[
https://issues.apache.org/jira/browse/GEODE-10553?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jinwoo Hwang updated GEODE-10553:
---------------------------------
Description:
h2. Summary
End active support for Apache Geode 1.14.x and all earlier release lines,
maintaining only 2.0.x and 1.15.x
----
h2. Description
This issue tracks the formal deprecation and end-of-life (EOL) designation for
Apache Geode versions 1.14.x and all earlier release lines.
h3. Proposal
The Apache Geode project should:
# End active support for Apache Geode 1.14.x and all earlier release lines
# Continue active support for only:
** Apache Geode 2.0.x (current major release line)
** Apache Geode 1.15.x (latest and final 1.x release line)
Under this proposal, 1.14.x and older versions would be formally designated
End-of-Life (EOL) and would no longer receive bug fixes, security fixes, or
backports from the project.
h3. Rationale
h4. 1. Security Vulnerabilities
* CVEs in 1.14.x and older versions with no remediation path
* Risks: Remote code execution, authentication bypass, data leakage, DoS
attacks
h4. 2. End-of-Life Dependencies
* Java 8 EOL (September 2022) - no public security patches
* Spring Framework 4.x EOL (2020)
* Outdated Apache HttpComponents 4.x
* Legacy Jetty 9.4.x prior to Jakarta EE migration
h4. 3. Jakarta EE 10 Migration
* 2.0.x requires Jakarta EE 10 ({{{}javax{}}} *to {{jakarta}}* namespace)
* Industry-wide ecosystem migration to Jakarta EE
* 1.14.x represents dead-end technology stack
h4. 4. Maintenance Burden
* 1.14.x: No updates in 3+ years (last release March 2022)
* Currently supporting 5+ active version lines (unsustainable)
* Limited volunteer resources spread across outdated branches
h4. 5. Industry Alignment
* Apache Kafka: Supports 2 versions (3.x and 2.8.x)
* Apache Cassandra: Supports 2 versions (5.0.x and 4.1.x)
* Apache Tomcat: Supports 2-3 versions (11.x, 10.1.x, limited 9.x)
* Standard practice: N-1 support (current + previous major)
----
h2. Proposed Timeline
h3. Phase 1: Community Feedback (Q1 2026)
* January 2026: Publish proposal to [email protected]
* February 2026: Gather community feedback
* March 2026: Formal PMC vote on support policy
h3. Phase 2: Official End-of-Life (Q2 2026)
* April 1, 2026: Official EOL date for 1.14.x and older
* May 2026: Update website with version support matrix
* Ongoing: Direct all users to 1.15.2 or 2.0.0
h3. Phase 3: Repository Cleanup (Q3 2026)
* July 2026: Archive 1.14.x and older release branches
* August 2026: Remove 1.14.x from CI/CD pipelines
* September 2026: Update documentation to reflect supported versions
----
h2. Migration Path
h3. For 1.14.x Users
h4. Step 1: Upgrade to 1.15.2 (Intermediate)
* Maintains {{javax.*}} namespace (no Jakarta migration required)
* Supports Java 11/17
* Contains all critical security fixes
* Minimal breaking changes from 1.14.x
* Estimated effort: 1-2 weeks
h4. Step 2: Upgrade to 2.0.0 (Target)
* Jakarta EE 10 alignment
* Java 17 LTS support (until 2029)
* Modern Spring Framework 6.x
* Estimated effort: 2-4 weeks
h4. Upgrade Paths
* 1.14.x to 1.15.2 (transitional, Java 11/17)
* 1.15.2 to LTS support
----
h2. Acceptance Criteria
h3. 1. Community Consensus
* Proposal discussed on [email protected]
* Feedback period completed (February 28, 2026)
* PMC vote conducted and passed
* Vote results published
h3. 2. Documentation Updates
* Version support matrix created and published
* Migration guide: 1.14.x to 1.15.2
* Migration guide: 1.15.x to 2.0.0
* EOL announcement published on website
* Download page updated with EOL warnings
h3. 3. Communication
* EOL announcement sent to [email protected]
* EOL announcement sent to [email protected]
* Social media announcement
* Release notes updated for 1.15.x and 2.0.x
h3. 4. Repository Changes
* 1.14.x branch marked as EOL in README
* CI/CD pipelines updated to remove 1.14.x builds
* Release branches archived appropriately
* JIRA versions marked as EOL
h3. 5. Support Resources
* Migration tools/scripts published (if available)
* FAQ document created for common migration questions
----
h2. Impact Assessment
h3. Users Affected
* Users on Apache Geode 1.14.4 (released March 2022)
* Users on Apache Geode 1.13.x, 1.12.x, and earlier
* Organizations with Java 8 dependencies
* Applications using Spring Framework 4.x
h3. Risk Mitigation
* 6 months notice period (January - July 2026)
* Clear migration path through 1.15.2
* Comprehensive migration documentation
* Community support during transition
* Commercial vendors can provide extended support if needed
h3. Benefits
* Enhanced security posture (no exposure to 16+ CVEs)
* Reduced maintenance burden on PMC/committers
* Faster release cycles and innovation
* Clear version support policy
* Commercial vendors can provide extended support if needed
----
h2. Related Links
h3. Mailing List Discussion
* Thread: [DISCUSS] Proposal to End Support for Apache Geode 1.14.x and Older
(GEODE-10553)
* URL: [https://lists.apache.org/thread/r7dmp9dor9ndrt28bwovbbx9byv5cjp1]
h3. Documentation
* [Release
Notes|https://cwiki.apache.org/confluence/display/GEODE/Release+Notes]
* [Security
Vulnerabilities|https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-SecurityVulnerabilities]
* [Apache Geode Releases|https://geode.apache.org/releases/]
h3. Reference Documents
* [Java SE Support
Roadmap|https://www.oracle.com/java/technologies/java-se-support-roadmap.html]
* [Jakarta EE Specifications|https://jakarta.ee/]
----
h2. Comments / Discussion
To be added from mailing list discussion thread.
*Feedback Deadline:* February 28, 2026
h3. Discussion Questions
# Are there known user populations significantly impacted?
# Concerns with limiting support to 2.0.x and 1.15.x?
# Is this reasonable and well-timed?
# Additional mitigations needed?
# Community position: Support / Oppose / Abstain
----
was:
h2. Summary
End active support for Apache Geode 1.14.x and all earlier release lines,
maintaining only 2.0.x and 1.15.x
----
h2. Description
This issue tracks the formal deprecation and end-of-life (EOL) designation for
Apache Geode versions 1.14.x and all earlier release lines.
h3. Proposal
The Apache Geode project should:
# End active support for Apache Geode 1.14.x and all earlier release lines
# Continue active support for only:
** Apache Geode 2.0.x (current major release line)
** Apache Geode 1.15.x (latest and final 1.x release line)
Under this proposal, 1.14.x and older versions would be formally designated
End-of-Life (EOL) and would no longer receive bug fixes, security fixes, or
backports from the project.
h3. Rationale
h4. 1. Security Vulnerabilities
* CVEs in 1.14.x and older versions with no remediation path
* Risks: Remote code execution, authentication bypass, data leakage, DoS
attacks
h4. 2. End-of-Life Dependencies
* Java 8 EOL (September 2022) - no public security patches
* Spring Framework 4.x EOL (2020)
* Outdated Apache HttpComponents 4.x
* Legacy Jetty 9.4.x prior to Jakarta EE migration
h4. 3. Jakarta EE 10 Migration
* 2.0.x requires Jakarta EE 10 ({{{}javax{}}} *to {{jakarta}}* namespace)
* Industry-wide ecosystem migration to Jakarta EE
* 1.14.x represents dead-end technology stack
h4. 4. Maintenance Burden
* 1.14.x: No updates in 3+ years (last release March 2022)
* Currently supporting 5+ active version lines (unsustainable)
* Limited volunteer resources spread across outdated branches
h4. 5. Industry Alignment
* Apache Kafka: Supports 2 versions (3.x and 2.8.x)
* Apache Cassandra: Supports 2 versions (5.0.x and 4.1.x)
* Apache Tomcat: Supports 2-3 versions (11.x, 10.1.x, limited 9.x)
* Standard practice: N-1 support (current + previous major)
----
h2. Proposed Timeline
h3. Phase 1: Community Feedback (Q1 2026)
* January 2026: Publish proposal to [email protected]
* February 2026: Gather community feedback
* March 2026: Formal PMC vote on support policy
h3. Phase 2: Official End-of-Life (Q2 2026)
* April 1, 2026: Official EOL date for 1.14.x and older
* May 2026: Update website with version support matrix
* Ongoing: Direct all users to 1.15.2 or 2.0.0
h3. Phase 3: Repository Cleanup (Q3 2026)
* July 2026: Archive 1.14.x and older release branches
* August 2026: Remove 1.14.x from CI/CD pipelines
* September 2026: Update documentation to reflect supported versions
----
h2. Migration Path
h3. For 1.14.x Users
h4. Step 1: Upgrade to 1.15.2 (Intermediate)
* Maintains {{javax.*}} namespace (no Jakarta migration required)
* Supports Java 11/17
* Contains all critical security fixes
* Minimal breaking changes from 1.14.x
* Estimated effort: 1-2 weeks
h4. Step 2: Upgrade to 2.0.0 (Target)
* Jakarta EE 10 alignment
* Java 17 LTS support (until 2029)
* Modern Spring Framework 6.x
* Estimated effort: 2-4 weeks
h4. Upgrade Paths
* 1.14.x to 1.15.2 (transitional, Java 11/17)
* 1.15.2 to LTS support
----
h2. Acceptance Criteria
h3. 1. Community Consensus
* Proposal discussed on [email protected]
* Feedback period completed (February 28, 2026)
* PMC vote conducted and passed
* Vote results published
h3. 2. Documentation Updates
* Version support matrix created and published
* Migration guide: 1.14.x to 1.15.2
* Migration guide: 1.15.x to 2.0.0
* EOL announcement published on website
* Download page updated with EOL warnings
h3. 3. Communication
* EOL announcement sent to [email protected]
* EOL announcement sent to [email protected]
* Social media announcement
* Release notes updated for 1.15.x and 2.0.x
h3. 4. Repository Changes
* 1.14.x branch marked as EOL in README
* CI/CD pipelines updated to remove 1.14.x builds
* Release branches archived appropriately
* JIRA versions marked as EOL
h3. 5. Support Resources
* Migration tools/scripts published (if available)
* FAQ document created for common migration questions
----
h2. Impact Assessment
h3. Users Affected
* Users on Apache Geode 1.14.4 (released March 2022)
* Users on Apache Geode 1.13.x, 1.12.x, and earlier
* Organizations with Java 8 dependencies
* Applications using Spring Framework 4.x
h3. Risk Mitigation
* 6 months notice period (January - July 2026)
* Clear migration path through 1.15.2
* Comprehensive migration documentation
* Community support during transition
* Commercial vendors can provide extended support if needed
h3. Benefits
* Enhanced security posture (no exposure to 16+ CVEs)
* Reduced maintenance burden on PMC/committers
* Faster release cycles and innovation
* Clear version support policy
* Commercial vendors can provide extended support if needed
----
h2. Related Links
h3. Mailing List Discussion
* Thread: [DISCUSS] Consolidate Apache Geode Version Support to 1.15.x and
2.0.x
* URL: [https://lists.apache.org/thread/r7dmp9dor9ndrt28bwovbbx9byv5cjp1]
h3. Documentation
* [Release
Notes|https://cwiki.apache.org/confluence/display/GEODE/Release+Notes]
* [Security
Vulnerabilities|https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-SecurityVulnerabilities]
* [Apache Geode Releases|https://geode.apache.org/releases/]
h3. Reference Documents
* [Java SE Support
Roadmap|https://www.oracle.com/java/technologies/java-se-support-roadmap.html]
* [Jakarta EE Specifications|https://jakarta.ee/]
----
h2. Comments / Discussion
To be added from mailing list discussion thread.
*Feedback Deadline:* February 28, 2026
h3. Discussion Questions
# Are there known user populations significantly impacted?
# Concerns with limiting support to 2.0.x and 1.15.x?
# Is this reasonable and well-timed?
# Additional mitigations needed?
# Community position: Support / Oppose / Abstain
----
> Version Support Policy - End Support for Apache Geode 1.14.x and Earlier
> Versions
> ---------------------------------------------------------------------------------
>
> Key: GEODE-10553
> URL: https://issues.apache.org/jira/browse/GEODE-10553
> Project: Geode
> Issue Type: Improvement
> Components: docs
> Reporter: Jinwoo Hwang
> Assignee: Jinwoo Hwang
> Priority: Major
>
> h2. Summary
> End active support for Apache Geode 1.14.x and all earlier release lines,
> maintaining only 2.0.x and 1.15.x
> ----
> h2. Description
> This issue tracks the formal deprecation and end-of-life (EOL) designation
> for Apache Geode versions 1.14.x and all earlier release lines.
> h3. Proposal
> The Apache Geode project should:
> # End active support for Apache Geode 1.14.x and all earlier release lines
> # Continue active support for only:
> ** Apache Geode 2.0.x (current major release line)
> ** Apache Geode 1.15.x (latest and final 1.x release line)
> Under this proposal, 1.14.x and older versions would be formally designated
> End-of-Life (EOL) and would no longer receive bug fixes, security fixes, or
> backports from the project.
> h3. Rationale
> h4. 1. Security Vulnerabilities
> * CVEs in 1.14.x and older versions with no remediation path
> * Risks: Remote code execution, authentication bypass, data leakage, DoS
> attacks
> h4. 2. End-of-Life Dependencies
> * Java 8 EOL (September 2022) - no public security patches
> * Spring Framework 4.x EOL (2020)
> * Outdated Apache HttpComponents 4.x
> * Legacy Jetty 9.4.x prior to Jakarta EE migration
> h4. 3. Jakarta EE 10 Migration
> * 2.0.x requires Jakarta EE 10 ({{{}javax{}}} *to {{jakarta}}* namespace)
> * Industry-wide ecosystem migration to Jakarta EE
> * 1.14.x represents dead-end technology stack
> h4. 4. Maintenance Burden
> * 1.14.x: No updates in 3+ years (last release March 2022)
> * Currently supporting 5+ active version lines (unsustainable)
> * Limited volunteer resources spread across outdated branches
> h4. 5. Industry Alignment
> * Apache Kafka: Supports 2 versions (3.x and 2.8.x)
> * Apache Cassandra: Supports 2 versions (5.0.x and 4.1.x)
> * Apache Tomcat: Supports 2-3 versions (11.x, 10.1.x, limited 9.x)
> * Standard practice: N-1 support (current + previous major)
> ----
> h2. Proposed Timeline
> h3. Phase 1: Community Feedback (Q1 2026)
> * January 2026: Publish proposal to [email protected]
> * February 2026: Gather community feedback
> * March 2026: Formal PMC vote on support policy
> h3. Phase 2: Official End-of-Life (Q2 2026)
> * April 1, 2026: Official EOL date for 1.14.x and older
> * May 2026: Update website with version support matrix
> * Ongoing: Direct all users to 1.15.2 or 2.0.0
> h3. Phase 3: Repository Cleanup (Q3 2026)
> * July 2026: Archive 1.14.x and older release branches
> * August 2026: Remove 1.14.x from CI/CD pipelines
> * September 2026: Update documentation to reflect supported versions
> ----
> h2. Migration Path
> h3. For 1.14.x Users
> h4. Step 1: Upgrade to 1.15.2 (Intermediate)
> * Maintains {{javax.*}} namespace (no Jakarta migration required)
> * Supports Java 11/17
> * Contains all critical security fixes
> * Minimal breaking changes from 1.14.x
> * Estimated effort: 1-2 weeks
> h4. Step 2: Upgrade to 2.0.0 (Target)
> * Jakarta EE 10 alignment
> * Java 17 LTS support (until 2029)
> * Modern Spring Framework 6.x
> * Estimated effort: 2-4 weeks
> h4. Upgrade Paths
> * 1.14.x to 1.15.2 (transitional, Java 11/17)
> * 1.15.2 to LTS support
> ----
> h2. Acceptance Criteria
> h3. 1. Community Consensus
> * Proposal discussed on [email protected]
> * Feedback period completed (February 28, 2026)
> * PMC vote conducted and passed
> * Vote results published
> h3. 2. Documentation Updates
> * Version support matrix created and published
> * Migration guide: 1.14.x to 1.15.2
> * Migration guide: 1.15.x to 2.0.0
> * EOL announcement published on website
> * Download page updated with EOL warnings
> h3. 3. Communication
> * EOL announcement sent to [email protected]
> * EOL announcement sent to [email protected]
> * Social media announcement
> * Release notes updated for 1.15.x and 2.0.x
> h3. 4. Repository Changes
> * 1.14.x branch marked as EOL in README
> * CI/CD pipelines updated to remove 1.14.x builds
> * Release branches archived appropriately
> * JIRA versions marked as EOL
> h3. 5. Support Resources
> * Migration tools/scripts published (if available)
> * FAQ document created for common migration questions
> ----
> h2. Impact Assessment
> h3. Users Affected
> * Users on Apache Geode 1.14.4 (released March 2022)
> * Users on Apache Geode 1.13.x, 1.12.x, and earlier
> * Organizations with Java 8 dependencies
> * Applications using Spring Framework 4.x
> h3. Risk Mitigation
> * 6 months notice period (January - July 2026)
> * Clear migration path through 1.15.2
> * Comprehensive migration documentation
> * Community support during transition
> * Commercial vendors can provide extended support if needed
> h3. Benefits
> * Enhanced security posture (no exposure to 16+ CVEs)
> * Reduced maintenance burden on PMC/committers
> * Faster release cycles and innovation
> * Clear version support policy
> * Commercial vendors can provide extended support if needed
> ----
> h2. Related Links
> h3. Mailing List Discussion
> * Thread: [DISCUSS] Proposal to End Support for Apache Geode 1.14.x and
> Older (GEODE-10553)
> * URL: [https://lists.apache.org/thread/r7dmp9dor9ndrt28bwovbbx9byv5cjp1]
> h3. Documentation
> * [Release
> Notes|https://cwiki.apache.org/confluence/display/GEODE/Release+Notes]
> * [Security
> Vulnerabilities|https://cwiki.apache.org/confluence/display/GEODE/Release+Notes#ReleaseNotes-SecurityVulnerabilities]
> * [Apache Geode Releases|https://geode.apache.org/releases/]
> h3. Reference Documents
> * [Java SE Support
> Roadmap|https://www.oracle.com/java/technologies/java-se-support-roadmap.html]
> * [Jakarta EE Specifications|https://jakarta.ee/]
> ----
> h2. Comments / Discussion
> To be added from mailing list discussion thread.
> *Feedback Deadline:* February 28, 2026
> h3. Discussion Questions
> # Are there known user populations significantly impacted?
> # Concerns with limiting support to 2.0.x and 1.15.x?
> # Is this reasonable and well-timed?
> # Additional mitigations needed?
> # Community position: Support / Oppose / Abstain
> ----
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
