Thanks Richard, I had a quick look and it's ok with me.
+1 (Binding) -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Tue, Jun 6, 2023 at 3:03 PM Daniel Dias Dos Santos < [email protected]> wrote: > Hello, > > +1 > > On Tue, Jun 6, 2023, 08:02 Richard Zowalla <[email protected]> wrote: > > > Hi all, > > > > this is a vote for a release of Apache TomEE 9.1.0. > > > > It is a maintenance release with some bug fixes and dependencies > > upgrades (MicroProfile 5, ActiveMQ, Johnzon, XBean, etc). > > > > It also fixes the latest Tomcat vulnerabilities (CVE-2023-28708, CVE- > > 2023-24998, CVE-2023-28709) by backporting and patching Tomcat inside > > the TomEE 9 build. > > > > ############### > > > > Maven Repo: > > https://repository.apache.org/content/repositories/orgapachetomee-1217/ > > > > <repositories> > > <repository> > > <id>tomee-9.1.0-rc1</id> > > <name>Testing TomEE 9.1.0 RC1</name> > > <url> > > https://repository.apache.org/content/repositories/orgapachetomee-1217/ > > </url> > > </repository> > > </repositories> > > > > ############### > > > > Binaries & Source: > > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1217/tomee-9.1.0/ > > > > ############### > > > > Tag: > > > > https://github.com/apache/tomee/releases/tag/tomee-project-9.1.0 > > > > > > ############### > > > > Release notes: > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12353156 > > > > ############### > > > > Here is an adoc generated version of the changelog as well: > > > > == Dependency upgrade > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4217[TOMEE-4217] > > Arquillian 1.7.0.Final > > - link:https://issues.apache.org/jira/browse/TOMEE-4204[TOMEE-4204] > > Bouncycastle 1.73 > > - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] > > Commons FileUpload 1.5 > > - link:https://issues.apache.org/jira/browse/TOMEE-4218[TOMEE-4218] > > HSQLDB 2.7.2 > > - link:https://issues.apache.org/jira/browse/TOMEE-4221[TOMEE-4221] > > JUnit 5.9.3 > > - link:https://issues.apache.org/jira/browse/TOMEE-4212[TOMEE-4212] > > Jackson 2.15.0 > > - link:https://issues.apache.org/jira/browse/TOMEE-4216[TOMEE-4216] > > Jackson 2.15.1 > > - link:https://issues.apache.org/jira/browse/TOMEE-4208[TOMEE-4208] > > Johnzon 1.2.20 > > - link:https://issues.apache.org/jira/browse/TOMEE-4205[TOMEE-4205] > > Jose4j > > <https://issues.apache.org/jira/browse/TOMEE-4205%5BTOMEE-4205%5DJose4j> > > 0.9.3 > > - link:https://issues.apache.org/jira/browse/TOMEE-4203[TOMEE-4203] > > Microprofile Config API 3.0.3, Fault Tolerance Impl 6.2.2, OpenTracing > > Impl 3.0.3 > > - link:https://issues.apache.org/jira/browse/TOMEE-4141[TOMEE-4141] > > SmallRye on 9.x branch > > - link:https://issues.apache.org/jira/browse/TOMEE-4061[TOMEE-4061] > > Wrap up updates for TomEE 9.x > > - link:https://issues.apache.org/jira/browse/TOMEE-4220[TOMEE-4220] > > log4j > > <https://issues.apache.org/jira/browse/TOMEE-4220%5BTOMEE-4220%5Dlog4j> > > 2.20.0 (integration) > > - link:https://issues.apache.org/jira/browse/TOMEE-4213[TOMEE-4213] > > snakeyaml version 2.0 mitigate CVE-2022-1471 > > - link:https://issues.apache.org/jira/browse/TOMEE-4219[TOMEE-4219] > > xbeans 4.23 > > > > == Bug > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4181[TOMEE-4181] > > BCProv jar loses its signature during the patch process > > - link:https://issues.apache.org/jira/browse/TOMEE-4183[TOMEE-4183] > > TomEE 9.0.0 is not creating service in Windows 10 incompatible software > > - link:https://issues.apache.org/jira/browse/TOMEE-4189[TOMEE-4189] > > java.lang.ClassNotFoundException: > > org.apache.openejb.loader.SystemInstance > > - link:https://issues.apache.org/jira/browse/TOMEE-4192[TOMEE-4192] > > ApplicationComposers do not clear GC references on release > > - link:https://issues.apache.org/jira/browse/TOMEE-4174[TOMEE-4174] > > Port TOMEE-3779 to 9.x > > - link:https://issues.apache.org/jira/browse/TOMEE-4199[TOMEE-4199] > > jakartaee-api > > < > https://issues.apache.org/jira/browse/TOMEE-4199%5BTOMEE-4199%5Djakartaee-api > > > > with tomcat classifier has too much in it > > - link:https://issues.apache.org/jira/browse/TOMEE-4112[TOMEE-4112] > > Performance Regression in bean resolution in EAR files > > > > == Improvement > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4200[TOMEE-4200] > > Use ActiveMQ client jakarta instead of shading it in TomEE > > - link:https://issues.apache.org/jira/browse/TOMEE-4202[TOMEE-4202] > > Backport CVE fixes of Tomcat 10.1.x to 10.0.27 > > > > == Task > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4053[TOMEE-4053] > > Dependency properties cleanup > > > > == Documentation > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4186[TOMEE-4186] > > Update download page for discontinued branches > > > > == Wish > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4190[TOMEE-4190] > > RunWithApplicationComposer should support inheritance > > > > == Fixed Common Vulnerabilities and Exposures (CVEs) > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] > > Commons FileUpload 1.5 > > - link:https://issues.apache.org/jira/browse/TOMEE-4202[TOMEE-4202] > > Backport CVE fixes of Tomcat 10.1.x to 10.0.27 > > > > ############### > > > > Here is the dependency diff from 8.0.14 to 8.0.15 created with our > > release tools: > > > > artifactId from to > > ------------------------------------------ -------- -------- > > jackson-annotations 2.14.1 2.15.1 > > jackson-core 2.14.1 2.15.1 > > jackson-databind 2.14.1 2.15.1 > > jackson-dataformat-yaml 2.14.1 2.15.1 > > mutiny 1.7.0 1.8.0 > > jandex 3.0.0 3.0.1 > > smallrye-fault-tolerance 6.0.0 6.2.2 > > smallrye-fault-tolerance-api 6.0.0 6.2.2 > > smallrye-fault-tolerance-autoconfig-core 6.0.0 6.2.2 > > smallrye-fault-tolerance-core 6.0.0 6.2.2 > > smallrye-health 4.0.0 4.0.1 > > smallrye-health-api 4.0.0 4.0.1 > > smallrye-open-api-core 3.0.0 3.0.1 > > smallrye-open-api-jaxrs 3.0.0 3.0.1 > > smallrye-opentracing 3.0.0 3.0.3 > > smallrye-opentracing-contrib 3.0.0 3.0.3 > > activemq-jdbc-store 5.16.5 5.18.1 > > johnzon-core 1.2.19 1.2.20 > > johnzon-jaxrs 1.2.19 1.2.20 > > johnzon-jsonb 1.2.19 1.2.20 > > johnzon-jsonp-strict 1.2.19 1.2.20 > > johnzon-mapper 1.2.19 1.2.20 > > jakartaee-api 9.1-M2 9.1.1 > > xbean-asm9-shaded 4.22 4.23 > > xbean-bundleutils 4.22 4.23 > > xbean-finder-shaded 4.22 4.23 > > xbean-naming 4.22 4.23 > > xbean-reflect 4.22 4.23 > > jose4j 0.7.9 0.9.3 > > bcprov-jdk15to18 1.70 1.73 > > microprofile-config-api 3.0.2 3.0.3 > > hsqldb 2.7.1 2.7.2 > > snakeyaml 1.33 2.0 > > > > ############### > > > > Please VOTE > > > > [+1] go ship it > > [+0] meh, don't care > > [-1] stop, there is a ${showstopper} > > > > The VOTE is open for 72h or as long as needed. > > > > Gruß > > Richard > > >
