Uploaded image for project: 'Build'
  1. Build
  2. BUILD-1015

Fork apache commons-beanutils internally in order to release it ourselves

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Neutral
    • BOM 6.2.30
    • None
    • None
    • None

    Description

      Context

       

      Derived from https://jira.magnolia-cms.com/browse/BUILD-970 we contacted with the current apache commons-beanutils owner, in order to ask him about his current roadmap and some expectations about a potential 2.0 version (commons-collection 3.2 free)

      https://markmail.org/message/jri4cplfgscc55aa#query:+page:1+mid:a2yv4nxm3lahorgl+state:results

       

      Unfortunately, there is no planned 2.0.0 version in short term.

      At the end of this slack conversation

      https://magnolia-cms.slack.com/archives/CDF2T239Q/p1674112499760959

      A fork-and-release-on-our-own is suggested

      Expected result

       

      Side notes

      After speaking with some pals from foundation team:

       

       <version>2.0.0-magnolia-SNAPSHOT</version>
       <name>${project.groupId}:${project.artifactId}</name> 
      <distributionManagement>
          <repository>
              <id>thirdparty</id>
              <url>
                      https://nexus.magnolia-cms.com/content/repositories/thirdparty
                  </url>
          </repository>
          <snapshotRepository>
              <id>thirdparty.snapshots</id>
              <url>
                      https://nexus.magnolia-cms.com/content/repositories/thirdparty.snapshots
                  </url>
              <uniqueVersion>true</uniqueVersion>
          </snapshotRepository>
      </distributionManagement>
      <scm>
          <connection>scm:git:ssh://git.magnolia-cms.com/internal/commons-beanutils.git</connection>
          <developerConnection>scm:git:ssh://git.magnolia-cms.com/internal/commons-beanutils.git</developerConnection>
          <url>https://git.magnolia-cms.com/projects/INTERNAL/repos/commons-beanutils</url>
          <tag>commons-beanutils-2.0.0-magnolia</tag>
      </scm>
       

      also, with an explanatory description about why we are doing this fork:

      <description>Apache Commons BeanUtils provides an easy-to-use but flexible wrapper around reflection and introspection.
          Magnolia's fork of beanutils2 master (see https://github.com/apache/commons-beanutils): Magnolia will release this and keep it until official Apache Commons BeanUtils 2.0 is released.
          The main reason for doing this is that version 2.0 finally gets rid of vulnerable commons-collections dependencies but still no ETA for release, although it seems to be close.
       </description> 
      • a Jenkinsfile with a content like this:
      magnoliaDefaultPipeline() 

       

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            There are no Sub-Tasks for this issue.

            Activity

              People

                dalonso Daniel Alonso
                dalonso Daniel Alonso
                Nucleus
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:
                  Work Started:

                  Checklists

                    Task DoR