As a short update: JL and myself discussed the idea by David from [1] via Slack. We will try out the 4-eye approach in order to share knowledge of doing releases for TomEE.
I will take some notes during the process to put it back into up 2 date release documentation. Gruß Richard Am Dienstag, dem 12.04.2022 um 09:33 +0000 schrieb Zowalla, Richard: > +1 > > Question: We once talked about sharing knowledge about doing releases > [1], so I am wondering, if we should use 8.0.11 as a pilot test for > this approach? > > For reference changes currently targeted for 8.0.11 (from Jira) > attached below. > > Gruß > Richard > > [1] https://lists.apache.org/thread/dj0s8lldxlkqnfy43hwnclzwbgv40xht > > > == Dependency upgrade > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-3872[TOMEE-3872] > Hibernate Integration 5.6.7 > - link:https://issues.apache.org/jira/browse/TOMEE-3858[TOMEE-3858] > OpenJPA 3.2.2 > - link:https://issues.apache.org/jira/browse/TOMEE-3841[TOMEE-3841] > SLF4J 1.7.36 > - link:https://issues.apache.org/jira/browse/TOMEE-3845[TOMEE-3845] > Tomcat 9.0.59 > - link:https://issues.apache.org/jira/browse/TOMEE-3855[TOMEE-3855] > Tomcat 9.0.60 > - link:https://issues.apache.org/jira/browse/TOMEE-3856[TOMEE-3856] > jackson 2.13.2 > - link:https://issues.apache.org/jira/browse/TOMEE-3893[TOMEE-3893] > jackson 2.13.2.2 > - link:https://issues.apache.org/jira/browse/TOMEE-3886[TOMEE-3886] > tomcat 9.0.62 > > == Bug > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-3892[TOMEE-3892] > TomEE Maven Plugin does not allow to override default "-ea" in > RemoteServer > - link:https://issues.apache.org/jira/browse/TOMEE-3871[TOMEE-3871] > TomEE Plume is missing BatchEE / JCS Cache > - link:https://issues.apache.org/jira/browse/TOMEE-3876[TOMEE-3876] > BOM generation corrupted under windows (slash problems) > - link:https://issues.apache.org/jira/browse/TOMEE-3848[TOMEE-3848] > Apache TomEE 8.0.6 onwards is packaged with quartz-2.2.4.jar > - link:https://issues.apache.org/jira/browse/TOMEE-3840[TOMEE-3840] > TomEE WebProfile 8.0.9 does not start with security enabled > - link:https://issues.apache.org/jira/browse/TOMEE-3860[TOMEE-3860] > Upgrade jackson-databind for CVE-2020-36518 > > == Improvement > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-3851[TOMEE-3851] > Replace Google Analytics with ASF Matomo > - link:https://issues.apache.org/jira/browse/TOMEE-3842[TOMEE-3842] > GitHub Actions fails for PullRequest Builds due to BOM auto > generation > - link:https://issues.apache.org/jira/browse/TOMEE-3859[TOMEE-3859] > Update tomee.xml file so it refers to the right location > > == Task > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-3852[TOMEE-3852] > Review the website in regard to external embedding of resources (JS, > Fonts, CSS) > - link:https://issues.apache.org/jira/browse/TOMEE-3853[TOMEE-3853] > Link ASF Privacy Policy from TomEE Website > > == Documentation > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-3894[TOMEE-3894] > website generation broken under windows > - link:https://issues.apache.org/jira/browse/TOMEE-3854[TOMEE-3854] > Provide a first draft of a link collection page targeting > contributor/committer resources > - link:https://issues.apache.org/jira/browse/TOMEE-3888[TOMEE-3888] > Cleanup documentation > - link:https://issues.apache.org/jira/browse/TOMEE-3846[TOMEE-3846] > Inconsistence between tomee flavors comparison in website and actual > jars > - link:https://issues.apache.org/jira/browse/TOMEE-3847[TOMEE-3847] > Exception when building website from windows os > - link:https://issues.apache.org/jira/browse/TOMEE-3814[TOMEE-3814] > Commented SSL Connector fix for tomee server.xml > > == Fixed Common Vulnerabilities and Exposures (CVEs) > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-3893[TOMEE-3893] > Upgrade to jackson 2.13.2.2 > - link:https://issues.apache.org/jira/browse/TOMEE-3856[TOMEE-3856] > Upgrade to jackson 2.13.2 > - link:https://issues.apache.org/jira/browse/TOMEE-3860[TOMEE-3860] > Upgrade jackson-databind for CVE-2020-36518 > > > Am Dienstag, dem 12.04.2022 um 11:14 +0200 schrieb Jean-Louis > Monteiro: > > Hi all, > > > > We have a couple of important fixes and the CVE (Tomcat at least). > > Is it ok to do a release? > > -- > > Jean-Louis Monteiro > > http://twitter.com/jlouismonteiro > > http://www.tomitribe.com
smime.p7s
Description: S/MIME cryptographic signature