Attendees: Tilmann Zäschke, Michael Bouschen, Craig Russell Next meeting: Tuesday 3 Jun 1100 PDT 2000 CEST
Agenda: 1. db-jdo-3.2.1 RCE See Email from the Apache Security Team "db-jdo-3.2.1 RCE" May 15 2025, sent to private.db.apache.org.\ Response was sent to the reporter. Basically the use of JNDI with RMI is a feature that might be useful, but with no known usages in the field. Waiting for the reporter to follow up before taking any action. 2. JIRA JDO-851 "TCK fails result Variable tests" https://issues.apache.org/jira/browse/JDO-851 PR #105 https://github.com/apache/db-jdo/pull/105 3. JIRA JDO-846 "Check upgrade references from javax to jakarta" https://issues.apache.org/jira/browse/JDO-846 Checking into this further, there would be implications for the JDO team to make any change, as well as the JDO Reference Implementation and user code. It does not seem to be worthwhile to make a change now. We will revisit this once there is some need (perhaps a Spring Beans dependency) to make a change. 4. New JIRA JDO-848 "Remove dependency on org.springframework:spring-beans" https://issues.apache.org/jira/browse/JDO-848 PR #104 https://github.com/apache/db-jdo/pull/104 5. JIRA JDO-812 "Move to JDK 11 as the lowest supported version" https://issues.apache.org/jira/browse/JDO-812 6. SBOM Support: changes to the actual Apache Parent POM? 7. sonarcloud issues * JIRA JDO-819 "Code quality analysis" https://issues.apache.org/jira/browse/JDO-819 * JIRA JDO-823 "Fix sonarcloud issues of type Code Smells" https://issues.apache.org/jira/browse/JDO-823 * Sonarcloud link: https://sonarcloud.io/summary/overall?id=db-jdo * Cognitive Complexity of methods should not be too high: https://sonarcloud.io/project/issues?resolved=false&rules=java%3AS3776&severities=CRITICAL&types=CODE_SMELL&id=db-jdo * Raw types should not be used: https://sonarcloud.io/project/issues?resolved=false&rules=java%3AS3740&severities=MAJOR&id=db-jdo 8. Other issues Action Items from weeks past: [May 13 2025] AI Craig update the JIRA JDO-846 with discussion of implications of making the change. Discuss further when we take up JDO 3.3 release. [Jan 14 2025] AI Craig look into deprecating the use of the external libraries (Synchronization) and providing our own. [Nov 26 2024] AI Tilmann look into JDO-846. Also, what is the use for the Portable Remote Object interface (removed in JDK 11). [Nov 12 2024] AI Michael see if it makes sense to add Map.contains(Entry e) to the JDO API. This would be useful to have queries where e.g. the user is interested in finding all Employees where the phone number is of key "home" and value "+16508617767". [Nov 05 2024] AI Michael create a JIRA for containsEntry, include the current test case and we can continue from here. [Jul 13 2023] AI All Open a new JIRA for Android since having JNDI in the API disallows use with Android [Jun 08 2023] AI All make a JIRA: JDO support for Java Records https://openjdk.org/jeps/395 [Dec 09 2021] AI Craig: Try to contact all current/former participants in JDO development and see if and how they want to be recognized on the JDO and DB web sites.https://db.apache.org/whoweare.html [Oct 07 2021] AI Craig send a private message to all JSR-243 Expert Group members asking if they wish to continue. [Mar 25 2021] AI Craig: investigate "merging" papajdo and apache.clr accounts [Oct 17 2014] AI Matthew any updates for "Modify specification to address NoSQL datastores "https://issues.apache.org/jira/browse/JDO-651
