+1
-- David Blevins http://twitter.com/dblevins http://www.tomitribe.com > On Sep 8, 2019, at 1:26 PM, Jonathan Gallimore <[email protected]> > wrote: > > Hi > > This is a vote for releasing an updated quartz-openejb-shade jar. This is > used by OpenEJB core to provide EJB timer services. We shade quartz to > avoid conflicts if users provide it in their applications themselves. > Quartz itself was vulnerable to an External XML Entity Processing issue > (XXE), and in turn, so is our shaded version. This release shades an up to > date Quartz package with the XXE fixed. > > *Sources* > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip > > *Binary* > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar > > *Change* > https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the update > in TomEE will refer to this as well). > > Please VOTE > [+1] all fine, ship it > [+0] don't care > [-1] stop, because ${reason} > > The VOTE is open for 72h. > > Many thanks > > Jon
