[VOTE] [RESULT] TomEE 9.1.0

Mon, 12 Jun 2023 01:13:09 -0700 

Hi,

this vote passes with the following +1 votes being cast:

- Daniel Dias Dos Santos 
- Jean-Louis Monteiro (binding)
- Richard Zowalla (binding)
- Mark Struberg (binding)

I'll proceed with the steps.

Gruß
Richard

-------- Ursprüngliche Nachricht --------
Von: Richard Zowalla <[email protected]>
Antwort an: [email protected]
An: [email protected]
Betreff: [VOTE] TomEE 9.1.0
Datum: Tue, 06 Jun 2023 13:01:38 +0200

> Hi all,
> 
> this is a vote for a release of Apache TomEE 9.1.0.
> 
> It is a maintenance release with some bug fixes and dependencies
> upgrades (MicroProfile 5, ActiveMQ, Johnzon, XBean, etc). 
> 
> It also fixes the latest Tomcat vulnerabilities (CVE-2023-28708, CVE-
> 2023-24998, CVE-2023-28709) by backporting and patching Tomcat inside
> the TomEE 9 build.
> 
> ###############
> 
> Maven Repo:
> https://repository.apache.org/content/repositories/orgapachetomee-1217/
> 
> <repositories>
> <repository>
> <id>tomee-9.1.0-rc1</id>
> <name>Testing TomEE 9.1.0 RC1</name>
> <url>
> https://repository.apache.org/content/repositories/orgapachetomee-1217/
> </url>
> </repository>
> </repositories>
> 
> ###############
> 
> Binaries & Source:
> 
> https://dist.apache.org/repos/dist/dev/tomee/staging-1217/tomee-9.1.0/
> 
> ###############
> 
> Tag:
> 
> https://github.com/apache/tomee/releases/tag/tomee-project-9.1.0
> 
> 
> ###############
> 
> Release notes:
> 
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12353156
> 
> ###############
> 
> Here is an adoc generated version of the changelog as well:
> 
> == Dependency upgrade
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4217[TOMEE-4217]
> Arquillian 1.7.0.Final
>  - link:https://issues.apache.org/jira/browse/TOMEE-4204[TOMEE-4204]
> Bouncycastle 1.73
>  - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187]
> Commons FileUpload 1.5
>  - link:https://issues.apache.org/jira/browse/TOMEE-4218[TOMEE-4218]
> HSQLDB 2.7.2
>  - link:https://issues.apache.org/jira/browse/TOMEE-4221[TOMEE-4221]
> JUnit 5.9.3
>  - link:https://issues.apache.org/jira/browse/TOMEE-4212[TOMEE-4212]
> Jackson 2.15.0
>  - link:https://issues.apache.org/jira/browse/TOMEE-4216[TOMEE-4216]
> Jackson 2.15.1
>  - link:https://issues.apache.org/jira/browse/TOMEE-4208[TOMEE-4208]
> Johnzon 1.2.20
>  - link:https://issues.apache.org/jira/browse/TOMEE-4205[TOMEE-4205]
> Jose4j 0.9.3
>  - link:https://issues.apache.org/jira/browse/TOMEE-4203[TOMEE-4203]
> Microprofile Config API 3.0.3, Fault Tolerance Impl 6.2.2,
> OpenTracing
> Impl 3.0.3
>  - link:https://issues.apache.org/jira/browse/TOMEE-4141[TOMEE-4141]
> SmallRye on 9.x branch
>  - link:https://issues.apache.org/jira/browse/TOMEE-4061[TOMEE-4061]
> Wrap up updates for TomEE 9.x
>  - link:https://issues.apache.org/jira/browse/TOMEE-4220[TOMEE-4220]
> log4j 2.20.0 (integration)
>  - link:https://issues.apache.org/jira/browse/TOMEE-4213[TOMEE-4213]
> snakeyaml version 2.0 mitigate CVE-2022-1471
>  - link:https://issues.apache.org/jira/browse/TOMEE-4219[TOMEE-4219]
> xbeans 4.23
> 
> == Bug
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4181[TOMEE-4181]
> BCProv jar loses its signature during the patch process
>  - link:https://issues.apache.org/jira/browse/TOMEE-4183[TOMEE-4183]
> TomEE 9.0.0 is not creating service in Windows 10 incompatible
> software
>  - link:https://issues.apache.org/jira/browse/TOMEE-4189[TOMEE-4189]
> java.lang.ClassNotFoundException:
> org.apache.openejb.loader.SystemInstance
>  - link:https://issues.apache.org/jira/browse/TOMEE-4192[TOMEE-4192]
> ApplicationComposers do not clear GC references on release
>  - link:https://issues.apache.org/jira/browse/TOMEE-4174[TOMEE-4174]
> Port TOMEE-3779 to 9.x
>  - link:https://issues.apache.org/jira/browse/TOMEE-4199[TOMEE-4199]
> jakartaee-api with tomcat classifier has too much in it
>  - link:https://issues.apache.org/jira/browse/TOMEE-4112[TOMEE-4112]
> Performance Regression in bean resolution in EAR files
> 
> == Improvement
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4200[TOMEE-4200]
> Use ActiveMQ client jakarta instead of shading it in TomEE
>  - link:https://issues.apache.org/jira/browse/TOMEE-4202[TOMEE-4202]
> Backport CVE fixes of Tomcat 10.1.x to 10.0.27
> 
> == Task
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4053[TOMEE-4053]
> Dependency properties cleanup
> 
> == Documentation
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4186[TOMEE-4186]
> Update download page for discontinued branches
> 
> == Wish
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4190[TOMEE-4190]
> RunWithApplicationComposer should support inheritance
> 
> == Fixed Common Vulnerabilities and Exposures (CVEs)
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187]
> Commons FileUpload 1.5
>  - link:https://issues.apache.org/jira/browse/TOMEE-4202[TOMEE-4202]
> Backport CVE fixes of Tomcat 10.1.x to 10.0.27
> 
> ###############
> 
> Here is the dependency diff from 8.0.14 to 8.0.15 created with our
> release tools:
> 
>                 artifactId                   from      to   
> ------------------------------------------ -------- --------
>  jackson-annotations                        2.14.1   2.15.1 
>  jackson-core                               2.14.1   2.15.1 
>  jackson-databind                           2.14.1   2.15.1 
>  jackson-dataformat-yaml                    2.14.1   2.15.1 
>  mutiny                                     1.7.0     1.8.0 
>  jandex                                     3.0.0     3.0.1 
>  smallrye-fault-tolerance                   6.0.0     6.2.2 
>  smallrye-fault-tolerance-api               6.0.0     6.2.2 
>  smallrye-fault-tolerance-autoconfig-core   6.0.0     6.2.2 
>  smallrye-fault-tolerance-core              6.0.0     6.2.2 
>  smallrye-health                            4.0.0     4.0.1 
>  smallrye-health-api                        4.0.0     4.0.1 
>  smallrye-open-api-core                     3.0.0     3.0.1 
>  smallrye-open-api-jaxrs                    3.0.0     3.0.1 
>  smallrye-opentracing                       3.0.0     3.0.3 
>  smallrye-opentracing-contrib               3.0.0     3.0.3 
>  activemq-jdbc-store                        5.16.5   5.18.1 
>  johnzon-core                               1.2.19   1.2.20 
>  johnzon-jaxrs                              1.2.19   1.2.20 
>  johnzon-jsonb                              1.2.19   1.2.20 
>  johnzon-jsonp-strict                       1.2.19   1.2.20 
>  johnzon-mapper                             1.2.19   1.2.20 
>  jakartaee-api                              9.1-M2    9.1.1 
>  xbean-asm9-shaded                          4.22       4.23 
>  xbean-bundleutils                          4.22       4.23 
>  xbean-finder-shaded                        4.22       4.23 
>  xbean-naming                               4.22       4.23 
>  xbean-reflect                              4.22       4.23 
>  jose4j                                     0.7.9     0.9.3 
>  bcprov-jdk15to18                           1.70       1.73 
>  microprofile-config-api                    3.0.2     3.0.3 
>  hsqldb                                     2.7.1     2.7.2 
>  snakeyaml                                  1.33        2.0 
> 
> ###############
> 
> Please VOTE
> 
> [+1] go ship it
> [+0] meh, don't care
> [-1] stop, there is a ${showstopper}
> 
> The VOTE is open for 72h or as long as needed.
> 
> Gruß
> Richard

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to