Hello everyone, This is a vote for the release of Apache TomEE 10.0.0-M1.
It is a first milestone release of TomEE 10 targeting JakartaEE 10. Thanks to everyone who contributed code to make this happen. I would like to emphasise and give a shout out to all our volunteers who have done the hard work for EE10, which is also done in all our upstream dependencies like Tomcat, OWB, CXF, MyFaces, etc. This milestone release is not fully compliant with JakartaEE 10 as we are missing some EE10 compatible versions of our dependencies (most notably CXF 4.1.x which isn't available yet). We do not pass the TCK, nor do we have a fully working TCK setup at the moment. However, our own full build is green [1] and so I am happy to call for a vote to release a first milestone of TomEE 10. Here are the hard facts: ############### Maven Repo: https://repository.apache.org/content/repositories/orgapachetomee-1226/ <repositories> <repository> <id>tomee-10.0.0-M1-rc1</id> <name>Testing TomEE 10.0.0-M1</name> <url> https://repository.apache.org/content/repositories/orgapachetomee-1226/ </url> </repository> </repositories> ############### Binaries & Source: https://dist.apache.org/repos/dist/dev/tomee/staging-1226/tomee-10.0.0-M1/ ############### Tag: https://github.com/apache/tomee/releases/tag/tomee-project-10.0.0-M1 ############### Release notes: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12352714 ############### Here is an adoc generated version of the changelog as well: == Dependency upgrade [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4266[TOMEE-4266] ActiveMQ 5.16.7 / 5.18.3 - link:https://issues.apache.org/jira/browse/TOMEE-4217[TOMEE-4217] Arquillian 1.7.0.Final - link:https://issues.apache.org/jira/browse/TOMEE-4307[TOMEE-4307] BatchEE 1.0.4 - link:https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235] Bouncy Castle 1.75 - link:https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243] Bouncy Castle 1.76 - link:https://issues.apache.org/jira/browse/TOMEE-4278[TOMEE-4278] Commons CLI 1.6.0 - link:https://issues.apache.org/jira/browse/TOMEE-4277[TOMEE-4277] Commons Codec 1.16.0 - link:https://issues.apache.org/jira/browse/TOMEE-4274[TOMEE-4274] Commons DBCP 2.11.0 - link:https://issues.apache.org/jira/browse/TOMEE-4275[TOMEE-4275] Commons Lang3 3.13.0 - link:https://issues.apache.org/jira/browse/TOMEE-4310[TOMEE-4310] Commons Net 3.9.0 - link:https://issues.apache.org/jira/browse/TOMEE-4308[TOMEE-4308] Fileupload 2 (Jakarta - link:https://issues.apache.org/jira/browse/TOMEE-4218[TOMEE-4218] HSQLDB 2.7.2 - link:https://issues.apache.org/jira/browse/TOMEE-4221[TOMEE-4221] JUnit 5.9.3 - link:https://issues.apache.org/jira/browse/TOMEE-4212[TOMEE-4212] Jackson 2.15.0 - link:https://issues.apache.org/jira/browse/TOMEE-4216[TOMEE-4216] Jackson 2.15.1 - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227] Jackson 2.15.2 - link:https://issues.apache.org/jira/browse/TOMEE-4276[TOMEE-4276] Jackson 2.15.3 - link:https://issues.apache.org/jira/browse/TOMEE-4208[TOMEE-4208] Johnzon 1.2.20 - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228] Johnzon 1.2.21 - link:https://issues.apache.org/jira/browse/TOMEE-4205[TOMEE-4205] Jose4j 0.9.3 - link:https://issues.apache.org/jira/browse/TOMEE-4279[TOMEE-4279] Log4J2 2.21.1 - link:https://issues.apache.org/jira/browse/TOMEE-4296[TOMEE-4296] MicroProfile JWT 2.1 - link:https://issues.apache.org/jira/browse/TOMEE-4283[TOMEE-4283] OWB 4.0.1 - link:https://issues.apache.org/jira/browse/TOMEE-4282[TOMEE-4282] Tomcat 10.1.16 - link:https://issues.apache.org/jira/browse/TOMEE-4309[TOMEE-4309] Tomcat 10.1.20 - link:https://issues.apache.org/jira/browse/TOMEE-4280[TOMEE-4280] WSS4J 3.0.2 - link:https://issues.apache.org/jira/browse/TOMEE-4313[TOMEE-4313] XBean 4.24 - link:https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232] bcprov-jdk15to18-1.74.jar - link:https://issues.apache.org/jira/browse/TOMEE-4220[TOMEE-4220] log4j 2.20.0 (integration) - link:https://issues.apache.org/jira/browse/TOMEE-4311[TOMEE-4311] log4j2 2.23.1 - link:https://issues.apache.org/jira/browse/TOMEE-4312[TOMEE-4312] slf4j 2.0.12 - link:https://issues.apache.org/jira/browse/TOMEE-4213[TOMEE-4213] snakeyaml version 2.0 mitigate CVE-2022-1471 - link:https://issues.apache.org/jira/browse/TOMEE-4219[TOMEE-4219] xbeans 4.23 == New Feature [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4268[TOMEE-4268] Create MicroProfile OpenAPI Reader exemple - link:https://issues.apache.org/jira/browse/TOMEE-4281[TOMEE-4281] Improve logging when failing to load a class == Bug [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222] @LoginToContinue JSR-375 (JavaEE Security API) causes IllegalArgumentException - link:https://issues.apache.org/jira/browse/TOMEE-4267[TOMEE-4267] MicroProfile Metrics JMX Registrar must be initialized once - link:https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225] Remove commons-net from TomEE distribution - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226] DataSource definition fails when @DataSourceDefinition doesn't define url property - link:https://issues.apache.org/jira/browse/TOMEE-4192[TOMEE-4192] ApplicationComposers do not clear GC references on release - link:https://issues.apache.org/jira/browse/TOMEE-4199[TOMEE-4199] jakartaee-api with tomcat classifier has too much in it - link:https://issues.apache.org/jira/browse/TOMEE-4294[TOMEE-4294] TomEE doesn't start in tomee-embedded-maven-plugin when mp-common is present - link:https://issues.apache.org/jira/browse/TOMEE-4295[TOMEE-4295] tomee-embedded-maven-plugin does not register microprofile endpoints == Improvement [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4269[TOMEE-4269] Enable SLF4J 2.x webapps to include bindings in their WEB-INF/lib - link:https://issues.apache.org/jira/browse/TOMEE-4286[TOMEE-4286] Namespace error when processing web-fragment.xml - link:https://issues.apache.org/jira/browse/TOMEE-4200[TOMEE-4200] Use ActiveMQ client jakarta instead of shading it in TomEE == Task [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4261[TOMEE-4261] Upgrade to Jakarta EE 10 APIs + OWB-4 - link:https://issues.apache.org/jira/browse/TOMEE-4314[TOMEE-4314] Fix docker-compose.yml to build TomEE - link:https://issues.apache.org/jira/browse/TOMEE-4284[TOMEE-4284] Implement tomee.mp.jwt.allow.no-exp property over mp.jwt.tomee.allow.no-exp == Wish [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4190[TOMEE-4190] RunWithApplicationComposer should support inheritance == Fixed Common Vulnerabilities and Exposures (CVEs) [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227] Jackson 2.15.2 ############### Please note: Grype will report a vulnerability for apache-mime4j-core 0.8.7 0.8.10 java-archive GHSA-jw7r-rxff- gv24 Medium which is shaded inside of "geronimo-mail_2.1_spec-1.0.0-M1.jar". In it's current version, the dependency is _NOT_ used inside of geronimo mail impl, so unless you are using the shaded classes yourself, we are not affected here. There is also another mail thread related to mail. For signature verification, you can check on the example script here: https://gist.github.com/rzo1/9fb1ca0d58e1fc982d596f2a94b10b32 ############### Please VOTE [+1] go ship it [+0] meh, don't care [-1] stop, there is a ${showstopper} The VOTE is open for 72h or as long as needed. Gruß Richard [1] https://ci-builds.apache.org/job/Tomee/job/master-build-full/1337/
