Backporting the change and patching within TomEE shouldn't be a big deal (as we already patch Tomcat within TomEE) :)
Am Dienstag, dem 18.04.2023 um 11:37 +0200 schrieb Swell: > Fixing cve should have priority over tck results, right ? That said > do we > want to maintain efforts on 9.1 or focus our resources and time on > 10.0 ? > > On the other hand, If we upgrade TomEE 9 with tomcat 10.1 we loose a > status > method of servlet api used by EE9 versions of resteasy/jersey/etc. > Resulting in a no such method exception. That means users then must > upgrade > faulty dependencies to their EE10 equivalent. > > It will feel more natural to users to use a EE10 TomEE with EE10 > dependencies. Even it being milestone/alpha. > > -1 for a TomEE 9 release (mainly because tomcat 10.0 is EOL) > > My two cents … have a nice week! > Swell > > On Tue 18 Apr 2023 at 11:02, Richard Zowalla <r...@apache.org> wrote: > > > Hi, > > > > I am +1 for it, but we need to decide, if we want to port the > > commons > > fileupload cve to tomcat 10.0.27 or if we upgrade tp 10.1.x (and > > loose > > EE9.1 tck compliance). > > > > Gruß > > Richard > > > > > > Am Dienstag, dem 18.04.2023 um 10:01 +0200 schrieb Jean-Louis > > Monteiro: > > > Hi all, > > > > > > Looks like our backlog is starting to grow. We've done quite a > > > lot of > > > updates and I was wondering if we should do a release for 9.1.0? > > > > > > Note that there is an issue to fix before with the API Uber jar > > > where > > > the > > > tomcat classifier has the same content as the non tomcat > > > classifier. > > > This > > > was meant to not be the case, so in Tomcat we would use the API > > > jars > > > Tomcat > > > is providing. > > > > > > See https://issues.apache.org/jira/browse/TOMEE-4199 > > > > > > Regards > > > > > > -- > > > Jean-Louis Monteiro > > > http://twitter.com/jlouismonteiro > > > http://www.tomitribe.com > > > >
signature.asc
Description: This is a digitally signed message part
