Set minimum jenkins version to 2.164.3 #1
Conversation
|
Pretty please? |
|
Perhaps would be nice if we could get release permissions? 🤔 |
|
Oops, sorry, I didn't receive any notification about this... need to review my filters. BTW I don't have permissions on this repo, would you mind to include me in the PR @jetersen? |
|
@amuniz sure thing! |
|
@escoem thanks for releasing it 👏 |
|
this add back triliead-api as an implied dependency for a version of core that is arbitrary. There are no security fixes for 2.164 from tomorrow (Cloudbees was the only company I am aware of that was providing them) and that leaves 2.190 as a lowest version that gets security fixes. looking at install trend for casc of people that upgrade (say 1.35) 87% of people are on 2.190 or newer. if you take 1.36 then that number increases above 90%... allowing users to keep getting features on insecure jenkins versions is an anti pattern that we should be trying to stopp |
@jtnord we just need one release on a low version for bom so there's at least one version on each bom line and then it can be increased again |
|
also @jtnord 1.37 has a minimum version of ~2.220 we are fine with bumping the version, but currently because of how bom is setup, a plugin has to have at least 1 one release on all supported lines |
|
@timja thanks for the explanation. |
Hi I'm trying to bump the version of jcasc in the bom, but this is blocked on this plugin having a core dep of 2.204, in order to introduce this plugin to the bom it needs to have a version available on all supported lines,
we're dropping the 2.150 line which makes 2.164.x the minimum required line,
would you consider dropping your minimum so that this can be added to the bom and the jcasc plugin version can be increased there?
cc @escoem @amuniz
jenkinsci/bom#214
ref jenkinsci/bom#214