Hi all, We have some dependency updates (tomcat, cxf, hsqldb) and some CVE related fixes (woodstox, shaded bcel, ...).
I was thinking about having 8.0.14 before we all get too stressed with christmas, etc. and no one has time to review / test a 8.0.14 RC. So my questions are: - What is the community's opionion regarding a 8.0.14 before christmas? - Are we missing any important version upgrades? Any show stoppers? Here are the current changes in Jira https://issues.apache.org/jira/projects/TOMEE/versions/12352390 and here is a list in plain text without the need to login: == Dependency upgrade [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4100[TOMEE-4100] X Bean 4.22 - link:https://issues.apache.org/jira/browse/TOMEE-4118[TOMEE-4118] CXF 3.4.9 - link:https://issues.apache.org/jira/browse/TOMEE-4086[TOMEE-4086] HSQLDB 2.7.1 - link:https://issues.apache.org/jira/browse/TOMEE-4107[TOMEE-4107] Jackson 2.14.0 - link:https://issues.apache.org/jira/browse/TOMEE-4116[TOMEE-4116] Tomcat 9.0.69 - link:https://issues.apache.org/jira/browse/TOMEE-4121[TOMEE-4121] Tomcat 9.0.70 - link:https://issues.apache.org/jira/browse/TOMEE-4109[TOMEE-4109] Velocity 2.3 - link:https://issues.apache.org/jira/browse/TOMEE-4110[TOMEE-4110] Woodstox 6.4.0 (CVE-2022-40152) - link:https://issues.apache.org/jira/browse/TOMEE-4111[TOMEE-4111] bcel component - link:https://issues.apache.org/jira/browse/TOMEE-4094[TOMEE-4094] jackson 2.14.0-rc2 - link:https://issues.apache.org/jira/browse/TOMEE-4103[TOMEE-4103] woodstox-core mitigate CVE-2022-40153 == Bug [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4122[TOMEE-4122] Performance Regression in bean resolution in EAR files - link:https://issues.apache.org/jira/browse/TOMEE-4101[TOMEE-4101] Typo with EL22Adaptor implementation in openwebbeans.properties - link:https://issues.apache.org/jira/browse/TOMEE-4102[TOMEE-4102] TomEE logs SEVERE: Expected ContextBinding to have the method getThreadName() - link:https://issues.apache.org/jira/browse/TOMEE-4014[TOMEE-4014] Unable to see TomEE version in Tomcat home page with Java 17 - link:https://issues.apache.org/jira/browse/TOMEE-4106[TOMEE-4106] TomEE version no longer appearing at default manager page == Documentation [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4104[TOMEE-4104] Documentation Website: XA DataSource Configuration: Bug in MySQL Sample Code == Fixed Common Vulnerabilities and Exposures (CVEs) [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4086[TOMEE-4086] HSQLDB 2.7.1 - link:https://issues.apache.org/jira/browse/TOMEE-4111[TOMEE-4111] Upgrade bcel component in TomEE - link:https://issues.apache.org/jira/browse/TOMEE-4103[TOMEE-4103] Update woodstox-core to mitigate CVE-2022-40153 Gruß Richard
