[GSoC 2026] Arpan Chakraborty - Draft Proposal Review Request

Contributing GSoC
1

Hi mentors and Jenkins community,

I have prepared a draft proposal for the GSoC 2026 project:
“Jenkins email notifications using Outlook SMTP with OAuth 2.0”

Could @alexearl and @Kris_Stern please review my draft
and provide feedback?

Draft proposal: [GSoC 2026 Proposal - Jenkins OAuth SMTP - Arpan Chakraborty - Google Docs]

My contributions so far (jenkinsci/email-ext-plugin):

  • PR #1493: Fix deprecated StringUtils.equals in MailAccount.java
  • PR #1494: Replace deprecated ACL.SYSTEM with Jenkins.getAuthentication()
  • PR #1495: Fix GroovyClassLoader resource leak with try-with-resources
  • PR #1496: Replace ACL.SYSTEM → ACL.SYSTEM2 and
    Tasks.getAuthenticationOf() → Tasks.getAuthenticationOf2()

I have studied the OAuth 2.0 Client Credentials Flow and the
Microsoft identity platform token endpoint in detail. Looking
forward to your feedback!

Thank you!
— Arpan Chakraborty

2

Update — March 17, 2026

Since my last post, I have made the following progress:

  • Submitted 4 pull requests to jenkinsci/email-ext-plugin (#1493, #1494, #1497, #1503) — all CI checks passing

  • PR #1493 received review feedback from @alexearl — applied spotless formatting as requested

  • GSoC proposal has been submitted to the portal

Looking forward to mentor feedback!

3

Update — March 18, 2026

Merged PRs:

  • PR #1493 — Fix deprecated StringUtils.equals in MailAccount.java

  • PR #1503 — Add missing @param Javadoc tags in UpstreamComitter

Open PRs (CI green, review pending):

  • PR #1494 — Replace deprecated ACL.SYSTEM with Jenkins.getAuthentication()

  • PR #1507 — Remove unused deprecated Util class (17/17 CI checks passed)

Open PRs (under review):

  • PR #1497 — Fix resource leak by wrapping GroovyClassLoader in try-with-resources

  • PR #1505 — Replace deprecated ACL.SYSTEM with ACL.SYSTEM2

Maintainer-aligned architecture understanding: After @alexearl closed PR #1491 with guidance to use entra-oauth-plugin instead of raw credential fields, I immediately understood the correct direction, confirmed the exact gap in getAuthenticator(), and engaged with targeted architectural questions on issue #1420.

Community code reviews (March 18, 2026) — 14 PRs:

  • PR #1473 — Identified regex limitation in parseSmtpErrorCode() missing mid-message SMTP error codes

  • PR #1480 — Identified 4 issues: security vulnerability via crafted JSON, Windows path bug pre-Java 24, missing template cleanup, redundant validation

  • PR #1468 vs #1499 — Comparative analysis of two competing CID attachment fixes helping maintainer decide approach

  • PR #1512 — Expert OAuth2 review: identified 999999-SNAPSHOT version issue, indentation bug, duplicate XOAUTH2 call, missing null check

  • PR #1449 — CSP compliance: identified remaining data: URI iframe issue and untested doRenderTemplate() endpoint

  • PR #1477 — Identified correct Stapler idiom (help: vs field:) for UI regression fix

  • PR #1509 — Identified temp file cleanup gap and PR title vs implementation mismatch

  • PR #1471, #1478, #1464, #1500, #1502, #1498, #1506 — CI analysis, merge conflict resolution, code quality feedback

Looking forward to mentor feedback!