Remove support for Java 11#2308
Conversation
1. Why: Jetty 12 requires a minimum of Java 17, so Java 11 must be dropped to facilitate this upgrade. The current version of Jetty in cruise-control is 9.4.56.v20240826. This version contains two CVEs CVE-2024-13009 - patched in 9.4.57.v20241219 CVE-2024-6763 - patched in 12.0.12 So, Jetty 12 is need to patch CVE-2024-6763. 2. What: Remove support support for Java 11 Raise minimum JDK to 17 in builds, docs, and workflows - [x] refactor Signed-off-by: JvD_Ericsson <jeff.van.dam@est.tech>
There was a problem hiding this comment.
In hindsight, I wish we had added a deprecation notice for Java 11 when we added support for Java 17 some months back. That being said, dropping Java 11 now is a reasonable step especially given that it's required to address certain CVEs (some listed in the PR description) and to support newer Kafka versions (Kafka >= 4.0).
As far as backward compatibility is concerned, Java 17 has been supported in Kafka since version 3.2.0 [1]. Although Cruise Control’s main branch currently only supports Kafka >= 3.7.0, it’s still important to maintain compatibility with as many Kafka versions as possible to serve the broadest range of users in the community. So this change is in line with that goal as well.
I have tested this change and have been running builds with Java 17 for some time now, this looks like a reasonable update to me. We just need a maintainer to sign off and merge.
CCisGG
left a comment
CCisGG
left a comment
There was a problem hiding this comment.
Thanks for the change. LGTM.
1. Why: Jetty 12 requires a minimum of Java 17, so Java 11 must be dropped to facilitate this upgrade. The current version of Jetty in cruise-control is 9.4.56.v20240826. This version contains two CVEs CVE-2024-13009 - patched in 9.4.57.v20241219 CVE-2024-6763 - patched in 12.0.12 So, Jetty 12 is need to patch CVE-2024-6763. 2. What: Remove support support for Java 11 Raise minimum JDK to 17 in builds, docs, and workflows - [x] refactor Signed-off-by: JvD_Ericsson <jeff.van.dam@est.tech>
1. Why: Jetty 12 requires a minimum of Java 17, so Java 11 must be dropped to facilitate this upgrade. The current version of Jetty in cruise-control is 9.4.56.v20240826. This version contains two CVEs CVE-2024-13009 - patched in 9.4.57.v20241219 CVE-2024-6763 - patched in 12.0.12 So, Jetty 12 is need to patch CVE-2024-6763. 2. What: Remove support support for Java 11 Raise minimum JDK to 17 in builds, docs, and workflows - [x] refactor Signed-off-by: JvD_Ericsson <jeff.van.dam@est.tech>
1. Why: Jetty 12 requires a minimum of Java 17, so Java 11 must be dropped to facilitate this upgrade. The current version of Jetty in cruise-control is 9.4.56.v20240826. This version contains two CVEs CVE-2024-13009 - patched in 9.4.57.v20241219 CVE-2024-6763 - patched in 12.0.12 So, Jetty 12 is need to patch CVE-2024-6763. 2. What: Remove support support for Java 11 Raise minimum JDK to 17 in builds, docs, and workflows - [x] refactor Signed-off-by: JvD_Ericsson <jeff.van.dam@est.tech>
4 participants
Summary
So, Jetty 12 is needed to patch CVE-2024-6763.
Categorization