OpenLMIS tech stack review June 2021 [Work in Progress]

The purpose of this document is to review the crucial parts of the current tech stack of OpenLMIS and consider any actions we need to take.

Tech and version	Description	EOL/EOS	Recommendations

Tech and version	Description	EOL/EOS	Recommendations
Java 8	Backend main programming language	Oracle will continue to provide free public updates and auto updates of Java SE 8 indefinitely for Personal, Development and other Users https://www.oracle.com/java/technologies/java-se-support-roadmap.html	-
Spring Boot 2.2	Main backend framework	EoL July 2021 https://github.com/spring-projects/spring-boot/wiki/Supported-Versions	Consider upgrading to 2.5.x
PostgreSQL 9.6	Database	Final release: Nov 11, 2021 https://www.postgresql.org/support/versioning/ Amazon RDS will automatically update any v9.6 dbs to v12 https://forums.aws.amazon.com/ann.jspa?annID=8499	Check compatibility with PostgreSQL 12 or 13, Update all our development envs and ref-distro to use PostgreSQL 12 or 13 by the end of this year Forward recommendations for PostgreSQL updates to implementations (after successfull testing)
AngularJS 1.6	Main frontend framework	EOL reached. 1.8 will reach EOL by the end of 2021 https://code.angularjs.org/snapshot/docs/misc/version-support-status	Upgrade to latest Angular or migrate to another framework, such as React - consider incremental changes
Jenkins 2.249.3	CI/CD	EOL reached - no more security fixes	Upgrade to latest LTS version
Superset 0.29.0rc7 (with custom patching)	Reporting Stack - data visualization	Due to custom patching, we cannot freely upgrade the version to benefit from any fixes. Several known high-priority vulnerabilities in current version https://snyk.io/vuln/pip:apache-superset	Investigate the effort required to get rid of custom patching/upgrade to latest - is it worth it?
NiFi 1.8.2	Reporting Stack - ETL	Several known high-priority vulnerabilities in current version https://nifi.apache.org/security.html	Consider upgrading - check effort required