[
https://issues.apache.org/jira/browse/GEODE-10467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18041687#comment-18041687
]
ASF subversion and git services commented on GEODE-10467:
---------------------------------------------------------
Commit 3ffaa3cf3fa4586ad9c234e7c0bbd4c5cf2ece72 in geode's branch
refs/heads/support/2.0 from Jinwoo Hwang
[ https://gitbox.apache.org/repos/asf?p=geode.git;h=3ffaa3cf3f ]
GEODE-10467: Remove unneeded scripts
Remove likely-to-become-outdated copies of release scripts to ensure
they are not run by accident from a branch (they should always be run
from develop).
Also remove CODEOWNERS to avoid the confusion of GitHub showing owner
names like on develop, but codeowner reviews not actually being
required (due to lack of branch protection or minimum review count on
support branches)
> Apache Geode 2.0.0 - Major Modernization Release
> ------------------------------------------------
>
> Key: GEODE-10467
> URL: https://issues.apache.org/jira/browse/GEODE-10467
> Project: Geode
> Issue Type: Task
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
> Fix For: 2.0.0
>
>
> h2. Summary
> Apache Geode 2.0.0 represents a significant modernization effort to address
> security vulnerabilities, improve performance, and ensure long-term
> sustainability. This major release upgrades core dependencies and runtime
> requirements while evaluating deprecated features for potential removal.
> h2. Description
> Following the successful delivery of version 1.15.2 after a three-year
> hiatus, the Apache Geode community is proposing version 2.0.0 as a
> comprehensive modernization release. This release focuses on upgrading legacy
> dependencies, addressing security concerns, and streamlining the codebase for
> better maintainability.
> h3. Key Proposed Changes
>
> *Modern Platforms & Frameworks*
> * Java 17 LTS
> * Jakarta EE 10
> * Geode Session Manager for Tomcat 10.1 and 11
> * Tomcat 10.1 and 11 Support
> * Spring Framework 6
> * Spring Security 6
> * Gradle 7
> * Jetty 12
> * Apache Lucene 9
> * Apache HTTP 5
> *Runtime and Core Dependencies:*
> * Upgrade Java runtime from 1.8 to 17 LTS or 21 LTS (Kishor)
> * Upgrade Spring Framework to version 6 or potentially skip to version 7
> (Charlie)
> * Upgrade Spring Security to version 6
> * Migrate from Java EE to Jakarta EE 10
> * Upgrade Gradle from version 6 to 7.3.3 for Java 17 toolchain support or
> 8.4 for Java 21 support
> *Supply Chain Security*
> * Implement automated Software Bill of Materials (SBOM) generation for
> Apache Geode to enhance supply chain security, improve dependency
> transparency, and meet modern compliance requirements for enterprise
> deployments.
> *Security*
> * Remediate critical security vulnerabilities in third-party dependencies as
> well as in Apache Geode
> *Security Improvements:*
> * Address numerous known vulnerabilities in legacy Java 8
> * Resolve CVEs in Spring Framework and Spring Security
> * Establish zero-known-vulnerability baseline for current releases
> * Remediate any undisclosed security vulnerabilities
> *Feature Evaluation and Potential Removals:* Based on community feedback, the
> following features are candidates for deprecation/removal:
> * *Lucene Integration* - Consider removal due to (Leon/Charlie):
> ** Feature was never fully completed
> ** Current implementation uses 6-year-old Lucene version
> ** Requires significant maintenance effort
> ** Alternative: Evaluate upgrading to Lucene 9 for vector store capabilities
> and KNN indexing support
> * *Off-heap Memory* - Consider removal due to (Charlie):
> ** Difficult for operations teams to monitor effectively
> ** Original purpose (large heap management under CMS GC) no longer relevant
> with modern JVMs
> ** Pause-less garbage collectors like ZGC provide better alternatives
> * *Jetty Integration* - Evaluate current usage and upgrade requirements
> (Leon)
> h3. Benefits
> * Enhanced security posture with modern, supported dependencies
> * Improved performance through Java 17 optimizations
> * Better developer experience with modern language features
> * Simplified codebase through removal of deprecated/incomplete features
> * Alignment with current industry standards and best practices
> * Long-term sustainability and maintainability
> h3. Community Impact
> This release aims to position Apache Geode for future growth while
> maintaining focus on core functionality (gets, puts, listeners) that forms
> the foundation of most user implementations.
> h2. Acceptance Criteria
> * Successfully upgrade Java runtime to 17
> * Upgrade Spring Framework and Security to version 6 (or 7)
> * Complete Jakarta EE 9 migration
> * Update build configuration for Java 17 compatibility
> * Evaluate and decide on Lucene, off-heap memory, and Jetty features
> * Address all identified security vulnerabilities
> * Maintain backward compatibility where feasible
> * Update documentation and migration guides
> h2. Community Involvement Needed
> * *Feedback* on roadmap comprehensiveness and community alignment
> * *Reviewers* for pull requests and code changes
> * *Contributors* for code, documentation, testing, and architectural
> decisions
> * *Testing* across various deployment scenarios and use cases
> This represents a strategic investment in Apache Geode's future, ensuring the
> project remains relevant, secure, and performant in the evolving distributed
> systems landscape.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
