The Spring Framework Versions wiki page <https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Versions#supported-versions> states:
Supported versions: > > - 7.0.x is the start of a new framework generation and the current > production line (November 2025), to be followed up by the 7.1.x feature > branch (November 2026). > > > - 6.2.x is the final feature branch of the 6th generation. Open source > support ends in June 2026; commercial long-term support options are > available. > > > - 5.3.x was the final feature branch of the 5th generation. Open > source support ended in August 2024; commercial long-term support options > remain available. > > Since open source support for Spring Framework 6.2.x ends in June 2026, I think Jenkins needs to upgrade to Spring Framework 7 and Spring Security 7 before the end of June 2026. I've successfully tested a draft pull request <https://github.com/jenkinsci/jenkins/pull/26346> that combines the two Spring v7 pull requests (Spring Framework v7 <https://github.com/jenkinsci/jenkins/pull/11292> and Spring Security v7 <https://github.com/jenkinsci/jenkins/pull/11304>) with the plugin BOM <https://github.com/jenkinsci/bom/pull/6392> and the acceptance test harness <https://github.com/jenkinsci/acceptance-test-harness/pull/2622>..Minor changes <https://github.com/jenkinsci/jenkins/pull/26346/changes/92b47e1dbd6853494d94db9f5d05de1aaefeba88> were needed for two automated tests because Spring Security v7 added features that could simplify a multi-factor authentication <https://spring.io/blog/2025/10/21/multi-factor-authentication-in-spring-security-7> implementation. Minor changes <https://github.com/jenkinsci/jenkins/pull/26346/changes/7221a98a2e19205556a356aef96564060e9e9005> were needed for the Jenkins PasswordHashEncoder class because Spring Security v7 made the encoder method final and we were extending it to provide a better error message. The key question for me is: "Should we include Spring Framework v7 and Spring Security v7 in the April 2026 LTS baseline or the July 2026 LTS baseline?". The April 2026 LTS baseline will be chosen on March 4, 2026 and released on April 15, 2026. The July 2026 LTS baseline will be chosen on May 27, 2026 and released on July 8, 2026. April 2026 LTS Baseline - Jenkins always runs a supported open source Spring version. There is a several month overlap between the Spring v6 end of support and Jenkins' use of Spring v7 - Merging to the Jenkins weekly branch must happen this week or early next week to be included in the April 2026 LTS baseline. However, that only gives us 6-8 weeks of Spring v7 in weekly before its release in the April 2026 LTS baseline - Because I will be unavailable for two weeks starting February 24, 2026, others will need to handle issues with Spring v7 in Jenkins before the April LTS baseline selection. - CloudBees has less time to run its automated tests on Jenkins with Spring v7 July 2026 LTS Baseline - Jenkins will have a brief period (July 1 - July 8, 2026) where the most recent LTS release uses an unsupported open source Spring version - Merging to the Jenkins weekly branch must wait until after the April LTS baseline. This gives us as much as 12 weeks of Spring v7 in Jenkins weekly before its release in the July 2026 LTS baseline - CloudBees has much more time to run its automated tests on Jenkins with Spring v7 Which is the preferred choice? If the April 2026 LTS baseline is chosen, who will handle issue reports for Spring v7 while I'm unavailable? Thanks, Mark Waite -- You received this message because you are subscribed to the Google Groups "Jenkins Developers" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/jenkinsci-dev/CAO49JtEdN-qf_407PA%2BAXWzQzuNb1jxVh_Jp1MnHKmDeWC%3DULA%40mail.gmail.com.
