Closed akomakom closed 3 years ago
rjatkins
commented
2 years ago When will a release with this change, and its associated security upgrades, be published to maven central? I can see that ehcache 2.10.10 was released on Oct 15 according to https://confluence.terracotta.org/display/release/Home but it's still not showing up in the terracotta maven repo, or in central.
akomakom
commented
2 years ago Thanks @rjatkins for bringing that up. 2.10.10 has now been released and should show up in maven central shortly.
rjatkins
commented
2 years ago Ah, it looks like what was tagged for 2.10.10 was done without any update to the version of management-core - it's still using 2.1.27 https://github.com/ehcache/ehcache2/blob/v2.10.10/pom.xml#L27 - and also without this PR included. I can see that both of these are fixed on the release/2.10.10 branch though https://github.com/ehcache/ehcache2/blob/release/2.10.10/pom.xml#L23,L26 What exact version are you going to release to central?
rjatkins
commented
2 years ago Wait, I see that mvnrepository.com has finally indexed ehcache 2.10.10.0.95 on the terracotta maven repo. And ah, that still doesn't have the jersey-server 2.35 upgrade in it. It seems I need a release of ehcache 2.10.10.x with thirdparty-bom-4.x 4.3.10.1.12 or newer https://github.com/Terracotta-OSS/terracotta-thirdparty-bom-4.x/blob/v4.3.10.1.12/pom.xml#L21 - like the recently tagged 2.10.10.1.13 https://github.com/ehcache/ehcache2/blob/v2.10.10.1.13/pom.xml#L18 Will that version make it to the terracotta maven repo or to central soon?
akomakom
commented
2 years ago The 2.10.10 OSS release that has yet to appear on central was done from the same commit as 2.10.10.0.95, essentially in lock-step with Terracotta Bigmemory lifecycle. This is indeed from before the thirdparty-bom conversion.
We have yet to work out a strategy for OSS releases after the conversion, as they will require releases of management-common and thirdparty-bom-4.x.
gmavenpluscode that dynamically determines versions that are used in plugin configs.<provided>(moving them across levels since I'm getting rid of a lot of<dependencyManagement>content) did not screw anything up?Azure builds will fail until dso PR is merged (and system-tests-parent is published)