My vote: 
+1

--
Best
Martin

> Am 06.12.2022 um 16:25 schrieb Jean-Louis Monteiro <jlmonte...@tomitribe.com>:
> 
> I'm not -1
> 
> But I'd definitely favor working on getting 9.0.0 final so we can switch to
> Jakarta EE 10 and MicroProfile 6.0
> 
> My vote: 0
> 
> Le mar. 6 déc. 2022, 16:11, Swell <souheil.sul...@gmail.com> a écrit :
> 
>> +1, we did not yet ship the fixes for the CVE, good to have them shipped
>> 
>> 
>> On Tue, 6 Dec 2022 at 15:47, Richard Zowalla <r...@apache.org> wrote:
>> 
>>> Hi all,
>>> 
>>> We have some dependency updates (tomcat, cxf, hsqldb) and some CVE
>>> related fixes (woodstox, shaded bcel, ...).
>>> 
>>> I was thinking about having 8.0.14 before we all get too stressed with
>>> christmas, etc. and no one has time to review / test a 8.0.14 RC.
>>> 
>>> So my questions are:
>>> 
>>> - What is the community's opionion regarding a 8.0.14 before christmas?
>>> - Are we missing any important version upgrades? Any show stoppers?
>>> 
>>> Here are the current changes in Jira
>>> 
>>> https://issues.apache.org/jira/projects/TOMEE/versions/12352390
>>> 
>>> and here is a list in plain text without the need to login:
>>> 
>>> == Dependency upgrade
>>> 
>>> [.compact]
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4100[TOMEE-4100]  X
>>> Bean 4.22
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4118[TOMEE-4118]
>>> CXF 3.4.9
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4086[TOMEE-4086]
>>> HSQLDB 2.7.1
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4107[TOMEE-4107]
>>> Jackson 2.14.0
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4116[TOMEE-4116]
>>> Tomcat 9.0.69
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4121[TOMEE-4121]
>>> Tomcat 9.0.70
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4109[TOMEE-4109]
>>> Velocity 2.3
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4110[TOMEE-4110]
>>> Woodstox 6.4.0 (CVE-2022-40152)
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4111[TOMEE-4111]
>>> bcel component
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4094[TOMEE-4094]
>>> jackson 2.14.0-rc2
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4103[TOMEE-4103]
>>> woodstox-core
>>> <
>> https://issues.apache.org/jira/browse/TOMEE-4103%5BTOMEE-4103%5Dwoodstox-core
>>> 
>>> mitigate CVE-2022-40153
>>> 
>>> == Bug
>>> 
>>> [.compact]
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4122[TOMEE-4122]
>>> Performance Regression in bean resolution in EAR files
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4101[TOMEE-4101]
>>> Typo with EL22Adaptor implementation in openwebbeans.properties
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4102[TOMEE-4102]
>>> TomEE logs SEVERE: Expected ContextBinding to have the method
>>> getThreadName()
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4014[TOMEE-4014]
>>> Unable to see TomEE version in Tomcat home page with Java 17
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4106[TOMEE-4106]
>>> TomEE version no longer appearing at default manager page
>>> 
>>> == Documentation
>>> 
>>> [.compact]
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4104[TOMEE-4104]
>>> Documentation Website: XA DataSource Configuration: Bug in MySQL Sample
>>> Code
>>> 
>>> == Fixed Common Vulnerabilities and Exposures (CVEs)
>>> 
>>> [.compact]
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4086[TOMEE-4086]
>>> HSQLDB 2.7.1
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4111[TOMEE-4111]
>>> Upgrade bcel component in TomEE
>>> - link:https://issues.apache.org/jira/browse/TOMEE-4103[TOMEE-4103]
>>> Update woodstox-core to mitigate CVE-2022-40153
>>> 
>>> Gruß
>>> Richard
>>> 
>>> 
>> 

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to