. * branch 3_0_X We have recently cut 3.0.9 and addressed last CVE; since then we are anyway providing bug fixes and enhancements [1] which will likely bring to 3.0.10 possibly before end of year. Since this branch is based on Spring Boot 2.7 which has been out of open source support for about one year now [2], we have been overriding the Spring Framework (5.3.x) and Security (5.8.x) versions for a while to keep up as much as possible; the time has come, however, for them to end their open source support as well [3] [4]. Moreover, Apereo CAS 6.6 is EOL. * branch master I would say that a first milestone release for 4.0 should be cut from here as soon as we are able to upgrade any SNAPSHOT dependency to their next stable version. At the moment we have CXF 4.1.0-SNAPSHOT only, but it seems they could be releasing 4.1.0 at the beginning of December [5]. Being our next stable version, the work there has been progressing in the last months [6], including the major upgrade to Jakarta EE and JDK 21. We are based on Spring Boot 3.3 at present, so we should be good for open source support for quite some time. Apereo CAS is set to 7.1, the current stable release set [7]. Once 4.0.0-M0 is out, I think it would also make sense to rename the current master branch as 4_0_X and upgrade the new master branch to Spring Boot 3.4 and CAS 7.2, with purpose of potentially releasing 4.1 with some shorter cycle in order to keep up with the faster-releasing ecosystem we are depending from. * summary 1. release 3.0.10 as soon as we are good with the amount of maintenance work, possibly before end of 2024 2. release 4.0.0-M0 as soon as CXF 4.1.0 is out, possibly before end of 2024 3. start working on 4.1 right afterwards WDYT? [1] https://issues.apache.org/jira/issues/?jql=project%20%3D%20SYNCOPE%20AND%20fixVersion%20%3D%203.0.10 [2] https://spring.io/projects/spring-boot#support [3] https://spring.io/projects/spring-framework#support [4] https://spring.io/projects/spring-security#support [5] https://lists.apache.org/thread/movf2qso9qhrnh9lwx0cfyg11ds11m32 [6] https://issues.apache.org/jira/issues/?jql=project%20%3D%20SYNCOPE%20AND%20fixVersion%20%3D%204.0.0 [7] https://apereo.github.io/cas/developer/Maintenance-Policy.html
-- Francesco Chicchiriccò Tirasa - Open Source Excellence http://www.tirasa.net/ Member at The Apache Software Foundation Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail http://home.apache.org/~ilgrosso/
