Remove 2.361.x support (#2121)

* Use 2.387.x in example * Drop 2.361.x from plugin BOM https://www.jenkins.io/security/advisory/2023-03-08/ notes a security vulnerability in Jenkins versions prior to 2.375.4. Let's drop support for 2.361.x to reduce the testing load and to encourage users to upgrade and avoid security issues. 98% of the 96000 installations of git plugin 5.0 were already running 2.375.1 or newer as of 1 May 2023. Over 40% of all git plugin installations were using 2.375.1 or newer as of 1 May 2023. Users that are upgrading to within 6 months of the most recent release (about 1/3 of the total installed base) are upgrading both core and plugins. * Explain why we rarely keep more than 3 LTS lines * Better phrasing Co-authored-by: Jesse Glick <jglick@cloudbees.com> --------- Co-authored-by: Jesse Glick <jglick@cloudbees.com>
jenkinsci · May 30, 2023 · 9795216 · 9795216
1 parent 7c1ccf4
commit 9795216
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 55 deletions.
diff --git a/README.md b/README.md
@@ -14,7 +14,7 @@ If you are interested in a Bill of Materials for Jenkins core components, see [t
 After selecting your plugin’s LTS baseline:
 
 ```xml
-<jenkins.version>2.361.4</jenkins.version>
+<jenkins.version>2.387.3</jenkins.version>
 ```
 
 just import the [latest BOM](https://github.com/jenkinsci/bom/releases) from that line:
@@ -24,7 +24,7 @@ just import the [latest BOM](https://github.com/jenkinsci/bom/releases) from tha
     <dependencies>
         <dependency>
             <groupId>io.jenkins.tools.bom</groupId>
-            <artifactId>bom-2.361.x</artifactId>
+            <artifactId>bom-2.387.x</artifactId>
             <version>…</version>
             <scope>import</scope>
             <type>pom</type>
@@ -186,9 +186,10 @@ The CI build (or just `mvn test -P2.nnn.x`) will fail if some managed plugins ar
 [This script](https://gist.github.com/jglick/0a85759ea65f60e107ac5a85a5032cae)
 is a handy way to find the most recently released plugin version compatible with a given line,
 according to the `jenkins-infra/update-center2`.
-The UC currently maintains releases for the [past 400 days](https://groups.google.com/g/jenkins-infra/c/LTrRUqkgeQA/m/UmQMD5gDAgAJ)
-so it is reasonable to retire BOMs for lines older than that,
-or otherwise when the number of accumulated version overrides becomes large.
+
+The [developer documentation](https://www.jenkins.io/doc/developer/plugin-development/choosing-jenkins-baseline/) recommends the last releases of each of the previous two LTS baselines.
+BOMs for the current LTS release and two prior LTS releases are typically retained.
+BOMs older than the two prior LTS releases will generally be retired in order to better manage evaluation costs and maintenance efforts.
 
 ## Releasing
 

diff --git a/bom-2.361.x/pom.xml b/bom-2.361.x/pom.xml
diff --git a/pom.xml b/pom.xml
@@ -23,7 +23,6 @@
     <module>bom-2.401.x</module>
     <module>bom-2.387.x</module>
     <module>bom-2.375.x</module>
-    <module>bom-2.361.x</module>
     <module>sample-plugin</module>
   </modules>
   <scm child.scm.connection.inherit.append.path="false" child.scm.developerConnection.inherit.append.path="false" child.scm.url.inherit.append.path="false">

diff --git a/sample-plugin/pom.xml b/sample-plugin/pom.xml
@@ -693,12 +693,5 @@
         <jenkins.version>2.375.4</jenkins.version>
       </properties>
     </profile>
-    <profile>
-      <id>2.361.x</id>
-      <properties>
-        <bom>2.361.x</bom>
-        <jenkins.version>2.361.4</jenkins.version>
-      </properties>
-    </profile>
   </profiles>
 </project>