OpenLMIS tech stack review June 2021 [Work in Progress]

The purpose of this document is to review the crucial parts of the current tech stack of OpenLMIS and consider any actions we need to take.

 

Tech and version

Description

EOL/EOS

Recommendations

Tech and version

Description

EOL/EOS

Recommendations

Java 8

Backend main programming language

Oracle will continue to provide free public updates and auto updates of Java SE 8 indefinitely for Personal, Development and other Users
https://www.oracle.com/java/technologies/java-se-support-roadmap.html

-

Spring Boot 2.2

Main backend framework

EoL July 2021
https://github.com/spring-projects/spring-boot/wiki/Supported-Versions

  • Consider upgrading to 2.5.x

PostgreSQL 9.6

Database

Final release: Nov 11, 2021
https://www.postgresql.org/support/versioning/

Amazon RDS will automatically update any v9.6 dbs to v12
https://forums.aws.amazon.com/ann.jspa?annID=8499

  • Check compatibility with PostgreSQL 12 or 13,

  • Update all our development envs and ref-distro to use PostgreSQL 12 or 13 by the end of this year

  • Forward recommendations for PostgreSQL updates to implementations (after successfull testing)

AngularJS 1.6

Main frontend framework

EOL reached. 1.8 will reach EOL by the end of 2021
https://code.angularjs.org/snapshot/docs/misc/version-support-status

  • Upgrade to latest Angular or migrate to another framework, such as React - consider incremental changes

Jenkins 2.249.3

CI/CD

EOL reached - no more security fixes

  • Upgrade to latest LTS version

Superset 0.29.0rc7 (with custom patching)

Reporting Stack - data visualization

Due to custom patching, we cannot freely upgrade the version to benefit from any fixes. Several known high-priority vulnerabilities in current version
https://snyk.io/vuln/pip:apache-superset

  • Investigate the effort required to get rid of custom patching/upgrade to latest - is it worth it?

NiFi 1.8.2

Reporting Stack - ETL

Several known high-priority vulnerabilities in current version
https://nifi.apache.org/security.html

  • Consider upgrading - check effort required