Fixing cve should have priority over tck results, right ? That said do we want to maintain efforts on 9.1 or focus our resources and time on 10.0 ?
On the other hand, If we upgrade TomEE 9 with tomcat 10.1 we loose a status method of servlet api used by EE9 versions of resteasy/jersey/etc. Resulting in a no such method exception. That means users then must upgrade faulty dependencies to their EE10 equivalent. It will feel more natural to users to use a EE10 TomEE with EE10 dependencies. Even it being milestone/alpha. -1 for a TomEE 9 release (mainly because tomcat 10.0 is EOL) My two cents … have a nice week! Swell On Tue 18 Apr 2023 at 11:02, Richard Zowalla <r...@apache.org> wrote: > Hi, > > I am +1 for it, but we need to decide, if we want to port the commons > fileupload cve to tomcat 10.0.27 or if we upgrade tp 10.1.x (and loose > EE9.1 tck compliance). > > Gruß > Richard > > > Am Dienstag, dem 18.04.2023 um 10:01 +0200 schrieb Jean-Louis Monteiro: > > Hi all, > > > > Looks like our backlog is starting to grow. We've done quite a lot of > > updates and I was wondering if we should do a release for 9.1.0? > > > > Note that there is an issue to fix before with the API Uber jar where > > the > > tomcat classifier has the same content as the non tomcat classifier. > > This > > was meant to not be the case, so in Tomcat we would use the API jars > > Tomcat > > is providing. > > > > See https://issues.apache.org/jira/browse/TOMEE-4199 > > > > Regards > > > > -- > > Jean-Louis Monteiro > > http://twitter.com/jlouismonteiro > > http://www.tomitribe.com > >