Re: notice: javaserverfaces/mojarra is read-only now


Kyle Stiemann
 

Hi Ed,
We contribute fixes for legacy versions of Mojarra (often for 2.2.x, rarely for 2.1.x, and only for security vulnerabilities in 1.2.x). We want to be able to continue contributing fixes and repairs for our mutual customers and community. Mojarra 2.2.x (JavaEE 7) is still widely used and probably needs to be updated quarterly. 2.1.x only needs to be updated when serious bugs or security vulnerabilities are fixed, so once or twice a year. Security issues are the only reason that 1.2.x needs to be updated, so in the rare instance that a security bug is found in 1.2.x, it would need to be updated.

Thanks,
- Kyle

On Tue, Apr 24, 2018 at 11:40 AM, Ed Bratt <ed.bratt@...> wrote:
Kyle,

The intent of changing the status of these repositories is to support the community migration over to Eclipse Foundation, Jakarta EE. It is our goal that all work, evolution and focus supports Jakarta EE. We hope to avoid confusion and/or dilute the efforts to grow the Jakarta EE community effort.

We intend to only provide crucial corrections to any legacy material that remains under the legacy Java EE GitHub organization. The general guidance for contributions to Eclipse is to migrate the latest version only, without history. If the community requires additional materials be contributed, we may be able to consider that.

At what frequency would you estimate these branches are being updated?

-- Ed


Join jsf-spec@javaee.groups.io to automatically receive all group messages.