Hello everyone, This is a vote for the release of Apache TomEE 10.0.0-M2.
This is the second milestone release of TomEE 10 targeting JakartaEE 10. Thanks to everyone who contributed code to make this happen. I would like to emphasise and give a shout out to all our volunteers who have been doing the hard work for EE10, which is also being done in all our upstream upstream dependencies such as Tomcat, OWB, CXF, MyFaces, etc. Notable changes: - This is the first TomEE 10 release to require Java 17 at runtime (due to CXF and ActiveMQ). - We are now implementing the OIDC part of the EE Security Spec and passing the corresponding part of the TCK (thanks to Markus Jung). - We have integrated some updates in the MicroProfile area (not complete) and passed the related TCKs. - It is based on a fork of CXF 4.1.0-SNAPSHOT, see https://issues.apache.org/jira/browse/TOMEE-4353 for details. We pass most of the JAX-RS TCK here. - Fixes some bugs and quirks like broken Mojarra (due to CDI spec ambiguity) and others. Please note that we do not pass the full EE TCK, nor do we have a fully functional TCK setup at the at the moment. However, our own full build is green and so I am happy to to call for a vote to release a second milestone of TomEE 10. Here are the hard facts: ############### Maven Repo: https://repository.apache.org/content/repositories/orgapachetomee-1228/ <repositories> <repository> <id>tomee-10.0.0-M2-rc1</id> <name>Testing TomEE 10.0.0-M2</name> <url> https://repository.apache.org/content/repositories/orgapachetomee-1228/ </url> </repository> </repositories> ############### Binaries & Source: https://dist.apache.org/repos/dist/dev/tomee/staging-1228/tomee-10.0.0-M2/ ############### Tag: https://github.com/apache/tomee/releases/tag/tomee-project-10.0.0-M2 ############### Release notes: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12354473 ############### Here is an adoc generated version of the changelog as well: == Dependency upgrade [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4337[TOMEE-4337] bcprov-jdk15to18-1.76.jar and bcpkix-jdk15to18-1.76.jar - link:https://issues.apache.org/jira/browse/TOMEE-4317[TOMEE-4317] ActiveMQ 6.1.0 - link:https://issues.apache.org/jira/browse/TOMEE-4359[TOMEE-4359] ActiveMQ 6.1.2 - link:https://issues.apache.org/jira/browse/TOMEE-4341[TOMEE-4341] Angus Activation 2.0.2 - link:https://issues.apache.org/jira/browse/TOMEE-4362[TOMEE-4362] Commons IO 2.16.1 - link:https://issues.apache.org/jira/browse/TOMEE-4346[TOMEE-4346] Commons Lang 3.14.0 - link:https://issues.apache.org/jira/browse/TOMEE-4345[TOMEE-4345] Commons Logging 1.3.2 - link:https://issues.apache.org/jira/browse/TOMEE-4339[TOMEE-4339] Compress 1.16.0 - link:https://issues.apache.org/jira/browse/TOMEE-4363[TOMEE-4363] DBCP 2.12.0 - link:https://issues.apache.org/jira/browse/TOMEE-4364[TOMEE-4364] Downgrade Mojarra 4.0.0 (cf. TOMEE-4355) - link:https://issues.apache.org/jira/browse/TOMEE-4349[TOMEE-4349] ECJ 3.37.0 - link:https://issues.apache.org/jira/browse/TOMEE-4360[TOMEE-4360] ECJ 3.38.0 - link:https://issues.apache.org/jira/browse/TOMEE-4365[TOMEE-4365] EclipseLink 4.0.3 - link:https://issues.apache.org/jira/browse/TOMEE-4369[TOMEE-4369] HSQLDB 2.7.3 - link:https://issues.apache.org/jira/browse/TOMEE-4367[TOMEE-4367] Hibernate Validator 8.0.1.Final - link:https://issues.apache.org/jira/browse/TOMEE-4361[TOMEE-4361] Jackson 2.17.2 - link:https://issues.apache.org/jira/browse/TOMEE-4335[TOMEE-4335] Jetty 11.0.20 - link:https://issues.apache.org/jira/browse/TOMEE-4340[TOMEE-4340] Jose JWT 9.39.1 (Test) - link:https://issues.apache.org/jira/browse/TOMEE-4113[TOMEE-4113] MP Metrics 5 / SmallRye Metrics 5 - link:https://issues.apache.org/jira/browse/TOMEE-4356[TOMEE-4356] Mojarra 4.0.7 - link:https://issues.apache.org/jira/browse/TOMEE-4348[TOMEE-4348] Smallrye Config 3.8.2 - link:https://issues.apache.org/jira/browse/TOMEE-4353[TOMEE-4353] Temporarily switch CXF 4.1.0 fork version have a stable version for a possible TomEE 10-M2 release. - link:https://issues.apache.org/jira/browse/TOMEE-4328[TOMEE-4328] TomEE 10.1.23 - link:https://issues.apache.org/jira/browse/TOMEE-4334[TOMEE-4334] Tomcat 10.1.24 - link:https://issues.apache.org/jira/browse/TOMEE-4352[TOMEE-4352] Tomcat 10.1.25 - link:https://issues.apache.org/jira/browse/TOMEE-4326[TOMEE-4326] XBeans 4.25 - link:https://issues.apache.org/jira/browse/TOMEE-4338[TOMEE-4338] Xalan 2.7.3 == New Feature [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4351[TOMEE-4351] Jakarta Security 3.0 == Bug [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4320[TOMEE-4320] TomEE 10 leaks jakarta.json from Smallrye into /lib - link:https://issues.apache.org/jira/browse/TOMEE-4368[TOMEE-4368] Typo in "openejb.placehodler.delimiter" - link:https://issues.apache.org/jira/browse/TOMEE-4347[TOMEE-4347] Smallrye MP Extension are activated even if tomee.mp.scan="none" - link:https://issues.apache.org/jira/browse/TOMEE-4332[TOMEE-4332] Using JAX-RS endpoints with a Spring Application fails - link:https://issues.apache.org/jira/browse/TOMEE-4355[TOMEE-4355] mojarra faces.js is truncated - link:https://issues.apache.org/jira/browse/TOMEE-4333[TOMEE-4333] NotSerializableException with @Inject HttpServletRequest == Improvement [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4342[TOMEE-4342] ApplicationComposer should inject declared custom resources into tests - link:https://issues.apache.org/jira/browse/TOMEE-4350[TOMEE-4350] mp-jwt: Add qualifier for produced Jsonb - link:https://issues.apache.org/jira/browse/TOMEE-4357[TOMEE-4357] Add a Jandex index cache to TomEEMicroProfileListener == Task [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4366[TOMEE-4366] Remove "groovy-spock" Example - link:https://issues.apache.org/jira/browse/TOMEE-4344[TOMEE-4344] MP6: OpenAPI 3.1 - link:https://issues.apache.org/jira/browse/TOMEE-4318[TOMEE-4318] Switch Java Baseline to 17 - link:https://issues.apache.org/jira/browse/TOMEE-4330[TOMEE-4330] ActiveMQ 6.1.2 - link:https://issues.apache.org/jira/browse/TOMEE-4331[TOMEE-4331] BatchEE 2.0.0 == Sub-task [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4164[TOMEE-4164] Jakarta JSON Binding TCK - link:https://issues.apache.org/jira/browse/TOMEE-4165[TOMEE-4165] Jakarta JSON Processing TCK - link:https://issues.apache.org/jira/browse/TOMEE-4166[TOMEE-4166] Jakarta RESTFul Web Services TCK - link:https://issues.apache.org/jira/browse/TOMEE-4325[TOMEE-4325] JAX-RS TCK: Signature Tests - link:https://issues.apache.org/jira/browse/TOMEE-3965[TOMEE-3965] Fix TomEE :: Examples :: JSF2/CDI/BV/JPA/DeltaSpike - link:https://issues.apache.org/jira/browse/TOMEE-4158[TOMEE-4158] Jakarta Bean Validation TCK ############### Please note: Grype will report a vulnerability for apache-mime4j-core 0.8.7 0.8.10 java-archive GHSA-jw7r-rxff- gv24 Medium which is shaded inside of "geronimo-mail_2.1_spec-1.0.0-M1.jar". In it's current version, the dependency is _NOT_ used inside of geronimo mail impl, so unless you are using the shaded classes yourself, we are not affected here. There is also another mail thread related to mail. For signature verification, you can check on the example script here: https://gist.github.com/rzo1/9fb1ca0d58e1fc982d596f2a94b10b32 ############### Please VOTE [+1] go ship it [+0] meh, don't care [-1] stop, there is a ${showstopper} The VOTE is open for 72h or as long as needed. Gruß Richard
