The major work item this month was to begin the Server to Cloud migration of Confluence and Jira. This is arguably premature given that we have a couple of years before we have to do this, but the Server installs were starting to become a problem during upgrades and getting it out of the way seemed to be the prudent thing to do. If you’re reading this, you are of course doing so on the Cloud instance, as we have done the initial migration of the entire wiki and are now cleaning up problems as they arise and fixing conversion glitches as we find them, which will be ongoing for a while. After a breather we’ll get back to working on the harder task of migrating Jira, which will necessitate changes to the way we handle member support. We will likely start by migrating the end-of-life projects before we move on to the live material. With some luck we hope to have everything migrated by the end of August or early September.

The other major piece of news is that the OpenID OP plugin is now officially certified.

Various bug reports continue to trickle in for the IdP and plugins, the most serious of which is a Windows incompatibility with the new Duo plugin so that’s the top research priority at the moment. We likely need to issue an IdP update to rectify that once we figure it out.

We have been spending a substantial amount of discussion and technical time working on improving the integrity of the build process, with an eye on eventually considering the use of Maven Central as a source of build artifacts provided we can verify the process sufficiently. We are making headway on a process for doing that independently of Maven itself, which will provide more flexibility in the long run, but will take more time in the short run. The prevelance of supply chain attacks these days illustrates why this is so hard but also so important to take seriously.

We are also preparing for the upcoming release of Java 17 and have been doing ongoing builds and testing with the EA releases. This is critical because when it is released, Java 11 becomes a legacy version, though it is expected that Red Hat will be assuming maintenance responsibility for it for some period of time. It is our expectation that we will be able to “certify” the IdP on Java 17, while we continue to target Java 11 as a build platform. Eventually we will rebase on Java 17 and Spring 6 for IdP V5 as a technical refresh, probably in 2022. Various lesser-used or “bulky” features such as CAS support will probably be pulled out with that version into plugins to slim down the IdP further.

Other priorities have taken precedence over the SP redesign, but of course maintenance continues with a security patch (for Windows) and a stability patch (all platforms) done in the last few weeks. The plan is still to work this fall on a V3.3 update that eliminates some old package targets (e.g., SUSE), adds new ones (Amazon Linux), and deprecates a number of complex or lightly used features in anticipation of reducing the native code footprint as drastically as we can in the future.