+1 Am Di., 16. Juli 2024 um 12:35 Uhr schrieb Markus Jung <ju...@apache.org>:
> +1 (non binding) > > > I tested a couple of real applications (running on Linux, Java 17) using: > > - CDI > > - Faces > > - JPA (running hibernate 6.4) > > - Security (Both custom HttpAuthenticationMechanism and new > OpenIdAuthenticationMechanismDefinition) > > - JSON-B/JSON-P > > - tomee-embedded-maven-plugin and standalone tomee-micorprofile > > - microprofile OpenAPI, Config, Health > > > Awesome work, thanks to everyone involved! > > On 16.07.24 10:04, Richard Zowalla wrote: > > Hello everyone, > > > > This is a vote for the release of Apache TomEE 10.0.0-M2. > > > > This is the second milestone release of TomEE 10 targeting JakartaEE 10. > > > > Thanks to everyone who contributed code to make this happen. > > > > I would like to emphasise and give a shout out to all our volunteers > > who have been doing the hard work for EE10, which is also being done in > all our upstream > > upstream dependencies such as Tomcat, OWB, CXF, MyFaces, etc. > > > > Notable changes: > > > > - This is the first TomEE 10 release to require Java 17 at runtime (due > to CXF and ActiveMQ). > > - We are now implementing the OIDC part of the EE Security Spec and > passing the corresponding part of the TCK (thanks to Markus Jung). > > - We have integrated some updates in the MicroProfile area (not > complete) and passed the related TCKs. > > - It is based on a fork of CXF 4.1.0-SNAPSHOT, see > https://issues.apache.org/jira/browse/TOMEE-4353 for details. We pass > most of the JAX-RS TCK here. > > - Fixes some bugs and quirks like broken Mojarra (due to CDI spec > ambiguity) and others. > > > > Please note that we do not pass the full EE TCK, nor do we have a fully > functional TCK setup at the > > at the moment. However, our own full build is green and so I am happy to > > to call for a vote to release a second milestone of TomEE 10. > > > > Here are the hard facts: > > > > ############### > > > > Maven Repo: > > https://repository.apache.org/content/repositories/orgapachetomee-1228/ > > > > <repositories> > > <repository> > > <id>tomee-10.0.0-M2-rc1</id> > > <name>Testing TomEE 10.0.0-M2</name> > > <url> > > https://repository.apache.org/content/repositories/orgapachetomee-1228/ > > </url> > > </repository> > > </repositories> > > > > ############### > > > > Binaries & Source: > > > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1228/tomee-10.0.0-M2/ > > > > ############### > > > > Tag: > > > > https://github.com/apache/tomee/releases/tag/tomee-project-10.0.0-M2 > > > > > > ############### > > > > Release notes: > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12354473 > > > > ############### > > > > Here is an adoc generated version of the changelog as well: > > > > == Dependency upgrade > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4337[TOMEE-4337] > bcprov-jdk15to18-1.76.jar and bcpkix-jdk15to18-1.76.jar > > - link:https://issues.apache.org/jira/browse/TOMEE-4317[TOMEE-4317] > ActiveMQ 6.1.0 > > - link:https://issues.apache.org/jira/browse/TOMEE-4359[TOMEE-4359] > ActiveMQ 6.1.2 > > - link:https://issues.apache.org/jira/browse/TOMEE-4341[TOMEE-4341] > Angus Activation 2.0.2 > > - link:https://issues.apache.org/jira/browse/TOMEE-4362[TOMEE-4362] > Commons IO 2.16.1 > > - link:https://issues.apache.org/jira/browse/TOMEE-4346[TOMEE-4346] > Commons Lang 3.14.0 > > - link:https://issues.apache.org/jira/browse/TOMEE-4345[TOMEE-4345] > Commons Logging 1.3.2 > > - link:https://issues.apache.org/jira/browse/TOMEE-4339[TOMEE-4339] > Compress 1.16.0 > > - link:https://issues.apache.org/jira/browse/TOMEE-4363[TOMEE-4363] > DBCP 2.12.0 > > - link:https://issues.apache.org/jira/browse/TOMEE-4364[TOMEE-4364] > Downgrade Mojarra 4.0.0 (cf. TOMEE-4355) > > - link:https://issues.apache.org/jira/browse/TOMEE-4349[TOMEE-4349] > ECJ 3.37.0 > > - link:https://issues.apache.org/jira/browse/TOMEE-4360[TOMEE-4360] > ECJ 3.38.0 > > - link:https://issues.apache.org/jira/browse/TOMEE-4365[TOMEE-4365] > EclipseLink 4.0.3 > > - link:https://issues.apache.org/jira/browse/TOMEE-4369[TOMEE-4369] > HSQLDB 2.7.3 > > - link:https://issues.apache.org/jira/browse/TOMEE-4367[TOMEE-4367] > Hibernate Validator 8.0.1.Final > > - link:https://issues.apache.org/jira/browse/TOMEE-4361[TOMEE-4361] > Jackson 2.17.2 > > - link:https://issues.apache.org/jira/browse/TOMEE-4335[TOMEE-4335] > Jetty 11.0.20 > > - link:https://issues.apache.org/jira/browse/TOMEE-4340[TOMEE-4340] > Jose JWT 9.39.1 (Test) > > - link:https://issues.apache.org/jira/browse/TOMEE-4113[TOMEE-4113] > MP Metrics 5 / SmallRye Metrics 5 > > - link:https://issues.apache.org/jira/browse/TOMEE-4356[TOMEE-4356] > Mojarra 4.0.7 > > - link:https://issues.apache.org/jira/browse/TOMEE-4348[TOMEE-4348] > Smallrye Config 3.8.2 > > - link:https://issues.apache.org/jira/browse/TOMEE-4353[TOMEE-4353] > Temporarily switch CXF 4.1.0 fork version have a stable version for a > possible TomEE 10-M2 release. > > - link:https://issues.apache.org/jira/browse/TOMEE-4328[TOMEE-4328] > TomEE 10.1.23 > > - link:https://issues.apache.org/jira/browse/TOMEE-4334[TOMEE-4334] > Tomcat 10.1.24 > > - link:https://issues.apache.org/jira/browse/TOMEE-4352[TOMEE-4352] > Tomcat 10.1.25 > > - link:https://issues.apache.org/jira/browse/TOMEE-4326[TOMEE-4326] > XBeans 4.25 > > - link:https://issues.apache.org/jira/browse/TOMEE-4338[TOMEE-4338] > Xalan 2.7.3 > > > > == New Feature > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4351[TOMEE-4351] > Jakarta Security 3.0 > > > > == Bug > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4320[TOMEE-4320] > TomEE 10 leaks jakarta.json from Smallrye into /lib > > - link:https://issues.apache.org/jira/browse/TOMEE-4368[TOMEE-4368] > Typo in "openejb.placehodler.delimiter" > > - link:https://issues.apache.org/jira/browse/TOMEE-4347[TOMEE-4347] > Smallrye MP Extension are activated even if tomee.mp.scan="none" > > - link:https://issues.apache.org/jira/browse/TOMEE-4332[TOMEE-4332] > Using JAX-RS endpoints with a Spring Application fails > > - link:https://issues.apache.org/jira/browse/TOMEE-4355[TOMEE-4355] > mojarra faces.js is truncated > > - link:https://issues.apache.org/jira/browse/TOMEE-4333[TOMEE-4333] > NotSerializableException with @Inject HttpServletRequest > > > > == Improvement > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4342[TOMEE-4342] > ApplicationComposer should inject declared custom resources into tests > > - link:https://issues.apache.org/jira/browse/TOMEE-4350[TOMEE-4350] > mp-jwt: Add qualifier for produced Jsonb > > - link:https://issues.apache.org/jira/browse/TOMEE-4357[TOMEE-4357] > Add a Jandex index cache to TomEEMicroProfileListener > > > > == Task > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4366[TOMEE-4366] > Remove "groovy-spock" Example > > - link:https://issues.apache.org/jira/browse/TOMEE-4344[TOMEE-4344] > MP6: OpenAPI 3.1 > > - link:https://issues.apache.org/jira/browse/TOMEE-4318[TOMEE-4318] > Switch Java Baseline to 17 > > - link:https://issues.apache.org/jira/browse/TOMEE-4330[TOMEE-4330] > ActiveMQ 6.1.2 > > - link:https://issues.apache.org/jira/browse/TOMEE-4331[TOMEE-4331] > BatchEE 2.0.0 > > > > == Sub-task > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4164[TOMEE-4164] > Jakarta JSON Binding TCK > > - link:https://issues.apache.org/jira/browse/TOMEE-4165[TOMEE-4165] > Jakarta JSON Processing TCK > > - link:https://issues.apache.org/jira/browse/TOMEE-4166[TOMEE-4166] > Jakarta RESTFul Web Services TCK > > - link:https://issues.apache.org/jira/browse/TOMEE-4325[TOMEE-4325] > JAX-RS TCK: Signature Tests > > - link:https://issues.apache.org/jira/browse/TOMEE-3965[TOMEE-3965] > Fix TomEE :: Examples :: JSF2/CDI/BV/JPA/DeltaSpike > > - link:https://issues.apache.org/jira/browse/TOMEE-4158[TOMEE-4158] > Jakarta Bean Validation TCK > > > > > > ############### > > > > Please note: > > > > Grype will report a vulnerability for > > > > apache-mime4j-core 0.8.7 0.8.10 java-archive GHSA-jw7r-rxff- > > gv24 Medium > > > > which is shaded inside of "geronimo-mail_2.1_spec-1.0.0-M1.jar". > > > > In it's current version, the dependency is _NOT_ used inside of > > geronimo mail impl, so unless you are using the shaded classes > > yourself, we are not affected here. > > > > There is also another mail thread related to mail. > > > > For signature verification, you can check on the example script here: > > https://gist.github.com/rzo1/9fb1ca0d58e1fc982d596f2a94b10b32 > > > > ############### > > > > Please VOTE > > > > [+1] go ship it > > [+0] meh, don't care > > [-1] stop, there is a ${showstopper} > > > > The VOTE is open for 72h or as long as needed. > > > > Gruß > > Richard >
