Backport upgrade to Tomcat 10 / Jakarta migration#1259
Open
jacopoc wants to merge 6 commits into
Open
Conversation
* Updates tomcat catalina and jasper version from 9.0.102 to 10.1.34 * Changes the Juel library from odyseeus to activiti implementation (up to date) * Migrates javax to jakarta in java classes * Migrates file upload to jakarta version * Creation of a small utility method to handle uploads un UtilHttp Thanks to Gaëtan Chaboussie for this work (cherry picked from commit 64e5e6d)
…pache#908) Improved: Upgraded Apache CXF from 3.6.4 to 4.1.3 to support Jakarta namespace (OFBIZ-13286) (cherry picked from commit 6fd8354)
…in OFBizRealm GenericPrincipal(String,String,List) is deprecated in Tomcat 9; the replacement constructor exists only in Tomcat 10.1+ (cherry picked from commit 8b54046)
… warnings (cherry picked from commit bbfc866)
…gs in NodeELResolver (cherry picked from commit 30665b9)
… and setComment methods (OFBIZ-13189) (cherry picked from commit bfe2854)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
release24.09 is an LTS branch based on Java 17.
Tomcat 9 will stop receiving security fixes after March 2027 (https://tomcat.apache.org/tomcat-9.0.x-eos.html). After that date, an LTS branch still tied to Tomcat 9 would no longer be able to receive Tomcat CVE updates.
More third-party libraries are moving away from javax.. Staying on the old namespace will increasingly make dependency and security updates harder. For example, we currently cannot merge Dependabot PR Bump org.mustangproject:library from 2.8.0 to 2.23.0 #1132 because newer dependency versions already require jakarta..
Backporting to the release24.09 branch the Tomcat 10 / Jakarta migration (including the Apache CXF upgrade), could help keep the LTS branch maintainable and secure for a longer period.
Main pull requested backported are PR #875 and PR #908
This pull request is complemented by pull request apache/ofbiz-plugins#260 for the plugins