Re: [VOTE] TomEE 8.0.15
Here is my own +1 (binding) Am Montag, dem 08.05.2023 um 14:50 +0200 schrieb Richard Zowalla: > Hi all, > > this is a vote for a release of Apache TomEE 8.0.15. > > It is a maintenance release with some bug fixes and dependencies > upgrades (addressing some CVEs) > > ### > > Maven Repo: > https://repository.apache.org/content/repositories/orgapachetomee-1214/ > > > > tomee-8.0.15-rc1 > Testing TomEE 8.0.15 RC1 > > https://repository.apache.org/content/repositories/orgapachetomee-1214/ > > > > > ### > > Binaries & Source: > > https://dist.apache.org/repos/dist/dev/tomee/staging-1214/tomee-8.0.15/ > > ### > > Tag: > > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.15 > > > ### > > Release notes: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12352766 > > ### > > Here is an adoc generated version of the changelog as well: > > == Dependency upgrade > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4188[TOMEE-4188] > ActiveMQ 5.16.6 > - link:https://issues.apache.org/jira/browse/TOMEE-4180[TOMEE-4180] > CXF 3.5.5 > - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] > Commons FileUpload 1.5 > - link:https://issues.apache.org/jira/browse/TOMEE-4210[TOMEE-4210] > EclipseLink 2.7.12 > - link:https://issues.apache.org/jira/browse/TOMEE-4211[TOMEE-4211] > Hibernate Integration 5.6.15.Final > - link:https://issues.apache.org/jira/browse/TOMEE-4206[TOMEE-4206] > Jackson 2.15.0 > - link:https://issues.apache.org/jira/browse/TOMEE-4207[TOMEE-4207] > Johnzon 1.2.20 > - link:https://issues.apache.org/jira/browse/TOMEE-4205[TOMEE-4205] > Jose4j 0.9.3 > - link:https://issues.apache.org/jira/browse/TOMEE-4209[TOMEE-4209] > Mojarra 2.3.19 > - link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195] > Tomcat 9.0.72 (CVE-2023-28708) > - link:https://issues.apache.org/jira/browse/TOMEE-4191[TOMEE-4191] > Tomcat 9.0.73 > - link:https://issues.apache.org/jira/browse/TOMEE-4201[TOMEE-4201] > Tomcat 9.0.74 > - link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194] > snakeyaml version 2.0 mitigate CVE-2022-1471 > > == Bug > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4192[TOMEE-4192] > ApplicationComposers do not clear GC references on release > - link:https://issues.apache.org/jira/browse/TOMEE-4181[TOMEE-4181] > BCProv jar loses its signature during the patch process > - link:https://issues.apache.org/jira/browse/TOMEE-4122[TOMEE-4122] > Performance Regression in bean resolution in EAR files > - link:https://issues.apache.org/jira/browse/TOMEE-4189[TOMEE-4189] > java.lang.ClassNotFoundException: > org.apache.openejb.loader.SystemInstance > - link:https://issues.apache.org/jira/browse/TOMEE-4179[TOMEE-4179] > Fix creeping in API JARs which should be in javaee-api > > == Wish > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4190[TOMEE-4190] > RunWithApplicationComposer should support inheritance > > == Fixed Common Vulnerabilities and Exposures (CVEs) > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194] > Update snakeyaml version to 2.0 to mitigate CVE-2022-1471 > - link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195] > Upgrade to Apache Tomcat 9.0.72 (CVE-2023-28708) > - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] > Commons FileUpload 1.5 > > > ### > > Here is the dependency diff from 8.0.14 to 8.0.15 created with our > release tools: > > artifactId from to > --- - > jackson-annotations 2.14.1 2.15.0 > jackson-core 2.14.1 2.15.0 > jackson-databind 2.14.1 2.15.0 > jackson-dataformat-yaml 2.14.1 2.15.0 > saaj-impl 1.5.1 1.5.3 > activemq-broker 5.16.5 5.16.6 > activemq-client 5.16.5 5.16.6 > activemq-jdbc-store 5.16.5 5.16.6 > activemq-kahadb-store 5.16.5 5.16.6 > activemq-openwire-legacy 5.16.5 5.16.6 > activemq-ra 5.16.5 5.16.6 > cxf-rt-rs-mp-client 3.4.10 3.5.5 > johnzon-core 1.2.19 1.2.20 > johnzon-jaxrs 1.2.19 1.2.20 > johnzon-jsonb 1.2.19 1.2.20 > johnzon-jsonp-strict 1.2.19 1.2.20 > johnzon-mapper 1.2.19 1.2.20 > xmlsec 2.2.3 2.3.2 > wss4j-bindings 2.3.3 2.4.1 > wss4j-policy 2.3.3 2.4.1 > wss4j-ws-security-common 2.3.
Re: [VOTE] TomEE 8.0.15
+1 (binding) Thanks Richard and sorry for the delay. I started the review yesterday and it looks good to me. -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Tue, May 16, 2023 at 10:51 AM Richard Zowalla wrote: > Here is my own +1 (binding) > > Am Montag, dem 08.05.2023 um 14:50 +0200 schrieb Richard Zowalla: > > Hi all, > > > > this is a vote for a release of Apache TomEE 8.0.15. > > > > It is a maintenance release with some bug fixes and dependencies > > upgrades (addressing some CVEs) > > > > ### > > > > Maven Repo: > > https://repository.apache.org/content/repositories/orgapachetomee-1214/ > > > > > > > > tomee-8.0.15-rc1 > > Testing TomEE 8.0.15 RC1 > > > > https://repository.apache.org/content/repositories/orgapachetomee-1214/ > > > > > > > > > > ### > > > > Binaries & Source: > > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1214/tomee-8.0.15/ > > > > ### > > > > Tag: > > > > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.15 > > > > > > ### > > > > Release notes: > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12352766 > > > > ### > > > > Here is an adoc generated version of the changelog as well: > > > > == Dependency upgrade > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4188[TOMEE-4188] > > ActiveMQ 5.16.6 > > - link:https://issues.apache.org/jira/browse/TOMEE-4180[TOMEE-4180] > > CXF 3.5.5 > > - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] > > Commons FileUpload 1.5 > > - link:https://issues.apache.org/jira/browse/TOMEE-4210[TOMEE-4210] > > EclipseLink 2.7.12 > > - link:https://issues.apache.org/jira/browse/TOMEE-4211[TOMEE-4211] > > Hibernate Integration 5.6.15.Final > > - link:https://issues.apache.org/jira/browse/TOMEE-4206[TOMEE-4206] > > Jackson 2.15.0 > > - link:https://issues.apache.org/jira/browse/TOMEE-4207[TOMEE-4207] > > Johnzon 1.2.20 > > - link:https://issues.apache.org/jira/browse/TOMEE-4205[TOMEE-4205] > > Jose4j 0.9.3 > > - link:https://issues.apache.org/jira/browse/TOMEE-4209[TOMEE-4209] > > Mojarra 2.3.19 > > - link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195] > > Tomcat 9.0.72 (CVE-2023-28708) > > - link:https://issues.apache.org/jira/browse/TOMEE-4191[TOMEE-4191] > > Tomcat 9.0.73 > > - link:https://issues.apache.org/jira/browse/TOMEE-4201[TOMEE-4201] > > Tomcat 9.0.74 > > - link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194] > > snakeyaml version 2.0 mitigate CVE-2022-1471 > > > > == Bug > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4192[TOMEE-4192] > > ApplicationComposers do not clear GC references on release > > - link:https://issues.apache.org/jira/browse/TOMEE-4181[TOMEE-4181] > > BCProv jar loses its signature during the patch process > > - link:https://issues.apache.org/jira/browse/TOMEE-4122[TOMEE-4122] > > Performance Regression in bean resolution in EAR files > > - link:https://issues.apache.org/jira/browse/TOMEE-4189[TOMEE-4189] > > java.lang.ClassNotFoundException: > > org.apache.openejb.loader.SystemInstance > > - link:https://issues.apache.org/jira/browse/TOMEE-4179[TOMEE-4179] > > Fix creeping in API JARs which should be in javaee-api > > > > == Wish > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4190[TOMEE-4190] > > RunWithApplicationComposer should support inheritance > > > > == Fixed Common Vulnerabilities and Exposures (CVEs) > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194] > > Update snakeyaml version to 2.0 to mitigate CVE-2022-1471 > > - link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195] > > Upgrade to Apache Tomcat 9.0.72 (CVE-2023-28708) > > - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] > > Commons FileUpload 1.5 > > > > > > ### > > > > Here is the dependency diff from 8.0.14 to 8.0.15 created with our > > release tools: > > > > artifactId from to > > --- - > > jackson-annotations 2.14.1 2.15.0 > > jackson-core2.14.1 2.15.0 > > jackson-databind2.14.1 2.15.0 > > jackson-dataformat-yaml 2.14.1 2.15.0 > > saaj-impl1.5.1 1.5.3 > > activemq-broker 5.16.5 5.16.6 > > activemq-client 5.16.5 5.16.6 > > activemq-jdbc-store 5.16.5 5.16.6 > > activemq-kahadb-store 5.16.5 5.16.6 > > activemq-openwire-legacy5.16.5 5.16.6 > > activemq-ra 5.16.5 5.16.6 > > cxf-rt-rs-mp-client 3.4.10 3.5.5 > > johnzon-core1.2.19 1.2.20 > > johnzon-jaxrs 1.2.19 1.2.20 > > johnzon-jsonb 1.2.19 1.2.20 > > johnzon-json
Re: Release TomEE 9.1.0
Hi all, I provided a possible fix for TOMEE-4199 via [1]. If it is sufficient, we can do an api release and proceed with 9.1.0 (after we have some tck results). Gruß Richard [1] https://github.com/apache/tomee-jakartaee-api/pull/2 Am Dienstag, dem 18.04.2023 um 10:01 +0200 schrieb Jean-Louis Monteiro: > Hi all, > > Looks like our backlog is starting to grow. We've done quite a lot of > updates and I was wondering if we should do a release for 9.1.0? > > Note that there is an issue to fix before with the API Uber jar where > the > tomcat classifier has the same content as the non tomcat classifier. > This > was meant to not be the case, so in Tomcat we would use the API jars > Tomcat > is providing. > > See https://issues.apache.org/jira/browse/TOMEE-4199 > > Regards > > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com signature.asc Description: This is a digitally signed message part
[GitHub] [tomee-jakartaee-api] jeanouii merged pull request #2: TOMEE-4199 - Updates exclusion patterns to avoid el, servlet, websocket and jaspic in "tomcat" classified jar
jeanouii merged PR #2: URL: https://github.com/apache/tomee-jakartaee-api/pull/2 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomee.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: Release TomEE 9.1.0
Hi, I reviewed and merged the PR. Go ahead with the API release and place backport to 10.x so we don't introduce the issue again. I did not close the issue as fixed for that reason. -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Tue, May 16, 2023 at 11:02 AM Richard Zowalla wrote: > Hi all, > > I provided a possible fix for TOMEE-4199 via [1]. If it is sufficient, > we can do an api release and proceed with 9.1.0 (after we have some tck > results). > > Gruß > Richard > > > [1] https://github.com/apache/tomee-jakartaee-api/pull/2 > > Am Dienstag, dem 18.04.2023 um 10:01 +0200 schrieb Jean-Louis Monteiro: > > Hi all, > > > > Looks like our backlog is starting to grow. We've done quite a lot of > > updates and I was wondering if we should do a release for 9.1.0? > > > > Note that there is an issue to fix before with the API Uber jar where > > the > > tomcat classifier has the same content as the non tomcat classifier. > > This > > was meant to not be the case, so in Tomcat we would use the API jars > > Tomcat > > is providing. > > > > See https://issues.apache.org/jira/browse/TOMEE-4199 > > > > Regards > > > > -- > > Jean-Louis Monteiro > > http://twitter.com/jlouismonteiro > > http://www.tomitribe.com > >
Re: [VOTE] TomEE 8.0.15
Hi, the vote passes with 5 +1 Cesar Hernandez (binding) Daniel Dias Dos Santos Alex The Rocker Richard Zowalla (binding) Jean-Louis Monteiro (binding) I'll proceed with the steps. Gruß Richard Am Montag, dem 08.05.2023 um 14:50 +0200 schrieb Richard Zowalla: > Hi all, > > this is a vote for a release of Apache TomEE 8.0.15. > > It is a maintenance release with some bug fixes and dependencies > upgrades (addressing some CVEs) > > ### > > Maven Repo: > https://repository.apache.org/content/repositories/orgapachetomee-1214/ > > > > tomee-8.0.15-rc1 > Testing TomEE 8.0.15 RC1 > > https://repository.apache.org/content/repositories/orgapachetomee-1214/ > > > > > ### > > Binaries & Source: > > https://dist.apache.org/repos/dist/dev/tomee/staging-1214/tomee-8.0.15/ > > ### > > Tag: > > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.15 > > > ### > > Release notes: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12352766 > > ### > > Here is an adoc generated version of the changelog as well: > > == Dependency upgrade > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4188[TOMEE-4188] > ActiveMQ 5.16.6 > - link:https://issues.apache.org/jira/browse/TOMEE-4180[TOMEE-4180] > CXF 3.5.5 > - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] > Commons FileUpload 1.5 > - link:https://issues.apache.org/jira/browse/TOMEE-4210[TOMEE-4210] > EclipseLink 2.7.12 > - link:https://issues.apache.org/jira/browse/TOMEE-4211[TOMEE-4211] > Hibernate Integration 5.6.15.Final > - link:https://issues.apache.org/jira/browse/TOMEE-4206[TOMEE-4206] > Jackson 2.15.0 > - link:https://issues.apache.org/jira/browse/TOMEE-4207[TOMEE-4207] > Johnzon 1.2.20 > - link:https://issues.apache.org/jira/browse/TOMEE-4205[TOMEE-4205] > Jose4j 0.9.3 > - link:https://issues.apache.org/jira/browse/TOMEE-4209[TOMEE-4209] > Mojarra 2.3.19 > - link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195] > Tomcat 9.0.72 (CVE-2023-28708) > - link:https://issues.apache.org/jira/browse/TOMEE-4191[TOMEE-4191] > Tomcat 9.0.73 > - link:https://issues.apache.org/jira/browse/TOMEE-4201[TOMEE-4201] > Tomcat 9.0.74 > - link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194] > snakeyaml version 2.0 mitigate CVE-2022-1471 > > == Bug > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4192[TOMEE-4192] > ApplicationComposers do not clear GC references on release > - link:https://issues.apache.org/jira/browse/TOMEE-4181[TOMEE-4181] > BCProv jar loses its signature during the patch process > - link:https://issues.apache.org/jira/browse/TOMEE-4122[TOMEE-4122] > Performance Regression in bean resolution in EAR files > - link:https://issues.apache.org/jira/browse/TOMEE-4189[TOMEE-4189] > java.lang.ClassNotFoundException: > org.apache.openejb.loader.SystemInstance > - link:https://issues.apache.org/jira/browse/TOMEE-4179[TOMEE-4179] > Fix creeping in API JARs which should be in javaee-api > > == Wish > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4190[TOMEE-4190] > RunWithApplicationComposer should support inheritance > > == Fixed Common Vulnerabilities and Exposures (CVEs) > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194] > Update snakeyaml version to 2.0 to mitigate CVE-2022-1471 > - link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195] > Upgrade to Apache Tomcat 9.0.72 (CVE-2023-28708) > - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] > Commons FileUpload 1.5 > > > ### > > Here is the dependency diff from 8.0.14 to 8.0.15 created with our > release tools: > > artifactId from to > --- - > jackson-annotations 2.14.1 2.15.0 > jackson-core 2.14.1 2.15.0 > jackson-databind 2.14.1 2.15.0 > jackson-dataformat-yaml 2.14.1 2.15.0 > saaj-impl 1.5.1 1.5.3 > activemq-broker 5.16.5 5.16.6 > activemq-client 5.16.5 5.16.6 > activemq-jdbc-store 5.16.5 5.16.6 > activemq-kahadb-store 5.16.5 5.16.6 > activemq-openwire-legacy 5.16.5 5.16.6 > activemq-ra 5.16.5 5.16.6 > cxf-rt-rs-mp-client 3.4.10 3.5.5 > johnzon-core 1.2.19 1.2.20 > johnzon-jaxrs 1.2.19 1.2.20 > johnzon-jsonb 1.2.19 1.2.20 > johnzon-jsonp-strict 1.2.19 1.2.20 > johnzon-mapper 1.2.19 1.2.20 > xmlsec 2.2.3 2.3.2
Re: Release TomEE 9.1.0
Thanks. I will do the backport and prepare a API release for VOTE. Gruß Richard Am Dienstag, dem 16.05.2023 um 11:42 +0200 schrieb Jean-Louis Monteiro: > Hi, > > I reviewed and merged the PR. Go ahead with the API release and place > backport to 10.x so we don't introduce the issue again. > I did not close the issue as fixed for that reason. > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com > > > On Tue, May 16, 2023 at 11:02 AM Richard Zowalla > wrote: > > > Hi all, > > > > I provided a possible fix for TOMEE-4199 via [1]. If it is > > sufficient, > > we can do an api release and proceed with 9.1.0 (after we have some > > tck > > results). > > > > Gruß > > Richard > > > > > > [1] https://github.com/apache/tomee-jakartaee-api/pull/2 > > > > Am Dienstag, dem 18.04.2023 um 10:01 +0200 schrieb Jean-Louis > > Monteiro: > > > Hi all, > > > > > > Looks like our backlog is starting to grow. We've done quite a > > > lot of > > > updates and I was wondering if we should do a release for 9.1.0? > > > > > > Note that there is an issue to fix before with the API Uber jar > > > where > > > the > > > tomcat classifier has the same content as the non tomcat > > > classifier. > > > This > > > was meant to not be the case, so in Tomcat we would use the API > > > jars > > > Tomcat > > > is providing. > > > > > > See https://issues.apache.org/jira/browse/TOMEE-4199 > > > > > > Regards > > > > > > -- > > > Jean-Louis Monteiro > > > http://twitter.com/jlouismonteiro > > > http://www.tomitribe.com > > > >
[ANN] Apache TomEE 8.0.15
The Apache TomEE team is pleased to announce the availability of TomEE 8.0.15 Apache TomEE delivers enterprise application containers and services based on, but not limited to the Enterprise JavaBeans Specification and Java/ Enterprise Edition Specifications. These releases primarily provide bug fixes, documentation and update the dependencies TomEE uses. Full release notes: - https://tomee.apache.org/8.0.15/release-notes.html - https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12351820 Downloads are available at: https://tomee.apache.org/download.html - The Apache TomEE team signature.asc Description: This is a digitally signed message part
[VOTE] JakartaEE API 9.1.1
Hi all,
this is a vote for a maintenance of our JakartaEE 9.1 shade artifact
This bug fix release only fixes TOMEE-4199:
https://issues.apache.org/jira/browse/TOMEE-4199
###
Maven Repo:
https://repository.apache.org/content/repositories/orgapachetomee-1216/
###
Source:
https://dist.apache.org/repos/dist/dev/tomee/staging-1216/
###
Tag:
https://github.com/apache/tomee-jakartaee-api/releases/tag/jakartaee-api-9.1.1
###
Please VOTE
[+1] go ship it
[+0] meh, don't care
[-1] stop, there is a ${showstopper}
The VOTE is open for 72h or as long as needed.
Gruß
Richard
