I was about to ask the same. Happy to push the update to the branch before a release is kicked off.
Jon On Fri, 27 Oct 2023, 21:23 Alex The Rocker, <alex.m3...@gmail.com> wrote: > Hi > > Before it's too late, can 8.0.16 release include (if not already done) > the dependency update to ActiveMQ version fixing CVE-2023-46604 (which > has High 8.8 score by > https://nvd.nist.gov/vuln/detail/CVE-2022-46604), as it's enabling > remote code execution ? > > As a reminder, ActiveMQ is embedded in TomEE+. > > With TomEE+ 8.0.15, we have ActiveMQ artifacts at version 5.16.6, and > according to > https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt > , > we need at least 5.16.7 > > I hope this dependency update can make it in 8.0.16 before it's > released (or maybe it's already in the about-to-be voted 8.0.16 ?) > > Thanks, > Alex > > Le ven. 27 oct. 2023 à 18:15, Jonathan S. Fisher <exabr...@gmail.com> a > écrit : > > > > Alright, I have the build completed, signed, and uploaded the the > > Nexus staging repository: orgapachetomee-1221 > > > > What's next? I'm a little apprehensive to close out the staging repo > > for fear of prematurely publishing a release... > > > > On Fri, Oct 27, 2023 at 9:42 AM Jonathan S. Fisher <exabr...@gmail.com> > wrote: > > > > > > I got another good build locally and CI is happy too. I'm going to > > > stage the release! > > > > > > On Thu, Oct 26, 2023 at 9:27 AM Jonathan S. Fisher <exabr...@gmail.com> > wrote: > > > > > > > > Yep! I just logged that one and pushed a PR. Waiting on CI > > > > > > > > On Thu, Oct 26, 2023 at 9:24 AM Jamie Johnson <jej2...@gmail.com> > wrote: > > > > > > > > > > Should this be included? > > > > > > > > > > TOMEE-4263: Update Apache Santuario to 2.3.4 from 2.3.2 (xmlsec) to > > > > > mitigate CVE-2023-4448 > > > > > > > > > > Not sure how to find the others without going through commit > history. > > > > > > > > > > Jamie > > > > > > > > > > On Thu, Oct 26, 2023 at 8:19 AM Jonathan S. Fisher < > exabr...@gmail.com> > > > > > wrote: > > > > > > > > > > > Richard, thank you sir; I assigned that ticket to myself. If > anyone > > > > > > else is aware of anything else I can upgrade before release, > please > > > > > > speak up :) > > > > > > > > > > > > Also good news: for whatever reason, I'm able to build > > > > > > tomee-release-tools now. The atlassian maven repository hit me > with a > > > > > > rate limit briefly but it seems to have lifted. > > > > > > > > > > > > I have three questions at this point in time: > > > > > > 1. Is there a way to scan 8.0.16-SNAPHSOT before release for > CVE's? > > > > > > 2. Are there CVEs we ignore? (basically ones that are present but > > > > > > don't apply to us) > > > > > > 3. I ran a build locally and got two test failures. Looks like > CI did > > > > > > too: > > > > > > > https://ci-builds.apache.org/job/Tomee/job/tomee-8.x-build-full-java8/lastCompletedBuild/ > > > > > > > > > > > > It doesn't look related to the EclipseLink change unless I > screwed the > > > > > > pooch on something. Are these known issues by chance? > > > > > > > > > > > > On Thu, Oct 26, 2023 at 1:03 AM Richard Zowalla < > rich...@zowalla.com> > > > > > > wrote: > > > > > > > > > > > > > > Might be relevant for your release preperations: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4263 > > > > > > > > > > > > > > Am 26. Oktober 2023 00:11:14 MESZ schrieb "Jonathan S. Fisher" > < > > > > > > exabr...@gmail.com>: > > > > > > > >Thank you, eclipselink has been updated and boms also updated. > > > > > > > > > > > > > > > >Are the tomee release tools still needed? > > > > > > > > > > > > > > > >[ERROR] Failed to execute goal on project release-tools: > Could not > > > > > > > >resolve dependencies for project > > > > > > > >org.apache.openejb.tools:release-tools:jar:1.0-SNAPSHOT: > Failed to > > > > > > > >collect dependencies at > org.tomitribe.jamira:jamira-core:jar:0.4 -> > > > > > > > >com.atlassian.jira:jira-rest-java-client-app:jar:5.2.2: > Failed to read > > > > > > > >artifact descriptor for > > > > > > > >com.atlassian.jira:jira-rest-java-client-app:jar:5.2.2: The > following > > > > > > > >artifacts could not be resolved: > > > > > > > >com.atlassian.jira:jira-rest-java-client-app:pom:5.2.2 > (absent): Could > > > > > > > >not transfer artifact > > > > > > > >com.atlassian.jira:jira-rest-java-client-app:pom:5.2.2 from/to > > > > > > > >atlassian ( > > > > > > > https://maven.atlassian.com/content/repositories/atlassian-public/): > > > > > > > >status code: 429, reason phrase: Too Many Requests (429) -> > [Help 1] > > > > > > > > > > > > > > > >I can't seem to get the artifacts from their Maven repository > due to > > > > > > > >rate limiting unfortunately. > > > > > > > > > > > > > > > > > > > > > > > >On Wed, Oct 25, 2023 at 8:50 AM Richard Zowalla < > r...@apache.org> > > > > > > wrote: > > > > > > > >> > > > > > > > >> Feel free to update 3rd party dependencies (make sure to > create a > > > > > > Jira, > > > > > > > >> so it gets into the release notes). To update the BOMs you > can either > > > > > > > >> rely on the related GitHub action (will do it automatically > via a PR) > > > > > > > >> or just run a quick build. > > > > > > > >> > > > > > > > >> > > > > > > > >> Am Mittwoch, dem 25.10.2023 um 08:40 -0500 schrieb Jonathan > S. Fisher: > > > > > > > >> > Richard: thank you sir, I see my key in there. > > > > > > > >> > Rod: Are the docker images part of the main build? I > don't use > > > > > > Docker > > > > > > > >> > professionally, so I'm not very familiar with the whole > process. > > > > > > > >> > > > > > > > > >> > I see Tomcat 9.0.82 in tomee-8.x. Yeehaw! > > > > > > > >> > > > > > > > > >> > Does anyone have an issue with me updating to eclipselink > 2.7.13? > > > > > > > >> > > https://github.com/eclipse-ee4j/eclipselink/releases/tag/2.7.13 > > > > > > We've > > > > > > > >> > been running TomEE 8.0.15 with 2.7.13 in production for a > few weeks > > > > > > > >> > and haven't seen any issues. > > > > > > > >> > > > > > > > > >> > > > > > > > > >> > On Tue, Oct 24, 2023 at 10:18 AM Rod Jenkins > > > > > > > >> > <r...@rodandmichelle.com> wrote: > > > > > > > >> > > > > > > > > > >> > > Is there anyway to test the keys before we deploy? We > have issues > > > > > > > >> > > in the past with new keys and verifying the packages > when the > > > > > > > >> > > docker images are built. > > > > > > > >> > > > > > > > > > >> > > Thanks, > > > > > > > >> > > Rod. > > > > > > > >> > > > > > > > > > >> > > > > > > > > > > >> > > > On Oct 24, 2023, at 9:06 AM, Richard Zowalla < > r...@apache.org> > > > > > > > >> > > > wrote: > > > > > > > >> > > > > > > > > > > >> > > > Added to > https://dist.apache.org/repos/dist/release/tomee/KEYS > > > > > > > >> > > > > > > > > > > >> > > > > Am Dienstag, dem 24.10.2023 um 08:54 -0500 schrieb > Jonathan S. > > > > > > > >> > > > > Fisher: > > > > > > > >> > > > > pasted here: > > > > > > > >> > > > > > > > > > > > >> > > > > -----BEGIN PGP PUBLIC KEY BLOCK----- > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > mJMEV5tUvhMFK4EEACMEIwQBDFKWRWNFys17LQRo18NBQ0cJk9HitooLx1k3dGT > > > > > > > >> > > > > A > > > > > > > >> > > > > > > > > > > G2By4TUnNYaR/ranOPJ47IRVr/1E0DBy9RKayUDNFElly6kAfhn/ALMmdv68cet > > > > > > > >> > > > > 9 > > > > > > > >> > > > > > > > > > > GWkNjV/DwEGmtdXnhuGxXioxN1XkoJJNbjDCBEzx/mDDIna7w3jE2v28bXYP9kf > > > > > > > >> > > > > v > > > > > > > >> > > > > > > > > > > aLgvUdK0J0pvbmF0aGFuIFMuIEZpc2hlciA8ZXhhYnJpYWxAZ21haWwuY29tPoj > > > > > > > >> > > > > a > > > > > > > >> > > > > > > > > > > BBMTCgA+AhsBBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAFiEEhxY4ohp/LDgGZHF > > > > > > > >> > > > > C > > > > > > > >> > > > > > > > > > > AwajVDNrTw0FAloq3hgFCQWj6loACgkQAwajVDNrTw2uBwIJASDBvmAQDW59SVM > > > > > > > >> > > > > f > > > > > > > >> > > > > > > > > > > HZ27HF6CeH1OQM6fdKxfSGZmwZXBp45MsZjzO5cXh1cuJgA1jm72Wblh7PNjAxz > > > > > > > >> > > > > l > > > > > > > >> > > > > > > > > > > 9lD4Q2o0AgkBJYXTSjXnH395kY//RPzsuibRj4Xzdx2Riwa22h6Nl/TFf1xoFDD > > > > > > > >> > > > > Z > > > > > > > >> > > > > > > > > > > /9CBP7sNvBpSh4ZohSwr5aYCLxObxvsF/B+I2gQTEwoAPgULCQgHAgYVCAkKCwI > > > > > > > >> > > > > E > > > > > > > >> > > > > > > > > > > FgIDAQIeAQIXgAUJDxWK5RYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJi12J8Ahs > > > > > > > >> > > > > D > > > > > > > >> > > > > > > > > > > AAoJEAMGo1Qza08N2hoCCQGJD79oA4k1FDY+cStkLQS8QkvTpS8xZScNRKwIW1l > > > > > > > >> > > > > v > > > > > > > >> > > > > > > > > > > uBKrHpfzYa7RHFh6rdbW5D+07+pNvNBg8o03+h+vr4ezqQIJAUwYTOJZlBIXeuj > > > > > > > >> > > > > f > > > > > > > >> > > > > > > > > > > 4LngH6C0Hc6bb0FtdMh9bHC82Iv7KSIlXcq8PZgrkWMADUu0yeJhLPXQXBzvnej > > > > > > > >> > > > > C > > > > > > > >> > > > > > > > > > > z6dlmR9uiNgEExMKAD4CGwEFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AWIQSHFji > > > > > > > >> > > > > i > > > > > > > >> > > > > > > > > > > Gn8sOAZkcUIDBqNUM2tPDQUCYtdhegUJDxWK5QAKCRADBqNUM2tPDXbsAgjQhVz > > > > > > > >> > > > > d > > > > > > > >> > > > > > > > > > > OuT6ZSo+3wXUQjl3scKnSPrzFDimknaZw6Zo0MYpnClY8wSTiYKrmgyUgQ8aQVl > > > > > > > >> > > > > B > > > > > > > >> > > > > > > > > > > +A3R1NUa/BfhRWyB3QIIjd1IFc8MosTtO3odKhbfmBWsLjKPjupRm6buZWBVNmt > > > > > > > >> > > > > E > > > > > > > >> > > > > > > > > > > mkY86nmp+vbrjFFYR5gQYa5pY045gXikw86aGUSpv3iI2AQTEwoAPgIbAQULCQg > > > > > > > >> > > > > H > > > > > > > >> > > > > > > > > > > AgYVCAkKCwIEFgIDAQIeAQIXgBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJhC/O > > > > > > > >> > > > > j > > > > > > > >> > > > > > > > > > > BQkNMwXlAAoJEAMGo1Qza08N994CB1IAohe6KsGMKJx6ucfvv7bKfqU+BUaS0m6 > > > > > > > >> > > > > c > > > > > > > >> > > > > > > > > > > CsSDea7wNFFuqK7+21QcJqTyAgIcIsgtkizDqTWQRr5az/l98Q2AAgifl3v+6sJ > > > > > > > >> > > > > H > > > > > > > >> > > > > > > > > > > zisMQffJ9S7C0BKN7vbkmyg+2PxW0Mnvsvr2s34NOmdOTav+jdK4RFrH9bO4UI2 > > > > > > > >> > > > > H > > > > > > > >> > > > > > > > > > > uqb5oBWOCmaf2IjZBBMTCgA+BQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQkJZTv > > > > > > > >> > > > > o > > > > > > > >> > > > > > > > > > > FiEEhxY4ohp/LDgGZHFCAwajVDNrTw0FAl1eDRACGwMACgkQAwajVDNrTw10zQI > > > > > > > >> > > > > I > > > > > > > >> > > > > > > > > > > yVoClrNxQ/D4szu3XhJ9PXPyVelg3TPWpngxPLSvtPcBTrmM88nYCjsYr2YkZm7 > > > > > > > >> > > > > F > > > > > > > >> > > > > > > > > > > KVn0TfxpafDCp3+c0vmXrdwCCQEA3lZ0TMbS6g1qVjr8tP/LcclUl9EcTQBhwrM > > > > > > > >> > > > > z > > > > > > > >> > > > > > > > > > > ptaKpK5KbwIGqCH/8osk1xBA3sTCCZidQ1DDWR8PDtLtkyv5mYjZBBMTCgA+Ahs > > > > > > > >> > > > > B > > > > > > > >> > > > > > > > > > > BQsJCAcCBhUICQoLAgQWAgMBAh4BAheAFiEEhxY4ohp/LDgGZHFCAwajVDNrTw0 > > > > > > > >> > > > > F > > > > > > > >> > > > > > > > > > > Al0+b/YFCQllO+gACgkQAwajVDNrTw03OwIJAetmR3/nyb7FGWX9a47CgH/4itK > > > > > > > >> > > > > a > > > > > > > >> > > > > > > > > > > J3wET5QXNBT0G9oJYMBLMpbfchaSaodc2B2ZoGJLE8193CVDjWpVQTpX1Q+aAgj > > > > > > > >> > > > > n > > > > > > > >> > > > > > > > > > > gqkOqPGRSGBbf4oJjsCCxNd1BQDptepfIxLPnJr9n9LWXhFQJ6m1dX0TYhXqwF+ > > > > > > > >> > > > > c > > > > > > > >> > > > > > > > > > > InjN/G8QtQ6K5M09dg0T44jZBBMTCgAnBQJXm1S+AhsBBQkDwmcABQsJCAcCBhU > > > > > > > >> > > > > I > > > > > > > >> > > > > > > > > > > CQoLAgQWAgMBAh4BAheAACEJEAMGo1Qza08NFiEEhxY4ohp/LDgGZHFCAwajVDN > > > > > > > >> > > > > r > > > > > > > >> > > > > > > > > > > Tw1yfwIGMWuJgOMUPEsOMpKowBo5H0hZ+7FXB9pSJO4tw2JR2lmCNlS7dL8BSUg > > > > > > > >> > > > > 6 > > > > > > > >> > > > > > > > > > > 8iuUFNLuACPYv3yREYwtWgPHMI/9M/ICCQGLN09dQYTesY5Ivd1YGDdY7WQSoYw > > > > > > > >> > > > > o > > > > > > > >> > > > > > > > > > > wQm0ggBKH6myPOa/SLizr5o1glhYEfusgLaOYDa9v8FPIIiW0vOWHp6RIYjcBBM > > > > > > > >> > > > > T > > > > > > > >> > > > > > > > > > > CgBBBQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQkPFYrlAhkBFiEEhxY4ohp/LDg > > > > > > > >> > > > > G > > > > > > > >> > > > > > > > > > > ZHFCAwajVDNrTw0FAmU1ZXcCGwEACgkQAwajVDNrTw1kSAIIiTKmmWLKGT6/pEF > > > > > > > >> > > > > e > > > > > > > >> > > > > > > > > > > A+4Nrfm9O7KRRGB7xThijjOKXjHYi2n38fYjod/1oWHFI9h2YRsCiBKF6LDQ6f6 > > > > > > > >> > > > > L > > > > > > > >> > > > > > > > > > > i0cCpbQCCQE9u7C6xrf/139K+KrN31c9BoMx+L/jDcMErzk+lT1O3HbeoXtiKWX > > > > > > > >> > > > > 6 > > > > > > > >> > > > > > > > > > > WD6t/AvqHfvEkg34h1dd8I+2/MzfQ+Ml0oihBBATCgAGBQJadScvAAoJEFdOlh1 > > > > > > > >> > > > > P > > > > > > > >> > > > > > > > > > > 9inBYDwCCQGMrDpimY/uwGoixIwHeca14nCWtCatfyuqX67pMUhNSGGDVmoSEAd > > > > > > > >> > > > > S > > > > > > > >> > > > > > > > > > > mJ6OhGM2jzqG2qzdAuOxH9tMu8WswAetkQIIhd02g0k2h8fPAQb0G7DSJyUCogQ > > > > > > > >> > > > > S > > > > > > > >> > > > > > > > > > > PC8ZP1KrHFJ4gbt+8EJRDC2K7GnEn0MoMnlQCJflc6bB0qgYkdceTq28kQmIuAQ > > > > > > > >> > > > > Q > > > > > > > >> > > > > > > > > > > EwoAHRYhBKiwEqxbUFuB2WVeFek/s8oe5jeGBQJbY9mZAAoJEOk/s8oe5jeGpFY > > > > > > > >> > > > > C > > > > > > > >> > > > > > > > > > > COHHPH2dYN7UgbSjo10XQUbZmnCWYLbVUp85QpX4SfcELJiWpTDeIA+yx/l1oA5 > > > > > > > >> > > > > q > > > > > > > >> > > > > > > > > > > YOxrnUVoqU7DqlX8q+axXXVCAgkBXjEWxhj7U1dX09WdLjMt0IacphezlXyatDX > > > > > > > >> > > > > s > > > > > > > >> > > > > > > > > > > HQfAgkA7vvP+rYlhA0Wj0ZFSGX6ITUZ33vtElf9YZBN1RtMFmdKI3AQTEwoAQQU > > > > > > > >> > > > > L > > > > > > > >> > > > > > > > > > > CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAIZAQUJEPa+ZRYhBIcWOKIafyw4BmRxQgM > > > > > > > >> > > > > G > > > > > > > >> > > > > > > > > > > o1Qza08NBQJlNX/GAhsBAAoJEAMGo1Qza08NpvkCCIEyKQ4n6erY/9g10YKXZwE > > > > > > > >> > > > > K > > > > > > > >> > > > > > > > > > > UjDXr2EsCCcXSGHjoU14xyMtAYA+mfhF4xv6KnubHGQOQn2EfCvsagnYCJJXX0K > > > > > > > >> > > > > c > > > > > > > >> > > > > > > > > > > AgkBeGP8Js90a1BvZ7cFV6JL8vMsp7HYhsjSZSy/y2HxpFtsnBTi4WJ1PbViN8a > > > > > > > >> > > > > K > > > > > > > >> > > > > > > > > > > KpABSPhR4u4ACNBYfDjPzhKUjOGI3QQTEwoAQQULCQgHAgYVCAkKCwIEFgIDAQI > > > > > > > >> > > > > e > > > > > > > >> > > > > > > > > > > AQIXgAUJDxWK5QIbAxYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJkrYWJAhkBAAo > > > > > > > >> > > > > J > > > > > > > >> > > > > > > > > > > EAMGo1Qza08N6wsCCQHyd3RKJE4X2HyY2fx6tmRkBtj9eMiupsMZMa2brctqQ/z > > > > > > > >> > > > > X > > > > > > > >> > > > > > > > > > > j+lKxC21H99mfoVS6VFpyM7ipIaSmzc+Xa9ZwLIM0QIJARNw2zzOe7Pdmkkvsrx > > > > > > > >> > > > > v > > > > > > > >> > > > > > > > > > > 5Dyp3qsX40tGuok3S2R/xPQ2npvs1SpHQUX6VYqqFwPtsxDssgfq9U3xHAj3mDc > > > > > > > >> > > > > t > > > > > > > >> > > > > > > > > > > el5ziN0EExMKAEEFCwkIBwIGFQgJCgsCBBYCAwECHgECF4ACGQEFCRD2vmUWIQS > > > > > > > >> > > > > H > > > > > > > >> > > > > > > > > > > FjiiGn8sOAZkcUIDBqNUM2tPDQUCZTV+DgIbAwAKCRADBqNUM2tPDRNJAgkBA2d > > > > > > > >> > > > > X > > > > > > > >> > > > > > > > > > > HkNTZ+XLKLTdVwcTTV9YUbN0xvjTdAE2ioxIpF9PolZ8xjKFTIHSuOjn65O9NBZ > > > > > > > >> > > > > i > > > > > > > >> > > > > > > > > > > hYFD3mPDTwoIZY5xLKMCCQHDFKa1G5SXndrTA3ZYF99m/38Py4x7WpQdLwosJIe > > > > > > > >> > > > > 3 > > > > > > > >> > > > > > > > > > > EsHkbRShpOxOJ8tSTCgl/fbQbXySUTZ4dtRDQd+PamJ5HrQvSm9uYXRoYW4gUy4 > > > > > > > >> > > > > g > > > > > > > >> > > > > > > > > > > RmlzaGVyIDxleGFicmlhbCtlY2xpcHNlQGdtYWlsLmNvbT6I2QQTEwoAPhYhBIc > > > > > > > >> > > > > W > > > > > > > >> > > > > > > > > > > OKIafyw4BmRxQgMGo1Qza08NBQJkrYWJAhsDBQkPFYrlBQsJCAcCBhUKCQgLAgQ > > > > > > > >> > > > > W > > > > > > > >> > > > > > > > > > > AgMBAh4BAheAAAoJEAMGo1Qza08NzA0CCLZ3s9y1hMPWSSEuuqPtvU8s4+MLuI+ > > > > > > > >> > > > > t > > > > > > > >> > > > > > > > > > > aVGCq3Oe7fOrM9C9SkIK5gYLNSgm2ucM/Qz0UmMRQMt7yFPbbpj5CiTEAgkBg7G > > > > > > > >> > > > > S > > > > > > > >> > > > > > > > > > > 565j0SQYMJD2A8xJLy68K70TN8J4dE6DOFTbEH++z7UcdSbTJdaEh7nhhNnQS9p > > > > > > > >> > > > > x > > > > > > > >> > > > > > > > > > > /yPw+gQZz3NUFCOJW8aI2QQTEwoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQI > > > > > > > >> > > > > X > > > > > > > >> > > > > > > > > > > gBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNWvGBQkQ9r5lAAoJEAMGo1Qza08 > > > > > > > >> > > > > N > > > > > > > >> > > > > > > > > > > QhECCQFmodrh64RuDR2t4H1ne+zLQUOxlkM6JO8BC8s/nSS8CGJdPi0rpRQClii > > > > > > > >> > > > > M > > > > > > > >> > > > > > > > > > > RgCkbIUdbmBFzx28r7KIabwKBTE+HAIHfeUtjs1wzN6r4qKLscAIDr/p75FvaOY > > > > > > > >> > > > > i > > > > > > > >> > > > > > > > > > > u7AQYLTIamdSbOBXd731koJro7t9q3JVZPiL2s3KAXCjxHAfYz9w7E20J0pvbmF > > > > > > > >> > > > > 0 > > > > > > > >> > > > > > > > > > > aGFuIFMuIEZpc2hlciA8amZpc2hlckBhcGFjaGUub3JnPojaBBMTCgA+FiEEhxY > > > > > > > >> > > > > 4 > > > > > > > >> > > > > > > > > > > ohp/LDgGZHFCAwajVDNrTw0FAmU1V3QCGwMFCQ8ViuUFCwkIBwIGFQoJCAsCBBY > > > > > > > >> > > > > C > > > > > > > >> > > > > > > > > > > AwECHgECF4AACgkQAwajVDNrTw30jwIJASdHa+NzU2uObSBwFvNE2ee9ybppHyz > > > > > > > >> > > > > 4 > > > > > > > >> > > > > > > > > > > UUjnlJPFlIq96jTH+F5CaLDNdLWVTjqxFwKioxqyzV5M/j3WwacOaJ4pAgkB2kP > > > > > > > >> > > > > I > > > > > > > >> > > > > > > > > > > lc+TYMtxSiCxOEvdv1N9K81U0gopOhaKCUOR2zijh5Oor9PWT6JGRBb+soYsJN6 > > > > > > > >> > > > > 5 > > > > > > > >> > > > > > > > > > > rsfRiWyhMgwwiPlxbQmI2QQTEwoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQI > > > > > > > >> > > > > X > > > > > > > >> > > > > > > > > > > gBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNWvGBQkQ9r5lAAoJEAMGo1Qza08 > > > > > > > >> > > > > N > > > > > > > >> > > > > > > > > > > fYQCBRdnOvBBhop8FuZxv2h3i2J7dxSaIXi5mt82EpHIVnElENuA0n9eJfYE6Ay > > > > > > > >> > > > > X > > > > > > > >> > > > > > > > > > > go39MnHRb3mWaFMsbrwEk4R63nwSAgkBsOP9gMNn43p85xCvPfvqaMeUcFCtRrg > > > > > > > >> > > > > b > > > > > > > >> > > > > > > > > > > 7MSEDDQBdhF1eMGTttfujwpz/sKwc9YR6K8LUvpDrv4E7eIbIQwxzvi4bwRXm1U > > > > > > > >> > > > > v > > > > > > > >> > > > > > > > > > > EwUrgQQAIgMDBEgqj2iDPClSIPOk6iARFYD7hMsdZG8rto1sKz0Y4bed1ushUqQ > > > > > > > >> > > > > O > > > > > > > >> > > > > > > > > > > MKs2EB4owrTZNCCjwWc/73UIC2GF9MsDfrlvWhbXflqmNlBuyjDbvEQJqcjOass > > > > > > > >> > > > > V > > > > > > > >> > > > > > > > > > > 8CTuypP8A58j44kBQQQYEwoAJgIbAhYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJ > > > > > > > >> > > > > d > > > > > > > >> > > > > > > > > > > Xg7CBQkFy63CAIoJEAMGo1Qza08NfyAEGRMJAAYFAlebVS8ACgkQNBblQhq5rGB > > > > > > > >> > > > > m > > > > > > > >> > > > > > > > > > > FQGAlQdk/wWnQBH9Ngbw5sF/NLc+AoAXH0sEfeKCQEQlbpyeyY8gjyXxxGPgQWQ > > > > > > > >> > > > > V > > > > > > > >> > > > > > > > > > > YykjAYCtoKc2mwj65XHI1HSpokNSpD/0si5WefHsrwg1HfAiNJ6bRwjYx2G8C5Y > > > > > > > >> > > > > e > > > > > > > >> > > > > > > > > > > +qRlzq26UQIJATPSxwz7kP4mBp3ktX/nSj1VaZNO//Wz03ij/Hbgy+ctD1bF/cL > > > > > > > >> > > > > g > > > > > > > >> > > > > > > > > > > IJ9YQlqUPY6XR5ZRxbps30A9BrfFeryEekruAgjU7o53MPXjNPQQICqjTg6C5Pq > > > > > > > >> > > > > 8 > > > > > > > >> > > > > > > > > > > A6HnGt4GKg59GwtWj+w7FFnDBxkxTUGsu9jTaipOn5Rz2pONPGXu7N25VEDb+7h > > > > > > > >> > > > > z > > > > > > > >> > > > > > > > > > > BFebVZYSBSuBBAAiAwMEtxtCjT1dG+sKZCq1YrL/RCjiGngEC53EoWSKtV8xOV3 > > > > > > > >> > > > > / > > > > > > > >> > > > > > > > > > > J0F0R2w5MI+MxovpHcKYNIF6gtr8LMrACbaNK/be3Pmg6Sji/cbtNzNdQO2XF0E > > > > > > > >> > > > > W > > > > > > > >> > > > > > > > > > > OOGfl3nUzCtnl7jyHCo1AwEJCYjABBgTCgAmAhsMFiEEhxY4ohp/LDgGZHFCAwa > > > > > > > >> > > > > j > > > > > > > >> > > > > > > > > > > VDNrTw0FAmU1XjEFCRDtsYsACgkQAwajVDNrTw3cegIHfrcTHHTeVKY/8D/tRJy > > > > > > > >> > > > > Q > > > > > > > >> > > > > > > > > > > fApIKz77u54996bgZBvcnzX/bXoA/FR26nBhMptw3PjCAYDOgPIPITAgVDSmkxm > > > > > > > >> > > > > g > > > > > > > >> > > > > > > > > > > JmMCCMrXtr98Ol7mKJfRDoWmGE++m/XlU5mz5J/XX1e0mhq/WXOMI3apE/fJ+FT > > > > > > > >> > > > > F > > > > > > > >> > > > > > > > > > > +/4s646I0MrlcIruMiFmpi2oxoH7uG8EV5tVzRMFK4EEACIDAwQjHqSreOLWs/F > > > > > > > >> > > > > W > > > > > > > >> > > > > > > > > > > O5Rpb1W5nJrfv5bXbeV5UfTzw+A6fq9rIorVMhchGApxRfSMIOcXLXuhk0yoUPl > > > > > > > >> > > > > h > > > > > > > >> > > > > > > > > > > TRwEGZveBTXkoSYSWWIDllQBNZ/a91f0QyTIxcR312ppCewzPyiIwQQYEwoAJgI > > > > > > > >> > > > > b > > > > > > > >> > > > > > > > > > > IBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNV5JBQkQ7YLiAAoJEAMGo1Qza08 > > > > > > > >> > > > > N > > > > > > > >> > > > > > > > > > > xJYCCOpTXah+2r20hsQCHYhwpgGkRzT0KWyO6NeTzFZvUFTiAWbqYg7CyXztsVB > > > > > > > >> > > > > n > > > > > > > >> > > > > > > > > > > 0cCqjRtFATS2QeJL1sUcjwxhN3BBAgkBB3qOlUuVC9skeUEus4QzM07uSTTiicU > > > > > > > >> > > > > Z > > > > > > > >> > > > > > > > > > > /i9ifDuYt1ujM/QtV4CsICKpyWs4NDdEsssLJ8SzqM9eFAlqnocatI+4bwRlNWU > > > > > > > >> > > > > I > > > > > > > >> > > > > > > > > > > EwUrgQQAIgMDBLP99mJt/J4jBP4CjORKeKpjxRN6sj02/8IS8LeLRYbUJzSkubq > > > > > > > >> > > > > h > > > > > > > >> > > > > > > > > > > SQ19rQBxu6vBOVgVCTpLLfY/31cw5RsLa5On0wuhEn3KtXTtEJZ4kLHsD+dJX4U > > > > > > > >> > > > > x > > > > > > > >> > > > > > > > > > > imVW5vaQ8skA24kBVwQYEwoAJhYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNWU > > > > > > > >> > > > > I > > > > > > > >> > > > > > > > > > > AhsCBQkDwmcAAKEJEAMGo1Qza08NliAEGRMJAB0WIQS11zr9EsR/oJTH1IT5dcJ > > > > > > > >> > > > > 7 > > > > > > > >> > > > > > > > > > > sXr2sQUCZTVlCAAKCRD5dcJ7sXr2sRO0AX9+nni0M/NhMLCvkwyyO6au+0wBXtR > > > > > > > >> > > > > k > > > > > > > >> > > > > > > > > > > sav2zdLMHUJnGhzW7IebTZHBdLYV8bH/WpIBfinshcGugAErswVDg40rGp39hUF > > > > > > > >> > > > > G > > > > > > > >> > > > > > > > > > > 17Ayi5P9hSLc4JNwQqFppoRr40+tPKyDUOVyuCKuAgiwtGUSRYNccVnGrwvy9Qf > > > > > > > >> > > > > f > > > > > > > >> > > > > > > > > > > +XIkQXpWrpHbNIxkmWLxh2p3ZhBJBFTyXzfiHXySquFF427JfmBZ6j4N2fBykpO > > > > > > > >> > > > > N > > > > > > > >> > > > > > > > > > > CQIHRxmTg3wOCOoM0HVhvEG5lsjHWGCHW12P7UzY5dkLExG+lGLvK9TSEKupGuN > > > > > > > >> > > > > Q > > > > > > > >> > > > > > > > > > > Ecwv7rh7ke+e7+0UC6B0mY7yJtSJAVcEGBMKACYCGwIWIQSHFjiiGn8sOAZkcUI > > > > > > > >> > > > > D > > > > > > > >> > > > > > > > > > > BqNUM2tPDQUCZTVr4gUJA1OpAAChCRADBqNUM2tPDZYgBBkTCQAdFiEEtdc6/RL > > > > > > > >> > > > > E > > > > > > > >> > > > > > > > > > > f6CUx9SE+XXCe7F69rEFAmU1ZQgACgkQ+XXCe7F69rETtAF/fp54tDPzYTCwr5M > > > > > > > >> > > > > M > > > > > > > >> > > > > > > > > > > sjumrvtMAV7UZLGr9s3SzB1CZxoc1uyHm02RwXS2FfGx/1qSAX4p7IXBroABK7M > > > > > > > >> > > > > F > > > > > > > >> > > > > > > > > > > Q4ONKxqd/YVBRtewMouT/YUi3OCTcEKhaaaEa+NPrTysg1DlcrhkeAIHSX0cWOG > > > > > > > >> > > > > H > > > > > > > >> > > > > > > > > > > EHDY4/lDeQUT6CzdkrK4EoLv5GtwbqTIG8knGjX+jWsIA3c11vtuq5nCl30+tTP > > > > > > > >> > > > > Y > > > > > > > >> > > > > > > > > > > 3F74/CTdimP0+c4CCPfukMGeA1iwD/7oqRVzs+ULbXdZjqiNFl6fR6j0uvs99r6 > > > > > > > >> > > > > l > > > > > > > >> > > > > 9T3ugXY9lBQhvQ3zoYvTzJoX4P2i1P1L2CS6HwiG > > > > > > > >> > > > > =AdHB > > > > > > > >> > > > > -----END PGP PUBLIC KEY BLOCK----- > > > > > > > >> > > > > > > > > > > > >> > > > > > > > > > > > >> > > > > > On Sun, Oct 22, 2023 at 11:35 PM Richard Zowalla > > > > > > > >> > > > > > <rich...@zowalla.com> wrote: > > > > > > > >> > > > > > > > > > > > > >> > > > > > The list doesn't allow attachments, so maybe add > it as plain > > > > > > > >> > > > > > text > > > > > > > >> > > > > > (or put it into a gist) > > > > > > > >> > > > > > > > > > > > > >> > > > > > Gruß > > > > > > > >> > > > > > Richard > > > > > > > >> > > > > > > > > > > > > >> > > > > > > > > > > > > >> > > > > > Am 22. Oktober 2023 21:48:22 MESZ schrieb > "Jonathan S. > > > > > > > >> > > > > > Fisher" > > > > > > > >> > > > > > <jfis...@apache.org>: > > > > > > > >> > > > > > > Attached! Thank you! > > > > > > > >> > > > > > > > > > > > > > >> > > > > > > On Sat, Oct 21, 2023 at 7:42 PM Richard Zowalla > > > > > > > >> > > > > > > <rich...@zowalla.com> wrote: > > > > > > > >> > > > > > > > > > > > > > > >> > > > > > > > Just send it in the required ascii armored > format via > > > > > > > >> > > > > > > > your > > > > > > > >> > > > > > > > apache mail (or via die web ui on > lists.apache.org > > > > > > after > > > > > > > >> > > > > > > > login. > > > > > > > >> > > > > > > > > > > > > > > >> > > > > > > > I can take care of it. > > > > > > > >> > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > >> > > > > > > > Am 22. Oktober 2023 01:05:53 MESZ schrieb > "Jonathan S. > > > > > > > >> > > > > > > > Fisher" > > > > > > > >> > > > > > > > <exabr...@gmail.com>: > > > > > > > >> > > > > > > > > Richard thanks. Anyone on this thread able > to add me > > > > > > to > > > > > > > >> > > > > > > > > the > > > > > > > >> > > > > > > > > KEYS file? > > > > > > > >> > > > > > > > > I'd like to give this a roll :) > > > > > > > >> > > > > > > > > > > > > > > > >> > > > > > > > > cheers, > > > > > > > >> > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > >> > > > > > > > > On Thu, Oct 19, 2023 at 7:12 AM Jamie > Johnson > > > > > > > >> > > > > > > > > <jej2...@gmail.com> wrote: > > > > > > > >> > > > > > > > > > > > > > > > > >> > > > > > > > > > Just checking in on this. Anything the > community can > > > > > > > >> > > > > > > > > > do to > > > > > > > >> > > > > > > > > > facilitate the > > > > > > > >> > > > > > > > > > release? > > > > > > > >> > > > > > > > > > > > > > > > > >> > > > > > > > > > On Tue, Oct 17, 2023 at 9:58 AM Richard > Zowalla > > > > > > > >> > > > > > > > > > <rich...@zowalla.com> wrote: > > > > > > > >> > > > > > > > > > > > > > > > > >> > > > > > > > > > > Hi, > > > > > > > >> > > > > > > > > > > > > > > > > > >> > > > > > > > > > > see > > > > > > https://tomee.apache.org/dev/release-tomee.html > > > > > > > >> > > > > > > > > > > > > > > > > > >> > > > > > > > > > > Might be beneficial to join the ASF > slack with > > > > > > your > > > > > > > >> > > > > > > > > > > apache.org mail. > > > > > > > >> > > > > > > > > > > > > > > > > > >> > > > > > > > > > > Starting the VOTE, moving artifacts to > release > > > > > > area > > > > > > > >> > > > > > > > > > > as > > > > > > > >> > > > > > > > > > > well as updating > > > > > > > >> > > > > > > > > > > https://downloads.apache.org/tomee/KEYS > needs to > > > > > > be > > > > > > > >> > > > > > > > > > > done > > > > > > > >> > > > > > > > > > > by a PMC member. > > > > > > > >> > > > > > > > > > > > > > > > > > >> > > > > > > > > > > Gruß > > > > > > > >> > > > > > > > > > > Richard > > > > > > > >> > > > > > > > > > > > > > > > > > >> > > > > > > > > > > Am 17. Oktober 2023 15:50:33 MESZ > schrieb > > > > > > "Jonathan > > > > > > > >> > > > > > > > > > > S. > > > > > > > >> > > > > > > > > > > Fisher" < > > > > > > > >> > > > > > > > > > > exabr...@gmail.com>: > > > > > > > >> > > > > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > > >> > > > > > > > > > > > Hash: SHA512 > > > > > > > >> > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > ello other TomEE committers :) > > > > > > > >> > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > If I wanted to cut 8.0.16, how do I > do that? My > > > > > > > >> > > > > > > > > > > > personal GPG key is > > > > > > > >> > > > > > > > > > > > > 871638A21A7F2C38066471420306A354336B4F0D. I'll > > > > > > > >> > > > > > > > > > > > sign > > > > > > > >> > > > > > > > > > > > this text block to > > > > > > > >> > > > > > > > > > > > prove I have control of my key. > > > > > > > >> > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > Thank you! > > > > > > > >> > > > > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > > > > > >> > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > iLkEARMKAB0WIQSHFjiiGn8sOAZkcUIDBqNUM2tPDQUCZS6RI > > > > > > > >> > > > > > > > > > > > AAKCRA > > > > > > > >> > > > > > > > > > > > DBqNUM2tP > > > > > > > >> > > > > > > > > > > > > > > > > > DYahAgkBNYn+LlIdFttvNW6KAJXHgNEQxmjJ6ALb7VaaEdqAX > > > > > > > >> > > > > > > > > > > > jMNxwg > > > > > > > >> > > > > > > > > > > > lLQQQVOVY > > > > > > > >> > > > > > > > > > > > > > > > > > NtRxRj5nHDOXUVqwLjftisxyNnAkx50CCQHYbqySGYuWOxMdS > > > > > > > >> > > > > > > > > > > > 8jsDGA > > > > > > > >> > > > > > > > > > > > 2/UjTp0ib > > > > > > > >> > > > > > > > > > > > > > > > > > RkLoChrMvppzIK5GOvd0UyBKmrvG3dkzJwQllPZ3EYvNZfLyl > > > > > > > >> > > > > > > > > > > > +/K5oO > > > > > > > >> > > > > > > > > > > > shg== > > > > > > > >> > > > > > > > > > > > =d0gl > > > > > > > >> > > > > > > > > > > > -----END PGP SIGNATURE----- > > > > > > > >> > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > On Sat, Oct 14, 2023 at 6:12 AM Jamie > Johnson > > > > > > > >> > > > > > > > > > > > <jej2...@gmail.com> wrote: > > > > > > > >> > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > Looks like tomcat 9.0.82 was > released! > > > > > > > >> > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > On Wed, Oct 11, 2023 at 12:54 PM > Jamie Johnson > > > > > > > >> > > > > > > > > > > > > <jej2...@gmail.com> > > > > > > > >> > > > > > > > > > > wrote: > > > > > > > >> > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > Looks right to me as well. Thanks > Richard! > > > > > > > >> > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > On Wed, Oct 11, 2023 at 12:45 PM > Richard > > > > > > > >> > > > > > > > > > > > > > Zowalla > > > > > > > >> > > > > > > > > > > > > > <rich...@zowalla.com > > > > > > > >> > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > wrote: > > > > > > > >> > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > I think we are running into > > > > > > > >> > > > > > > > > > > > > > > > > > > > > https://bz.apache.org/bugzilla/show_bug.cgi?id=67664 > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > This requires 9.0.82 to become > available. > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > They are already voting: > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > https://lists.apache.org/thread/qro48x3xnvhvvxxv3h > > > > > > > >> > > > > > > > > > > > > > > wnqnnsrrry773j > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > After 9.0.82 becomes available, > we are > > > > > > most > > > > > > > >> > > > > > > > > > > > > > > likely in a good shape to > > > > > > > >> > > > > > > > > > > > > > > start a release > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > Gruß > > > > > > > >> > > > > > > > > > > > > > > Richard > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > Am 11. Oktober 2023 18:14:09 > MESZ schrieb > > > > > > > >> > > > > > > > > > > > > > > Richard > > > > > > > >> > > > > > > > > > > > > > > Zowalla < > > > > > > > >> > > > > > > > > > > > > > > rich...@zowalla.com>: > > > > > > > >> > > > > > > > > > > > > > > > It seems the Tomcat upgrade > breaks some > > > > > > > >> > > > > > > > > > > > > > > > connection pool related > > > > > > > >> > > > > > > > > > > tests. > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > I guess we need to check our > integration > > > > > > > >> > > > > > > > > > > > > > > > code > > > > > > > >> > > > > > > > > > > > > > > > to fix it: > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > https://ci-builds.apache.org/job/Tomee/job/tomee-8.x-build-full-java8/lastCompletedBuild/testReport/ > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > So if anyone wants to dig, > feel free. > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > Am 11. Oktober 2023 16:56:27 > MESZ > > > > > > schrieb > > > > > > > >> > > > > > > > > > > > > > > > Jamie > > > > > > > >> > > > > > > > > > > > > > > > Johnson < > > > > > > > >> > > > > > > > > > > > > > > jej2...@gmail.com>: > > > > > > > >> > > > > > > > > > > > > > > > > There are other > vulnerabilities > > > > > > (pulled > > > > > > > >> > > > > > > > > > > > > > > > > from > > > > > > > >> > > > > > > > > > > > > > > > > https://osv.dev/) > > > > > > > >> > > > > > > > > > > that > > > > > > > >> > > > > > > > > > > > > > > can be > > > > > > > >> > > > > > > > > > > > > > > > > addressed, but need to be > reviewed. > > > > > > > >> > > > > > > > > > > > > > > > > The > > > > > > > >> > > > > > > > > > > > > > > > > format below is dependency > > > > > > > >> > > > > > > > > > > > > > > > > current_version > (fix_version). > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > org.apache.httpcomponents:httpclient > > > > > > > >> > > > > > > > > > > > > > > > > 4.2.2 > > > > > > > >> > > > > > > > > > > > > > > > > (>= 4.5.13) > > > > > > > >> > > > > > > > > > > > > > > > > GHSA-2x83-r56g-cv47 (4.2.3), > > > > > > GHSA-7r82- > > > > > > > >> > > > > > > > > > > > > > > > > 7xv7- > > > > > > > >> > > > > > > > > > > > > > > > > xcpj > > > > > > > >> > > > > > > > > > > > > > > > > (4.5.13), > GHSA-fmj5-wv96-r2ch (4.3.6), > > > > > > > >> > > > > > > > > > > > > > > > > GHSA- > > > > > > > >> > > > > > > > > > > > > > > > > cfh5-3ghh-wfjx (4.3.5) > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > xalan:xalan 2.7.2 (2.7.3) > > > > > > > >> > > > > > > > > > > > > > > > > GHSA-9339-86wc-4qgf (2.7.3) > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > org.apache.commons:commons-compress > > > > > > > >> > > > > > > > > > > > > > > > > 1.14 > > > > > > > >> > > > > > > > > > > > > > > > > (>=1.24.0) > > > > > > > >> > > > > > > > > > > > > > > > > GHSA-hrmr-f5m6-m9pq (1.18), > GHSA-xqfj- > > > > > > > >> > > > > > > > > > > > > > > > > vm6h- > > > > > > > >> > > > > > > > > > > > > > > > > 2x34 (1.22), > > > > > > > >> > > > > > > > > > > > > > > GHSA-h436-432x-8fvx > > > > > > > >> > > > > > > > > > > > > > > > > (1.16), GHSA-crv7-7245-f45f > (1.21), > > > > > > > >> > > > > > > > > > > > > > > > > GHSA- > > > > > > > >> > > > > > > > > > > > > > > > > mc84-pj99-q6hh > > > > > > > >> > > > > > > > > > > > > > > > > (1.21), GHSA-7hfm-57qf-j43q > (1.21), > > > > > > > >> > > > > > > > > > > > > > > > > GHSA- > > > > > > > >> > > > > > > > > > > > > > > > > cgwf-w82q-5jrr (1.24.0) > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > org.eclipse.jetty:jetty-server > > > > > > > >> > > > > > > > > > > > > > > > > 9.4.49.v20220914 > (9.4.51.v20230217) > > > > > > > >> > > > > > > > > > > > > > > > > GHSA-qw69-rqj8-6qw8 > > > > > > (9.4.51.v20230217), > > > > > > > >> > > > > > > > > > > > > > > > > GHSA- > > > > > > > >> > > > > > > > > > > > > > > > > p26g-97m4-6q7c > > > > > > > >> > > > > > > > > > > > > > > > > (9.4.51.v20230217) > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > org.eclipse.jetty:jetty-http > > > > > > > >> > > > > > > > > > > > > > > > > 9.4.49.v20220914 > > > > > > > >> > > > > > > > > > > > > > > > > (>=9.4.53) > > > > > > > >> > > > > > > > > > > > > > > > > GHSA-hmr7-m48g-48f6 > (9.4.52), GHSA- > > > > > > > >> > > > > > > > > > > > > > > > > wgh7-54f2- > > > > > > > >> > > > > > > > > > > > > > > > > x98r (9.4.53) > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > org.eclipse.jetty:jetty-servlets > > > > > > > >> > > > > > > > > > > > > > > > > 9.4.49.v20220914 (9.4.53) > > > > > > > >> > > > > > > > > > > > > > > > > GHSA-3gh6-v5v9-6v9j (9.4.53) > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > org.apache.sshd:sshd-core > 2.1.0 > > > > > > > >> > > > > > > > > > > > > > > > > (>=2.10.0) > > > > > > > >> > > > > > > > > > > > > > > > > GHSA-9279-7hph-r3xw (2.7.0), > > > > > > GHSA-fhw8- > > > > > > > >> > > > > > > > > > > > > > > > > 8j55- > > > > > > > >> > > > > > > > > > > > > > > > > vwgq > > > > > > > >> > > > > > > > > > > > > > > > > (2.9.2), > GHSA-mjmq-gwgm-5qhm (2.10.0) > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > com.google.code.gson:gson > 2.2.4 > > > > > > (2.8.9) > > > > > > > >> > > > > > > > > > > > > > > > > GHSA-4jrv-ppp4-jm57 (2.8.9) > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > org.webjars:handlebars > 1.2.1 (4.7.7) > > > > > > > >> > > > > > > > > > > > > > > > > GHSA-f2jv-r9rf-7988 (4.7.7) > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > org.apache.ivy:ivy 2.3.0 > (>= 2.5.2) > > > > > > > >> > > > > > > > > > > > > > > > > GHSA-wv7w-rj2x-556x (2.5.1), > > > > > > GHSA-2jc4- > > > > > > > >> > > > > > > > > > > > > > > > > r94c- > > > > > > > >> > > > > > > > > > > > > > > > > rp7h (2.5.2) > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > On Wed, Oct 11, 2023 at > 6:49 AM Jamie > > > > > > > >> > > > > > > > > > > > > > > > > Johnson > > > > > > > >> > > > > > > > > > > > > > > > > <jej2...@gmail.com> > > > > > > > >> > > > > > > > > > > > > > > wrote: > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > How deep down the rabbit > hole should > > > > > > > >> > > > > > > > > > > > > > > > > > the > > > > > > > >> > > > > > > > > > > > > > > > > > dependency checks > > > > > > > >> > > > > > > > > > > normally > > > > > > > >> > > > > > > > > > > > > > > go? > > > > > > > >> > > > > > > > > > > > > > > > > > Looks like the big ones I > was > > > > > > > >> > > > > > > > > > > > > > > > > > tracking with > > > > > > > >> > > > > > > > > > > > > > > > > > security updates were > > > > > > > >> > > > > > > > > > > > > > > done. > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > johnzon 1.2.21 > > > > > > > >> > > > > > > > > > > > > > > > > > tomcat 9.0.81 > > > > > > > >> > > > > > > > > > > > > > > > > > bouncy castle 1.76 > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > Still poking around a bit > but > > > > > > there’s > > > > > > > >> > > > > > > > > > > > > > > > > > obviously a lot. > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > On Wed, Oct 11, 2023 at > 2:09 AM > > > > > > > >> > > > > > > > > > > > > > > > > > Richard > > > > > > > >> > > > > > > > > > > > > > > > > > Zowalla <r...@apache.org > > > > > > > >> > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > wrote: > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > In theory, every > committer can act > > > > > > > >> > > > > > > > > > > > > > > > > > > as > > > > > > > >> > > > > > > > > > > > > > > > > > > release manager. > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > There are some steps in > the > > > > > > > >> > > > > > > > > > > > > > > > > > > process, > > > > > > > >> > > > > > > > > > > > > > > > > > > which requires PMC > karma, > > > > > > > >> > > > > > > > > > > though > > > > > > > >> > > > > > > > > > > > > > > > > > > (such as adding a key > to the KEYS > > > > > > > >> > > > > > > > > > > > > > > > > > > file, > > > > > > > >> > > > > > > > > > > > > > > > > > > moving stuff to the > > > > > > > >> > > > > > > > > > > release > > > > > > > >> > > > > > > > > > > > > > > are > > > > > > > >> > > > > > > > > > > > > > > > > > > on SVN, start the VOTE, > etc.). > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > The process is > documented here: > > > > > > [1] > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > That being said: > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > I am currently planning > to start > > > > > > > >> > > > > > > > > > > > > > > > > > > the > > > > > > > >> > > > > > > > > > > > > > > > > > > release process for > TomEE > > > > > > > >> > > > > > > > > > > 9.1.1 > > > > > > > >> > > > > > > > > > > > > > > > > > > within this week. Due > to the > > > > > > Tomcat > > > > > > > >> > > > > > > > > > > > > > > > > > > security issues released > > > > > > > >> > > > > > > > > > > > > > > yesterday, > > > > > > > >> > > > > > > > > > > > > > > > > > > we need to do some > backporting, > > > > > > > >> > > > > > > > > > > > > > > > > > > which > > > > > > > >> > > > > > > > > > > > > > > > > > > will consume additional > > > > > > > >> > > > > > > > > > > time. > > > > > > > >> > > > > > > > > > > > > > > (It > > > > > > > >> > > > > > > > > > > > > > > > > > > just interrupted my > preparations, > > > > > > > >> > > > > > > > > > > > > > > > > > > so it > > > > > > > >> > > > > > > > > > > > > > > > > > > needs additional CI / > > > > > > > >> > > > > > > > > > > TCK > > > > > > > >> > > > > > > > > > > > > > > > > > > cycles) > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > A release usally > consumes around > > > > > > 1- > > > > > > > >> > > > > > > > > > > > > > > > > > > 3 > > > > > > > >> > > > > > > > > > > > > > > > > > > hours of work. Mostly > > > > > > > >> > > > > > > > > > > because > > > > > > > >> > > > > > > > > > > > > > > you > > > > > > > >> > > > > > > > > > > > > > > > > > > have to wait for stuff > being build > > > > > > > >> > > > > > > > > > > > > > > > > > > or to > > > > > > > >> > > > > > > > > > > > > > > > > > > run some basic sanity > > > > > > > >> > > > > > > > > > > checks > > > > > > > >> > > > > > > > > > > > > > > > > > > before starting and to > not forget > > > > > > > >> > > > > > > > > > > > > > > > > > > any > > > > > > > >> > > > > > > > > > > > > > > > > > > step. > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > What would really help > for a TomEE > > > > > > > >> > > > > > > > > > > > > > > > > > > 8.0.16 > > > > > > > >> > > > > > > > > > > > > > > > > > > is to carefully > > > > > > > >> > > > > > > > > > > re-check > > > > > > > >> > > > > > > > > > > > > > > the > > > > > > > >> > > > > > > > > > > > > > > > > > > current dependencies > for important > > > > > > > >> > > > > > > > > > > > > > > > > > > 3rd > > > > > > > >> > > > > > > > > > > > > > > > > > > party dependencies (and > > > > > > > >> > > > > > > > > > > update > > > > > > > >> > > > > > > > > > > > > > > > > > > if needed. Note: Each > update or > > > > > > > >> > > > > > > > > > > > > > > > > > > bunch of > > > > > > > >> > > > > > > > > > > > > > > > > > > updates shouldn't > > > > > > > >> > > > > > > > > > > break the > > > > > > > >> > > > > > > > > > > > > > > > > > > build. A full build on > CI takes > > > > > > > >> > > > > > > > > > > > > > > > > > > around 4- > > > > > > > >> > > > > > > > > > > > > > > > > > > 8 hours) on that > > > > > > > >> > > > > > > > > > > branch, > > > > > > > >> > > > > > > > > > > > > > > build > > > > > > > >> > > > > > > > > > > > > > > > > > > it locally and conduct > some sanity > > > > > > > >> > > > > > > > > > > > > > > > > > > checks > > > > > > > >> > > > > > > > > > > > > > > > > > > (for example: same > > > > > > > >> > > > > > > > > > > lib in > > > > > > > >> > > > > > > > > > > > > > > > > > > different versions in > /lib -> > > > > > > check > > > > > > > >> > > > > > > > > > > > > > > > > > > and > > > > > > > >> > > > > > > > > > > > > > > > > > > fix) with the created > > > > > > > >> > > > > > > > > > > > > > > > > > > tar.gz/zip files. > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > This is one of the > steps, which > > > > > > > >> > > > > > > > > > > > > > > > > > > usually > > > > > > > >> > > > > > > > > > > > > > > > > > > consumes a lot of time. > > > > > > > >> > > > > > > > > > > If > > > > > > > >> > > > > > > > > > > > > > > you > > > > > > > >> > > > > > > > > > > > > > > > > > > want to give it a try, > I am happy > > > > > > > >> > > > > > > > > > > > > > > > > > > to help > > > > > > > >> > > > > > > > > > > > > > > > > > > out for the steps > > > > > > > >> > > > > > > > > > > which > > > > > > > >> > > > > > > > > > > > > > > > > > > require PMC involvement. > > > > > > Otherwise, > > > > > > > >> > > > > > > > > > > > > > > > > > > I > > > > > > > >> > > > > > > > > > > > > > > > > > > might find some time in > > > > > > > >> > > > > > > > > > > the > > > > > > > >> > > > > > > > > > > > > > > next > > > > > > > >> > > > > > > > > > > > > > > > > > > week to start a release > of 8.0.16 > > > > > > - > > > > > > > >> > > > > > > > > > > > > > > > > > > just > > > > > > > >> > > > > > > > > > > > > > > > > > > let me know and I can > > > > > > > >> > > > > > > > > > > plan > > > > > > > >> > > > > > > > > > > > > > > my > > > > > > > >> > > > > > > > > > > > > > > > > > > time accordingly ;-) > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > Gruß > > > > > > > >> > > > > > > > > > > > > > > > > > > Richard > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > [1] > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > https://tomee.apache.org/dev/release-tomee.html > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > Am Dienstag, dem > 10.10.2023 um > > > > > > > >> > > > > > > > > > > > > > > > > > > 17:56 - > > > > > > > >> > > > > > > > > > > > > > > > > > > 0500 schrieb Jonathan S. > > > > > > > >> > > > > > > > > > > > > > > Fisher: > > > > > > > >> > > > > > > > > > > > > > > > > > > > Jean-Louis, are there > directions > > > > > > > >> > > > > > > > > > > > > > > > > > > > anywhere? Not > promising > > > > > > > >> > > > > > > > > > > anything > > > > > > > >> > > > > > > > > > > > > > > :) > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > On Tue, Oct 10, 2023 > at 5:22 PM > > > > > > > >> > > > > > > > > > > > > > > > > > > > Jean- > > > > > > > >> > > > > > > > > > > > > > > > > > > > Louis Monteiro > > > > > > > >> > > > > > > > > > > > > > > > > > > > < > jlmonte...@tomitribe.com> > > > > > > wrote: > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > Whomever is > committer can do > > > > > > > >> > > > > > > > > > > > > > > > > > > > > it. > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > I was just trying > to give you > > > > > > > >> > > > > > > > > > > > > > > > > > > > > an > > > > > > > >> > > > > > > > > > > > > > > > > > > > > honest reply > regarding my > > > > > > > >> > > > > > > > > > > > > > > > > > > > > availabilities > > > > > > > >> > > > > > > > > > > > > > > > > > > > > and give visibility > to the > > > > > > rest > > > > > > > >> > > > > > > > > > > > > > > > > > > > > of > > > > > > > >> > > > > > > > > > > > > > > > > > > > > the community and > the > > > > > > > >> > > > > > > > > > > other > > > > > > > >> > > > > > > > > > > > > > > > > > > > > committers > > > > > > > >> > > > > > > > > > > > > > > > > > > > > at the same time. > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > Hope it helps. > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > > > >> > > > > > > > > > > > > > > > > > > > > Le mar. 10 oct. > 2023, 23:27, > > > > > > > >> > > > > > > > > > > > > > > > > > > > > Jamie > > > > > > > >> > > > > > > > > > > > > > > > > > > > > Johnson < > > > > > > > >> > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > Jonathan | exabr...@gmail.com > > > > > > Pessimists, see a jar as half empty. Optimists, in contrast, see > it as > > > > > > half full. > > > > > > Engineers, of course, understand the glass is twice as big as it > needs to > > > > > > be. > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Jonathan | exabr...@gmail.com > > > > Pessimists, see a jar as half empty. Optimists, in contrast, see it > as > > > > half full. > > > > Engineers, of course, understand the glass is twice as big as it > needs to be. > > > > > > > > > > > > -- > > > Jonathan | exabr...@gmail.com > > > Pessimists, see a jar as half empty. Optimists, in contrast, see it as > > > half full. > > > Engineers, of course, understand the glass is twice as big as it needs > to be. > > > > > > > > -- > > Jonathan | exabr...@gmail.com > > Pessimists, see a jar as half empty. Optimists, in contrast, see it as > > half full. > > Engineers, of course, understand the glass is twice as big as it needs > to be. > > > >
