Hello Apache Geode Developer Community, I would like to start a discussion and request feedback on a proposal to clarify the set of Apache Geode versions that the project actively supports.
================================================================================ PROPOSAL SUMMARY ================================================================================ I propose that the Apache Geode project: -End active support for Apache Geode 1.14.x and all earlier release lines. -Continue active support for only: -Apache Geode 2.0.x (current major release line) -Apache Geode 1.15.x (latest and final 1.x release line) Under this proposal, 1.14.x and older versions would be formally designated End-of-Life (EOL) and would no longer receive bug fixes, security fixes, or backports from the project. Historical releases will remain available via the Apache archives. ================================================================================ PROPOSED TIMELINE ================================================================================ Phase 1: Community Feedback (Q1 2026) -January 2026: Publish proposal to [email protected] -February 2026: Gather community feedback -March 2026: Formal PMC vote on support policy Phase 2: Official End-of-Life (Q2 2026) -April 1, 2026: Official EOL date for 1.14.x and older -May 2026: Update website with version support matrix -Ongoing: Direct all users to 1.15.2 or 2.0.0 Phase 3: Repository Cleanup (Q3 2026) -July 2026: Archive 1.14.x and older release branches -August 2026: Remove 1.14.x from CI/CD pipelines -September 2026: Update documentation to reflect supported versions ================================================================================ BACKGROUND AND RATIONALE ================================================================================ 1.Alignment with ASF Best Practices ASF does not mandate how many versions a project must support. In practice, mature ASF projects typically maintain: -One current major release -Optionally one previous release line Supporting 2.0.x and 1.15.x only aligns with this pattern and balances user needs with community resources. 2.Reducing Security Maintenance Burden -Each supported release creates implicit expectations for vulnerability management, security fixes, and advisories. -Older versions such as 1.14.x rely on outdated dependencies and toolchains, which makes timely maintenance increasingly difficult. -Designating these versions as EOL sets clear expectations for users and allows the community to focus on actively maintained branches. 3.Release Status and Modernization -2.0.0: Current major release, modernized platform with Java 17 and Jakarta EE 10 -1.15.x: Latest 1.x patch series, maintained with updated dependencies and security fixes -1.14.x and earlier: Older releases, no longer actively maintained, and rely on Java 8/11 and legacy dependencies 4.Upgrade Path for Users -1.14.x -> 1.15.x: Final upgrade within the 1.x series -1.15.x -> 2.0.x: Migration to the current major release This provides a clear and practical path for users to remain on supported versions. 5.Sustainability and Community Focus -Reducing the number of supported lines allows the community to: -Focus on security analysis and CVE remediation for fewer branches -Improve release quality and response times -Simplify CI/CD and testing matrices -Allocate volunteer resources to new features, performance improvements, and documentation ================================================================================ What "End of Support" Means ================================================================================ -Apache Geode 1.14.x and earlier will be clearly documented as End-of-Life -No further fixes, including security fixes, will be provided for those versions -Users will be strongly encouraged to upgrade to 1.15.x or 2.0.x -All historical artifacts will remain available via the Apache archives, in accordance with ASF policy ================================================================================ Request for Community Feedback ================================================================================ I would appreciate feedback on the following: -Are there known user populations that would be significantly impacted? -Are there concerns with limiting active support to 2.0.x and 1.15.x, particularly from a security or operational perspective? -Are there additional mitigations or communications we should consider? ================================================================================ Please share your thoughts on this thread or GEODE-10553. Thank you for your time and continued contributions to Apache Geode. Best regards, Jinwoo Hwang (he/him/his) SASĀ® Research and Development http://JinwooHwang.com<http://jinwoohwang.com/>
