[
https://issues.apache.org/jira/browse/GEODE-10467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18043437#comment-18043437
]
ASF subversion and git services commented on GEODE-10467:
---------------------------------------------------------
Commit 356a873e912ffb67e37624f4f73fd40dbda0c2e9 in geode-examples's branch
refs/heads/support/2.0 from Jinwoo Hwang
[ https://gitbox.apache.org/repos/asf?p=geode-examples.git;h=356a873 ]
GEODE-10467: Set temporary staging repo
This serves two purposes: it gives the RC pipeline a way to get the
nexus staging repo id needed for various tests, and it gives the
Jenkins server a valid configuration during the voting period.
> Apache Geode 2.0.0 - Major Modernization Release
> ------------------------------------------------
>
> Key: GEODE-10467
> URL: https://issues.apache.org/jira/browse/GEODE-10467
> Project: Geode
> Issue Type: Task
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
> Labels: SAS
> Fix For: 2.0.0
>
>
> h2. Summary
> Apache Geode 2.0.0 represents a significant modernization effort to address
> security vulnerabilities, improve performance, and ensure long-term
> sustainability. This major release upgrades core dependencies and runtime
> requirements while evaluating deprecated features for potential removal.
> h2. Description
> Following the successful delivery of version 1.15.2 after a three-year
> hiatus, the Apache Geode community is proposing version 2.0.0 as a
> comprehensive modernization release. This release focuses on upgrading legacy
> dependencies, addressing security concerns, and streamlining the codebase for
> better maintainability.
> h3. Key Proposed Changes
>
> *Modern Platforms & Frameworks*
> * Java 17 LTS
> * Jakarta EE 10
> * Geode Session Manager for Tomcat 10.1 and 11
> * Tomcat 10.1 and 11 Support
> * Spring Framework 6
> * Spring Security 6
> * Gradle 7
> * Jetty 12
> * Apache Lucene 9
> * Apache HTTP 5
> *Runtime and Core Dependencies:*
> * Upgrade Java runtime from 1.8 to 17 LTS or 21 LTS (Kishor)
> * Upgrade Spring Framework to version 6 or potentially skip to version 7
> (Charlie)
> * Upgrade Spring Security to version 6
> * Migrate from Java EE to Jakarta EE 10
> * Upgrade Gradle from version 6 to 7.3.3 for Java 17 toolchain support or
> 8.4 for Java 21 support
> *Supply Chain Security*
> * Implement automated Software Bill of Materials (SBOM) generation for
> Apache Geode to enhance supply chain security, improve dependency
> transparency, and meet modern compliance requirements for enterprise
> deployments.
> *Security*
> * Remediate critical security vulnerabilities in third-party dependencies as
> well as in Apache Geode
> *Security Improvements:*
> * Address numerous known vulnerabilities in legacy Java 8
> * Resolve CVEs in Spring Framework and Spring Security
> * Establish zero-known-vulnerability baseline for current releases
> * Remediate any undisclosed security vulnerabilities
> *Feature Evaluation and Potential Removals:* Based on community feedback, the
> following features are candidates for deprecation/removal:
> * *Lucene Integration* - Consider removal due to (Leon/Charlie):
> ** Feature was never fully completed
> ** Current implementation uses 6-year-old Lucene version
> ** Requires significant maintenance effort
> ** Alternative: Evaluate upgrading to Lucene 9 for vector store capabilities
> and KNN indexing support
> * *Off-heap Memory* - Consider removal due to (Charlie):
> ** Difficult for operations teams to monitor effectively
> ** Original purpose (large heap management under CMS GC) no longer relevant
> with modern JVMs
> ** Pause-less garbage collectors like ZGC provide better alternatives
> * *Jetty Integration* - Evaluate current usage and upgrade requirements
> (Leon)
> h3. Benefits
> * Enhanced security posture with modern, supported dependencies
> * Improved performance through Java 17 optimizations
> * Better developer experience with modern language features
> * Simplified codebase through removal of deprecated/incomplete features
> * Alignment with current industry standards and best practices
> * Long-term sustainability and maintainability
> h3. Community Impact
> This release aims to position Apache Geode for future growth while
> maintaining focus on core functionality (gets, puts, listeners) that forms
> the foundation of most user implementations.
> h2. Acceptance Criteria
> * Successfully upgrade Java runtime to 17
> * Upgrade Spring Framework and Security to version 6 (or 7)
> * Complete Jakarta EE 9 migration
> * Update build configuration for Java 17 compatibility
> * Evaluate and decide on Lucene, off-heap memory, and Jetty features
> * Address all identified security vulnerabilities
> * Maintain backward compatibility where feasible
> * Update documentation and migration guides
> h2. Community Involvement Needed
> * *Feedback* on roadmap comprehensiveness and community alignment
> * *Reviewers* for pull requests and code changes
> * *Contributors* for code, documentation, testing, and architectural
> decisions
> * *Testing* across various deployment scenarios and use cases
> This represents a strategic investment in Apache Geode's future, ensuring the
> project remains relevant, secure, and performant in the evolving distributed
> systems landscape.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
