Hi all,we get more and more questions about the security problems in our last release, that is now quite old.
Vladimir and others have invested a lot of work, to get JMeter running on Java 17 and above and we have deprecated/removed a few things, added others.
Are there any blockers, that would hinder us from releasing a 6.0 version?For my simple use cases (I am really not that of a power user myself and certainly don't use any third party plugins), the current nightlies work and from the few people, that I told to use nightlies, I got no further problems reported and their problems with using 5.6.3 were solved.
What I see are a few minor nags, that should be fixable without too much of a hassle:
* The changelog is not filled with all changes (I have asked an llm to fill it and will file a PR later) * I would like to switch off oro by default (PR 6661), any reason not to do so? (There is one question hidden in the PR :) )
* PR 6610 seems to be a no-brainer, but haven't looked too closely* We distribute rhino in version 1.8, but as we don't include rhino-engine, we can't select js in JSR223 elements. I think, we should add that missing jar (or even add nashorn, now that we have Java 17 as minimum)
Do you think any of the other PRs/issues are blockers for a 6.0 release?The discussion with virtual threads and Java 21 should be (in my opinion) deferred to the next version after 6.0.
Regards Felix
OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
