Attendees: Next meeting:
Agenda: 0. db-jdo-3.2.1 RCE See Email from the Apache Security Team "db-jdo-3.2.1 RCE" May 15 2025, sent to private.db.apache.org. We need a bit more time to research this item. Preliminary indications are that this is not a vulnerability of JDO. However, we can remove the ability of a user to use the JDOHelper to use JNDI RMI to avoid the specific case. AI Craig reply to the reporter. We will keep this on the agenda for next week. 1. JIRA JDO-851 "TCK fails result Variable tests" https://issues.apache.org/jira/browse/JDO-851 PR #105 https://github.com/apache/db-jdo/pull/105 2. JIRA JDO-846 "Check upgrade references from javax to jakarta" https://issues.apache.org/jira/browse/JDO-846 3. New JIRA JDO-848 "Remove dependency on org.springframework:spring-beans" https://issues.apache.org/jira/browse/JDO-848 PR #104 https://github.com/apache/db-jdo/pull/104 4. JIRA JDO-812 "Move to JDK 11 as the lowest supported version" https://issues.apache.org/jira/browse/JDO-812 5. SBOM Support: changes to the actual Apache Parent POM? 6. sonarcloud issues * JIRA JDO-819 "Code quality analysis" https://issues.apache.org/jira/browse/JDO-819 * JIRA JDO-823 "Fix sonarcloud issues of type Code Smells" https://issues.apache.org/jira/browse/JDO-823 * Sonarcloud link: https://sonarcloud.io/summary/overall?id=db-jdo * Cognitive Complexity of methods should not be too high: https://sonarcloud.io/project/issues?resolved=false&rules=java%3AS3776&severities=CRITICAL&types=CODE_SMELL&id=db-jdo * Raw types should not be used: https://sonarcloud.io/project/issues?resolved=false&rules=java%3AS3740&severities=MAJOR&id=db-jdo 7. Other issues Action Items from weeks past: [May 13 2025] AI Craig update the JIRA JDO-846 with discussion of implications of making the change. Discuss further when we take up JDO 3.3 release. [Jan 14 2025] AI Craig look into deprecating the use of the external libraries (Synchronization) and providing our own. [Nov 26 2024] AI Tilmann look into JDO-846. Also, what is the use for the Portable Remote Object interface (removed in JDK 11). [Nov 12 2024] AI Michael see if it makes sense to add Map.contains(Entry e) to the JDO API. This would be useful to have queries where e.g. the user is interested in finding all Employees where the phone number is of key "home" and value "+16508617767". [Nov 05 2024] AI Michael create a JIRA for containsEntry, include the current test case and we can continue from here. [Jul 13 2023] AI All Open a new JIRA for Android since having JNDI in the API disallows use with Android [Jun 08 2023] AI All make a JIRA: JDO support for Java Records https://openjdk.org/jeps/395 [Dec 09 2021] AI Craig: Try to contact all current/former participants in JDO development and see if and how they want to be recognized on the JDO and DB web sites.https://db.apache.org/whoweare.html [Oct 07 2021] AI Craig send a private message to all JSR-243 Expert Group members asking if they wish to continue. [Mar 25 2021] AI Craig: investigate "merging" papajdo and apache.clr accounts [Oct 17 2014] AI Matthew any updates for "Modify specification to address NoSQL datastores "https://issues.apache.org/jira/browse/JDO-651 Craig L Russell c...@apache.org
