[GSoC 2026] Arpan Chakraborty - Draft Proposal Review Request

Contributing GSoC
1

Hi mentors and Jenkins community,

I have prepared a draft proposal for the GSoC 2026 project:
“Jenkins email notifications using Outlook SMTP with OAuth 2.0”

Could @alexearl and @Kris_Stern please review my draft
and provide feedback?

Draft proposal: [GSoC 2026 Proposal - Jenkins OAuth SMTP - Arpan Chakraborty - Google Docs]

My contributions so far (jenkinsci/email-ext-plugin):

  • PR #1493: Fix deprecated StringUtils.equals in MailAccount.java
  • PR #1494: Replace deprecated ACL.SYSTEM with Jenkins.getAuthentication()
  • PR #1495: Fix GroovyClassLoader resource leak with try-with-resources
  • PR #1496: Replace ACL.SYSTEM → ACL.SYSTEM2 and
    Tasks.getAuthenticationOf() → Tasks.getAuthenticationOf2()

I have studied the OAuth 2.0 Client Credentials Flow and the
Microsoft identity platform token endpoint in detail. Looking
forward to your feedback!

Thank you!
— Arpan Chakraborty

2

Update — March 17, 2026

Since my last post, I have made the following progress:

  • Submitted 4 pull requests to jenkinsci/email-ext-plugin (#1493, #1494, #1497, #1503) — all CI checks passing

  • PR #1493 received review feedback from @alexearl — applied spotless formatting as requested

  • GSoC proposal has been submitted to the portal

Looking forward to mentor feedback!

3

Update — March 18, 2026

Merged PRs:

  • PR #1493 — Fix deprecated StringUtils.equals in MailAccount.java

  • PR #1503 — Add missing @param Javadoc tags in UpstreamComitter

Open PRs (CI green, review pending):

  • PR #1494 — Replace deprecated ACL.SYSTEM with Jenkins.getAuthentication()

  • PR #1507 — Remove unused deprecated Util class (17/17 CI checks passed)

Open PRs (under review):

  • PR #1497 — Fix resource leak by wrapping GroovyClassLoader in try-with-resources

  • PR #1505 — Replace deprecated ACL.SYSTEM with ACL.SYSTEM2

Maintainer-aligned architecture understanding: After @alexearl closed PR #1491 with guidance to use entra-oauth-plugin instead of raw credential fields, I immediately understood the correct direction, confirmed the exact gap in getAuthenticator(), and engaged with targeted architectural questions on issue #1420.

Community code reviews (March 18, 2026) — 14 PRs:

  • PR #1473 — Identified regex limitation in parseSmtpErrorCode() missing mid-message SMTP error codes

  • PR #1480 — Identified 4 issues: security vulnerability via crafted JSON, Windows path bug pre-Java 24, missing template cleanup, redundant validation

  • PR #1468 vs #1499 — Comparative analysis of two competing CID attachment fixes helping maintainer decide approach

  • PR #1512 — Expert OAuth2 review: identified 999999-SNAPSHOT version issue, indentation bug, duplicate XOAUTH2 call, missing null check

  • PR #1449 — CSP compliance: identified remaining data: URI iframe issue and untested doRenderTemplate() endpoint

  • PR #1477 — Identified correct Stapler idiom (help: vs field:) for UI regression fix

  • PR #1509 — Identified temp file cleanup gap and PR title vs implementation mismatch

  • PR #1471, #1478, #1464, #1500, #1502, #1498, #1506 — CI analysis, merge conflict resolution, code quality feedback

Looking forward to mentor feedback!

4

Hi everyone! Here’s my weekly progress update:

Merged PRs:

  • #1493 - Fix deprecated StringUtils.equals
  • #1503 - Add missing @param Javadoc tags
  • #1507 - Remove unused deprecated Util class

Open PRs under review:

  • #1494 - Replace deprecated ACL.SYSTEM with Jenkins.getAuthentication()
  • #1505 - Replace deprecated ACL.SYSTEM with ACL.SYSTEM2
  • #1497 - Fix GroovyClassLoader resource leak
  • #1523 - Add unit tests for XSS fix

Community Reviews: Reviewed 15+ PRs, 7 contributors acted on my feedback.

Looking forward to any feedback!

5

Hi @slide_o_mix and @krisstern,

Hope you’re both doing well!

I just wanted to check in and share a small update as of today, March 26, 2026 partly because I’m genuinely excited about how things have been going, and partly because I just wanted to say thank you.

Contributing to this project over the past few weeks has honestly been one of the best experiences I’ve had as a developer. I wake up every morning looking forward to opening GitHub, reading through PRs, thinking about the codebase it doesn’t feel like work at all. It feels like I’ve finally found a community where I actually belong.

I have a lot of respect for both of you not just as maintainers, but as people who take the time to guide newcomers like me with so much patience and care. I genuinely look up to you, and every interaction I’ve had with you has shaped the way I think about writing good code and being a responsible open-source contributor. I hope that one day I can carry forward the same values you’ve shown me.

I’ve learned so much just by listening carefully to your feedback. Every suggestion, every comment on my PRs I read them slowly, think about them deeply, and try to apply them not just to that one task but to everything I do going forward. I never want to waste the guidance you give me, because I know how valuable your time is.

In terms of progress as of today I’ve built a standalone POC implementing the full OAuth 2.0 Client Credentials Flow with 13 WireMock-based unit tests, all passing with zero failures, running completely offline. I’ve identified the exact gap in getAuthenticator() and I have a clear understanding of how to fix it properly using the entra-oauth-plugin, exactly as you suggested. On the contribution side, 5 PRs are merged, PR #1497 is under review with all 365 tests passing, and I’ve reviewed 20+ open PRs in the community.

I’ve submitted my full draft proposal too. I would be really grateful if you could take a look whenever you get a chance even just a line or two of feedback would honestly mean the world to me. I want to make sure I’m always moving in the direction that you both feel is right for the project.

Thank you so much for your time, your patience, and for making this community feel so welcoming. I really hope I get the chance to keep learning from you and contribute meaningfully to Jenkins for a long time to come.

Warm regards,
Arpan Chakraborty
(March 26, 2026)

6

“Updated note: OAuthTokenProviderTest ran 9 tests in the final build (March 28, 2026). The Figure 1 screenshot shows an earlier run with 8 tests before testCacheHitLatency() was added. BUILD SUCCESS terminal (Figure 3) confirms 14 tests total, 0 failures.”

7

Update — April 1–4, 2026

Hi everyone Here’s my progress update for this week:

Newly merged PRs:

  • #1541 — Fix SMTP 4xx transient error retry logic

  • #1550 — Extract SMTP property keys as named constants

  • #1553 — fix: restore thread interrupt flag in renderTemplate()

  • #1555 — fix: resolve JENKINS-26838 — replace IsChildFileCallable with FilePath.isDescendant()

Total merged PRs so far: 9

Other contributions:

  • Resolved a long-standing TODO (JENKINS-26838) in AbstractEvalContent.java — replaced custom IsChildFileCallable inner class with the built-in FilePath.isDescendant() API

  • 25+ community code reviews on open PRs from other contributors

Proposal has been submitted . Waiting for results on April 30!

Thanks again to @slide_o_mix and @alexearl for the support throughout.

Arpan Chakraborty

8

Hi everyone Here’s a quick update on my contributions
to email-ext-plugin for the past two weeks
(April 1 - April 11) as a GSoC 2026 applicant.

PRs merged:

  • PR #1550: Extract SMTP property keys as named constants
  • PR #1541: Add unit tests for AbortedTrigger

PRs opened (all CI green):

  • PR #1553: Fix InterruptedException handling in
    EmailExtTemplateAction.renderTemplate()
  • PR #1555: Resolve TODO JENKINS-26838 - replace
    IsChildFileCallable with FilePath.isDescendant()
  • PR #1559: Add unit tests for EmailThrottler
    (zero coverage before)
  • PR #1561: Fix InterruptedException in
    ContentBuilder.transformText() - called on every email send
  • PR #1562: Fix InterruptedException in
    ExtendedEmailPublisher.addContent()
  • PR #1565: Improve exception handling in
    RecipientProviderUtilities + fix SpotBugs null
    dereference in RequesterRecipientProvider
  • PR #1566: Add unit tests for EmailExtTemplateActionFactory

Code reviews:

  • Reviewed PRs #1557, #1558, #1560, #1564 with
    meaningful technical feedback

Overall contributions:

  • 8 merged PRs total
  • 30+ code reviews
9

Hlw @krisstern @slide_o_mix

Quick update for today (April 17, 2026)

Finally got the real OAuth2 flow working end-to-end on my POC:

  • Real OAuth2 token acquired from Microsoft Entra ID (2047 chars)

  • STARTTLS established to smtp.office365.com:587

  • XOAUTH2 authentication attempted correctly

  • All 14 unit tests passing (Failures: 0, Errors: 0)

SMTP AUTH failed only due to missing admin consent on my university tenant not a code issue. The core OAuth2 flow is fully validated.

POC: https://github.com/ArpanC6/jenkins-oauth2-smtp-poc

Thank you both for your guidance throughout this journey. Waiting eagerly for April 30

Arpan Chakraborty