Hi Alex, it is essentially a diligence task to label the relevant dependency upgrades with "cve" in Jira when a security vulnerability has been fixed in a third-party dependency.
The release notes tooling will then list them in the CVE section of the generated notes. Gruß Richard Am Freitag, dem 11.02.2022 um 10:44 +0100 schrieb Alex The Rocker: > Hello, > > Would it be possible to get the list of fixed CVEs in the release > notes, regardless whether it's directly or through embedded stuff > (like Tomcat, CXF, etc) ? > Indeed, we are more and more challenged by security scans, so the > more > accurate TomEE's community is about security fixes, the better... > > (no vote yet since I haven't tried 8.0.10 yet, but great thanks for > the Java 17 fix for Windows version of TomEE service) > > Thanks, > Alex > > Le ven. 11 févr. 2022 à 09:54, Jean-Louis Monteiro > <jlmonte...@tomitribe.com> a écrit : > > Hi All, > > > > This is a first attempt at a vote for a release of Apache TomEE > > 8.0.10 > > > > Maven Repo: > > https://repository.apache.org/content/repositories/orgapachetomee-1193/ > > > > Binaries & Source: > > https://dist.apache.org/repos/dist/dev/tomee/staging_1193-TomEE-8.0.10/ > > > > Tags: > > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.10 > > > > Release notes: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12350706 > > > > Here are the releases notes > > Sub-task > > > > - [TOMEE-2117 <https://issues.apache.org/jira/browse/TOMEE-2117> > > ;] - > > Rework ProcessObserverMethod integration > > - [TOMEE-2289 <https://issues.apache.org/jira/browse/TOMEE-2289> > > ;] - > > MicroProfile OpenAPI Example > > - [TOMEE-2349 <https://issues.apache.org/jira/browse/TOMEE-2349> > > ;] - > > Ensure each module can generate javadoc jars on release > > - [TOMEE-2350 <https://issues.apache.org/jira/browse/TOMEE-2350> > > ;] - > > Create a list of existing Javadoc using html > > - [TOMEE-2351 <https://issues.apache.org/jira/browse/TOMEE-2351> > > ;] - > > MicroProfile OpenTracing Example for Distributed Microservices > > - [TOMEE-2358 <https://issues.apache.org/jira/browse/TOMEE-2358> > > ;] - > > MicroProfile JWT rest-mp-jwt-claim Example > > > > Bug > > > > - [TOMEE-2169 <https://issues.apache.org/jira/browse/TOMEE-2169> > > ;] - > > Interceptor Bean injection does not work for EJBs > > - [TOMEE-2270 <https://issues.apache.org/jira/browse/TOMEE-2270> > > ;] - > > Java11: Unable to initialize agent with embedded-maven-plugin > > - [TOMEE-2403 <https://issues.apache.org/jira/browse/TOMEE-2403> > > ;] - > > AutoConnectionTrackerTest fails randomly > > - [TOMEE-2427 <https://issues.apache.org/jira/browse/TOMEE-2427> > > ;] - > > Align text above the pictures > > - [TOMEE-2800 <https://issues.apache.org/jira/browse/TOMEE-2800> > > ;] - > > Issue : Unable to run EJB test cases for upgradation in current > > project > > with Java 1.8 and WebLogic version 12.2.1.4 along with > > openejb.cxf.version > > 7.0.1 / openejb.cxf.version 8 jar. > > - [TOMEE-2941 <https://issues.apache.org/jira/browse/TOMEE-2941> > > ;] - > > Regression: A connection factory created with TransactionSupport > > of "none" > > only sending message when transaction completes > > - [TOMEE-3777 <https://issues.apache.org/jira/browse/TOMEE-3777> > > ;] - > > <openjpa-3.1.2-r66d2a72 fatal user error> > > org.apache.openjpa.persistence.ArgumentException: The > > persistence provider > > is attempting to use properties in the persistence.xml file to > > resolve the > > data source ... > > - [TOMEE-3816 <https://issues.apache.org/jira/browse/TOMEE-3816> > > ;] - > > Return "this" on stateless EJB method looses container > > transaction > > management > > - [TOMEE-3823 <https://issues.apache.org/jira/browse/TOMEE-3823> > > ;] - > > TomEE and Java 17 compatibility issue with Windows Service > > Tooling > > - [TOMEE-3825 <https://issues.apache.org/jira/browse/TOMEE-3825> > > ;] - > > TomEE Maven Plugin does not wait for container startup, if > > "checkStarted" > > is set to true > > - [TOMEE-3832 <https://issues.apache.org/jira/browse/TOMEE-3832> > > ;] - > > JAX-RS TomEEJsonbProvider not registered in tomee-embedded- > > maven-plugin > > when MicroProfile is present > > > > New Feature > > > > - [TOMEE-2306 <https://issues.apache.org/jira/browse/TOMEE-2306> > > ;] - New > > Java EE Schemas for Java EE Deployment Descriptors > > - [TOMEE-2584 <https://issues.apache.org/jira/browse/TOMEE-2584> > > ;] - Java > > 11 compliancy > > - [TOMEE-2706 <https://issues.apache.org/jira/browse/TOMEE-2706> > > ;] - New > > TomEE Embedded Bootstrap > > > > Improvement > > > > - [TOMEE-1618 <https://issues.apache.org/jira/browse/TOMEE-1618> > > ;] - > > Replace three register maps in Container in favour of one > > - [TOMEE-2277 <https://issues.apache.org/jira/browse/TOMEE-2277> > > ;] - > > Java11: module name for TomEE > > - [TOMEE-2425 <https://issues.apache.org/jira/browse/TOMEE-2425> > > ;] - > > Generate TomEE-Cluster.html page > > - [TOMEE-2519 <https://issues.apache.org/jira/browse/TOMEE-2519> > > ;] - MP > > JWT Logging Improvements > > - [TOMEE-2847 <https://issues.apache.org/jira/browse/TOMEE-2847> > > ;] - > > Patch key `jakarta` namespace support > > - [TOMEE-2949 <https://issues.apache.org/jira/browse/TOMEE-2949> > > ;] - > > Match TomEE tar and zip file syntax with extracted folder > > - [TOMEE-3826 <https://issues.apache.org/jira/browse/TOMEE-3826> > > ;] - Add > > exclusion list maven config for patch plugin to preserve jars > > with signature > > > > Wish > > > > - [TOMEE-2347 <https://issues.apache.org/jira/browse/TOMEE-2347> > > ;] - Use > > Asciidoc for all Javadoc > > > > Task > > > > - [TOMEE-2285 <https://issues.apache.org/jira/browse/TOMEE-2285> > > ;] - > > Microprofile Examples > > - [TOMEE-2867 <https://issues.apache.org/jira/browse/TOMEE-2867> > > ;] - Add > > Documentation links to website download page > > - [TOMEE-2868 <https://issues.apache.org/jira/browse/TOMEE-2868> > > ;] - Add > > instructions on each example page > > - [TOMEE-3724 <https://issues.apache.org/jira/browse/TOMEE-3724> > > ;] - > > Remove TomEE drop-in webapp distributions > > > > Dependency upgrade > > > > - [TOMEE-2630 <https://issues.apache.org/jira/browse/TOMEE-2630> > > ;] - > > update to latest geronimo-jsonb_1.0-spec > > - [TOMEE-2765 <https://issues.apache.org/jira/browse/TOMEE-2765> > > ;] - > > ShrinkWrap Maven Resolver 3.1.4 > > - [TOMEE-3723 <https://issues.apache.org/jira/browse/TOMEE-3723> > > ;] - > > Upgrade to commons-lang3 3.12.0 > > - [TOMEE-3800 <https://issues.apache.org/jira/browse/TOMEE-3800> > > ;] - DBCP > > 2.9.0 > > - [TOMEE-3828 <https://issues.apache.org/jira/browse/TOMEE-3828> > > ;] - > > Upgrade to Tomcat 9.0.58 > > - [TOMEE-3829 <https://issues.apache.org/jira/browse/TOMEE-3829> > > ;] - > > Upgrade Log4J2 to 2.17.1 in log4j2-tomee utils module > > - [TOMEE-3830 <https://issues.apache.org/jira/browse/TOMEE-3830> > > ;] - > > Upgrade BatchEE to 1.0.1 > > - [TOMEE-3835 <https://issues.apache.org/jira/browse/TOMEE-3835> > > ;] - > > Apache OpenWebBeans 2.0.26 > > - [TOMEE-3836 <https://issues.apache.org/jira/browse/TOMEE-3836> > > ;] - > > Apache Johnzon 1.2.16 > > - [TOMEE-3837 <https://issues.apache.org/jira/browse/TOMEE-3837> > > ;] - > > Apache OpenJPA 3.2.1 > > > > Documentation > > > > - [TOMEE-2293 <https://issues.apache.org/jira/browse/TOMEE-2293> > > ;] - The > > README.md's on many of the CDI examples requires some clean up. > > - [TOMEE-2303 <https://issues.apache.org/jira/browse/TOMEE-2303> > > ;] - Add > > technical documentation to main TomEE repo > > - [TOMEE-2852 <https://issues.apache.org/jira/browse/TOMEE-2852> > > ;] - > > Create session of documentation for Tomee Docker > > > > > > (Developers - please review and adjust your tickets if necessary!) > > > > Please VOTE: > > > > [+1] Yes, release it > > [+0] Not fussed > > [-1] Don't release, there's a showstopper (please specify what the > > showstopper is) > > > > Vote will be open for 72 hours. > > > > Thanks > > -- > > Jean-Louis Monteiro > > http://twitter.com/jlouismonteiro > > http://www.tomitribe.com
smime.p7s
Description: S/MIME cryptographic signature
