• Icon: New Feature New Feature
    • Resolution: Unresolved
    • Icon: Critical Critical
    • core
    • None

      Jenkins core currently depends on Groovy 2.4.21 (released on November 29, 2020), which is out of date. At the time of this writing, the oldest actively supported Groovy line is 2.5.x, and the latest version of Groovy 2.5.x is is 2.5.17 (released on May 28, 2022). This ticket proposes upgrading Groovy to the latest in the 2.5 series as a step to upgrading to 3.0.x (see JENKINS-51823).

      As described in jenkinsci/jenkins#5112 (comment) and jenkinsci/jenkins#5116 (comment), the main concern when upgrading Groovy is ensuring that sandboxed script execution remains secure.

          [JENKINS-53372] Upgrade Groovy from 2.4.x to 2.5.x

          Allan Lewis created issue -
          Allan Lewis made changes -
          Remote Link New: This issue links to "jenkinsci/jenkins PR: core/pom.xml: Update Groovy to v2.5.x #3605 (Web Link)" [ 21429 ]
          Allan Lewis made changes -
          Link New: This issue is related to JENKINS-51823 [ JENKINS-51823 ]
          Allan Lewis made changes -
          Assignee Original: Allan Lewis [ allanlewis_youview ]

          We are up to 2.5.11 - 

          Christian Bongiorno added a comment - We are up to 2.5.11 - 
          Ian Williams made changes -
          Link New: This issue duplicates JENKINS-51823 [ JENKINS-51823 ]
          Ian Williams made changes -
          Link Original: This issue duplicates JENKINS-51823 [ JENKINS-51823 ]
          Ian Williams made changes -
          Link New: This issue is related to JENKINS-63047 [ JENKINS-63047 ]

          chb0jenkins - "we" might be subject to context interpretation.

          if "we" means "groovy" then it might be not that helpful to me.

          if "we" means "some commercial company" then it might show the subject is viable in at least a public or private demo installation.

          if "we" means "Jenkins" then you wanted to indicate that the update to that version already happened. - but then i dont understand why JENKINS-63047 is still an open issue in 2021 - whilst latest pessimistic sounding comments are from about 2020, if i saw right.

          Alexander Stohr added a comment - chb0jenkins - "we" might be subject to context interpretation. if "we" means "groovy" then it might be not that helpful to me. if "we" means "some commercial company" then it might show the subject is viable in at least a public or private demo installation. if "we" means "Jenkins" then you wanted to indicate that the update to that version already happened. - but then i dont understand why JENKINS-63047 is still an open issue in 2021 - whilst latest pessimistic sounding comments are from about 2020, if i saw right.
          Basil Crow made changes -
          Summary Original: Update Groovy to v2.5.x New: Update Groovy from 2.4.x to 2.5.x

            Unassigned Unassigned
            allanlewis_youview Allan Lewis
            Votes:
            20 Vote for this issue
            Watchers:
            30 Start watching this issue

              Created:
              Updated: