SUBMITTED 10 April 2024
## Description:
The mission of Apache Fineract is the creation and maintenance of software
related to a core banking platform that provides a reliable, robust, and
affordable solution for entrepreneurs, financial institutions, and service
providers to offer financial services to the world's underbanked and unbanked.
## Project Status:
Current project status: At Risk
Issues for the board: Themes are long running CVEs and Security issues,
insufficient contributor engagement, delayed releases.
## Membership Data:
Apache Fineract was founded 2017-04-18 (7 years ago, contributed by Mifos)
There are currently 51 committers and 24 PMC members in this project. The
Committer-to-PMC ratio is roughly 2:1.
- Adam Saghy was the last addition to the PMC on July 10th, 2023.
- No new committers. Last addition was Bharath Gowda on 2022-12-14.
## Project Activity:
Release 1.9 on 2024-01-12
There was an issue with the release in that it was held up for CVEs that had
been fixed in the code but we didn't want to make visible until we released
the CVE formally. Unfortunately the release was already half way there.. and
was public weeks before we made it clear that it was "released". This led to
the situation where a Vendor, Fiter.io was promoting the release before we
were public. The release process was not followed properly.
We are trying to get release 1.10 out shortly.
## Community Health:
There is very little discussion on list.
Repeating some issues: Whilst our technology solution is gaining strength, we
have several gaps in both a collective understanding of a shared roadmap and a
lack of a model where multiple significant “contributor groups” are actively
developing. Being a ‘fan’ of the project is very welcome but insufficient for
an healthy open source project. Per a suggestion after the October 2023
Board report, a "Guild" or Consortium of supporters based on commercial
companies that are using the software is being proposed. After making several
efforts, and gathering some interest from 6 entities to contribute about
$2,500 per quarter each, it's been bogged down by some participant conditions.
Its too much effort for me, for too little forward progress - I'm not sure
this is going forward.
###Deprecating Fineract-CN: We fully deprecated Fineract-CN and infra archived
the repos. An unfortunate side effect is the the docker hub still has
earlier version that were never voted on or released.
###Approachability: We have a goal of making it more approachable with
improvements to documentation. Some conversations on list about this. See
previous reports for more commentary on this.
###Authentication and Security Framework: We published a "how to secure
Fineract", which we hope will help. Securing Fineract.
https://cwiki.apache.org/confluence/display/FINERACT/Securing+Fineract
The home grown security framework (authentication, authorization, and access
control mechanisms) remains an issue of concern.
We ask our community users to please be aware that they should NOT run this
without understanding the ins and outs of running the software securely. I've
suggested that there are Vendors that could help with that. I have a concern
that entities are putting this project "as is" directly on the internet,
hosting lending activities and potentially banking activities without any
proper security measures.
###Emeritus status:
We are delayed in our plans to remove people who are no longer active, per the
PMC decision of May 2023. We have this as an action item.
###Powered By listing
We (I) have started discussing the idea of putting "powered by" listings of
companies using the software on our site, and the potential for thank you
pages. https://apache.org/foundation/marks/linking#projectthanks We will be
keeping ASF Marketing & Publicity in the loop.