Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-69988

Commons HttpClient 3.x compatibility: Long tail

    • Icon: Epic Epic
    • Resolution: Unresolved
    • Icon: Major Major
    • core
    • None
    • Commons HttpClient 3.x compatibility: Long tail

      Core still bundles a patched version of the deprecated Commons HttpClient 3.x library for use by plugins. This frequently confuses security scanners and is a maintenance liability. For this reason, we would like to remove this library from Jenkins core in jenkinsci/jenkins#7312.

      A systematic search of the plugin corpus was conducted in October 2022; this search revealed that a number of plugins have usages of Commons HttpClient 3.x. For compatibility with a future version of Jenkins core in which this library is removed, these plugins should either migrate their usage of Commons HttpClient 3.x to the Apache HttpComponents Client 4.x API plugin or Java 11 native HTTP client; or otherwise they should declare an explicit dependency on the Commons HttpClient 3.x API plugin.

          [JENKINS-69988] Commons HttpClient 3.x compatibility: Long tail

          Basil Crow created issue -
          Basil Crow made changes -
          Description Original: Core still bundles a patched version of the deprecated Commons HttpClient 3.x library for use by plugins. This frequently confuses security scanners and is a maintenance liability. For this reason, we would like to remove this library from Jenkins core.

          A systematic search of the plugin corpus was conducted in October 2022; this search revealed that a number of plugins have usages of Commons HttpClient 3.x. For compatibility with a future version of Jenkins core in which this library is removed, these plugins should drop their usage of Commons HttpClient 3.x or should declare an explicit dependency on the Commons HttpClient 3x. API plugin.
          New: Core still bundles [a patched version|https://github.com/jenkinsci/lib-commons-httpclient] of the deprecated [Commons HttpClient 3.x|https://hc.apache.org/httpclient-legacy/] library for use by plugins. This frequently confuses security scanners and is a maintenance liability. For this reason, we would like to remove this library from Jenkins core in [jenkinsci/jenkins#7312|https://github.com/jenkinsci/jenkins/pull/7312].

          A systematic search of the plugin corpus was conducted in October 2022; this search revealed that a number of plugins have usages of Commons HttpClient 3.x. For compatibility with a future version of Jenkins core in which this library is removed, these plugins should either migrate their usage of Commons HttpClient 3.x to the [Apache HttpComponents Client 4.x API|https://plugins.jenkins.io/apache-httpcomponents-client-4-api/] plugin or Java 11 native HTTP client; or otherwise they should declare an explicit dependency on the [Commons HttpClient 3.x API|https://plugins.jenkins.io/commons-httpclient3-api/] plugin.
          Basil Crow made changes -
          Epic Child New: JENKINS-69989 [ 217176 ]
          Basil Crow made changes -
          Epic Child New: JENKINS-69990 [ 217177 ]
          Basil Crow made changes -
          Epic Child New: JENKINS-69992 [ 217179 ]
          Basil Crow made changes -
          Epic Child New: JENKINS-69993 [ 217180 ]
          Basil Crow made changes -
          Epic Child New: JENKINS-69994 [ 217181 ]
          Basil Crow made changes -
          Remote Link New: This issue links to "Tracking spreadsheet (Web Link)" [ 28325 ]
          Mark Waite made changes -
          Epic Child New: JENKINS-70818 [ 218148 ]
          Mark Waite made changes -
          Epic Child New: JENKINS-70807 [ 218137 ]

            Unassigned Unassigned
            basil Basil Crow
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: