Re: [VOTE] [RESULT] TomEE 8.0.16 (RC2)

[Alex The Rocker]

Excellent, thanks !

Le jeu. 2 nov. 2023 à 20:15, Richard Zowalla  a écrit :
>
> Hi all,
>
> this vote passes with the following +1 votes:
>
> - Alex The Rocker
> - Jonathan Gallimore (binding)
> - Cesar Hernandez (binding)
> - Richard Zowalla (binding)
>
> Indirect report of success with this release candidate:
>
> - Jonathan S. Fisher
>
> Again, thanks to Jonathan Fisher for preparing this release!
>
> I'll proceed with the steps.
>
> Thanks and Gruß
> Richard
>
>  Ursprüngliche Nachricht 
> Von: Richard Zowalla 
> Antwort an: dev@tomee.apache.org
> An: dev@tomee.apache.org
> Betreff: [VOTE] TomEE 8.0.16 (RC2)
> Datum: Sun, 29 Oct 2023 19:35:38 +0100
>
> > Hi all,
> >
> > This is the second attempt for a vote for a release of Apache TomEE
> > 8.0.16. The first vote was cancelled due to some issues with the BOM
> > modules.
> >
> > I'd like to start with a big thank you and a big applause to Jonathan
> > Fisher. He is rolling out his first release today.
> >
> > Per ASF rules, the actual VOTE needs to be run by a TomEE PMC member,
> > that's why I'm starting it.
> >
> > However, the work has been done by Jonathan, so thank you. Well done.
> >
> > TomEE 8.0.16 is a maintenance release with dependencies
> > upgrades and bug fixes. It also fixes the latest Tomcat
> > vulnerabilities
> > as well as other CVEs.
> >
> > ###
> >
> > Maven Repo:
> > https://repository.apache.org/content/repositories/orgapachetomee-1223/
> >
> > 
> > 
> > tomee-8.0.16-rc2
> > Testing TomEE 8.0.16 RC2
> > 
> > https://repository.apache.org/content/repositories/orgapachetomee-1223/
> > 
> > 
> > 
> >
> > ###
> >
> > Binaries & Source:
> >
> > https://dist.apache.org/repos/dist/dev/tomee/staging-1222/tomee-8.0.16/
> >
> > ###
> >
> > Tag:
> >
> > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.16
> >
> >
> > ###
> >
> > Release notes:
> >
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12353257
> >
> > ###
> >
> > Here is an adoc generated version of the changelog as well:
> >
> > == Dependency upgrade
> >
> > [.compact]
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4266[TOMEE-4266]
> > ActiveMQ 5.16.7 / 5.18.3
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> > Bouncy Castle 1.75
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> > CVE-2023-34981 in TomEE 8.0.15
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4218[TOMEE-4218]
> > HSQLDB 2.7.2
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4221[TOMEE-4221]
> > JUnit 5.9.3
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4216[TOMEE-4216]
> > Jackson 2.15.1
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> > Jackson 2.15.2
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]
> > Johnzon 1.2.21
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4263[TOMEE-4263]
> > Santuario Java (xmlsec) mitigate CVE-2023-44483
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4224[TOMEE-4224]
> > Tomcat 9.0.76
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4237[TOMEE-4237]
> > Tomcat 9.0.79
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4252[TOMEE-4252]
> > Tomcat 9.0.80
> > - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> > Tomcat 9.0.82
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4262[TOMEE-4262]
> > eclipselink 2.7.13
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4220[TOMEE-4220]
> > log4j 2.20.0 (integration)
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4219[TOMEE-4219]
> > xbeans 4.23
> >
> > == Bug
> >
> > [.compact]
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]
> > @LoginToContinue JSR-375 (JavaEE Security API) causes
> > IllegalArgumentException
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]
> > DataSource definition fails when @DataSourceDefinition doesn't define
> > url property
> >
> > == Improvement
> >
> > [.compact]
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]
> > Improve TomEE Jmx Mbean Support for Parameter Names
> >
> > == Fixed Common Vulnerabilities and Exposures (CVEs)
> >
> > [.compact]
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> > Bouncy Castle 1.75
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> > Tomcat 9.0.80
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> > Jackson 2.15.2
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> > CVE-2023-34981 in Apache TomEE 8.0.15
> >
> > 
> >
> > Please VOTE
> >
> > [+1] go ship it
> > [+0] meh, don't care
> > [-1] stop, there is a ${showstopper}
> >
> > The VOTE is open for 72h or as long as needed.
> >
> > Gruß
> > Richard
> >
>

[VOTE] [RESULT] TomEE 8.0.16 (RC2)

[Richard Zowalla]

Hi all,

this vote passes with the following +1 votes:

- Alex The Rocker 
- Jonathan Gallimore (binding)
- Cesar Hernandez (binding)
- Richard Zowalla (binding)

Indirect report of success with this release candidate:

- Jonathan S. Fisher

Again, thanks to Jonathan Fisher for preparing this release!

I'll proceed with the steps.

Thanks and Gruß
Richard

 Ursprüngliche Nachricht 
Von: Richard Zowalla 
Antwort an: dev@tomee.apache.org
An: dev@tomee.apache.org
Betreff: [VOTE] TomEE 8.0.16 (RC2)
Datum: Sun, 29 Oct 2023 19:35:38 +0100

> Hi all,
> 
> This is the second attempt for a vote for a release of Apache TomEE
> 8.0.16. The first vote was cancelled due to some issues with the BOM
> modules.
> 
> I'd like to start with a big thank you and a big applause to Jonathan
> Fisher. He is rolling out his first release today. 
> 
> Per ASF rules, the actual VOTE needs to be run by a TomEE PMC member,
> that's why I'm starting it.
> 
> However, the work has been done by Jonathan, so thank you. Well done.
> 
> TomEE 8.0.16 is a maintenance release with dependencies
> upgrades and bug fixes. It also fixes the latest Tomcat
> vulnerabilities
> as well as other CVEs.
> 
> ###
> 
> Maven Repo:
> https://repository.apache.org/content/repositories/orgapachetomee-1223/
> 
> 
> 
> tomee-8.0.16-rc2
> Testing TomEE 8.0.16 RC2
> 
> https://repository.apache.org/content/repositories/orgapachetomee-1223/
> 
> 
> 
> 
> ###
> 
> Binaries & Source:
> 
> https://dist.apache.org/repos/dist/dev/tomee/staging-1222/tomee-8.0.16/
> 
> ###
> 
> Tag:
> 
> https://github.com/apache/tomee/releases/tag/tomee-project-8.0.16
> 
> 
> ###
> 
> Release notes:
> 
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12353257
> 
> ###
> 
> Here is an adoc generated version of the changelog as well:
> 
> == Dependency upgrade
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4266[TOMEE-4266]
> ActiveMQ 5.16.7 / 5.18.3
>  - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> Bouncy Castle 1.75
>  - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> CVE-2023-34981 in TomEE 8.0.15
>  - link:https://issues.apache.org/jira/browse/TOMEE-4218[TOMEE-4218]
> HSQLDB 2.7.2
>  - link:https://issues.apache.org/jira/browse/TOMEE-4221[TOMEE-4221]
> JUnit 5.9.3
>  - link:https://issues.apache.org/jira/browse/TOMEE-4216[TOMEE-4216]
> Jackson 2.15.1
>  - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> Jackson 2.15.2
>  - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]
> Johnzon 1.2.21
>  - link:https://issues.apache.org/jira/browse/TOMEE-4263[TOMEE-4263]
> Santuario Java (xmlsec) mitigate CVE-2023-44483
>  - link:https://issues.apache.org/jira/browse/TOMEE-4224[TOMEE-4224]
> Tomcat 9.0.76
>  - link:https://issues.apache.org/jira/browse/TOMEE-4237[TOMEE-4237]
> Tomcat 9.0.79 
>  - link:https://issues.apache.org/jira/browse/TOMEE-4252[TOMEE-4252]
> Tomcat 9.0.80
> - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> Tomcat 9.0.82
>  - link:https://issues.apache.org/jira/browse/TOMEE-4262[TOMEE-4262]
> eclipselink 2.7.13
>  - link:https://issues.apache.org/jira/browse/TOMEE-4220[TOMEE-4220]
> log4j 2.20.0 (integration)
>  - link:https://issues.apache.org/jira/browse/TOMEE-4219[TOMEE-4219]
> xbeans 4.23
> 
> == Bug
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]
> @LoginToContinue JSR-375 (JavaEE Security API) causes
> IllegalArgumentException
>  - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]
> DataSource definition fails when @DataSourceDefinition doesn't define
> url property
> 
> == Improvement
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]
> Improve TomEE Jmx Mbean Support for Parameter Names
> 
> == Fixed Common Vulnerabilities and Exposures (CVEs)
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> Bouncy Castle 1.75
>  - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> Tomcat 9.0.80
>  - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> Jackson 2.15.2
>  - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> CVE-2023-34981 in Apache TomEE 8.0.15
> 
> 
> 
> Please VOTE
> 
> [+1] go ship it
> [+0] meh, don't care
> [-1] stop, there is a ${showstopper}
> 
> The VOTE is open for 72h or as long as needed.
> 
> Gruß
> Richard
> 

Re: [VOTE] TomEE 8.0.16 (RC2)

[Richard Zowalla]

Here is my own +1

Am Sonntag, dem 29.10.2023 um 19:35 +0100 schrieb Richard Zowalla:
> Hi all,
> 
> This is the second attempt for a vote for a release of Apache TomEE
> 8.0.16. The first vote was cancelled due to some issues with the BOM
> modules.
> 
> I'd like to start with a big thank you and a big applause to Jonathan
> Fisher. He is rolling out his first release today. 
> 
> Per ASF rules, the actual VOTE needs to be run by a TomEE PMC member,
> that's why I'm starting it.
> 
> However, the work has been done by Jonathan, so thank you. Well done.
> 
> TomEE 8.0.16 is a maintenance release with dependencies
> upgrades and bug fixes. It also fixes the latest Tomcat
> vulnerabilities
> as well as other CVEs.
> 
> ###
> 
> Maven Repo:
> https://repository.apache.org/content/repositories/orgapachetomee-1223/
> 
> 
> 
> tomee-8.0.16-rc2
> Testing TomEE 8.0.16 RC2
> 
> https://repository.apache.org/content/repositories/orgapachetomee-1223/
> 
> 
> 
> 
> ###
> 
> Binaries & Source:
> 
> https://dist.apache.org/repos/dist/dev/tomee/staging-1222/tomee-8.0.16/
> 
> ###
> 
> Tag:
> 
> https://github.com/apache/tomee/releases/tag/tomee-project-8.0.16
> 
> 
> ###
> 
> Release notes:
> 
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12353257
> 
> ###
> 
> Here is an adoc generated version of the changelog as well:
> 
> == Dependency upgrade
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4266[TOMEE-4266]
> ActiveMQ 5.16.7 / 5.18.3
>  - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> Bouncy Castle 1.75
>  - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> CVE-2023-34981 in TomEE 8.0.15
>  - link:https://issues.apache.org/jira/browse/TOMEE-4218[TOMEE-4218]
> HSQLDB 2.7.2
>  - link:https://issues.apache.org/jira/browse/TOMEE-4221[TOMEE-4221]
> JUnit 5.9.3
>  - link:https://issues.apache.org/jira/browse/TOMEE-4216[TOMEE-4216]
> Jackson 2.15.1
>  - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> Jackson 2.15.2
>  - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]
> Johnzon 1.2.21
>  - link:https://issues.apache.org/jira/browse/TOMEE-4263[TOMEE-4263]
> Santuario Java (xmlsec) mitigate CVE-2023-44483
>  - link:https://issues.apache.org/jira/browse/TOMEE-4224[TOMEE-4224]
> Tomcat 9.0.76
>  - link:https://issues.apache.org/jira/browse/TOMEE-4237[TOMEE-4237]
> Tomcat 9.0.79 
>  - link:https://issues.apache.org/jira/browse/TOMEE-4252[TOMEE-4252]
> Tomcat 9.0.80
> - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> Tomcat 9.0.82
>  - link:https://issues.apache.org/jira/browse/TOMEE-4262[TOMEE-4262]
> eclipselink 2.7.13
>  - link:https://issues.apache.org/jira/browse/TOMEE-4220[TOMEE-4220]
> log4j 2.20.0 (integration)
>  - link:https://issues.apache.org/jira/browse/TOMEE-4219[TOMEE-4219]
> xbeans 4.23
> 
> == Bug
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]
> @LoginToContinue JSR-375 (JavaEE Security API) causes
> IllegalArgumentException
>  - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]
> DataSource definition fails when @DataSourceDefinition doesn't define
> url property
> 
> == Improvement
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]
> Improve TomEE Jmx Mbean Support for Parameter Names
> 
> == Fixed Common Vulnerabilities and Exposures (CVEs)
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> Bouncy Castle 1.75
>  - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> Tomcat 9.0.80
>  - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> Jackson 2.15.2
>  - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> CVE-2023-34981 in Apache TomEE 8.0.15
> 
> 
> 
> Please VOTE
> 
> [+1] go ship it
> [+0] meh, don't care
> [-1] stop, there is a ${showstopper}
> 
> The VOTE is open for 72h or as long as needed.
> 
> Gruß
> Richard
> 

Re: [VOTE] TomEE 8.0.16 (RC2)

[Daniel Dias Dos Santos]

Hi,

+1

On Thu, Nov 2, 2023, 12:21 Cesar Hernandez  wrote:

> +1
>
> On Thu, Nov 2, 2023 at 05:10 Jonathan Gallimore <
> jonathan.gallim...@gmail.com> wrote:
>
> > +1
> >
> > Thanks for doing the release, Jonathan!
> >
> > On Sun, Oct 29, 2023 at 6:35 PM Richard Zowalla  wrote:
> >
> > > Hi all,
> > >
> > > This is the second attempt for a vote for a release of Apache TomEE
> > > 8.0.16. The first vote was cancelled due to some issues with the BOM
> > > modules.
> > >
> > > I'd like to start with a big thank you and a big applause to Jonathan
> > > Fisher. He is rolling out his first release today.
> > >
> > > Per ASF rules, the actual VOTE needs to be run by a TomEE PMC member,
> > > that's why I'm starting it.
> > >
> > > However, the work has been done by Jonathan, so thank you. Well done.
> > >
> > > TomEE 8.0.16 is a maintenance release with dependencies
> > > upgrades and bug fixes. It also fixes the latest Tomcat vulnerabilities
> > > as well as other CVEs.
> > >
> > > ###
> > >
> > > Maven Repo:
> > >
> https://repository.apache.org/content/repositories/orgapachetomee-1223/
> > >
> > > 
> > > 
> > > tomee-8.0.16-rc2
> > > Testing TomEE 8.0.16 RC2
> > > 
> > >
> https://repository.apache.org/content/repositories/orgapachetomee-1223/
> > > 
> > > 
> > > 
> > >
> > > ###
> > >
> > > Binaries & Source:
> > >
> > >
> https://dist.apache.org/repos/dist/dev/tomee/staging-1222/tomee-8.0.16/
> > >
> > > ###
> > >
> > > Tag:
> > >
> > > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.16
> > >
> > >
> > > ###
> > >
> > > Release notes:
> > >
> > >
> > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12353257
> > >
> > > ###
> > >
> > > Here is an adoc generated version of the changelog as well:
> > >
> > > == Dependency upgrade
> > >
> > > [.compact]
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4266[TOMEE-4266]
> > > ActiveMQ 5.16.7 / 5.18.3
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> > > Bouncy Castle 1.75
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> > > CVE-2023-34981
> > > <
> >
> https://issues.apache.org/jira/browse/TOMEE-4229%5BTOMEE-4229%5DCVE-2023-34981
> > >
> > > in TomEE 8.0.15
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4218[TOMEE-4218]
> > > HSQLDB 2.7.2
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4221[TOMEE-4221]
> > > JUnit 5.9.3
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4216[TOMEE-4216]
> > > Jackson 2.15.1
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> > > Jackson 2.15.2
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]
> > > Johnzon 1.2.21
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4263[TOMEE-4263]
> > > Santuario Java (xmlsec) mitigate CVE-2023-44483
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4224[TOMEE-4224]
> > > Tomcat 9.0.76
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4237[TOMEE-4237]
> > > Tomcat 9.0.79
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4252[TOMEE-4252]
> > > Tomcat 9.0.80
> > > - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> > > Tomcat 9.0.82
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4262[TOMEE-4262]
> > > eclipselink 2.7.13
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4220[TOMEE-4220]
> > > log4j
> > >  >
> > > 2.20.0 (integration)
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4219[TOMEE-4219]
> > > xbeans 4.23
> > >
> > > == Bug
> > >
> > > [.compact]
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]
> > > @LoginToContinue JSR-375 (JavaEE Security API) causes
> > > IllegalArgumentException
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]
> > > DataSource definition fails when @DataSourceDefinition doesn't define
> > > url property
> > >
> > > == Improvement
> > >
> > > [.compact]
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]
> > > Improve TomEE Jmx Mbean Support for Parameter Names
> > >
> > > == Fixed Common Vulnerabilities and Exposures (CVEs)
> > >
> > > [.compact]
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> > > Bouncy Castle 1.75
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> > > Tomcat 9.0.80
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> > > Jackson 2.15.2
> > >  - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> > > CVE-2023-34981
> > > <
> >
> https://issues.apache.org/jira/browse/TOMEE-4229%5BTOMEE-4229%5DCVE-2023-34981
> > >
> > > in Apache TomEE 8.0.15
> > >
> > > 
> > >
> > > Please VOTE
> > >
> > > [+1] go ship it
> > > [+0] meh, don't care
> > > [-1] stop, there is a ${

Re: [VOTE] TomEE 8.0.16 (RC2)

[Cesar Hernandez]

+1

On Thu, Nov 2, 2023 at 05:10 Jonathan Gallimore <
jonathan.gallim...@gmail.com> wrote:

> +1
>
> Thanks for doing the release, Jonathan!
>
> On Sun, Oct 29, 2023 at 6:35 PM Richard Zowalla  wrote:
>
> > Hi all,
> >
> > This is the second attempt for a vote for a release of Apache TomEE
> > 8.0.16. The first vote was cancelled due to some issues with the BOM
> > modules.
> >
> > I'd like to start with a big thank you and a big applause to Jonathan
> > Fisher. He is rolling out his first release today.
> >
> > Per ASF rules, the actual VOTE needs to be run by a TomEE PMC member,
> > that's why I'm starting it.
> >
> > However, the work has been done by Jonathan, so thank you. Well done.
> >
> > TomEE 8.0.16 is a maintenance release with dependencies
> > upgrades and bug fixes. It also fixes the latest Tomcat vulnerabilities
> > as well as other CVEs.
> >
> > ###
> >
> > Maven Repo:
> > https://repository.apache.org/content/repositories/orgapachetomee-1223/
> >
> > 
> > 
> > tomee-8.0.16-rc2
> > Testing TomEE 8.0.16 RC2
> > 
> > https://repository.apache.org/content/repositories/orgapachetomee-1223/
> > 
> > 
> > 
> >
> > ###
> >
> > Binaries & Source:
> >
> > https://dist.apache.org/repos/dist/dev/tomee/staging-1222/tomee-8.0.16/
> >
> > ###
> >
> > Tag:
> >
> > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.16
> >
> >
> > ###
> >
> > Release notes:
> >
> >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12353257
> >
> > ###
> >
> > Here is an adoc generated version of the changelog as well:
> >
> > == Dependency upgrade
> >
> > [.compact]
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4266[TOMEE-4266]
> > ActiveMQ 5.16.7 / 5.18.3
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> > Bouncy Castle 1.75
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> > CVE-2023-34981
> > <
> https://issues.apache.org/jira/browse/TOMEE-4229%5BTOMEE-4229%5DCVE-2023-34981
> >
> > in TomEE 8.0.15
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4218[TOMEE-4218]
> > HSQLDB 2.7.2
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4221[TOMEE-4221]
> > JUnit 5.9.3
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4216[TOMEE-4216]
> > Jackson 2.15.1
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> > Jackson 2.15.2
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]
> > Johnzon 1.2.21
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4263[TOMEE-4263]
> > Santuario Java (xmlsec) mitigate CVE-2023-44483
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4224[TOMEE-4224]
> > Tomcat 9.0.76
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4237[TOMEE-4237]
> > Tomcat 9.0.79
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4252[TOMEE-4252]
> > Tomcat 9.0.80
> > - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> > Tomcat 9.0.82
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4262[TOMEE-4262]
> > eclipselink 2.7.13
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4220[TOMEE-4220]
> > log4j
> > 
> > 2.20.0 (integration)
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4219[TOMEE-4219]
> > xbeans 4.23
> >
> > == Bug
> >
> > [.compact]
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]
> > @LoginToContinue JSR-375 (JavaEE Security API) causes
> > IllegalArgumentException
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]
> > DataSource definition fails when @DataSourceDefinition doesn't define
> > url property
> >
> > == Improvement
> >
> > [.compact]
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]
> > Improve TomEE Jmx Mbean Support for Parameter Names
> >
> > == Fixed Common Vulnerabilities and Exposures (CVEs)
> >
> > [.compact]
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> > Bouncy Castle 1.75
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> > Tomcat 9.0.80
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> > Jackson 2.15.2
> >  - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> > CVE-2023-34981
> > <
> https://issues.apache.org/jira/browse/TOMEE-4229%5BTOMEE-4229%5DCVE-2023-34981
> >
> > in Apache TomEE 8.0.15
> >
> > 
> >
> > Please VOTE
> >
> > [+1] go ship it
> > [+0] meh, don't care
> > [-1] stop, there is a ${showstopper}
> >
> > The VOTE is open for 72h or as long as needed.
> >
> > Gruß
> > Richard
> >
> >
>

Re: [VOTE] TomEE 8.0.16 (RC2)

[Jonathan Gallimore]

+1

Thanks for doing the release, Jonathan!

On Sun, Oct 29, 2023 at 6:35 PM Richard Zowalla  wrote:

> Hi all,
>
> This is the second attempt for a vote for a release of Apache TomEE
> 8.0.16. The first vote was cancelled due to some issues with the BOM
> modules.
>
> I'd like to start with a big thank you and a big applause to Jonathan
> Fisher. He is rolling out his first release today.
>
> Per ASF rules, the actual VOTE needs to be run by a TomEE PMC member,
> that's why I'm starting it.
>
> However, the work has been done by Jonathan, so thank you. Well done.
>
> TomEE 8.0.16 is a maintenance release with dependencies
> upgrades and bug fixes. It also fixes the latest Tomcat vulnerabilities
> as well as other CVEs.
>
> ###
>
> Maven Repo:
> https://repository.apache.org/content/repositories/orgapachetomee-1223/
>
> 
> 
> tomee-8.0.16-rc2
> Testing TomEE 8.0.16 RC2
> 
> https://repository.apache.org/content/repositories/orgapachetomee-1223/
> 
> 
> 
>
> ###
>
> Binaries & Source:
>
> https://dist.apache.org/repos/dist/dev/tomee/staging-1222/tomee-8.0.16/
>
> ###
>
> Tag:
>
> https://github.com/apache/tomee/releases/tag/tomee-project-8.0.16
>
>
> ###
>
> Release notes:
>
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12353257
>
> ###
>
> Here is an adoc generated version of the changelog as well:
>
> == Dependency upgrade
>
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4266[TOMEE-4266]
> ActiveMQ 5.16.7 / 5.18.3
>  - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> Bouncy Castle 1.75
>  - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> CVE-2023-34981
> 
> in TomEE 8.0.15
>  - link:https://issues.apache.org/jira/browse/TOMEE-4218[TOMEE-4218]
> HSQLDB 2.7.2
>  - link:https://issues.apache.org/jira/browse/TOMEE-4221[TOMEE-4221]
> JUnit 5.9.3
>  - link:https://issues.apache.org/jira/browse/TOMEE-4216[TOMEE-4216]
> Jackson 2.15.1
>  - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> Jackson 2.15.2
>  - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]
> Johnzon 1.2.21
>  - link:https://issues.apache.org/jira/browse/TOMEE-4263[TOMEE-4263]
> Santuario Java (xmlsec) mitigate CVE-2023-44483
>  - link:https://issues.apache.org/jira/browse/TOMEE-4224[TOMEE-4224]
> Tomcat 9.0.76
>  - link:https://issues.apache.org/jira/browse/TOMEE-4237[TOMEE-4237]
> Tomcat 9.0.79
>  - link:https://issues.apache.org/jira/browse/TOMEE-4252[TOMEE-4252]
> Tomcat 9.0.80
> - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> Tomcat 9.0.82
>  - link:https://issues.apache.org/jira/browse/TOMEE-4262[TOMEE-4262]
> eclipselink 2.7.13
>  - link:https://issues.apache.org/jira/browse/TOMEE-4220[TOMEE-4220]
> log4j
> 
> 2.20.0 (integration)
>  - link:https://issues.apache.org/jira/browse/TOMEE-4219[TOMEE-4219]
> xbeans 4.23
>
> == Bug
>
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]
> @LoginToContinue JSR-375 (JavaEE Security API) causes
> IllegalArgumentException
>  - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]
> DataSource definition fails when @DataSourceDefinition doesn't define
> url property
>
> == Improvement
>
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]
> Improve TomEE Jmx Mbean Support for Parameter Names
>
> == Fixed Common Vulnerabilities and Exposures (CVEs)
>
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4234[TOMEE-4234]
> Bouncy Castle 1.75
>  - link:https://issues.apache.org/jira/browse/TOMEE-4238[TOMEE-4238]
> Tomcat 9.0.80
>  - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
> Jackson 2.15.2
>  - link:https://issues.apache.org/jira/browse/TOMEE-4229[TOMEE-4229]
> CVE-2023-34981
> 
> in Apache TomEE 8.0.15
>
> 
>
> Please VOTE
>
> [+1] go ship it
> [+0] meh, don't care
> [-1] stop, there is a ${showstopper}
>
> The VOTE is open for 72h or as long as needed.
>
> Gruß
> Richard
>
>