+1 Alex The Rocker <[email protected]> schrieb am Mi., 10. Apr. 2024, 07:23:
> +1 (non-binding) > > Successfully tested the TomEE 9.1.3 release candidate with TomEE+ with > more than 10 different web applications, with both Java 17 and Java 21 > as the Java runtime (Java sources have been compiled with a JDK 17) on > Linux Redhat 8, and using of these various Jakarta EE 9 features: > Servlet, JSP, EJB, CDI, JAX RS, JSON-P, JMS (in some cases with the > embedded AMQ and using connection to remote AMQ server in other > cases), Websockets, and JavaMail > I observed no performance issues, and confirm that CVE fixes and port > of TomEE 8's of placeholder support in MDBs. > > And special thanks to Richard for having ran this Apache TomEE 9.1.3 > vote : I understand the difficulty to keep 9.x versions maintained > until 10.x is released (thanks for its M1 milestone too), I hope there > will not be too many critical CVEs coming out on 9.x before 10.x is > released... > > Alex > > Le lun. 8 avr. 2024 à 14:57, Alex The Rocker <[email protected]> a > écrit : > > > > Thank you very much Richard for this very kind effort ! > > I have started some validations with this TomEE 9.1.3 candidate > > release, so far so good, but I want to run as many tests as possible > > with the broadest possible scope. > > I should be able to provide a vote Wednesday this week at most. > > > > Alex > > > > Le lun. 8 avr. 2024 à 11:34, Richard Zowalla <[email protected]> a écrit : > > > > > > Hello everyone, > > > > > > This is a vote for the release of Apache TomEE 9.1.3 > > > > > > It contains some version upgrades (cxf, jackson, batchee) and security > > > backports for the recent Tomcat CVEs. > > > > > > Here are the hard facts: > > > > > > ############### > > > > > > Maven Repo: > > > > https://repository.apache.org/content/repositories/orgapachetomee-1227/ > > > > > > <repositories> > > > <repository> > > > <id>tomee-9.1.3-rc1</id> > > > <name>Testing TomEE 9.1.3</name> > > > <url> > > > > https://repository.apache.org/content/repositories/orgapachetomee-1227/ > > > </url> > > > </repository> > > > </repositories> > > > > > > ############### > > > > > > Binaries & Source: > > > > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1227/tomee-9.1.3/ > > > > > > ############### > > > > > > Tag: > > > > > > https://github.com/apache/tomee/releases/tag/tomee-project-9.1.3 > > > > > > ############### > > > > > > Release notes: > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12354125 > > > > > > ############### > > > > > > Here is an adoc generated version of the changelog as well: > > > > > > == Dependency upgrade > > > > > > [.compact] > > > - link:https://issues.apache.org/jira/browse/TOMEE-4305[TOMEE-4305] > > > Backport fix for CVE-2024-23672 for TomEE 9.x > > > - link:https://issues.apache.org/jira/browse/TOMEE-4306[TOMEE-4306] > > > Backport fix for CVE-2024-24549 for TomEE 9.x > > > - link:https://issues.apache.org/jira/browse/TOMEE-4316[TOMEE-4316] > > > BatchEE 1.0.4 > > > - link:https://issues.apache.org/jira/browse/TOMEE-4290[TOMEE-4290] > > > Jackson 2.16.2 > > > - link:https://issues.apache.org/jira/browse/TOMEE-4304[TOMEE-4304] > > > cxf-core 4.0.4 > > > > > > == New Feature > > > > > > [.compact] > > > - link:https://issues.apache.org/jira/browse/TOMEE-3902[TOMEE-3902] > > > Introduce placeholder replacement to enable MDB activation properties > > > to be more customizable > > > > > > == Bug > > > > > > [.compact] > > > - link:https://issues.apache.org/jira/browse/TOMEE-4295[TOMEE-4295] > > > tomee-embedded-maven-plugin does not register microprofile endpoints > > > > > > > > > ############### > > > > > > Please note: > > > > > > Grype will report a vulnerability for > > > > > > apache-mime4j-core 0.8.7 0.8.10 java-archive GHSA-jw7r-rxff- > > > gv24 Medium > > > > > > which is shaded inside of "geronimo-mail_2.1_spec-1.0.0-M1.jar". > > > > > > In it's current version, the dependency is _NOT_ used inside of > > > geronimo mail impl, so unless you are using the shaded classes > > > yourself, we are not affected here. > > > There is also another mail thread related to mail. > > > > > > For signature verification, you can check on the example script here: > > > https://gist.github.com/rzo1/9fb1ca0d58e1fc982d596f2a94b10b32 > > > > > > ############### > > > > > > Please VOTE > > > > > > [+1] go ship it > > > [+0] meh, don't care > > > [-1] stop, there is a ${showstopper} > > > > > > The VOTE is open for 72h or as long as needed. > > > > > > Gruß > > > Richard > > > > > > > > > P.S. On a personal note: This will be the last TomEE 9.1.x release I > > > will be working on (no backports from my side anymore). I decided to > > > invest my volunteer time in TomEE 10+ only. If someone else wants to > > > maintain the 9.x line, I am happy to review related PRs. >
