Jinwoo Hwang created GEODE-10553:
------------------------------------
Summary: Version Support Policy - End Support for Apache Geode
1.14.x and Earlier Versions
Key: GEODE-10553
URL: https://issues.apache.org/jira/browse/GEODE-10553
Project: Geode
Issue Type: Improvement
Components: docs
Reporter: Jinwoo Hwang
h2. Summary
End active support for Apache Geode 1.14.x and all earlier release lines,
maintaining only 2.0.x and 1.15.x
----
h2. Description
This issue tracks the formal deprecation and end-of-life (EOL) designation for
Apache Geode versions 1.14.x and all earlier release lines.
h3. Proposal
The Apache Geode project should:
# End active support for Apache Geode 1.14.x and all earlier release lines
# Continue active support for only:
** Apache Geode 2.0.x (current major release line)
** Apache Geode 1.15.x (latest and final 1.x release line)
Under this proposal, 1.14.x and older versions would be formally designated
End-of-Life (EOL) and would no longer receive bug fixes, security fixes, or
backports from the project.
h3. Rationale
h4. 1. Security Vulnerabilities
* CVEs in 1.14.x and older versions with no remediation path
* Risks: Remote code execution, authentication bypass, data leakage, DoS
attacks
h4. 2. End-of-Life Dependencies
* Java 8 EOL (September 2022) - no public security patches
* Spring Framework 4.x EOL (2020)
* Outdated Apache HttpComponents 4.x
* Legacy Jetty 9.4.x prior to Jakarta EE migration
h4. 3. Jakarta EE 10 Migration
* 2.0.x requires Jakarta EE 10 ({{{}javax.{*}{*}{}}} *to {{jakarta.}}*
namespace)
* Industry-wide ecosystem migration to Jakarta EE
* 1.14.x represents dead-end technology stack
h4. 4. Maintenance Burden
* 1.14.x: No updates in 3+ years (last release March 2022)
* Currently supporting 5+ active version lines (unsustainable)
* Limited volunteer resources spread across outdated branches
h4. 5. Industry Alignment
* Apache Kafka: Supports 2 versions (3.x and 2.8.x)
* Apache Cassandra: Supports 2 versions (5.0.x and 4.1.x)
* Apache Tomcat: Supports 2-3 versions (11.x, 10.1.x, limited 9.x)
* Standard practice: N-1 support (current + previous major)
----
h2. Proposed Timeline
h3. Phase 1: Community Feedback (Q1 2026)
* January 2026: Publish proposal to [email protected]
* February 2026: Gather community feedback
* March 2026: Formal PMC vote on support policy
h3. Phase 2: Official End-of-Life (Q2 2026)
* April 1, 2026: Official EOL date for 1.14.x and older
* May 2026: Update website with version support matrix
* Ongoing: Direct all users to 1.15.2 or 2.0.0
h3. Phase 3: Repository Cleanup (Q3 2026)
* July 2026: Archive 1.14.x and older release branches
* August 2026: Remove 1.14.x from CI/CD pipelines
* September 2026: Update documentation to reflect supported versions
----
h2. Migration Path
h3. For 1.14.x Users
h4. Step 1: Upgrade to 1.15.2 (Intermediate)
* Maintains {{javax.*}} namespace (no Jakarta migration required)
* Supports Java 11/17
* Contains all critical security fixes
* Minimal breaking changes from 1.14.x
* Estimated effort: 1-2 weeks
h4. Step 2: Upgrade to 2.0.0 (Target)
* Jakarta EE 10 alignment
* Java 17 LTS support (until 2029)
* Modern Spring Framework 6.x
* Estimated effort: 2-4 weeks
h4. Upgrade Paths
* 1.14.x to 1.15.2 (transitional, Java 11/17)
* 1.15.2 to LTS support
----
h2. Acceptance Criteria
h3. 1. Community Consensus
* Proposal discussed on [email protected]
* Feedback period completed (February 28, 2026)
* PMC vote conducted and passed
* Vote results published
h3. 2. Documentation Updates
* Version support matrix created and published
* Migration guide: 1.14.x to 1.15.2
* Migration guide: 1.15.x to 2.0.0
* EOL announcement published on website
* Download page updated with EOL warnings
h3. 3. Communication
* EOL announcement sent to [email protected]
* EOL announcement sent to [email protected]
* Social media announcement
* Release notes updated for 1.15.x and 2.0.x
h3. 4. Repository Changes
* 1.14.x branch marked as EOL in README
* CI/CD pipelines updated to remove 1.14.x builds
* Release branches archived appropriately
* JIRA versions marked as EOL
h3. 5. Support Resources
* Migration tools/scripts published (if available)
* FAQ document created for common migration questions
----
h2. Impact Assessment
h3. Users Affected
* Users on Apache Geode 1.14.4 (released March 2022)
* Users on Apache Geode 1.13.x, 1.12.x, and earlier
* Organizations with Java 8 dependencies
* Applications using Spring Framework 4.x
h3. Risk Mitigation
* 6 months notice period (January - July 2026)
* Clear migration path through 1.15.2
* Comprehensive migration documentation
* Community support during transition
* Commercial vendors can provide extended support if needed
h3. Benefits
* Enhanced security posture (no exposure to 16+ CVEs)
* Reduced maintenance burden on PMC/committers
* Faster release cycles and innovation
* Clear version support policy
* Commercial vendors can provide extended support if needed
----
h2. Related Links
h3. Mailing List Discussion
* Thread: [DISCUSS] Consolidate Apache Geode Version Support to 1.15.x and
2.0.x
* URL: [https://lists.apache.org/thread/[TO_BE_ADDED]]
h3. Documentation
* [Release
Notes|https://cwiki.apache.org/confluence/display/GEODE/Release+Notes]
* [Security
Vulnerabilities|https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-SecurityVulnerabilities]
* [Apache Geode Releases|https://geode.apache.org/releases/]
h3. Reference Documents
* [Java SE Support
Roadmap|https://www.oracle.com/java/technologies/java-se-support-roadmap.html]
* [Jakarta EE Specifications|https://jakarta.ee/]
----
h2. Comments / Discussion
To be added from mailing list discussion thread.
*Feedback Deadline:* February 28, 2026
h3. Discussion Questions
# Are there known user populations significantly impacted?
# Concerns with limiting support to 2.0.x and 1.15.x?
# Is this reasonable and well-timed?
# Additional mitigations needed?
# Community position: Support / Oppose / Abstain
----
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
