September 2021 Update
The Jira migration was completed last month and we have (we hope for good) taken down the old Atlassian services. This was a time-consuming but ultimately necessary project, and while losing federated access is unfortunate it will certainly mean less upkeep for us in the long run. Getting people access has been a little bit of extra work, but doesn’t seem to impose much of a barrier for anybody so far.
Several more infrastructure projects are underway:
Migration of core services off of CentOS to (proposed at least) Rocky Linux, if it holds up.
Documenting as much of our project infrastructure as we can.
Hopefully dockerizing and offloading Jenkins from the main server.
Eliminating our need for an LDAP service for committers.
Moving to a simpler Nexus deployment model.
Obviously new development is going more slowly with all this underway, but it’s been a good year to “pause” a lot of new work anyway with V4.1 representing such a significant change and with the OIDC support shipping.
We do have (or will have shortly) patches for the Duo and OIDC plugins with some minor fixes. Work also continues on the OIDC proxying support.
Longer term, a clearer picture is starting to emerge on the Java 17/Spring 5/Jakarta EE 9 story. We have been tracking Java 17, and we expect to able to support it officially for IdP V4 shortly after it goes final this month. With the removal of Javascript support, one of our scripting plugins will be necessary for most deployers when using Java 17, but those are ready for use as well. Note that we have no plans to test IdP V3 on Java 17 and do not know if it’s functional there.
A preview of Spring 6 is expected to be available late this year with the final release not expected until Q4 2022, and once this drops we will be setting up a test branch of IdP V4 using it to make sure we are on track to support it, which will necessitate moving all our javax.servlet references to the jakarta packages. We will have to make sure all our dependencies have also made this move, or find alternatives. One of the open questions we have not answered yet is the status of Spring Web Flow. Conservatively speaking, we’re expecting we may have to adopt that code ourselves.
Jetty has already delivered Jetty 10 and 11 that support Java 17 and the Java EE 8 and Jakarta EE 9 specs respectively. Moving to Jetty 10 is expected to future-proof most deployments, so we will be prepping documentation for that (we have existence proofs that it works). The expectation is that moving to Spring 6 and Java EE 9 will involve a “side-grade” of Jetty to 11, with no configuration changes necessary.
Thus, our tentative plan right now is that IdP V5 is likely to be deferred until late 2022 or early 2023, with a move to Java 17, Spring 6, and Jetty 11 as the baseline components at that time. Moving to Java 17 and Jetty 10 in the short run are expected to facilitate that eventual upgrade. We will most likely deliver at least one core update to V4.2 between now and then, but nothing urgent is driving that for the moment.
Note that we are not tracking Tomcat in the same amount of depth yet, but it would appear that Tomcat 10 would be the Jakarta EE 9 container needed for IdP V5.
On the SP side, OpenSSL 3.0.0 just dropped today, so that is the signal for work to start on getting an SP 3.3 underway that will support that version and include some deprecation warnings that indicate features that might be at risk in a future redesign. We are not guaranteeing that anything we warn about will be removed, but we likely won’t intentionally remove any features that we don’t warn about unless we hit something unavoidable.
The 3.3 release will be dropping official support for macOS and SUSE Linux, though all newer SUSE releases have independently-maintained packages. Because of the work involved and the lack of demand, I don’t plan to continue to maintain the MacPorts package myself, but if somebody wants to assume ownership I can help out with that.
I will be presenting a lot of the information above at CAMP in early October on Monday after the keynote.