Yes. It seems the changes from https://github.com/apache/tomee/commit/be3901cc3c96b56989a5d501313fe4225f7872c3 were overridden by the commit with the version bump to 8.0.16 in https://github.com/apache/tomee/commit/a73aca679c6f61716b09275ac35fef2f51fe015b
The tar.gz/zip contains the right amq version. Guess we should do a re-roll and cancel (might be good to use a branch for preparation in the future (we need to add it to the docs), so reverting and re-roll doesn't polute our actual dev branch) as otherwise the BOMs bring in a vulnerable amq version for consumers. Let me know, if you want to prepare a RC2. IAM going to cancel this vote later today :-) Regarding the release notes: this is not a big deal, can fix in the issue for 9.0.81 :-) Am 29. Oktober 2023 16:22:14 MEZ schrieb "Jonathan S. Fisher" <[email protected]>: >Also, should this have been merged before tag/release? >https://github.com/apache/tomee/pull/1078/files > > >On Sun, Oct 29, 2023 at 12:12 AM Jonathan S. Fisher <[email protected]> wrote: >> >> Ah shucks :) happy to help. >> >> I did notice <tomcat.version>9.0.82</tomcat.version> is missing from >> the release notes. It'd be handy to make sure that's included. >> >> On Sat, Oct 28, 2023 at 3:44 PM Alex The Rocker <[email protected]> wrote: >> > >> > Awesome! >> > >> > Thanks a lot Jonathan S. Fisher for making this release happen. >> > >> > I'm going to run my usual tests - take me few days to have enough >> > coverage on various setups, but I will provide feedback for sure! >> > >> > Alex >> > >> > Le sam. 28 oct. 2023 à 21:10, Richard Zowalla <[email protected]> a écrit : >> > > >> > > Hi all, >> > > >> > > This is a vote for a release of Apache TomEE 8.0.16. >> > > >> > > I'd like to start with a big thank you and a big applause to Jonathan >> > > Fisher. He is rolling out his first release today. >> > > >> > > Per ASF rules, the actual VOTE needs to be run by a TomEE PMC member, >> > > that's why I'm starting it. >> > > >> > > However, the work has been done by Jonathan, so thank you. Well done. >> > > >> > > TomEE 8.0.16 is a maintenance release with dependencies >> > > upgrades and bug fixes. It also fixes the latest Tomcat vulnerabilities >> > > as well as other CVEs. >> > > >> > > ############### >> > > >> > > Maven Repo: >> > > https://repository.apache.org/content/repositories/orgapachetomee-1222/ >> > > >> > > <repositories> >> > > <repository> >> > > <id>tomee-8.0.16-rc1</id> >> > > <name>Testing TomEE 8.0.16 RC1</name> >> > > <url> >> > > https://repository.apache.org/content/repositories/orgapachetomee-1222/ >> > > </url> >> > > </repository> >> > > </repositories> >> > > >> > > ############### >> > > >> > > Binaries & Source: >> > > >> > > https://dist.apache.org/repos/dist/dev/tomee/staging-1222/tomee-8.0.16/ >> > > >> > > ############### >> > > >> > > Tag: >> > > >> > > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.16 >> > > >> > > >> > > ############### >> > > >> > > Release notes: >> > > >> > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12353257 >> > > >> > > ############### >> > > >> > > Here is an adoc generated version of the changelog as well: >> > > >> > > == Dependency upgrade >> > > >> > > [.compact] >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4266[TOMEE-4266] >> > > ActiveMQ 5.16.7 / 5.18.3 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234] >> > > Bouncy Castle 1.75 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229] >> > > CVE-2023-34981 in TomEE 8.0.15 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4218[TOMEE-4218] >> > > HSQLDB 2.7.2 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4221[TOMEE-4221] >> > > JUnit 5.9.3 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4216[TOMEE-4216] >> > > Jackson 2.15.1 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227] >> > > Jackson 2.15.2 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228] >> > > Johnzon 1.2.21 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4263[TOMEE-4263] >> > > Santuario Java (xmlsec) mitigate CVE-2023-44483 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4224[TOMEE-4224] >> > > Tomcat 9.0.76 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4237[TOMEE-4237] >> > > Tomcat 9.0.79 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238] >> > > Tomcat 9.0.80 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4262[TOMEE-4262] >> > > eclipselink 2.7.13 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4220[TOMEE-4220] >> > > log4j 2.20.0 (integration) >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4219[TOMEE-4219] >> > > xbeans 4.23 >> > > >> > > == Bug >> > > >> > > [.compact] >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222] >> > > @LoginToContinue JSR-375 (JavaEE Security API) causes >> > > IllegalArgumentException >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226] >> > > DataSource definition fails when @DataSourceDefinition doesn't define >> > > url property >> > > >> > > == Improvement >> > > >> > > [.compact] >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031] >> > > Improve TomEE Jmx Mbean Support for Parameter Names >> > > >> > > == Fixed Common Vulnerabilities and Exposures (CVEs) >> > > >> > > [.compact] >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234] >> > > Bouncy Castle 1.75 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238] >> > > Tomcat 9.0.80 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227] >> > > Jackson 2.15.2 >> > > - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229] >> > > CVE-2023-34981 in Apache TomEE 8.0.15 >> > > >> > > ######################## >> > > >> > > Please VOTE >> > > >> > > [+1] go ship it >> > > [+0] meh, don't care >> > > [-1] stop, there is a ${showstopper} >> > > >> > > The VOTE is open for 72h or as long as needed. >> > > >> > > Gruß >> > > Richard >> >> >> >> -- >> Jonathan | [email protected] >> Pessimists, see a jar as half empty. Optimists, in contrast, see it as >> half full. >> Engineers, of course, understand the glass is twice as big as it needs to be. > > > >-- >Jonathan | [email protected] >Pessimists, see a jar as half empty. Optimists, in contrast, see it as >half full. >Engineers, of course, understand the glass is twice as big as it needs to be.
