Re: [VOTE] TomEE 9.1.1
Here is my own +1 Am 12. Oktober 2023 14:58:53 MESZ schrieb Richard Zowalla : >Hi all, > >this is a vote for a release of Apache TomEE 9.1.1. > >It is a maintenance release with dependencies >upgrades and bug fixes. The most notible change is dropping our own >cxf-shade in favour of CXF 4.0.3 > >It also fixes the latest Tomcat vulnerabilities by backporting and >patching Tomcat inside the TomEE 9 build. > >This release still passes the full EE9.1 TCK (thx to Jean-Louis & Jon >for triggering the builds) as well as the MP 5.0 TCK. > >### > >Maven Repo: >https://repository.apache.org/content/repositories/orgapachetomee-1220/ > > > >tomee-9.1.1-rc1 >Testing TomEE 9.1.1 RC1 > >https://repository.apache.org/content/repositories/orgapachetomee-1220/ > > > > >### > >Binaries & Source: > >https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/ > >### > >Tag: > >https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1 > > >### > >Release notes: > >https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331 > >### > >Here is an adoc generated version of the changelog as well: > > >== Dependency upgrade > >[.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246] >ActiveMQ 5.18.2 > - link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230] >Backport fix for CVE-2023-34981 > - link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239] >Backport fix for CVE-2023-41080 > - link:https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235] >Bouncy Castle 1.75 > - link:https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243] >Bouncy Castle 1.76 > - link:https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139] >CXF 4.0.3 (jakarta namespace) > - link:https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247] >Hibernate 6.1.7 > - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227] >Jackson 2.15.2 > - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228] >Johnzon 1.2.21 > - link:https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248] >Mojarra 3.0.5 > - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254] >Port fix for CVE-2023-42795 > - link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255] >Port fix for CVE-2023-44487 > - link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256] >Port fix for CVE-2023-45648 > - link:https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249] >SnakeYAML 2.2 > - link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250] >WSS4J 3.0.1 > - link:https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232] >bcprov-jdk15to18-1.74.jar > - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251] >xmlsec 3.0.2 > >== Bug > >[.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222] >@LoginToContinue JSR-375 (JavaEE Security API) causes >IllegalArgumentException > - link:https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225] >Remove commons-net from TomEE distribution > - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226] >DataSource definition fails when @DataSourceDefinition doesn't define >url property > >== Improvement > >[.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031] >Improve TomEE Jmx Mbean Support for Parameter Names > >== Fixed Common Vulnerabilities and Exposures (CVEs) > >[.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230] >Backport fix for CVE-2023-34981 > - link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239] >Backport fix for CVE-2023-41080 > - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254] >Port fix for CVE-2023-42795 > - link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255] >Port fix for CVE-2023-44487 > - link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256] >Port fix for CVE-2023-45648 > - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227] >Jackson 2.15.2 > > >### > >Here is the dependency diff from 9.1.0 to 9.1.1 created with our >release tools: > > > artifactId from to >--- > jackson-annotations 2.15.1 2.15.2 > jackson-core 2.15.1 2.15.2 > jackson-databind 2.15.1 2.15.2 > jackson-dataformat-yaml 2.15.1 2.15.2 > java-support 8.3.1 8.4.0 > activemq-client-jakarta 5.18.1 5.18.2 > activemq-jdbc-store 5.18.1 5.18.2 > johnzon-core 1.2.20 1.2.21 > johnzon-jaxrs 1.2.20 1.2.21 > johnzon-jsonb 1.2.20 1.2.21 > johnzon-jsonp-strict 1.2.20 1.2.21 > johnzon-mapper 1.2.20 1.2.21 > xmlsec 3.0.1 3.0.2 > activemq-broker-shade 9.1.0 9.1.1 > activemq-kahadb-store-shade 9.1.0 9.1.1 > activemq-ra-shade 9.1.0 9.1.1 > commons-dbcp2-shade 9.1.0 9.1.1 > servicemix-bcel-shade 9.1.0 9.1.1 > sxc-shade 9.1.0 9.1.1 > taglibs-shade 9.1.0 9.1.1 > tomee-bootstrap 9.1.0 9.1.1 > xmlschema-core 2.2.5 2.3.1 > wss4j-bindings 3.0.0 3.0.1 >
Re: [VOTE] TomEE 9.1.1
+1 (binding) -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Mon, Oct 16, 2023 at 3:55 PM Cesar Hernandez wrote: > +1 thank you! > > On Mon, Oct 16, 2023 at 04:30 Richard Zowalla wrote: > > > Thanks for testing, Alex! > > > > Am Montag, dem 16.10.2023 um 12:24 +0200 schrieb Alex The Rocker: > > > +1 (non binding) > > > > > > Ran various tests with web apps based on JAX-WS, JAX-RS, JMS, CDI, > > > Entiy Beans; with some relying on Tomcat SSL connector, etc running > > > with Java 17 on Red Hat Linux 8 > > > => Found no regressions, thank you very much for the security fixes ! > > > > > > Alex > > > > > > Le jeu. 12 oct. 2023 à 17:14, Alex The Rocker > > > a écrit : > > > > > > > > Excellent news! > > > > I'm going to run some deep (applicative) tests with this candidate > > > > release and I will provide feedbacks asap > > > > > > > > Le jeu. 12 oct. 2023 à 15:28, Daniel Dias Dos Santos > > > > a écrit : > > > > > > > > > > Hi > > > > > > > > > > +1 > > > > > > > > > > Thanks > > > > > > > > > > On Thu, Oct 12, 2023, 10:26 benedict > > > > > wrote: > > > > > > > > > > > +1 > > > > > > Ursprüngliche Nachricht Von: Richard Zowalla < > > > > > > r...@apache.org> Datum: 12.10.23 14:59 (GMT+01:00) An: > > > > > > dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is > > > > > > a vote > > > > > > for a release of Apache TomEE 9.1.1.It is a maintenance release > > > > > > with > > > > > > dependenciesupgrades and bug fixes. The most notible change is > > > > > > dropping our > > > > > > owncxf-shade in favour of CXF 4.0.3It also fixes the latest > > > > > > Tomcat > > > > > > vulnerabilities by backporting andpatching Tomcat inside the > > > > > > TomEE 9 > > > > > > build.This release still passes the full EE9.1 TCK (thx to > > > > > > Jean-Louis & > > > > > > Jonfor triggering the builds) as well as the MP 5.0 > > > > > > TCK.###Maven Repo: > > > > > > > > https://repository.apache.org/content/repositories/orgapachetomee-1220/ > > > > > > tomee-9.1.1-rc1Testing > > > > > > TomEE 9.1.1 RC1 > > > > > > > > https://repository.apache.org/content/repositories/orgapachetomee-1220/ > > > > > > ###Binaries > > > > > > & Source: > > > > > > > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release > > > > > > notes: > > > > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here > > > > > > is an adoc generated version of the changelog as well:== > > > > > > Dependency > > > > > > upgrade[.compact] - link: > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ > > > > > > 5.18.2 - link: > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport > > > > > > fix > > > > > > for CVE-2023-34981 - link: > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport > > > > > > fix > > > > > > for CVE-2023-41080 - link: > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy > > > > > > Castle > > > > > > 1.75 - link: > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy > > > > > > Castle > > > > > > 1.76 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF > > > > > > 4.0.3 > > > > > > (jakarta namespace) - link: > > > > > > > > https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate > > > > > > 6.1.7 - link: > > > > > > > > https://issues.apache.org/jira
Re: [VOTE] TomEE 9.1.1
+1 thank you! On Mon, Oct 16, 2023 at 04:30 Richard Zowalla wrote: > Thanks for testing, Alex! > > Am Montag, dem 16.10.2023 um 12:24 +0200 schrieb Alex The Rocker: > > +1 (non binding) > > > > Ran various tests with web apps based on JAX-WS, JAX-RS, JMS, CDI, > > Entiy Beans; with some relying on Tomcat SSL connector, etc running > > with Java 17 on Red Hat Linux 8 > > => Found no regressions, thank you very much for the security fixes ! > > > > Alex > > > > Le jeu. 12 oct. 2023 à 17:14, Alex The Rocker > > a écrit : > > > > > > Excellent news! > > > I'm going to run some deep (applicative) tests with this candidate > > > release and I will provide feedbacks asap > > > > > > Le jeu. 12 oct. 2023 à 15:28, Daniel Dias Dos Santos > > > a écrit : > > > > > > > > Hi > > > > > > > > +1 > > > > > > > > Thanks > > > > > > > > On Thu, Oct 12, 2023, 10:26 benedict > > > > wrote: > > > > > > > > > +1 > > > > > Ursprüngliche Nachricht Von: Richard Zowalla < > > > > > r...@apache.org> Datum: 12.10.23 14:59 (GMT+01:00) An: > > > > > dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is > > > > > a vote > > > > > for a release of Apache TomEE 9.1.1.It is a maintenance release > > > > > with > > > > > dependenciesupgrades and bug fixes. The most notible change is > > > > > dropping our > > > > > owncxf-shade in favour of CXF 4.0.3It also fixes the latest > > > > > Tomcat > > > > > vulnerabilities by backporting andpatching Tomcat inside the > > > > > TomEE 9 > > > > > build.This release still passes the full EE9.1 TCK (thx to > > > > > Jean-Louis & > > > > > Jonfor triggering the builds) as well as the MP 5.0 > > > > > TCK.###Maven Repo: > > > > > > https://repository.apache.org/content/repositories/orgapachetomee-1220/ > > > > > tomee-9.1.1-rc1Testing > > > > > TomEE 9.1.1 RC1 > > > > > > https://repository.apache.org/content/repositories/orgapachetomee-1220/ > > > > > ###Binaries > > > > > & Source: > > > > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release > > > > > notes: > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here > > > > > is an adoc generated version of the changelog as well:== > > > > > Dependency > > > > > upgrade[.compact] - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ > > > > > 5.18.2 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport > > > > > fix > > > > > for CVE-2023-34981 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport > > > > > fix > > > > > for CVE-2023-41080 - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy > > > > > Castle > > > > > 1.75 - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy > > > > > Castle > > > > > 1.76 - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF > > > > > 4.0.3 > > > > > (jakarta namespace) - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate > > > > > 6.1.7 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson > > > > > 2.15.2 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon > > > > > 1.2.21 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra > > > > > 3.0.5 > > > > > - > > > > > link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-425 > > > > > 4]Port > > > > > fix for CVE-2023-42795 - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]P
Re: [VOTE] TomEE 9.1.1
Thanks for testing, Alex! Am Montag, dem 16.10.2023 um 12:24 +0200 schrieb Alex The Rocker: > +1 (non binding) > > Ran various tests with web apps based on JAX-WS, JAX-RS, JMS, CDI, > Entiy Beans; with some relying on Tomcat SSL connector, etc running > with Java 17 on Red Hat Linux 8 > => Found no regressions, thank you very much for the security fixes ! > > Alex > > Le jeu. 12 oct. 2023 à 17:14, Alex The Rocker > a écrit : > > > > Excellent news! > > I'm going to run some deep (applicative) tests with this candidate > > release and I will provide feedbacks asap > > > > Le jeu. 12 oct. 2023 à 15:28, Daniel Dias Dos Santos > > a écrit : > > > > > > Hi > > > > > > +1 > > > > > > Thanks > > > > > > On Thu, Oct 12, 2023, 10:26 benedict > > > wrote: > > > > > > > +1 > > > > Ursprüngliche Nachricht Von: Richard Zowalla < > > > > r...@apache.org> Datum: 12.10.23 14:59 (GMT+01:00) An: > > > > dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is > > > > a vote > > > > for a release of Apache TomEE 9.1.1.It is a maintenance release > > > > with > > > > dependenciesupgrades and bug fixes. The most notible change is > > > > dropping our > > > > owncxf-shade in favour of CXF 4.0.3It also fixes the latest > > > > Tomcat > > > > vulnerabilities by backporting andpatching Tomcat inside the > > > > TomEE 9 > > > > build.This release still passes the full EE9.1 TCK (thx to > > > > Jean-Louis & > > > > Jonfor triggering the builds) as well as the MP 5.0 > > > > TCK.###Maven Repo: > > > > https://repository.apache.org/content/repositories/orgapachetomee-1220/ > > > > tomee-9.1.1-rc1Testing > > > > TomEE 9.1.1 RC1 > > > > https://repository.apache.org/content/repositories/orgapachetomee-1220/ > > > > ###Binaries > > > > & Source: > > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release > > > > notes: > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here > > > > is an adoc generated version of the changelog as well:== > > > > Dependency > > > > upgrade[.compact] - link: > > > > https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ > > > > 5.18.2 - link: > > > > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport > > > > fix > > > > for CVE-2023-34981 - link: > > > > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport > > > > fix > > > > for CVE-2023-41080 - link: > > > > https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy > > > > Castle > > > > 1.75 - link: > > > > https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy > > > > Castle > > > > 1.76 - link: > > > > https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF > > > > 4.0.3 > > > > (jakarta namespace) - link: > > > > https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate > > > > 6.1.7 - link: > > > > https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson > > > > 2.15.2 - link: > > > > https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon > > > > 1.2.21 - link: > > > > https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra > > > > 3.0.5 > > > > - > > > > link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-425 > > > > 4]Port > > > > fix for CVE-2023-42795 - link: > > > > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port > > > > fix for > > > > CVE-2023-44487 - link: > > > > https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port > > > > fix for > > > > CVE-2023-45648 - link: > > > > https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML > > > > 2.2 > > > > - > > > > link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-425 > > > > 0]WSS4J > > > > 3.0.1 - link: > > > > https://issues.apache.org/jira/browse/
Re: [VOTE] TomEE 9.1.1
+1 (non binding) Ran various tests with web apps based on JAX-WS, JAX-RS, JMS, CDI, Entiy Beans; with some relying on Tomcat SSL connector, etc running with Java 17 on Red Hat Linux 8 => Found no regressions, thank you very much for the security fixes ! Alex Le jeu. 12 oct. 2023 à 17:14, Alex The Rocker a écrit : > > Excellent news! > I'm going to run some deep (applicative) tests with this candidate > release and I will provide feedbacks asap > > Le jeu. 12 oct. 2023 à 15:28, Daniel Dias Dos Santos > a écrit : > > > > Hi > > > > +1 > > > > Thanks > > > > On Thu, Oct 12, 2023, 10:26 benedict wrote: > > > > > +1 > > > Ursprüngliche Nachricht Von: Richard Zowalla < > > > r...@apache.org> Datum: 12.10.23 14:59 (GMT+01:00) An: > > > dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is a vote > > > for a release of Apache TomEE 9.1.1.It is a maintenance release with > > > dependenciesupgrades and bug fixes. The most notible change is dropping > > > our > > > owncxf-shade in favour of CXF 4.0.3It also fixes the latest Tomcat > > > vulnerabilities by backporting andpatching Tomcat inside the TomEE 9 > > > build.This release still passes the full EE9.1 TCK (thx to Jean-Louis & > > > Jonfor triggering the builds) as well as the MP 5.0 > > > TCK.###Maven Repo: > > > https://repository.apache.org/content/repositories/orgapachetomee-1220/tomee-9.1.1-rc1Testing > > > TomEE 9.1.1 RC1 > > > https://repository.apache.org/content/repositories/orgapachetomee-1220/###Binaries > > > & Source: > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release > > > notes: > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here > > > is an adoc generated version of the changelog as well:== Dependency > > > upgrade[.compact] - link: > > > https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ > > > 5.18.2 - link: > > > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix > > > for CVE-2023-34981 - link: > > > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix > > > for CVE-2023-41080 - link: > > > https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy Castle > > > 1.75 - link: > > > https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy Castle > > > 1.76 - link: > > > https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF 4.0.3 > > > (jakarta namespace) - link: > > > https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate > > > 6.1.7 - link: > > > https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson > > > 2.15.2 - link: > > > https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon > > > 1.2.21 - link: > > > https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra 3.0.5 > > > - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port > > > fix for CVE-2023-42795 - link: > > > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for > > > CVE-2023-44487 - link: > > > https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for > > > CVE-2023-45648 - link: > > > https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML 2.2 > > > - link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250]WSS4J > > > 3.0.1 - link: > > > https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]bcprov-jdk15to18-1.74.jar > > > - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251]xmlsec > > > 3.0.2== Bug[.compact] - link: > > > https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]@LoginToContinue > > > JSR-375 (JavaEE Security API) causesIllegalArgumentException - link: > > > https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]Remove > > > commons-net from TomEE distribution - link: > > > https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]DataSource > > > definition fails when @DataSourceDefinition doesn't defineurl property== > > > Improvement[.compact] - link: > > > https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]Improve TomEE > > > Jmx Mbean Support for Parameter Names== Fixed Common Vulnerabilities and > > > Exposures (CVEs)[.c
Re: [VOTE] TomEE 9.1.1
Excellent news! I'm going to run some deep (applicative) tests with this candidate release and I will provide feedbacks asap Le jeu. 12 oct. 2023 à 15:28, Daniel Dias Dos Santos a écrit : > > Hi > > +1 > > Thanks > > On Thu, Oct 12, 2023, 10:26 benedict wrote: > > > +1 > > Ursprüngliche Nachricht Von: Richard Zowalla < > > r...@apache.org> Datum: 12.10.23 14:59 (GMT+01:00) An: > > dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is a vote > > for a release of Apache TomEE 9.1.1.It is a maintenance release with > > dependenciesupgrades and bug fixes. The most notible change is dropping our > > owncxf-shade in favour of CXF 4.0.3It also fixes the latest Tomcat > > vulnerabilities by backporting andpatching Tomcat inside the TomEE 9 > > build.This release still passes the full EE9.1 TCK (thx to Jean-Louis & > > Jonfor triggering the builds) as well as the MP 5.0 > > TCK.###Maven Repo: > > https://repository.apache.org/content/repositories/orgapachetomee-1220/tomee-9.1.1-rc1Testing > > TomEE 9.1.1 RC1 > > https://repository.apache.org/content/repositories/orgapachetomee-1220/###Binaries > > & Source: > > https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release > > notes: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here > > is an adoc generated version of the changelog as well:== Dependency > > upgrade[.compact] - link: > > https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ > > 5.18.2 - link: > > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix > > for CVE-2023-34981 - link: > > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix > > for CVE-2023-41080 - link: > > https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy Castle > > 1.75 - link: > > https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy Castle > > 1.76 - link: > > https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF 4.0.3 > > (jakarta namespace) - link: > > https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate > > 6.1.7 - link: > > https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson > > 2.15.2 - link: > > https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon > > 1.2.21 - link: > > https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra 3.0.5 > > - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port > > fix for CVE-2023-42795 - link: > > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for > > CVE-2023-44487 - link: > > https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for > > CVE-2023-45648 - link: > > https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML 2.2 > > - link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250]WSS4J > > 3.0.1 - link: > > https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]bcprov-jdk15to18-1.74.jar > > - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251]xmlsec > > 3.0.2== Bug[.compact] - link: > > https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]@LoginToContinue > > JSR-375 (JavaEE Security API) causesIllegalArgumentException - link: > > https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]Remove > > commons-net from TomEE distribution - link: > > https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]DataSource > > definition fails when @DataSourceDefinition doesn't defineurl property== > > Improvement[.compact] - link: > > https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]Improve TomEE > > Jmx Mbean Support for Parameter Names== Fixed Common Vulnerabilities and > > Exposures (CVEs)[.compact] - link: > > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix > > for CVE-2023-34981 - link: > > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix > > for CVE-2023-41080 - link: > > https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for > > CVE-2023-42795 - link: > > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for > > CVE-2023-44487 - link: > > https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for > > CVE-2023-45648 - link: > > https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson > > 2.15.2###Here is the
Re: [VOTE] TomEE 9.1.1
Hi +1 Thanks On Thu, Oct 12, 2023, 10:26 benedict wrote: > +1 > Ursprüngliche Nachricht Von: Richard Zowalla < > r...@apache.org> Datum: 12.10.23 14:59 (GMT+01:00) An: > dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is a vote > for a release of Apache TomEE 9.1.1.It is a maintenance release with > dependenciesupgrades and bug fixes. The most notible change is dropping our > owncxf-shade in favour of CXF 4.0.3It also fixes the latest Tomcat > vulnerabilities by backporting andpatching Tomcat inside the TomEE 9 > build.This release still passes the full EE9.1 TCK (thx to Jean-Louis & > Jonfor triggering the builds) as well as the MP 5.0 > TCK.###Maven Repo: > https://repository.apache.org/content/repositories/orgapachetomee-1220/tomee-9.1.1-rc1Testing > TomEE 9.1.1 RC1 > https://repository.apache.org/content/repositories/orgapachetomee-1220/###Binaries > & Source: > https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release > notes: > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here > is an adoc generated version of the changelog as well:== Dependency > upgrade[.compact] - link: > https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ > 5.18.2 - link: > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix > for CVE-2023-34981 - link: > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix > for CVE-2023-41080 - link: > https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy Castle > 1.75 - link: > https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy Castle > 1.76 - link: > https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF 4.0.3 > (jakarta namespace) - link: > https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate > 6.1.7 - link: > https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson > 2.15.2 - link: > https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon > 1.2.21 - link: > https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra 3.0.5 > - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port > fix for CVE-2023-42795 - link: > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for > CVE-2023-44487 - link: > https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for > CVE-2023-45648 - link: > https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML 2.2 > - link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250]WSS4J > 3.0.1 - link: > https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]bcprov-jdk15to18-1.74.jar > - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251]xmlsec > 3.0.2== Bug[.compact] - link: > https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]@LoginToContinue > JSR-375 (JavaEE Security API) causesIllegalArgumentException - link: > https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]Remove > commons-net from TomEE distribution - link: > https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]DataSource > definition fails when @DataSourceDefinition doesn't defineurl property== > Improvement[.compact] - link: > https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]Improve TomEE > Jmx Mbean Support for Parameter Names== Fixed Common Vulnerabilities and > Exposures (CVEs)[.compact] - link: > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix > for CVE-2023-34981 - link: > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix > for CVE-2023-41080 - link: > https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for > CVE-2023-42795 - link: > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for > CVE-2023-44487 - link: > https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for > CVE-2023-45648 - link: > https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson > 2.15.2###Here is the dependency diff from 9.1.0 to 9.1.1 > created with ourrelease tools: artifactId from to > --- jackson-annotations > 2.15.1 2.15.2 jackson-core 2.15.1 2.15.2 jackson-databind 2.15.1 2.15.2 > jackson-dataformat-yaml 2.15.1 2.15.2 java-support 8.3.1 8.4.0 > activemq-client-jakarta 5.18.1 5.18.2 activemq-jdbc-store 5.18.1 5.18.2 > johnzon-core 1.2.20 1.2.21 johnzon-jaxrs 1.2.20 1.2.21 johnzon-jsonb > 1.2.20 1.2.21 johnzon-jsonp-strict 1.2.20 1.2.21 johnzon-mapper 1.2.20 > 1.2.21 xmlsec 3.0.1 3.0.2 activemq-broker-shade
RE: [VOTE] TomEE 9.1.1
+1 Ursprüngliche Nachricht Von: Richard Zowalla Datum: 12.10.23 14:59 (GMT+01:00) An: dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is a vote for a release of Apache TomEE 9.1.1.It is a maintenance release with dependenciesupgrades and bug fixes. The most notible change is dropping our owncxf-shade in favour of CXF 4.0.3It also fixes the latest Tomcat vulnerabilities by backporting andpatching Tomcat inside the TomEE 9 build.This release still passes the full EE9.1 TCK (thx to Jean-Louis & Jonfor triggering the builds) as well as the MP 5.0 TCK.###Maven Repo:https://repository.apache.org/content/repositories/orgapachetomee-1220/tomee-9.1.1-rc1Testing TomEE 9.1.1 RC1https://repository.apache.org/content/repositories/orgapachetomee-1220/###Binaries & Source:https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release notes:https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here is an adoc generated version of the changelog as well:== Dependency upgrade[.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ 5.18.2 - link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix for CVE-2023-34981 - link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix for CVE-2023-41080 - link:https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy Castle 1.75 - link:https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy Castle 1.76 - link:https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF 4.0.3 (jakarta namespace) - link:https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate 6.1.7 - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson 2.15.2 - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon 1.2.21 - link:https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra 3.0.5 - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for CVE-2023-42795 - link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for CVE-2023-44487 - link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for CVE-2023-45648 - link:https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML 2.2 - link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250]WSS4J 3.0.1 - link:https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]bcprov-jdk15to18-1.74.jar - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251]xmlsec 3.0.2== Bug[.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]@LoginToContinue JSR-375 (JavaEE Security API) causesIllegalArgumentException - link:https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]Remove commons-net from TomEE distribution - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]DataSource definition fails when @DataSourceDefinition doesn't defineurl property== Improvement[.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]Improve TomEE Jmx Mbean Support for Parameter Names== Fixed Common Vulnerabilities and Exposures (CVEs)[.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix for CVE-2023-34981 - link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix for CVE-2023-41080 - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for CVE-2023-42795 - link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for CVE-2023-44487 - link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for CVE-2023-45648 - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson 2.15.2###Here is the dependency diff from 9.1.0 to 9.1.1 created with ourrelease tools: artifactId from to --- jackson-annotations 2.15.1 2.15.2 jackson-core 2.15.1 2.15.2 jackson-databind 2.15.1 2.15.2 jackson-dataformat-yaml 2.15.1 2.15.2 java-support 8.3.1 8.4.0 activemq-client-jakarta 5.18.1 5.18.2 activemq-jdbc-store 5.18.1 5.18.2 johnzon-core 1.2.20 1.2.21 johnzon-jaxrs 1.2.20 1.2.21 johnzon-jsonb 1.2.20 1.2.21 johnzon-jsonp-strict 1.2.20 1.2.21 johnzon-mapper 1.2.20 1.2.21 xmlsec 3.0.1 3.0.2 activemq-broker-shade 9.1.0 9.1.1 activemq-kahadb-store-shade 9.1.0 9.1.1 activemq-ra-shade 9.1.0 9.1.1 commons-dbcp2-shade 9.1.0 9.1.1 servicemix-bcel-shade 9.1.0 9.1.1 sxc-shade 9.1.0 9.1.1 taglibs-shade 9.1.0 9.1.1 tomee-bootstrap 9.1.0 9.1.1 xmlschema-core 2.2.5 2.3.1 wss4j-bindings 3.0.0 3.0.1 wss4j-policy 3.0.0 3.0.1 wss4j-ws-security-common 3.0.0 3.0.1 wss4j-ws-security-dom 3.0.0 3.0.1 wss4j-ws-security-policy-stax 3.0.0 3.0.1 wss4j-ws-
RE: [VOTE] TomEE 9.1.1
+1 Ursprüngliche Nachricht Von: Richard Zowalla Datum: 12.10.23 14:59 (GMT+01:00) An: dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is a vote for a release of Apache TomEE 9.1.1.It is a maintenance release with dependenciesupgrades and bug fixes. The most notible change is dropping our owncxf-shade in favour of CXF 4.0.3It also fixes the latest Tomcat vulnerabilities by backporting andpatching Tomcat inside the TomEE 9 build.This release still passes the full EE9.1 TCK (thx to Jean-Louis & Jonfor triggering the builds) as well as the MP 5.0 TCK.###Maven Repo:https://repository.apache.org/content/repositories/orgapachetomee-1220/tomee-9.1.1-rc1Testing TomEE 9.1.1 RC1https://repository.apache.org/content/repositories/orgapachetomee-1220/###Binaries & Source:https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release notes:https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here is an adoc generated version of the changelog as well:== Dependency upgrade[.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ 5.18.2 - link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix for CVE-2023-34981 - link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix for CVE-2023-41080 - link:https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy Castle 1.75 - link:https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy Castle 1.76 - link:https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF 4.0.3 (jakarta namespace) - link:https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate 6.1.7 - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson 2.15.2 - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon 1.2.21 - link:https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra 3.0.5 - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for CVE-2023-42795 - link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for CVE-2023-44487 - link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for CVE-2023-45648 - link:https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML 2.2 - link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250]WSS4J 3.0.1 - link:https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]bcprov-jdk15to18-1.74.jar - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251]xmlsec 3.0.2== Bug[.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]@LoginToContinue JSR-375 (JavaEE Security API) causesIllegalArgumentException - link:https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]Remove commons-net from TomEE distribution - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]DataSource definition fails when @DataSourceDefinition doesn't defineurl property== Improvement[.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]Improve TomEE Jmx Mbean Support for Parameter Names== Fixed Common Vulnerabilities and Exposures (CVEs)[.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix for CVE-2023-34981 - link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix for CVE-2023-41080 - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for CVE-2023-42795 - link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for CVE-2023-44487 - link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for CVE-2023-45648 - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson 2.15.2###Here is the dependency diff from 9.1.0 to 9.1.1 created with ourrelease tools: artifactId from to --- jackson-annotations 2.15.1 2.15.2 jackson-core 2.15.1 2.15.2 jackson-databind 2.15.1 2.15.2 jackson-dataformat-yaml 2.15.1 2.15.2 java-support 8.3.1 8.4.0 activemq-client-jakarta 5.18.1 5.18.2 activemq-jdbc-store 5.18.1 5.18.2 johnzon-core 1.2.20 1.2.21 johnzon-jaxrs 1.2.20 1.2.21 johnzon-jsonb 1.2.20 1.2.21 johnzon-jsonp-strict 1.2.20 1.2.21 johnzon-mapper 1.2.20 1.2.21 xmlsec 3.0.1 3.0.2 activemq-broker-shade 9.1.0 9.1.1 activemq-kahadb-store-shade 9.1.0 9.1.1 activemq-ra-shade 9.1.0 9.1.1 commons-dbcp2-shade 9.1.0 9.1.1 servicemix-bcel-shade 9.1.0 9.1.1 sxc-shade 9.1.0 9.1.1 taglibs-shade 9.1.0 9.1.1 tomee-bootstrap 9.1.0 9.1.1 xmlschema-core 2.2.5 2.3.1 wss4j-bindings 3.0.0 3.0.1 wss4j-policy 3.0.0 3.0.1 wss4j-ws-security-common 3.0.0 3.0.1 wss4j-ws-security-dom 3.0.0 3.0.1 wss4j-ws-security-policy-stax 3.0.0 3.0.1 wss4j-ws-
[VOTE] TomEE 9.1.1
Hi all, this is a vote for a release of Apache TomEE 9.1.1. It is a maintenance release with dependencies upgrades and bug fixes. The most notible change is dropping our own cxf-shade in favour of CXF 4.0.3 It also fixes the latest Tomcat vulnerabilities by backporting and patching Tomcat inside the TomEE 9 build. This release still passes the full EE9.1 TCK (thx to Jean-Louis & Jon for triggering the builds) as well as the MP 5.0 TCK. ### Maven Repo: https://repository.apache.org/content/repositories/orgapachetomee-1220/ tomee-9.1.1-rc1 Testing TomEE 9.1.1 RC1 https://repository.apache.org/content/repositories/orgapachetomee-1220/ ### Binaries & Source: https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/ ### Tag: https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1 ### Release notes: https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331 ### Here is an adoc generated version of the changelog as well: == Dependency upgrade [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246] ActiveMQ 5.18.2 - link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230] Backport fix for CVE-2023-34981 - link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239] Backport fix for CVE-2023-41080 - link:https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235] Bouncy Castle 1.75 - link:https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243] Bouncy Castle 1.76 - link:https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139] CXF 4.0.3 (jakarta namespace) - link:https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247] Hibernate 6.1.7 - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227] Jackson 2.15.2 - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228] Johnzon 1.2.21 - link:https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248] Mojarra 3.0.5 - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254] Port fix for CVE-2023-42795 - link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255] Port fix for CVE-2023-44487 - link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256] Port fix for CVE-2023-45648 - link:https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249] SnakeYAML 2.2 - link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250] WSS4J 3.0.1 - link:https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232] bcprov-jdk15to18-1.74.jar - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251] xmlsec 3.0.2 == Bug [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222] @LoginToContinue JSR-375 (JavaEE Security API) causes IllegalArgumentException - link:https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225] Remove commons-net from TomEE distribution - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226] DataSource definition fails when @DataSourceDefinition doesn't define url property == Improvement [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031] Improve TomEE Jmx Mbean Support for Parameter Names == Fixed Common Vulnerabilities and Exposures (CVEs) [.compact] - link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230] Backport fix for CVE-2023-34981 - link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239] Backport fix for CVE-2023-41080 - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254] Port fix for CVE-2023-42795 - link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255] Port fix for CVE-2023-44487 - link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256] Port fix for CVE-2023-45648 - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227] Jackson 2.15.2 ### Here is the dependency diff from 9.1.0 to 9.1.1 created with our release tools: artifactId from to --- jackson-annotations 2.15.1 2.15.2 jackson-core 2.15.1 2.15.2 jackson-databind 2.15.1 2.15.2 jackson-dataformat-yaml 2.15.1 2.15.2 java-support 8.3.1 8.4.0 activemq-client-jakarta 5.18.1 5.18.2 activemq-jdbc-store 5.18.1 5.18.2 johnzon-core 1.2.20 1.2.21 johnzon-jaxrs 1.2.20 1.2.21 johnzon-jsonb 1.2.20 1.2.21 johnzon-jsonp-strict 1.2.20 1.2.21 johnzon-mapper 1.2.20 1.2.21 xmlsec 3.0.1 3.0.2 activemq-broker-shade 9.1.0 9.1.1 activemq-kahadb-store-shade 9.1.0 9.1.1 activemq-ra-shade 9.1.0 9.1.1 commons-dbcp2-shade 9.1.0 9.1.1 servicemix-bcel-shade 9.1.0 9.1.1 sxc-shade 9.1.0 9.1.1 taglibs-shade 9.1.0 9.1.1 tomee-bootstrap 9.1.0 9.1.1 xmlschema-core 2.2.5 2.3.1 wss4j-bindings 3.0.0 3.0.1 wss4j-policy 3.0.0 3.0.1 wss4j-ws-security-common 3.0.0 3.0.1 wss4j-ws-security-dom 3.0.0 3.0.1 wss4j-ws-security-policy-stax 3.0.0 3.0.1 wss4j-ws-security-stax 3.0.0 3.0.1 bcpkix-jdk15to18 1.73 1.76 bcprov-jdk15to18 1.73