Hi Jinwoo, Here is the current list after updating to 1.15.2 and using just the base required geode dependencies:
Filename: commons-lang3-3.12.0.jar | Highest CVSS Score: 5.3 | Amount of CVSS: 1 | References: CVE-2025-48924 (5.3) Filename: jgroups-3.6.20.Final.jar | Highest CVSS Score: 9.8 | Amount of CVSS: 1 | References: CVE-2016-2141 (9.8) Filename: spring-core-5.3.20.jar | Highest CVSS Score: 8.7 | Amount of CVSS: 8 | References: CVE-2025-41249 (8.7) CVE-2025-41242 (8.2) CVE-2024-22259 (8.1) CVE-2023-20860 (7.5) CVE-2023-20861 (6.5) CVE-2023-20863 (6.5) CVE-2024-38820 (5.3) CVE-2024-38808 (4.3) Filename: spring-web-5.3.20.jar | Highest CVSS Score: 9.8 | Amount of CVSS: 13 | References: CVE-2016-1000027 (9.8) CVE-2024-38809 (8.7) CVE-2025-41249 (8.7) CVE-2024-22243 (8.1) CVE-2024-22262 (8.1) CVE-2024-22259 (8.1) CVE-2023-20860 (7.5) CVE-2025-41234 (7.4) CVE-2024-38828 (6.9) CVE-2023-20861 (6.5) CVE-2023-20863 (6.5) CVE-2024-38820 (5.3) CVE-2024-38808 (4.3) Filename: commons-beanutils-1.9.4.jar | Highest CVSS Score: 8.8 | Amount of CVSS: 1 | References: CVE-2025-48734 (8.8) On Wed, Sep 17, 2025 at 6:31 PM Jinwoo Hwang <[email protected]> wrote: > Hi Leon, > > Thank you for highlighting the importance of maintaining a clean security > posture across our dependencies. I completely understand the concern > regarding flagged CVEs, especially in the context of client audits and > internal security assessments via tools like Sonar. > > I agree that periodic updates to dependencies, including Geode, are > essential to ensure vulnerabilities are addressed proactively. I’ll > coordinate to prioritize this effort and explore a sustainable cadence for > reviewing and updating flagged components. > > Let’s work together to establish a periodic review and update cycle for > Geode and its dependencies. If there are particular CVEs or components > you’re seeing flagged more frequently, feel free to send them over so we > can prioritize accordingly. > > > Best regards, > > Jinwoo Hwang (he/him/his) > > > > SAS® Research and Development > > http://JinwooHwang.com<http://jinwoohwang.com/> > > > > From: Leon Finker <[email protected]> > Date: Wednesday, September 17, 2025 at 6:20 PM > To: [email protected] <[email protected]> > Subject: Re: Proposal to Revisit PMC Voting Threshold for Apache Geode > Releases > > EXTERNAL > > In our case we want CVEs fixed as much as possible across our dependencies > to have a clean grade on security analysis by sonar/etc. This can be > either for company security stance and/or security audits by clients. It’s > not manageable if geode dependency shows many of its dependencies flagged > with various CVEs. So a periodic update in this area is required. > > On Wed, Sep 17, 2025 at 7:46 AM Jinwoo Hwang <[email protected] > > > wrote: > > > Hi Arnout, > > > > Thank you for your thoughtful and constructive feedback. I sincerely > > apologize for the oversight in cross-posting between dev@ and private@ > > lists. I understand the importance of maintaining clear boundaries > between > > public and private communications, especially when sensitive topics like > > security are involved. I’ll be more careful moving forward. > > > > I also want to acknowledge that my limited experience with some of these > > processes may have caused concern or alarm. I appreciate your patience > and > > the clarity you've provided—it’s been very helpful in deepening my > > understanding. > > > > Regarding the '3 votes' threshold, I agree it’s important to adhere to > the > > Apache Release Policy. Your point about leveraging current momentum to > > re-engage existing PMC members and onboard new ones is encouraging. I > share > > your optimism and believe Geode is indeed on a promising path. > > > > On PMC activity, I’ve also noticed signs of engagement from members who > > may not be visible on dev@, so your observation about Leon’s assessment > > possibly being a bit conservative makes sense. > > > > As for the dependency advisories, I appreciate your clarification that > > none have been confirmed to directly impact Geode. While urgency may be > > debatable, I do think the release is a positive step forward and reflects > > renewed commitment. > > > > Your note on the voting window is also helpful. I agree that while quick > > closure supports momentum, flexibility in timing is built into the > process > > and can be accommodated when needed. > > > > Thanks again for your insights and support. I look forward to continued > > collaboration and learning. > > > > > > Best regards, > > > > Jinwoo Hwang (he/him/his) > > > > > > > > SAS® Research and Development > > > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect.checkpoint.com%2Fv2%2Fr01%2F___http%3A%2F%2FJinwooHwang.com___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86OTAxMmQ1OTVkNjhkYWJlNDFhMjI4OGExMDFmNzg4MmY6NzpjODI4OjY3ZWRlYmY5MzIzZTE5MGM5ZmFlZGI0ZDljMWIyZDk4MTZjNDJiNGY2ZmQxYjQ5OWU0MTQ1Y2VmZDYyZjU0ZjY6cDpUOk4&data=05%7C02%7CJinwoo.Hwang%40sas.com%7C73de7d6c8a0a41a00b1e08ddf63860fb%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C638937444248870871%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=OovvXn7jUZ75LFqNTrwiGunbS4cwnd9%2FUpc7oVtGClY%3D&reserved=0 > < > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect.checkpoint.com%2Fv2%2Fr01%2F___http%3A%2F%2Fjinwoohwang.com%2F___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86OTAxMmQ1OTVkNjhkYWJlNDFhMjI4OGExMDFmNzg4MmY6NzozYmE3OmVkNTdkMjhlY2E4NzY1NGM5NDRhZWM5YjYwZjdkMzE4ODFjMWYyZTc3YmRlZGU5ZWFmMGEwMDMwNDJhYjA3ZTU6cDpUOk4&data=05%7C02%7CJinwoo.Hwang%40sas.com%7C73de7d6c8a0a41a00b1e08ddf63860fb%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C638937444248880950%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=sZhVWlb7vr%2BbLGp4WZOpzs6iZ69d5H%2FRTPUpMdDRPmQ%3D&reserved=0 > >< > https://protect.checkpoint.com/v2/r01/___http://JinwooHwang.com___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86OTAxMmQ1OTVkNjhkYWJlNDFhMjI4OGExMDFmNzg4MmY6NzpjODI4OjY3ZWRlYmY5MzIzZTE5MGM5ZmFlZGI0ZDljMWIyZDk4MTZjNDJiNGY2ZmQxYjQ5OWU0MTQ1Y2VmZDYyZjU0ZjY6cDpUOk4 > > > > > > > > > > From: Arnout Engelen <[email protected]> > > Date: Wednesday, September 17, 2025 at 7:29 AM > > To: [email protected] <[email protected]> > > Subject: Re: Proposal to Revisit PMC Voting Threshold for Apache Geode > > Releases > > > > EXTERNAL > > > > Hi, > > > > Note this thread spans both dev@ (a public list) and private@ (a private > > list). We usually try not to do that, to avoid accidentally leaking > > information from the private to the public sphere (see also for example > > > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect.checkpoint.com%2Fv2%2Fr01%2F___https%3A%2F%2Fincubator.apache.org%2Fguides%2Fcommitter.html___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6Nzo2MmNiOjY0Yzk3ZGZkMTg2ZTJiOGY5OWI4MzQwYmE3YTI0NWEzMDZlZTA1NzkwMDcxMzQ1ZjU3Yzc0YjJiZWFhZTQwMzI6cDpUOk4&data=05%7C02%7CJinwoo.Hwang%40sas.com%7C73de7d6c8a0a41a00b1e08ddf63860fb%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C638937444248887255%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=WBTdMWBSu0lSW0wyiTYUtfHljzbJwKgnjXzaJj%2FjJCQ%3D&reserved=0 > < > https://protect.checkpoint.com/v2/r01/___https://incubator.apache.org/guides/committer.html___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6Nzo2MmNiOjY0Yzk3ZGZkMTg2ZTJiOGY5OWI4MzQwYmE3YTI0NWEzMDZlZTA1NzkwMDcxMzQ1ZjU3Yzc0YjJiZWFhZTQwMzI6cDpUOk4 > > > > )< > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect.checkpoint.com%2Fv2%2Fr01%2F___https%3A%2F%2Fincubator.apache.org%2Fguides%2Fcommitter.html___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6Nzo2MmNiOjY0Yzk3ZGZkMTg2ZTJiOGY5OWI4MzQwYmE3YTI0NWEzMDZlZTA1NzkwMDcxMzQ1ZjU3Yzc0YjJiZWFhZTQwMzI6cDpUOk4&data=05%7C02%7CJinwoo.Hwang%40sas.com%7C73de7d6c8a0a41a00b1e08ddf63860fb%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C638937444248893234%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=Ok%2BI1u41Xlc769vG2OhPXEOfG7mnXqTiJAsqMhbPH2o%3D&reserved=0 > >< > https://protect.checkpoint.com/v2/r01/___https://incubator.apache.org/guides/committer.html___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6Nzo2MmNiOjY0Yzk3ZGZkMTg2ZTJiOGY5OWI4MzQwYmE3YTI0NWEzMDZlZTA1NzkwMDcxMzQ1ZjU3Yzc0YjJiZWFhZTQwMzI6cDpUOk4 > >. > > For this > > particular thread I suppose that risk is not so big, but let's be careful > > especially when discussing security impact. More comments inline: > > > > On Wed, Sep 17, 2025 at 1:56 AM Jinwoo Hwang <[email protected]> wrote: > > > > > As it stands, the policy requires *three binding +1 votes* from PMC > > members > > > to finalize a release. While this standard has served us well > > historically, > > > it may no longer reflect the current reality of our project’s active > > > participation. In 2023, it was noted that although the PMC officially > > lists > > > 31 members, fewer than 10 were actively engaged. As Leon recently > pointed > > > out, based on current email activity, it appears that *only three PMC > > > members* are actively participating—suggesting that the actual number > of > > > engaged PMC members may now be just three. > > > > > > This makes reaching quorum increasingly difficult—even when the broader > > > community is contributing actively and consistently. The current > release > > > effort, which includes over 20 commits and four release candidates, is > a > > > clear example of this challenge. Despite strong momentum, we are at > risk > > of > > > stalling due to procedural thresholds that no longer match our > > operational > > > scale. > > > > > > > I'd like to note that my understanding is that the 'voting window' is a > 'no > > closing the vote before', but not a 'the vote must close at' - so even if > > the vote would be delayed that is not necessarily a dealbreaker. I agree > > it's better for momentum if the vote can close quickly, of course ;) . > > > > > > > More importantly, this release remediates *critical security > > > vulnerabilities* that directly impact the reliability and safety of > > Apache > > > Geode deployments. These include: > > > > > > - *CVE-2023-40167*: Request smuggling via '+' in Content-Length > > > - *CVE-2023-22602*: Spring Boot pattern mismatch auth bypass > > > - *CVE-2023-34478*: Path traversal routing bypass > > > - *CVE-2023-46750*: Form auth open redirect > > > - *CVE-2024-8184*: DoS via memory exhaustion > > > - *CVE-2024-13009*: Gzip buffer mismanagement causing cross-request > > data > > > leakage > > > - *CVE-2023-26049*: Cookie smuggling > > > - *CVE-2023-26048*: Multipart request DoS > > > - *CVE-2022-42004 & CVE-2022-42003*: Deep nested array DoS > > > vulnerabilities > > > - *CVE-2020-36518*: Stack overflow vulnerability > > > - *CVE-2022-40664*: Authentication bypass via RequestDispatcher > > > - *CVE-2022-32532*: RegexRequestMatcher misconfiguration > > > - *CVE-2023-46749*: Path traversal leading to auth bypass > > > - *CVE-2024-36124*: JVM crash risk enabling DoS > > > - *CVE-2025-48734*: Improper access control via Java enum > ClassLoader > > > exposure > > > > > > Delaying this release not only risks losing community momentum—it also > > > prolongs exposure to known vulnerabilities that have already been > > > addressed. > > > > > > > While I agree these advisories for dependencies represent some risk, I > want > > to note that AFAIK none of those have been confirmed to actually impact > > Geode. A release may also fix undisclosed vulnerabilities, but frankly > > given the previous release AFAICS was in 2022 it's hard to argue > particular > > urgency. Still, I'm thrilled the release is proceeding! > > > > > > > Given this, I propose we revisit the voting threshold to better reflect > > the > > > actual number of active PMC members. If the original intent of > requiring > > > three votes was to represent roughly 10% of the full PMC, then applying > > > that same ratio to the currently active group would suggest a threshold > > of > > > *one > > > binding vote*. > > > > > > This adjustment would: > > > > > > - Align our process with the current scale of active participation > > > - Prevent valuable contributions and security fixes from being > blocked > > > due to quorum issues > > > - Encourage continued engagement by reducing procedural bottlenecks > > > > > > I recognize this is a significant change and welcome discussion on how > > best > > > to approach it—whether through a formal vote, a temporary adjustment, > or > > a > > > broader review of our governance practices. > > > > > > Thank you for your continued dedication to Apache Geode. I look forward > > to > > > hearing your thoughts. > > > > > > The '3 votes' threshold comes from the Apache Release Policy ( > > > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect.checkpoint.com%2Fv2%2Fr01%2F___https%3A%2F%2Fwww.apache.org%2Flegal%2Frelease-policy.html___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6NzozYjA3OjU5NzNkYTRhMTYxNzNlYThiYTkzNWFiZmM4MGFkY2M0MTBmYmU2OThiNDVhMGNkZTljOGNiZGQ0MDFiMmJkYjU6cDpUOk4&data=05%7C02%7CJinwoo.Hwang%40sas.com%7C73de7d6c8a0a41a00b1e08ddf63860fb%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C638937444248899167%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=jySqJkby44R2UbV5yWCiKOUX7hu7Ym4q3fTmLYCougU%3D&reserved=0 > < > https://protect.checkpoint.com/v2/r01/___https://www.apache.org/legal/release-policy.html___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6NzozYjA3OjU5NzNkYTRhMTYxNzNlYThiYTkzNWFiZmM4MGFkY2M0MTBmYmU2OThiNDVhMGNkZTljOGNiZGQ0MDFiMmJkYjU6cDpUOk4 > > > > )< > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect.checkpoint.com%2Fv2%2Fr01%2F___https%3A%2F%2Fwww.apache.org%2Flegal%2Frelease-policy.html___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6NzozYjA3OjU5NzNkYTRhMTYxNzNlYThiYTkzNWFiZmM4MGFkY2M0MTBmYmU2OThiNDVhMGNkZTljOGNiZGQ0MDFiMmJkYjU6cDpUOk4&data=05%7C02%7CJinwoo.Hwang%40sas.com%7C73de7d6c8a0a41a00b1e08ddf63860fb%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C638937444248905441%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=%2FQZpFUG0xffRhUMIL%2Bed7wfTrwHP6ACpFOiAthvozS0%3D&reserved=0 > >< > https://protect.checkpoint.com/v2/r01/___https://www.apache.org/legal/release-policy.html___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6NzozYjA3OjU5NzNkYTRhMTYxNzNlYThiYTkzNWFiZmM4MGFkY2M0MTBmYmU2OThiNDVhMGNkZTljOGNiZGQ0MDFiMmJkYjU6cDpUOk4 > >. > > If a project has > > insufficient active PMC members to make that quorum, it should consider > > retiring. Indeed Geode has been at the brink of retirement, but I agree > it > > is now on a good trajectory back to health. I think Leon's assessment of > > the number of active PMCs may be a bit pessimistic, as I've seen a few > > other PMC members be active as well (though that may have been on the > > private list, I haven't checked). > > > > Instead of dropping the threshold, I'm optimistic we can use the current > > momentum both to encourage existing PMC members to become/remain active, > > but also to work towards onboarding new PMC members. > > > > > > Kind regards, > > > > Arnout > > > > > > > On Tue, Sep 16, 2025 at 6:22 PM Jinwoo Hwang <[email protected]> > wrote: > > > > > > > Dear Apache Geode PMC Members, > > > > > > > > We are standing at the edge of a major milestone—and we need your > help > > to > > > > cross it. > > > > > > > > As of the original deadline, we are still two binding votes short of > > > > finalizing the release. > > > > In recognition of the tremendous effort poured into this by our > > > > contributors and reviewers, we are extending the vote by 24 hours. > > > > > > > > This release is the result of months of focused collaboration: > > > > > > > > - 20+ commits > > > > - 4 release candidates > > > > - Countless hours of testing, reviewing, and refining > > > > > > > > > > > > To let this moment pass without action would be to set aside the hard > > > work > > > > of those who have reignited momentum in our community. > > > > We owe it to them—and to the future of Apache Geode—to see this > > through. > > > > > > > > If you are a PMC member who has not yet voted, I urge you to take a > > > moment > > > > and cast your vote. > > > > Your participation is not just procedural—it is a statement of > support > > > for > > > > the community, for the contributors, and for the continued vitality > of > > > this > > > > project. > > > > > > > > Let’s not allow this opportunity to stall. Let’s finish what we > > > > started—together. > > > > If you have any questions or concerns, I’m available and happy to > > assist. > > > > > > > > With respect and appreciation, > > > > > > > > Jinwoo Hwang (he/him/his) > > > > > > > > SAS® Research and Development > > > > > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect.checkpoint.com%2Fv2%2Fr01%2F___http%3A%2F%2FJinwooHwang.com___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6Nzo3ZTVhOmFiZjUwYTVjNTAxOWExNjllNmY5NjZhZWJmMmMzZjkzNGQxZGY1N2Q4ZTUxZTAxMjVlMjM0YmMyZTMyODEyMzE6cDpUOk4&data=05%7C02%7CJinwoo.Hwang%40sas.com%7C73de7d6c8a0a41a00b1e08ddf63860fb%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C638937444248911384%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=nHO4hJu3DCQh76tRbXjG3NOwK5YvX26svHy5u6p4hRc%3D&reserved=0 > < > https://protect.checkpoint.com/v2/r01/___http://JinwooHwang.com___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6Nzo3ZTVhOmFiZjUwYTVjNTAxOWExNjllNmY5NjZhZWJmMmMzZjkzNGQxZGY1N2Q4ZTUxZTAxMjVlMjM0YmMyZTMyODEyMzE6cDpUOk4 > > > > < > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect.checkpoint.com%2Fv2%2Fr01%2F___http%3A%2F%2FJinwooHwang.com___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6Nzo3ZTVhOmFiZjUwYTVjNTAxOWExNjllNmY5NjZhZWJmMmMzZjkzNGQxZGY1N2Q4ZTUxZTAxMjVlMjM0YmMyZTMyODEyMzE6cDpUOk4&data=05%7C02%7CJinwoo.Hwang%40sas.com%7C73de7d6c8a0a41a00b1e08ddf63860fb%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C638937444248916995%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=5uiTmVBsA14Y5tmRZCwwtyIj6KIlw2UWa1smb4K2roc%3D&reserved=0 > < > https://protect.checkpoint.com/v2/r01/___http://JinwooHwang.com___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6Nzo3ZTVhOmFiZjUwYTVjNTAxOWExNjllNmY5NjZhZWJmMmMzZjkzNGQxZGY1N2Q4ZTUxZTAxMjVlMjM0YmMyZTMyODEyMzE6cDpUOk4 > > > > > > > > > > > > > ---------- Forwarded message --------- > > > > From: Jinwoo Hwang <[email protected]> > > > > Date: Tue, Sep 16, 2025 at 7:55 AM > > > > Subject: Project Management Committee Support Needed Today – Help > > > Finalize > > > > the Apache Geode Release > > > > To: <[email protected]> > > > > > > > > > > > > Dear Apache Geode Community and PMC members, > > > > > > > > > > > > It has been nearly three years since our last release on October 10, > > > 2022, > > > > and we are pleased to share that we are now on the verge of > delivering > > a > > > > long-awaited update. Over the past five months, we’ve made more than > 20 > > > > commits and produced four release candidates—a remarkable achievement > > > that > > > > reflects the renewed energy within our community. > > > > > > > > This progress would not have been possible without the dedication of > > many > > > > contributors and reviewers. We would like to extend our sincere > > > > appreciation to Arnout, Bryan, Calvin, Charlie, Kirk, Kishor, Leon, > and > > > > Niall for your generous support and active engagement. Your efforts > > have > > > > been instrumental in reigniting momentum and moving the project > > forward. > > > > > > > > As of this morning, we are just two PMC votes away from finalizing > the > > > > release. If you are a PMC member and have not yet voted, please > > consider > > > > doing so by 3 PM PST today. Your participation is essential to > > completing > > > > this milestone. > > > > > > > > More importantly, we kindly ask our PMC members to help maintain—and > > > > ideally accelerate—the momentum that the community has just > rekindled. > > > This > > > > is a pivotal moment for Apache Geode. While we’ve faced challenges > due > > to > > > > limited active committers and documentation that has struggled to > keep > > > pace > > > > with evolving tooling and workflows, your renewed involvement can be > a > > > > turning point. Active PMC engagement will not only help us close this > > > > release but also strengthen the foundation for future contributions > and > > > > collaboration. > > > > > > > > Please feel free to reach out to me if you have any concerns or > > feedback. > > > > I’d be happy to discuss and support in any way I can. > > > > > > > > Let’s take this final step together and build on the collective > effort > > > > that has brought us here. > > > > > > > > With appreciation and respect, > > > > Jinwoo Hwang (he/him/his) > > > > > > > > > > > > SAS® Research and Development > > > > > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect.checkpoint.com%2Fv2%2Fr01%2F___http%3A%2F%2FJinwooHwang.com___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6Nzo2OTNkOmQ2OTIxNWI0NTNlMmYxZTU5ZTJkY2E0NTE5MjBlZjM0MTIzZGNmMjBmMmYzNmYyYTBjYWZjNzE4MGRkMGY5YjY6cDpUOk4&data=05%7C02%7CJinwoo.Hwang%40sas.com%7C73de7d6c8a0a41a00b1e08ddf63860fb%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C638937444248923272%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=bWylZfX1GL%2Bf7IpmgVFFhK08lnGvXFkSe934vrqk%2BIw%3D&reserved=0 > < > https://protect.checkpoint.com/v2/r01/___http://JinwooHwang.com___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6Nzo2OTNkOmQ2OTIxNWI0NTNlMmYxZTU5ZTJkY2E0NTE5MjBlZjM0MTIzZGNmMjBmMmYzNmYyYTBjYWZjNzE4MGRkMGY5YjY6cDpUOk4 > > > > < > > > https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fprotect.checkpoint.com%2Fv2%2Fr01%2F___http%3A%2F%2FJinwooHwang.com___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6Nzo2OTNkOmQ2OTIxNWI0NTNlMmYxZTU5ZTJkY2E0NTE5MjBlZjM0MTIzZGNmMjBmMmYzNmYyYTBjYWZjNzE4MGRkMGY5YjY6cDpUOk4&data=05%7C02%7CJinwoo.Hwang%40sas.com%7C73de7d6c8a0a41a00b1e08ddf63860fb%7Cb1c14d5c362545b3a4309552373a0c2f%7C0%7C0%7C638937444248929348%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=YtA332mHHfHOxO7zc2X160Si6idZyqCNiEfBeGqaYPU%3D&reserved=0 > < > https://protect.checkpoint.com/v2/r01/___http://JinwooHwang.com___.YzJ1OnNhc2luc3RpdHV0ZTpjOm86NDEwMTEzNmY2ZmE1NjhmNTNlNzA5NWRlYTBmOTJlMWY6Nzo2OTNkOmQ2OTIxNWI0NTNlMmYxZTU5ZTJkY2E0NTE5MjBlZjM0MTIzZGNmMjBmMmYzNmYyYTBjYWZjNzE4MGRkMGY5YjY6cDpUOk4 > > > > > > > > > > > > > > > > > > -- > > Arnout Engelen > > ASF Security Response > > Apache Pekko PMC member, ASF Member > > NixOS Committer > > Independent Open Source consultant > > >
