Re: [VOTE] TomEE 8.0.15

Tue, 16 May 2023 01:52:44 -0700 

Here is my own +1 (binding)

Am Montag, dem 08.05.2023 um 14:50 +0200 schrieb Richard Zowalla:
> Hi all,
> 
> this is a vote for a release of Apache TomEE 8.0.15.
> 
> It is a maintenance release with some bug fixes and dependencies
> upgrades (addressing some CVEs)
> 
> ###############
> 
> Maven Repo:
> https://repository.apache.org/content/repositories/orgapachetomee-1214/
> 
> <repositories>
> <repository>
> <id>tomee-8.0.15-rc1</id>
> <name>Testing TomEE 8.0.15 RC1</name>
> <url>
> https://repository.apache.org/content/repositories/orgapachetomee-1214/
> </url>
> </repository>
> </repositories>
> 
> ###############
> 
> Binaries & Source:
> 
> https://dist.apache.org/repos/dist/dev/tomee/staging-1214/tomee-8.0.15/
> 
> ###############
> 
> Tag:
> 
> https://github.com/apache/tomee/releases/tag/tomee-project-8.0.15
> 
> 
> ###############
> 
> Release notes:
> 
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12352766
> 
> ###############
> 
> Here is an adoc generated version of the changelog as well:
> 
> == Dependency upgrade
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4188[TOMEE-4188]
> ActiveMQ 5.16.6
>  - link:https://issues.apache.org/jira/browse/TOMEE-4180[TOMEE-4180]
> CXF 3.5.5
>  - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187]
> Commons FileUpload 1.5
>  - link:https://issues.apache.org/jira/browse/TOMEE-4210[TOMEE-4210]
> EclipseLink 2.7.12
>  - link:https://issues.apache.org/jira/browse/TOMEE-4211[TOMEE-4211]
> Hibernate Integration 5.6.15.Final
>  - link:https://issues.apache.org/jira/browse/TOMEE-4206[TOMEE-4206]
> Jackson 2.15.0
>  - link:https://issues.apache.org/jira/browse/TOMEE-4207[TOMEE-4207]
> Johnzon 1.2.20
>  - link:https://issues.apache.org/jira/browse/TOMEE-4205[TOMEE-4205]
> Jose4j 0.9.3
>  - link:https://issues.apache.org/jira/browse/TOMEE-4209[TOMEE-4209]
> Mojarra 2.3.19
>  - link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195]
> Tomcat 9.0.72 (CVE-2023-28708)
>  - link:https://issues.apache.org/jira/browse/TOMEE-4191[TOMEE-4191]
> Tomcat 9.0.73
>  - link:https://issues.apache.org/jira/browse/TOMEE-4201[TOMEE-4201]
> Tomcat 9.0.74
>  - link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194]
> snakeyaml version 2.0 mitigate CVE-2022-1471
> 
> == Bug
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4192[TOMEE-4192]
> ApplicationComposers do not clear GC references on release
>  - link:https://issues.apache.org/jira/browse/TOMEE-4181[TOMEE-4181]
> BCProv jar loses its signature during the patch process
>  - link:https://issues.apache.org/jira/browse/TOMEE-4122[TOMEE-4122]
> Performance Regression in bean resolution in EAR files
>  - link:https://issues.apache.org/jira/browse/TOMEE-4189[TOMEE-4189]
> java.lang.ClassNotFoundException:
> org.apache.openejb.loader.SystemInstance
>  - link:https://issues.apache.org/jira/browse/TOMEE-4179[TOMEE-4179]
> Fix creeping in API JARs which should be in javaee-api
> 
> == Wish
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4190[TOMEE-4190]
> RunWithApplicationComposer should support inheritance
> 
> == Fixed Common Vulnerabilities and Exposures (CVEs)
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194]
> Update snakeyaml version to 2.0 to mitigate CVE-2022-1471
>  - link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195]
> Upgrade to Apache Tomcat 9.0.72 (CVE-2023-28708)
>  - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187]
> Commons FileUpload 1.5
> 
> 
> ###############
> 
> Here is the dependency diff from 8.0.14 to 8.0.15 created with our
> release tools:
> 
>           artifactId              from          to        
> ------------------------------- -------- -----------------
>  jackson-annotations             2.14.1   2.15.0          
>  jackson-core                    2.14.1   2.15.0          
>  jackson-databind                2.14.1   2.15.0          
>  jackson-dataformat-yaml         2.14.1   2.15.0          
>  saaj-impl                        1.5.1   1.5.3           
>  activemq-broker                 5.16.5   5.16.6          
>  activemq-client                 5.16.5   5.16.6          
>  activemq-jdbc-store             5.16.5   5.16.6          
>  activemq-kahadb-store           5.16.5   5.16.6          
>  activemq-openwire-legacy        5.16.5   5.16.6          
>  activemq-ra                     5.16.5   5.16.6          
>  cxf-rt-rs-mp-client             3.4.10   3.5.5           
>  johnzon-core                    1.2.19   1.2.20          
>  johnzon-jaxrs                   1.2.19   1.2.20          
>  johnzon-jsonb                   1.2.19   1.2.20          
>  johnzon-jsonp-strict            1.2.19   1.2.20          
>  johnzon-mapper                  1.2.19   1.2.20          
>  xmlsec                           2.2.3   2.3.2           
>  wss4j-bindings                   2.3.3   2.4.1           
>  wss4j-policy                     2.3.3   2.4.1           
>  wss4j-ws-security-common         2.3.3   2.4.1           
>  wss4j-ws-security-dom            2.3.3   2.4.1           
>  wss4j-ws-security-policy-stax    2.3.3   2.4.1           
>  wss4j-ws-security-stax           2.3.3   2.4.1           
>  jose4j                           0.6.0   0.9.3           
>  eclipselink                     2.7.11   2.7.12          
>  jakarta.faces                   2.3.18   2.3.19          
>  stax-ex                          1.8.1   1.8.3           
>  snakeyaml                         1.33   2.0 
> 
> ###############
> 
> Please VOTE
> 
> [+1] go ship it
> [+0] meh, don't care
> [-1] stop, there is a ${showstopper}
> 
> The VOTE is open for 72h or as long as needed.
> 
> Gruß
> Richard
>

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to