Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Require Jenkins 2.426.3 or newer #1581

Merged

Conversation

MarkEWaite
Copy link
Contributor

@MarkEWaite MarkEWaite commented May 5, 2024

Require Jenkins 2.426.3 or newer

Plugin installation statistics show that 82% of the 125k installations of the 5.2.1 release (most recent, 6 months old) are already running 2.426.3 or newer.

SECURITY-3414 was published in Jan 2024 and strongly recommends that users upgrade to 2.426.3 or newer.

Also updates test dependency on promoted-builds plugin to a newer version that matches with the dependency version in the parameterized trigger plugin master branch and with the version of the test dependency in the maven integration plugin.

Checklist

  • I have read the CONTRIBUTING doc
  • I have referenced the Jira issue related to my changes in one or more commit messages
  • I have added tests that verify my changes
  • Unit tests pass locally with my changes
  • I have added documentation as necessary
  • No Javadoc warnings were introduced with my changes
  • No spotbugs warnings were introduced with my changes
  • Documentation in README has been updated as necessary
  • Online help has been added and reviewed for any new or modified fields
  • I have interactively tested my changes
  • Any dependent changes have been merged and published in upstream modules (like git-client-plugin)

Types of changes

What types of changes does your code introduce?

  • Dependency or infrastructure update

MarkEWaite added 2 commits May 5, 2024 02:21
https://stats.jenkins.io/pluginversions/git.html shows that 82% of the
125k installations of the 5.2.1 release (most recent, 6 months old)
are already running 2.426.3 or newer.

https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 was
published in Jan 2024 and strongly recommends that users upgrade to
2.426.3 or newer.
Removes the dependency on project-inheritance.  Previous releases resolved
the security issue that was still open in 3.11.
@MarkEWaite MarkEWaite added the chore Reduces maintenance effort by changes not directly visible to users label May 5, 2024
@MarkEWaite MarkEWaite requested a review from a team as a code owner May 5, 2024 09:07
@github-actions github-actions bot added the dependencies Dependency related change label May 5, 2024
MarkEWaite added a commit to MarkEWaite/bom that referenced this pull request May 5, 2024
Also tests git client plugin upgrade to require Jenkins 2.426.3 or newer

Evaluates two pending pull requests:

* jenkinsci/git-client-plugin#1129
* jenkinsci/git-plugin#1581
MarkEWaite added 6 commits May 5, 2024 04:42
892.vd6219fc0a_efb was released 2 years ago.  Over 50% of all
installations of the promoted builds plugin are already using
892.vd6219fc0a_efb or newer.  Those users will see no difference from
this change, since they are already using 892.vd6219fc0a_efb.

Recent Jenkins versions will display broken icons with
older versions of the promoted builds plugin.  Fixed in
jenkinsci/promoted-builds-plugin#170 as part
of 873.v6149db_d64130.  Upgrading to 892.vd6219fc0a_efb will fix that
issue for users.

https://stats.jenkins.io/pluginversions//promoted-builds.html shows that
892.vd6219fc0a_efb is the second most popular release.  It is second
only to the most recent release, 945.v597f5c6a_d3fd.  Attempts to update
that optional dependency to the most recent release have shown consistent
failures in the plugin bill of materials.

* jenkinsci/bom#3170
* jenkinsci/bom#2809

This likely needs to be combined with the parameterized trigger plugin
upgrade of the same dependency to the same version.  Refer to

* jenkinsci/parameterized-trigger-plugin#378

Bumps [promoted-builds](https://github.com/jenkinsci/promoted-builds-plugin) from 3.11 to 892.vd6219fc0a_efb
- [Release notes](https://github.com/jenkinsci/promoted-builds-plugin/releases/tag/892.vd6219fc0a_efb)
@MarkEWaite MarkEWaite marked this pull request as draft May 6, 2024 02:37
@MarkEWaite MarkEWaite removed the dependencies Dependency related change label May 6, 2024
@github-actions github-actions bot added the dependencies Dependency related change label May 6, 2024
@MarkEWaite MarkEWaite removed the dependencies Dependency related change label May 6, 2024
@MarkEWaite MarkEWaite marked this pull request as ready for review May 6, 2024 13:31
@MarkEWaite MarkEWaite merged commit 3bc3de9 into jenkinsci:master May 7, 2024
15 checks passed
@MarkEWaite MarkEWaite deleted the require-jenkins-2.426.x-or-newer branch May 7, 2024 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
chore Reduces maintenance effort by changes not directly visible to users
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant