jenkinsci · dbreheret · Nov 18, 2020 · Nov 20, 2020 · Nov 20, 2020 · Nov 20, 2020
@@ -0,0 +1,131 @@
+= JEP-311: Upgrade guava to 30.0-jre
+:toc: preamble
+:toclevels: 3
+ifdef::env-github[]
+:tip-caption: :bulb:
+:note-caption: :information_source:
+:important-caption: :heavy_exclamation_mark:
+:caution-caption: :fire:
+:warning-caption: :warning:
+endif::[]
+
+.**JEP Template**
+
+.Metadata
+[cols="1h,1"]
+|===
+| JEP
+| 311
+
+| Title
+| Upgrade guava to 30.0-jre
+
+| Sponsor
+| link:https://github.com/dbreheret[Dominique Breheret]
+
+// Use the script `set-jep-status <jep-number> <status>` to update the status.
+| Status
+| Draft :speech_balloon:
+
+| Type
+| Standards
+
+| Created
+| 2020-11-18
+
+| BDFL-Delegate
+| TBD
+
+//
+//
+// Uncomment if there is an associated placeholder JIRA issue.
+//| JIRA
+//| :bulb: https://issues.jenkins-ci.org/browse/JENKINS-nnnnn[JENKINS-nnnnn] :bulb:
+//
+//
+// Uncomment if discussion will occur in forum other than jenkinsci-dev@ mailing list.
+//| Discussions-To
+//| :bulb: Link to where discussion and final status announcement will occur :bulb:
+
+| Requires
+|
+
+// Uncomment and fill if this JEP is rendered obsolete by a later JEP
+//| Superseded-By
+//| :bulb: JEP-NUMBER :bulb:
+//
+//
+// Uncomment when this JEP status is set to Accepted, Rejected or Withdrawn.
+//| Resolution
+//| :bulb: Link to relevant post in the jenkinsci-dev@ mailing list archives :bulb:
+
+|===
+
+== Abstract
+
+Jenkins uses guava version 11.0.1, which is seriously dated.
+Security AppScan are not happy about this version.
+
+== Specification
+
+Guava is a suite of core and expanded libraries that include
+utility classes, google's collections, io classes, and much
+much more.
+
+ Guava (complete) has only one code dependency - javax.annotation,
+    per the JSR-305 spec.
+
+See the https://xxxhttps://github.com/google/guava/releases/tag/v30.0[Guava release notes]
+
+== Motivation
+
+To be up to date and avoid https://nvd.nist.gov/vuln/detail/CVE-2018-10237
+
+== Reasoning
+
+
+
+== Backwards Compatibility
+
+See the link:compatibility.adoc[compatibility table].
+
+=== Predicate enforces @Nullable
+
+The only change needed on Jenkins core was to fix compilation errors raised by @Nullable attribute.
+
+See the related guava class:
+
+[source,java]
+package com.google.common.base;
+...
+public interface Predicate<T> extends java.util.function.Predicate<T> {
+  boolean apply(@Nullable T var1);
+  ...
+}
+
+
+== Security
+
+There are no known security risks related to this proposal.
+
+== Infrastructure Requirements
+
+There are no new infrastructure requirements related to this proposal.
+
+== Testing
+
+Besides tests inside Jenkins core itself,
+CloudBees will endeavor to verify that all
+link:https://docs.cloudbees.com/search?&type=ci-plugins&ci-plugins-tier=verified[“Tier 1”] and
+link:https://docs.cloudbees.com/search?&type=ci-plugins&ci-plugins-tier=compatible[“Tier 2”]
+plugins are compatible with the core changes,
+as determined by acceptance tests (ATH) and `plugin-compat-tester` (PCT).
+
+== Prototype Implementation
+
+link:https://github.com/jenkinsci/jenkins/pull/5059[jenkins #5059] is the main change.
+
+== References
+
+* link:https://github.com/jenkinsci/jenkins/pull/5059[jenkins #5059]
+* link:compatibility.adoc[Compatibility table]
@@ -0,0 +1,176 @@
+= JEP-311: Upgrading guava to 30.0-jre
+
+Use this space to track the status of plugins that may or may not be compatible with JEP-311.
+Refer to general information about link:README.adoc#backwards-compatibility[backwards compatibility]
+for tips on searching for potentially problematic API usages.
+
+Plugins which do not do anything special with XStream need not be listed.
+
+Please use pull requests as needed to help maintain the following table.
+Plugins should be sorted by code identifier
+(usually, but not always, the portion in the GitHub repository name preceding `-plugin`).
+
+If you file issues in Jira, please apply the `JEP-311` label as well as noting them here.
+(link:https://issues.jenkins-ci.org/issues/?jql=resolution%20%3D%20Unresolved%20and%20labels%20in%20(JEP-311)[Open JEP-228 issues])
+
+[cols=".<1,.<2,5", options="header"]
+|===
+|Plugin |Status |Notes
+
+|link:https://plugins.jenkins.io/advanced-installer-msi-builder/[advanced-installer-msi-builder]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/allure-jenkins-plugin/[allure-jenkins-plugin]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/ant/[ant]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/atlassian-bitbucket-server-integration/[atlassian-bitbucket-server-integration]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/atlassian-jira-software-cloud/[atlassian-jira-software-cloud]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/blueocean/[blueocean]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/clang-scanbuild/[clang-scanbuild]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/copyartifact/[copyartifact]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/custom-tools-plugin/[custom-tools-plugin]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/dashboard-view/[dashboard-view]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/dependency-check-jenkins-plugin/[dependency-check-jenkins-plugin]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/deploy/[deploy]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/ecutest/[ecutest]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/email-ext/[email-ext]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/exam/[exam]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/flyway-runner/[flyway-runner]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/genexus/[genexus]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/git/[git]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/github/[github]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/gradle/[gradle]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/groovy/[groovy]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/htmlpublisher/[htmlpublisher]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/jira/[jira]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/junit/[junit]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/matrix-auth/[matrix-auth]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/matrix-project/[matrix-project]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/maven-plugin/[maven-plugin]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/nodejs/[nodejs]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/packer/[packer]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/persona/[persona]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/promoted-builds/[promoted-builds]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/radargun/[radargun]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/role-strategy/[role-strategy]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/sealights/[sealights]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/snyk-security-scanner/[snyk-security-scanner]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/sonar/[sonar]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/ssh2easy/[ssh2easy]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/workflow-cps/[workflow-cps]
+|To be investigated
+|
+
+|link:https://plugins.jenkins.io/xunit/[xunit]
+|To be investigated
+|
+
+|===