We are going to cancel that vote because of an issue with the generated BOM files which are referencing a vulnerable AMQ version.
Stay tuned for a re-roll and thanks to all, who already had a look :-) Am 28. Oktober 2023 21:10:53 MESZ schrieb Richard Zowalla <[email protected]>: >Hi all, > >This is a vote for a release of Apache TomEE 8.0.16. > >I'd like to start with a big thank you and a big applause to Jonathan >Fisher. He is rolling out his first release today. > >Per ASF rules, the actual VOTE needs to be run by a TomEE PMC member, >that's why I'm starting it. > >However, the work has been done by Jonathan, so thank you. Well done. > >TomEE 8.0.16 is a maintenance release with dependencies >upgrades and bug fixes. It also fixes the latest Tomcat vulnerabilities >as well as other CVEs. > >############### > >Maven Repo: >https://repository.apache.org/content/repositories/orgapachetomee-1222/ > ><repositories> ><repository> ><id>tomee-8.0.16-rc1</id> ><name>Testing TomEE 8.0.16 RC1</name> ><url> >https://repository.apache.org/content/repositories/orgapachetomee-1222/ ></url> ></repository> ></repositories> > >############### > >Binaries & Source: > >https://dist.apache.org/repos/dist/dev/tomee/staging-1222/tomee-8.0.16/ > >############### > >Tag: > >https://github.com/apache/tomee/releases/tag/tomee-project-8.0.16 > > >############### > >Release notes: > >https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12353257 > >############### > >Here is an adoc generated version of the changelog as well: > >== Dependency upgrade > >[.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4266[TOMEE-4266] >ActiveMQ 5.16.7 / 5.18.3 > - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234] >Bouncy Castle 1.75 > - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229] >CVE-2023-34981 in TomEE 8.0.15 > - link:https://issues.apache.org/jira/browse/TOMEE-4218[TOMEE-4218] >HSQLDB 2.7.2 > - link:https://issues.apache.org/jira/browse/TOMEE-4221[TOMEE-4221] >JUnit 5.9.3 > - link:https://issues.apache.org/jira/browse/TOMEE-4216[TOMEE-4216] >Jackson 2.15.1 > - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227] >Jackson 2.15.2 > - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228] >Johnzon 1.2.21 > - link:https://issues.apache.org/jira/browse/TOMEE-4263[TOMEE-4263] >Santuario Java (xmlsec) mitigate CVE-2023-44483 > - link:https://issues.apache.org/jira/browse/TOMEE-4224[TOMEE-4224] >Tomcat 9.0.76 > - link:https://issues.apache.org/jira/browse/TOMEE-4237[TOMEE-4237] >Tomcat 9.0.79 > - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238] >Tomcat 9.0.80 > - link:https://issues.apache.org/jira/browse/TOMEE-4262[TOMEE-4262] >eclipselink 2.7.13 > - link:https://issues.apache.org/jira/browse/TOMEE-4220[TOMEE-4220] >log4j 2.20.0 (integration) > - link:https://issues.apache.org/jira/browse/TOMEE-4219[TOMEE-4219] >xbeans 4.23 > >== Bug > >[.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222] >@LoginToContinue JSR-375 (JavaEE Security API) causes >IllegalArgumentException > - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226] >DataSource definition fails when @DataSourceDefinition doesn't define >url property > >== Improvement > >[.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031] >Improve TomEE Jmx Mbean Support for Parameter Names > >== Fixed Common Vulnerabilities and Exposures (CVEs) > >[.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234] >Bouncy Castle 1.75 > - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238] >Tomcat 9.0.80 > - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227] >Jackson 2.15.2 > - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229] >CVE-2023-34981 in Apache TomEE 8.0.15 > >######################## > >Please VOTE > >[+1] go ship it >[+0] meh, don't care >[-1] stop, there is a ${showstopper} > >The VOTE is open for 72h or as long as needed. > >Gruß >Richard
