Skip to content

Upgrade to Spring 7#12428

Open
axl8713 wants to merge 34 commits into
masterfrom
spring7
Open

Upgrade to Spring 7#12428
axl8713 wants to merge 34 commits into
masterfrom
spring7

Conversation

@axl8713

@axl8713 axl8713 commented May 26, 2026

Copy link
Copy Markdown
Contributor

Description

These changes cover the Spring 7 upgrade for MapStore.

Key changes:

  • Spring Framework 5.x → 7.0.8
  • Spring Security 5.x → 7.1.0
  • Jakarta Servlet API 6.0.0 (Jakarta EE 10, aligned with GeoServer ecosystem)
  • Tomcat 10.1.55 (Tomcat 10.1 is the target for EE 10)
  • Minimum supported JDK raised to 17 (required by Spring 7; aligned with GeoServer)
  • Maven compiler source/target updated from 8 to 17 in java/services/pom.xml
  • All CI/CD workflows updated to use JDK 17 as the build JDK; CI matrix still tests on [17, 21]

Please check if the PR fulfills these requirements

What kind of change does this PR introduce? (check one with "x", remove the others)

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Build related changes
  • CI related changes
  • Other... Please describe:

Issue

What is the current behavior?

#

What is the new behavior?

Breaking change

Does this PR introduce a breaking change? (check one with "x", remove the other)

  • Yes, and I documented them in migration notes
  • [] No

There will be a new set of requirements to have the GeoStore with Spring 7 running.

Other useful information

@cla-bot cla-bot Bot added the CLA Ready label May 26, 2026
@axl8713 axl8713 marked this pull request as draft May 26, 2026 08:42
@axl8713 axl8713 requested a review from offtherailz May 26, 2026 13:02
@axl8713 axl8713 self-assigned this May 26, 2026
Comment thread .github/workflows/CI.yml Outdated
@axl8713 axl8713 linked an issue Jun 16, 2026 that may be closed by this pull request
@tdipisa tdipisa linked an issue Jun 16, 2026 that may be closed by this pull request
@axl8713 axl8713 marked this pull request as ready for review June 18, 2026 14:56
@axl8713 axl8713 requested a review from tdipisa June 18, 2026 14:56
@tdipisa tdipisa marked this pull request as draft June 18, 2026 14:57
@offtherailz

offtherailz commented Jun 24, 2026

Copy link
Copy Markdown
Member

I'd suggest to add to this PR the upgrade of http-proxy to 1.7 as for this PR, that caused problems because of lib conflicts.
#12535

@tdipisa tdipisa marked this pull request as ready for review June 29, 2026 15:16
@tdipisa tdipisa assigned offtherailz and tdipisa and unassigned axl8713 Jun 29, 2026
axl8713 and others added 7 commits June 30, 2026 10:05
Replace leftover javax servlet/jaxws artifacts with jakarta equivalents,
drop commons-pool and httpclient pins whose properties were removed,
align http_proxy version with the main pom and ship cargo logging.properties.
@offtherailz

offtherailz commented Jul 15, 2026

Copy link
Copy Markdown
Member

Hi @axl8713 I validated the migration guidelines by migrating a real project created with 2026.02.00 to this branch, following the guide step by step. Default and -Pprinting builds work, the app runs on Tomcat 10.1.55 with Java 17, and login, configs, proxy, and printing all behave as expected.

I didn't tested OpenID yet. I think that now we can discuss on this work.

I pushed three commits:

  • docs: "Migration from 2026.02.00 to 2026.03.00" section. I also added the steps that were missing when I tested against the real project: the printing profile dependencyManagement cleanup, the exact destination for cargo/logging.properties (web/cargo/), and a note about HTTP compression.
  • project templates: The templates were only half migrated, fixed
  • security config: compositeOpenIdFilter was positioned with before="OPENID_FILTER", but that alias is gone in Spring Security 7. >> This in fact is a fix

Things to discuss / still open

  • PR description is outdated: The branch is now on Spring 7.0.8 and Spring Security 7.1.0 (the description still says 7.0.7 / 7.0.5). I'm going to fix it after this comment.
  • HTTP compression: Removing ehcache-web also removes the CompressionFilter, and there is no maintained jakarta replacement for it. The migration guide now documents how to enable compression at the deployment level (reverse proxy or Tomcat connector; the Docker nginx already does it). One consequence to be aware of: the binary distribution currently ships without compression, since its bundled Tomcat has no compression attribute on the connector. Worth deciding whether to enable it there, and it is more important that this have to be considered in all migrations @tdipisa should be also aware of it IMHO.
  • Release calendar wiki: The 2026.03.00 row lists Http-Proxy 1.5.0*, which cannot be right, jakarta needs at least 1.7.0. The services number should also be aligned once decided @tdipisa
  • actual required checks with Java 11 for PR/CI will not be applied anymore. Therefore I think we have to remove them from the matrix and from the mandatory checks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

3 participants