Ok - is there anything else we want to try and pull in before I cut a
release? I note there's 3 PRs here for main from the last couple of weeks -
should any be ported to 9.x? https://github.com/apache/tomee/pulls

Jon



On Mon, Dec 4, 2023 at 12:22 PM Richard Zowalla <r...@apache.org> wrote:

> Thx, Jon.
>
> Am Freitag, dem 01.12.2023 um 16:02 +0000 schrieb Jonathan Gallimore:
> > I've merged in a fix for CVE-2023-46589, and a test for it. I'll kick
> > off a
> > release either over the weekend if I get time, or on Monday. Let me
> > know if
> > there's any objections.
> >
> > Jon
> >
> > On Wed, Nov 29, 2023 at 3:48 PM Alex The Rocker
> > <alex.m3...@gmail.com>
> > wrote:
> >
> > > +1 and thanks Richard for raising attention on CVE-2023-46589 which
> > > is
> > > fairly new
> > >
> > > Le mer. 29 nov. 2023 à 12:51, Richard Zowalla <r...@apache.org> a
> > > écrit :
> > > >
> > > > +1 and yes, CVE-2023-46589 is missing.
> > > >
> > > > Am Mittwoch, dem 29.11.2023 um 11:23 +0000 schrieb Jonathan
> > > > Gallimore:
> > > > > +1
> > > > >
> > > > > I think there's one CVE to patch before release: CVE-2023-46589
> > > > > which
> > > > > I'm
> > > > > happy to do. I'm also happy to cut the release as its been a
> > > > > while
> > > > > since I
> > > > > last did it.
> > > > >
> > > > > Jon
> > > > >
> > > > > On Wed, Nov 29, 2023 at 11:20 AM Jean-Louis Monteiro <
> > > > > jlmonte...@tomitribe.com> wrote:
> > > > >
> > > > > > Hi all,
> > > > > >
> > > > > > There are a couple of CVEs attached to the latest 9.x
> > > > > > release. Is
> > > > > > it time
> > > > > > to cut a release?
> > > > > >
> > > > > > Best
> > > > > > --
> > > > > > Jean-Louis Monteiro
> > > > > > http://twitter.com/jlouismonteiro
> > > > > > http://www.tomitribe.com
> > > > > >
> > > >
> > >
>
>

Reply via email to