[
https://issues.apache.org/jira/browse/GEODE-10553?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jinwoo Hwang reassigned GEODE-10553:
------------------------------------
Assignee: Jinwoo Hwang
> Version Support Policy - End Support for Apache Geode 1.14.x and Earlier
> Versions
> ---------------------------------------------------------------------------------
>
> Key: GEODE-10553
> URL: https://issues.apache.org/jira/browse/GEODE-10553
> Project: Geode
> Issue Type: Improvement
> Components: docs
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
>
> h2. Summary
> End active support for Apache Geode 1.14.x and all earlier release lines,
> maintaining only 2.0.x and 1.15.x
> ----
> h2. Description
> This issue tracks the formal deprecation and end-of-life (EOL) designation
> for Apache Geode versions 1.14.x and all earlier release lines.
> h3. Proposal
> The Apache Geode project should:
> # End active support for Apache Geode 1.14.x and all earlier release lines
> # Continue active support for only:
> ** Apache Geode 2.0.x (current major release line)
> ** Apache Geode 1.15.x (latest and final 1.x release line)
> Under this proposal, 1.14.x and older versions would be formally designated
> End-of-Life (EOL) and would no longer receive bug fixes, security fixes, or
> backports from the project.
> h3. Rationale
> h4. 1. Security Vulnerabilities
> * CVEs in 1.14.x and older versions with no remediation path
> * Risks: Remote code execution, authentication bypass, data leakage, DoS
> attacks
> h4. 2. End-of-Life Dependencies
> * Java 8 EOL (September 2022) - no public security patches
> * Spring Framework 4.x EOL (2020)
> * Outdated Apache HttpComponents 4.x
> * Legacy Jetty 9.4.x prior to Jakarta EE migration
> h4. 3. Jakarta EE 10 Migration
> * 2.0.x requires Jakarta EE 10 ({{{}javax.{*}{*}{}}} *to {{jakarta.}}*
> namespace)
> * Industry-wide ecosystem migration to Jakarta EE
> * 1.14.x represents dead-end technology stack
> h4. 4. Maintenance Burden
> * 1.14.x: No updates in 3+ years (last release March 2022)
> * Currently supporting 5+ active version lines (unsustainable)
> * Limited volunteer resources spread across outdated branches
> h4. 5. Industry Alignment
> * Apache Kafka: Supports 2 versions (3.x and 2.8.x)
> * Apache Cassandra: Supports 2 versions (5.0.x and 4.1.x)
> * Apache Tomcat: Supports 2-3 versions (11.x, 10.1.x, limited 9.x)
> * Standard practice: N-1 support (current + previous major)
> ----
> h2. Proposed Timeline
> h3. Phase 1: Community Feedback (Q1 2026)
> * January 2026: Publish proposal to [email protected]
> * February 2026: Gather community feedback
> * March 2026: Formal PMC vote on support policy
> h3. Phase 2: Official End-of-Life (Q2 2026)
> * April 1, 2026: Official EOL date for 1.14.x and older
> * May 2026: Update website with version support matrix
> * Ongoing: Direct all users to 1.15.2 or 2.0.0
> h3. Phase 3: Repository Cleanup (Q3 2026)
> * July 2026: Archive 1.14.x and older release branches
> * August 2026: Remove 1.14.x from CI/CD pipelines
> * September 2026: Update documentation to reflect supported versions
> ----
> h2. Migration Path
> h3. For 1.14.x Users
> h4. Step 1: Upgrade to 1.15.2 (Intermediate)
> * Maintains {{javax.*}} namespace (no Jakarta migration required)
> * Supports Java 11/17
> * Contains all critical security fixes
> * Minimal breaking changes from 1.14.x
> * Estimated effort: 1-2 weeks
> h4. Step 2: Upgrade to 2.0.0 (Target)
> * Jakarta EE 10 alignment
> * Java 17 LTS support (until 2029)
> * Modern Spring Framework 6.x
> * Estimated effort: 2-4 weeks
> h4. Upgrade Paths
> * 1.14.x to 1.15.2 (transitional, Java 11/17)
> * 1.15.2 to LTS support
> ----
> h2. Acceptance Criteria
> h3. 1. Community Consensus
> * Proposal discussed on [email protected]
> * Feedback period completed (February 28, 2026)
> * PMC vote conducted and passed
> * Vote results published
> h3. 2. Documentation Updates
> * Version support matrix created and published
> * Migration guide: 1.14.x to 1.15.2
> * Migration guide: 1.15.x to 2.0.0
> * EOL announcement published on website
> * Download page updated with EOL warnings
> h3. 3. Communication
> * EOL announcement sent to [email protected]
> * EOL announcement sent to [email protected]
> * Social media announcement
> * Release notes updated for 1.15.x and 2.0.x
> h3. 4. Repository Changes
> * 1.14.x branch marked as EOL in README
> * CI/CD pipelines updated to remove 1.14.x builds
> * Release branches archived appropriately
> * JIRA versions marked as EOL
> h3. 5. Support Resources
> * Migration tools/scripts published (if available)
> * FAQ document created for common migration questions
> ----
> h2. Impact Assessment
> h3. Users Affected
> * Users on Apache Geode 1.14.4 (released March 2022)
> * Users on Apache Geode 1.13.x, 1.12.x, and earlier
> * Organizations with Java 8 dependencies
> * Applications using Spring Framework 4.x
> h3. Risk Mitigation
> * 6 months notice period (January - July 2026)
> * Clear migration path through 1.15.2
> * Comprehensive migration documentation
> * Community support during transition
> * Commercial vendors can provide extended support if needed
> h3. Benefits
> * Enhanced security posture (no exposure to 16+ CVEs)
> * Reduced maintenance burden on PMC/committers
> * Faster release cycles and innovation
> * Clear version support policy
> * Commercial vendors can provide extended support if needed
> ----
> h2. Related Links
> h3. Mailing List Discussion
> * Thread: [DISCUSS] Consolidate Apache Geode Version Support to 1.15.x and
> 2.0.x
> * URL: [https://lists.apache.org/thread/[TO_BE_ADDED]]
> h3. Documentation
> * [Release
> Notes|https://cwiki.apache.org/confluence/display/GEODE/Release+Notes]
> * [Security
> Vulnerabilities|https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-SecurityVulnerabilities]
> * [Apache Geode Releases|https://geode.apache.org/releases/]
> h3. Reference Documents
> * [Java SE Support
> Roadmap|https://www.oracle.com/java/technologies/java-se-support-roadmap.html]
> * [Jakarta EE Specifications|https://jakarta.ee/]
> ----
> h2. Comments / Discussion
> To be added from mailing list discussion thread.
> *Feedback Deadline:* February 28, 2026
> h3. Discussion Questions
> # Are there known user populations significantly impacted?
> # Concerns with limiting support to 2.0.x and 1.15.x?
> # Is this reasonable and well-timed?
> # Additional mitigations needed?
> # Community position: Support / Oppose / Abstain
> ----
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
