Increase the minimum required Maven version

[jstourac]

At the moment, the minimum required Apache Maven version is set to 3.2.5 (this line). I believe it's time to increase this version since some plugins and dependencies are starting to require higher minimal Maven version than 3.2.5.

Maven 3.2.5 is the last version that supports JDK6. Maybe this is the reason we still stick with it? I believe that all projects that will update to new jboss-parent release are already JDK7+ these days so we may safely update this restriction. Even the latest Maven 3.8.5 release still supports JDK7, see Maven releases history.

Being conservative, we should move to at least 3.3.9 but probably even higher, e.g. 3.5.4? If we feel lucky, we may go even higher...

Note: there are some CVEs in Apache Maven releases before the 3.8.1 so users should move to newer release due to security concerns anyway...

Any thoughts on this?

[bstansberry]

I'm only speaking from the WildFly perspective here, and this kind of change needs a much broader perspective as this artifact is used in many projects outside the WildFly ecosystem.

Moving to 3.6.x for sure sounds reasonable to me. A move to 3.8.1 would need more care and discussion as the http banning is an incompatible change. A year or two ago the various projects likely to use this pom made a concerted effort to address the use of http URLs for repositories so that mitigates the concern there.

That said, AIUI we're just talking about changing the maven.min.version property and I suspect many, perhaps all active projects are already overriding this property given how old 3.2.5 is. So changing the version here likely wouldn't affect many people, making a jump to a known incompatible version less risky. For example all the way back with WF 11 the main WF code base had set this to 3.3.1.

[jstourac]

Thanks, Brian. I've created the #135 to address this. :)

[stuartwdouglas]

AFAIK if there is a project out there that still supports such an old maven version they can just override it in their pom.