Long time Geode user here. For Spring, the community is set to release Spring 7 in November 2025. It may make sense to skip Spring 6 and move directly to 7.
I know that updating Lucene was blocked in earlier Geode versions because of the need to maintain Java 8 compatibility. Unless someone in the community is willing to take on completing Lucene indexing, I’d recommend removing it entirely to simplify the codebase. The feature was never really finished. HOWEVER - One item that is cool about Lucene was the ability for nearest neighbor queries, so if we want to make Geode into a vector store I am pretty sure we can use that Lucene indexing feature. This would very much like how elastic search can support AI use cases. KNN indexing was introduced in Lucene 9 which requires JDK 11. My current usage of Geode just revolves around the core - gets, puts and listeners - I am not sure I would pick up finishing Lucene myself. Another candidate I would suggest for removal is off-heap memory. While it was an interesting feature, it’s difficult for operations teams to monitor effectively. With modern JVMs and pause-less garbage collectors like ZGC, its original purpose of making large heaps manageable under CMS GC is no longer relevant. Charlie On Fri, Sep 19, 2025 at 12:08 PM Jinwoo Hwang <[email protected]> wrote: > Hi Leon, > > You’ve raised a very valid concern, and I appreciate you taking the time > to review the pull request as well. > > Given the age of those libraries, we would probably need to move forward > with upgrading Jetty to 12 and Lucene to 9. It’s worth evaluating whether > those modules are still essential or if deprecation is the more sustainable > path. > > Thanks again for your thoughtful input. > > > Best regards, > > Jinwoo Hwang (he/him/his) > > > > SAS® Research and Development > > http://JinwooHwang.com<http://jinwoohwang.com/> > > > > From: Leon Finker <[email protected]> > Date: Friday, September 19, 2025 at 2:49 PM > To: [email protected] <[email protected]> > Subject: Re: [DISCUSS] Proposal for Apache Geode 2.0.0 – Call for > Community Input and Reviewers > > EXTERNAL > > Hi Jinwoo, > > Thanks to everyone for picking up the geode and moving forward! > > I want to mention a few other major libraries that are left behind on EOL > versions now: Jetty and Lucene (6 years old). Not sure if they are even > needed and maybe those modules should be deprecated if there is no interest > in maintaining them. > > On Fri, Sep 19, 2025 at 7:29 AM Jinwoo Hwang <[email protected]> wrote: > > > Dear Apache Geode Developer Community, > > > > Thank you for your continued support in delivering version 1.15.2. After > a > > three-year hiatus, this milestone reflects the resilience and > collaboration > > that define our community. Special appreciation to Niall for resolving > the > > SVN permission issue—the last mile to our finish line. > > Now that we are almost at the finish line, let’s not slow down—let’s > > accelerate. > > > > I would like to propose Apache Geode 2.0.0, a major modernization effort > > that positions the project for long-term sustainability, stronger > security, > > and better developer experience. Below is a draft roadmap of proposed > > upgrades—each representing a significant leap forward: > > > > > > > > *Proposed Upgrades for Apache Geode 2.0.0* > > *Upgrade Java Runtime from 1.8 to 17* > > > > - Addresses numerous known vulnerabilities reported since 2019. > > - Brings performance improvements and modern language features. > > - Aligns with long-term support (LTS) standards. > > > > *Upgrade Spring Framework to Version 6* > > > > - Resolves numerous CVEs that have been reported in prior versions. > > While we cannot confirm whether Apache Geode is directly affected, > > upgrading is a proactive step toward minimizing exposure. > > - Aligns with Java 17 and Jakarta EE 9. > > - Introduces cleaner APIs and reactive programming support. > > > > *Upgrade Spring Security to Version 6* > > > > - Addresses several high-severity vulnerabilities. Again, while we > > cannot confirm Geode’s exposure, upgrading ensures alignment with > > current > > security best practices. > > - Simplifies configuration with SecurityFilterChain. > > - Aligns with Jakarta EE 9 and modern security practices. > > - Offers a zero-known-vulnerability baseline in current releases. > > > > *Migrate from Java EE to Jakarta EE 9* > > > > - Required for Java 17+ compatibility. > > - Provides updated specifications and active community support. > > > > *Update Build Configuration for Java 17 Compatibility* > > > > - Upgrade Gradle Version 6 to 7.3.3 to Support Java 17 Tool Chain. > > - Enables consistent builds across environments. > > - Improves build performance and dependency resolution. > > - Aligns with modern standards and mitigates known risks. > > > > *Remediation of any undisclosed security vulnerabilities* > > > > > > These are not just technical upgrades—they are strategic investments in > the > > future of Apache Geode. They will help us stay relevant, secure, and > > performant in a rapidly evolving ecosystem. > > > > To make this vision a reality, we need your help. This release is already > > generating excitement—so much so that I’ve been personally contacted by > > individuals asking how they can contribute to the Geode community. That > > kind of energy is rare, and we’d be remiss not to harness it. > > > > We’re looking for: > > > > - Feedback to make this roadmap more comprehensive and aligned with > > community needs. > > - Volunteers to help review pull requests as we finalize these > changes. > > - Contributors interested in shaping the future of Apache Geode > through > > code, documentation, testing, and ideas. > > > > > > Whether you’re a long-time committer or a new contributor, your > > participation will be instrumental in making Apache Geode 2.0.0 a > reality. > > Let’s build the future of Geode, together—with clarity, purpose, and > > momentum. > > > > Best regards, > > Jinwoo Hwang (he/him/his) > > > > SAS® Research and Development > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect.checkpoint.com%2Fv2%2Fr01%2F___http%3A%2F%2FJinwooHwang.com___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86YzAzMjljOWVhOTkxMGJhN2U5YjcyODFkMDk5ZGJkZGQ6Nzo3N2M5OmYwYjgxYzIwNWUxZjM1NDFjNDZhZTk5YzhmZWMwMzZlN2ExODJjNmM4NjUwZWU2MTgzNDU5NDM2ZTAxYmQyMjE6cDpUOk4&data=05%7C02%7CJinwoo.Hwang%40sas.com%7C0dafc62c9539430974bd08ddf7ad3882%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C638939045554590951%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=iMq5UxqU5A%2BK0I6DrCsZ1BmlETgoru5mfG3L92gdKdg%3D&reserved=0 > < > https://protect.checkpoint.com/v2/r01/___http://JinwooHwang.com___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86YzAzMjljOWVhOTkxMGJhN2U5YjcyODFkMDk5ZGJkZGQ6Nzo3N2M5OmYwYjgxYzIwNWUxZjM1NDFjNDZhZTk5YzhmZWMwMzZlN2ExODJjNmM4NjUwZWU2MTgzNDU5NDM2ZTAxYmQyMjE6cDpUOk4 > > > > >
