Governance Meeting, March 18, 2024


18 Mar 2024

Attendees :busts_in_silhouette:

Upcoming Calendar :calendar:

  • Next weekly release: 2.450
  • Next LTS: 2.440.2, March 20, 2024
    • RC is ready to be tested
    • Jakarta Mail changes that might break some things (release notes show details)
  • Next major events:



  • Jenkins has been accepted to Google Summer of Code 2024, see Blog post from Alyssa Tong
    • Proposols to be sent by end of March
  • Jenkins award voting is in progress. These awards recognize contributions from individuals in the community and the progress made in the name of Jenkins. Nominated candidates are:
    • Most Valuable Jenkins Advocate:
      • Alexander Brandes
      • Bruno Verachten
      • Darin Pope
      • Kris Stern
    • Most Valuable Jenkins Contributor:
      • Basil Crow
      • Daniel Beck
      • Kris Stern
      • Stefan Spieker
      • Tim Jacomb
      • Ullrich Hafner
    • Jenkins Security MVP:
      • Alvaro Muñoz
      • Yaniv Nizry
    • Voting is possible until March 22, 2024

Action Items

Community activity

  • GSoC preparation: A lot of traffic in the community forums, chat rooms, and GitHub repositories
  • Contributer Spotlight this week: Bruno Verachten

Governance Topics

  • Azure expense status
    • February expenses were $4200 USD - nicely under $5000 budget
      • Special thanks to Damien, Herve, and Stephane for cost reductions
  • AWS credits donation
    • Credits have been received, not yet applying credits to Jenkins tasks
  • Delphix plugin uses a proprietary component
    • Delphix maintainers have proposed an idea for the fix
    • Thanks to @daniel-beck for finding the issue and working with Delphix plugin maintainers
  • Java 11 end of life and Spring end of public support
    • Last public build of Spring security framework 5.8.x is August 2024
      • Spring security 6.x requires Jetty 11 with Jakarta EE 9 (jakartaee.servlet), not Jetty 10 with Jakarta EE 8 (javax.servlet)
      • August 31, 2024 date seems likely to stick
    • Last public build of Spring framework 5.3.x is August 2024
      • Spring framework 6.1 and later require Java 17
    • Alternatives:
      • Accept that if there is a security vulnerability reported in Spring security 5.8.x between August 2024 and end Oct 2024, we may need to fork Spring Security and fix it ourselves
      • Mark to start discussions in the mailing list to find alterantives