diff --git a/jep/311/README.adoc b/jep/311/README.adoc new file mode 100644 index 00000000..44a46579 --- /dev/null +++ b/jep/311/README.adoc @@ -0,0 +1,131 @@ += JEP-311: Upgrade guava to 30.0-jre +:toc: preamble +:toclevels: 3 +ifdef::env-github[] +:tip-caption: :bulb: +:note-caption: :information_source: +:important-caption: :heavy_exclamation_mark: +:caution-caption: :fire: +:warning-caption: :warning: +endif::[] + +.**JEP Template** + +.Metadata +[cols="1h,1"] +|=== +| JEP +| 311 + +| Title +| Upgrade Guava + +| Sponsor +| link:https://github.com/dbreheret[Dominique Breheret] + +// Use the script `set-jep-status ` to update the status. +| Status +| Draft :speech_balloon: + +| Type +| Standards + +| Created +| :bulb: + +| BDFL-Delegate +| TBD + +// +// +// Uncomment if there is an associated placeholder JIRA issue. +//| JIRA +//| :bulb: https://issues.jenkins-ci.org/browse/JENKINS-nnnnn[JENKINS-nnnnn] :bulb: +// +// +// Uncomment if discussion will occur in forum other than jenkinsci-dev@ mailing list. +//| Discussions-To +//| :bulb: Link to where discussion and final status announcement will occur :bulb: + +| Requires +| + +// Uncomment and fill if this JEP is rendered obsolete by a later JEP +//| Superseded-By +//| :bulb: JEP-NUMBER :bulb: +// +// +// Uncomment when this JEP status is set to Accepted, Rejected or Withdrawn. +//| Resolution +//| :bulb: Link to relevant post in the jenkinsci-dev@ mailing list archives :bulb: + +|=== + +== Abstract + +Jenkins uses guava version 11.0.1, which is seriously dated. +Security AppScan are not happy about this version. + +== Specification + +Guava is a suite of core and expanded libraries that include +utility classes, google's collections, io classes, and much +much more. + + Guava (complete) has only one code dependency - javax.annotation, + per the JSR-305 spec. + +See the link:https://github.com/google/guava/releases/tag/v30.0[Guava release notes] + +== Motivation + +To be up to date and avoid https://nvd.nist.gov/vuln/detail/CVE-2018-10237 + +== Reasoning + + + +== Backwards Compatibility + +See the link:compatibility.adoc[compatibility table]. + +=== Predicate enforces @Nullable + +The only change needed on Jenkins core was to fix compilation errors raised by @Nullable attribute. + +See the related guava class: + +[source,java] +package com.google.common.base; +... +public interface Predicate extends java.util.function.Predicate { + boolean apply(@Nullable T var1); + ... +} + + +== Security + +There are no known security risks related to this proposal. + +== Infrastructure Requirements + +There are no new infrastructure requirements related to this proposal. + +== Testing + +Besides tests inside Jenkins core itself, +CloudBees will endeavor to verify that all +link:https://docs.cloudbees.com/search?&type=ci-plugins&ci-plugins-tier=verified[“Tier 1”] and +link:https://docs.cloudbees.com/search?&type=ci-plugins&ci-plugins-tier=compatible[“Tier 2”] +plugins are compatible with the core changes, +as determined by acceptance tests (ATH) and `plugin-compat-tester` (PCT). + +== Prototype Implementation + +link:https://github.com/jenkinsci/jenkins/pull/5059[jenkins #5059] is the main change. + +== References + +* link:https://github.com/jenkinsci/jenkins/pull/5059[jenkins #5059] +* link:compatibility.adoc[Compatibility table] diff --git a/jep/311/compatibility.adoc b/jep/311/compatibility.adoc new file mode 100644 index 00000000..0ae31ea0 --- /dev/null +++ b/jep/311/compatibility.adoc @@ -0,0 +1,176 @@ += JEP-311: Upgrading guava to 30.0-jre + +Use this space to track the status of plugins that may or may not be compatible with JEP-311. +Refer to general information about link:README.adoc#backwards-compatibility[backwards compatibility] +for tips on searching for potentially problematic API usages. + +Plugins which do not do anything special with Guava need not be listed. + +Please use pull requests as needed to help maintain the following table. +Plugins should be sorted by code identifier +(usually, but not always, the portion in the GitHub repository name preceding `-plugin`). + +If you file issues in Jira, please apply the `JEP-311` label as well as noting them here. +(link:https://issues.jenkins-ci.org/issues/?jql=resolution%20%3D%20Unresolved%20and%20labels%20in%20(JEP-311)[Open JEP-228 issues]) + +[cols=".<1,.<2,5", options="header"] +|=== +|Plugin |Status |Notes + +|link:https://plugins.jenkins.io/advanced-installer-msi-builder/[advanced-installer-msi-builder] +|To be investigated +| + +|link:https://plugins.jenkins.io/allure-jenkins-plugin/[allure-jenkins-plugin] +|To be investigated +| + +|link:https://plugins.jenkins.io/ant/[ant] +|To be investigated +| + +|link:https://plugins.jenkins.io/atlassian-bitbucket-server-integration/[atlassian-bitbucket-server-integration] +|To be investigated +| + +|link:https://plugins.jenkins.io/atlassian-jira-software-cloud/[atlassian-jira-software-cloud] +|To be investigated +| + +|link:https://plugins.jenkins.io/blueocean/[blueocean] +|To be investigated +| + +|link:https://plugins.jenkins.io/clang-scanbuild/[clang-scanbuild] +|To be investigated +| + +|link:https://plugins.jenkins.io/copyartifact/[copyartifact] +|To be investigated +| + +|link:https://plugins.jenkins.io/custom-tools-plugin/[custom-tools-plugin] +|To be investigated +| + +|link:https://plugins.jenkins.io/dashboard-view/[dashboard-view] +|To be investigated +| + +|link:https://plugins.jenkins.io/dependency-check-jenkins-plugin/[dependency-check-jenkins-plugin] +|To be investigated +| + +|link:https://plugins.jenkins.io/deploy/[deploy] +|To be investigated +| + +|link:https://plugins.jenkins.io/ecutest/[ecutest] +|To be investigated +| + +|link:https://plugins.jenkins.io/email-ext/[email-ext] +|To be investigated +| + +|link:https://plugins.jenkins.io/exam/[exam] +|To be investigated +| + +|link:https://plugins.jenkins.io/flyway-runner/[flyway-runner] +|To be investigated +| + +|link:https://plugins.jenkins.io/genexus/[genexus] +|To be investigated +| + +|link:https://plugins.jenkins.io/git/[git] +|To be investigated +| + +|link:https://plugins.jenkins.io/github/[github] +|To be investigated +| + +|link:https://plugins.jenkins.io/gradle/[gradle] +|To be investigated +| + +|link:https://plugins.jenkins.io/groovy/[groovy] +|To be investigated +| + +|link:https://plugins.jenkins.io/htmlpublisher/[htmlpublisher] +|To be investigated +| + +|link:https://plugins.jenkins.io/jira/[jira] +|To be investigated +| + +|link:https://plugins.jenkins.io/junit/[junit] +|To be investigated +| + +|link:https://plugins.jenkins.io/matrix-auth/[matrix-auth] +|To be investigated +| + +|link:https://plugins.jenkins.io/matrix-project/[matrix-project] +|To be investigated +| + +|link:https://plugins.jenkins.io/maven-plugin/[maven-plugin] +|To be investigated +| + +|link:https://plugins.jenkins.io/nodejs/[nodejs] +|To be investigated +| + +|link:https://plugins.jenkins.io/packer/[packer] +|To be investigated +| + +|link:https://plugins.jenkins.io/persona/[persona] +|To be investigated +| + +|link:https://plugins.jenkins.io/promoted-builds/[promoted-builds] +|To be investigated +| + +|link:https://plugins.jenkins.io/radargun/[radargun] +|To be investigated +| + +|link:https://plugins.jenkins.io/role-strategy/[role-strategy] +|To be investigated +| + +|link:https://plugins.jenkins.io/sealights/[sealights] +|To be investigated +| + +|link:https://plugins.jenkins.io/snyk-security-scanner/[snyk-security-scanner] +|To be investigated +| + +|link:https://plugins.jenkins.io/sonar/[sonar] +|To be investigated +| + +|link:https://plugins.jenkins.io/ssh2easy/[ssh2easy] +|To be investigated +| + +|link:https://plugins.jenkins.io/workflow-cps/[workflow-cps] +|To be investigated +| + +|link:https://plugins.jenkins.io/xunit/[xunit] +|To be investigated +| + +|===