Technology Stack
“Bleeding-edge but sane”: pick modern versions that are stable and align with enterprise support cycles. Keep Spring Boot current, keep Angular on the latest stable, and freeze React for legacy shells.
Nginx upgrade: moved from Ubuntu 24.04's repo build 1.24.0 to nginx.org mainline 1.29.4 to stay on the
current security/HTTP3 stream. Track 1.29.x patches monthly and roll forward when 1.30 ships.
UI decision: Angular on the latest release line is the primary UI. React is frozen (greyed) for legacy shells only and receives security fixes only.
UI decision: Angular on the latest release line is the primary UI. React is frozen (greyed) for legacy shells only and receives security fixes only.
Published Stack (NewSun)
| Layer | Technology | Version | EOS (vendor) | Next EOL / Review | Support guideline |
|---|---|---|---|---|---|
| OS | Ubuntu Server | 24.04 LTS | 2029-04 (standard) | 2034-04 (ESM) | Stay on 24.04 through 2027; apply security updates monthly. |
| Edge | Nginx (mainline) | 1.29.4 | Rolling mainline | Review when 1.30 ships | Upgraded from Ubuntu 24.04's 1.24.0; stay on nginx.org repo, apply monthly patches, reload and rebuild dynamic modules. |
| Language | Java | 25 LTS | 2029-09 | Review Java 27 in 2031 | Stay on GA until 27 LTS and migrate via multi-release build. |
| Framework | Spring Boot | 4.0.x | 2027-Q1 | Assess Boot 4.2 in 2025-Q4 | Adopt each 4.x service release within 60 days. |
| Core | Spring Framework | 7.x | 2027-Q4 | Track 7.2 support | Align with Boot BOM; avoid stray dependency upgrades. |
| ORM | Hibernate ORM | 7.3.x | 2028-Q1 | Review 7.4 when GA | Required for MySQL 9.5 + Jakarta EE 11 compatibility. |
| DB | MySQL | 9.5.0 LTS | 2031-06 | Next LTS review 2028-Q4 | Primary transaction store (HeatWave). Upgrade path: 9.5.0 → 9.5.x patches. |
| JDBC Driver | MySQL Connector/J | 9.0 | Tracks MySQL 9 LTS | Quarterly patch review | Pin to BOM; update immediately for CVEs. |
| Migrations | Flyway | 10.x | Rolling | Quarterly | Module-owned schemas; flyway:validate wired into CI. |
| Build | Maven (multi-module) | 3.9+ | Rolling | 2025-Q3 | Stay on 3.9 line to keep wrapper support. |
| API | OpenAPI | 3.1 | — | Annual | Contracts published per module release. |
| Security | Spring Security | 7.x | 2027-Q4 | 2026-Q2 | Keycloak/OIDC aligned; enforce OAuth2 posture. |
| Observability | Micrometer + OpenTelemetry | 1.14 + 1.40 | Rolling | Monthly | Logs + traces share W3C context IDs. |
| Frontend | Angular | Latest (current: 20.x) | Rolling (LTS cadence) | Adopt each stable within 60 days | Primary UI; stay current on latest Angular, keep schematics/lint/tooling aligned. |
| Frontend | React | 19.x (frozen) | 2026-Q1 | Security fixes only | Legacy shells only; no feature work. Keep deps frozen unless for CVEs. |
| Node | Node.js | 24 LTS | 2026-04 | 2026-10 | Used for UI build tooling; upgrade alongside UI frameworks. |
| Testing | Testcontainers | 1.20 + mysql:9.5 | Rolling | Monthly | Runs MySQL 9.5.0 container in CI for parity. |
| Dev/CI | Docker / Compose | 26.x | Rolling | Monthly | Ensure compose files pinned; upgrade once per quarter. |
| Future mobile | REST + OAuth2 | — | — | Annual | API-first design keeps Flutter / React Native viable. |
Key constraint: keep Spring Boot current for security and compatibility. UI: stay on latest Angular stable
(aligned with schematics/lint/build), and keep React frozen for legacy shells with CVE-only updates.