subject:"\[VOTE\] TomEE 9.1.1"

Re: [VOTE] TomEE 9.1.1

2023-10-16 Thread Richard Zowalla

Here is my own +1 

Am 12. Oktober 2023 14:58:53 MESZ schrieb Richard Zowalla :
>Hi all,
>
>this is a vote for a release of Apache TomEE 9.1.1.
>
>It is a maintenance release with dependencies
>upgrades and bug fixes. The most notible change is dropping our own
>cxf-shade in favour of CXF 4.0.3
>
>It also fixes the latest Tomcat vulnerabilities by backporting and
>patching Tomcat inside the TomEE 9 build.
>
>This release still passes the full EE9.1 TCK (thx to Jean-Louis & Jon
>for triggering the builds) as well as the MP 5.0 TCK.
>
>###
>
>Maven Repo:
>https://repository.apache.org/content/repositories/orgapachetomee-1220/
>
>
>
>tomee-9.1.1-rc1
>Testing TomEE 9.1.1 RC1
>
>https://repository.apache.org/content/repositories/orgapachetomee-1220/
>
>
>
>
>###
>
>Binaries & Source:
>
>https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/
>
>###
>
>Tag:
>
>https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1
>
>
>###
>
>Release notes:
>
>https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331
>
>###
>
>Here is an adoc generated version of the changelog as well:
>
>
>== Dependency upgrade
>
>[.compact]
> - link:https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]
>ActiveMQ 5.18.2
> - link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]
>Backport fix for CVE-2023-34981
> - link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]
>Backport fix for CVE-2023-41080
> - link:https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]
>Bouncy Castle 1.75
> - link:https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]
>Bouncy Castle 1.76
> - link:https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]
>CXF 4.0.3 (jakarta namespace)
> - link:https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]
>Hibernate 6.1.7
> - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
>Jackson 2.15.2
> - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]
>Johnzon 1.2.21
> - link:https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]
>Mojarra 3.0.5
> - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]
>Port fix for CVE-2023-42795
> - link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]
>Port fix for CVE-2023-44487
> - link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]
>Port fix for CVE-2023-45648
> - link:https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]
>SnakeYAML 2.2
> - link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250]
>WSS4J 3.0.1
> - link:https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]
>bcprov-jdk15to18-1.74.jar
> - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251]
>xmlsec 3.0.2
>
>== Bug
>
>[.compact]
> - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]
>@LoginToContinue JSR-375 (JavaEE Security API) causes
>IllegalArgumentException
> - link:https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]
>Remove commons-net from TomEE distribution
> - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]
>DataSource definition fails when @DataSourceDefinition doesn't define
>url property
>
>== Improvement
>
>[.compact]
> - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]
>Improve TomEE Jmx Mbean Support for Parameter Names
>
>== Fixed Common Vulnerabilities and Exposures (CVEs)
>
>[.compact]
> - link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]
>Backport fix for CVE-2023-34981
> - link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]
>Backport fix for CVE-2023-41080
> - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]
>Port fix for CVE-2023-42795
> - link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]
>Port fix for CVE-2023-44487
> - link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]
>Port fix for CVE-2023-45648
> - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
>Jackson 2.15.2
>
>
>###
>
>Here is the dependency diff from 9.1.0 to 9.1.1 created with our
>release tools:
>
>
> artifactId from to 
>---  
> jackson-annotations 2.15.1 2.15.2 
> jackson-core 2.15.1 2.15.2 
> jackson-databind 2.15.1 2.15.2 
> jackson-dataformat-yaml 2.15.1 2.15.2 
> java-support 8.3.1 8.4.0 
> activemq-client-jakarta 5.18.1 5.18.2 
> activemq-jdbc-store 5.18.1 5.18.2 
> johnzon-core 1.2.20 1.2.21 
> johnzon-jaxrs 1.2.20 1.2.21 
> johnzon-jsonb 1.2.20 1.2.21 
> johnzon-jsonp-strict 1.2.20 1.2.21 
> johnzon-mapper 1.2.20 1.2.21 
> xmlsec 3.0.1 3.0.2 
> activemq-broker-shade 9.1.0 9.1.1 
> activemq-kahadb-store-shade 9.1.0 9.1.1 
> activemq-ra-shade 9.1.0 9.1.1 
> commons-dbcp2-shade 9.1.0 9.1.1 
> servicemix-bcel-shade 9.1.0 9.1.1 
> sxc-shade 9.1.0 9.1.1 
> taglibs-shade 9.1.0 9.1.1 
> tomee-bootstrap 9.1.0 9.1.1 
> xmlschema-core 2.2.5 2.3.1 
> wss4j-bindings 3.0.0 3.0.1 
>

Re: [VOTE] TomEE 9.1.1

2023-10-16 Thread Jean-Louis Monteiro

+1 (binding)
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com


On Mon, Oct 16, 2023 at 3:55 PM Cesar Hernandez 
wrote:

> +1 thank you!
>
> On Mon, Oct 16, 2023 at 04:30 Richard Zowalla  wrote:
>
> > Thanks for testing, Alex!
> >
> > Am Montag, dem 16.10.2023 um 12:24 +0200 schrieb Alex The Rocker:
> > > +1 (non binding)
> > >
> > > Ran various tests with web apps based on JAX-WS, JAX-RS, JMS, CDI,
> > > Entiy Beans; with some relying on Tomcat SSL connector, etc running
> > > with Java 17 on Red Hat Linux 8
> > > => Found no regressions, thank you very much for the security fixes !
> > >
> > > Alex
> > >
> > > Le jeu. 12 oct. 2023 à 17:14, Alex The Rocker 
> > > a écrit :
> > > >
> > > > Excellent news!
> > > > I'm going to run some deep (applicative) tests with this candidate
> > > > release and I will provide feedbacks asap
> > > >
> > > > Le jeu. 12 oct. 2023 à 15:28, Daniel Dias Dos Santos
> > > >  a écrit :
> > > > >
> > > > > Hi
> > > > >
> > > > > +1
> > > > >
> > > > > Thanks
> > > > >
> > > > > On Thu, Oct 12, 2023, 10:26 benedict 
> > > > > wrote:
> > > > >
> > > > > > +1
> > > > > >  Ursprüngliche Nachricht Von: Richard Zowalla <
> > > > > > r...@apache.org> Datum: 12.10.23  14:59  (GMT+01:00) An:
> > > > > > dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is
> > > > > > a vote
> > > > > > for a release of Apache TomEE 9.1.1.It is a maintenance release
> > > > > > with
> > > > > > dependenciesupgrades and bug fixes. The most notible change is
> > > > > > dropping our
> > > > > > owncxf-shade in favour of CXF 4.0.3It also fixes the latest
> > > > > > Tomcat
> > > > > > vulnerabilities by backporting andpatching Tomcat inside the
> > > > > > TomEE 9
> > > > > > build.This release still passes the full EE9.1 TCK (thx to
> > > > > > Jean-Louis &
> > > > > > Jonfor triggering the builds) as well as the MP 5.0
> > > > > > TCK.###Maven Repo:
> > > > > >
> > https://repository.apache.org/content/repositories/orgapachetomee-1220/
> > > > > > tomee-9.1.1-rc1Testing
> > > > > > TomEE 9.1.1 RC1
> > > > > >
> > https://repository.apache.org/content/repositories/orgapachetomee-1220/
> > > > > > ###Binaries
> > > > > > & Source:
> > > > > >
> >
> https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release
> > > > > > notes:
> > > > > >
> >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here
> > > > > > is an adoc generated version of the changelog as well:==
> > > > > > Dependency
> > > > > > upgrade[.compact] - link:
> > > > > >
> > https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ
> > > > > > 5.18.2 - link:
> > > > > >
> > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport
> > > > > >  fix
> > > > > > for CVE-2023-34981 - link:
> > > > > >
> > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport
> > > > > >  fix
> > > > > > for CVE-2023-41080 - link:
> > > > > >
> https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy
> > > > > >  Castle
> > > > > > 1.75 - link:
> > > > > >
> https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy
> > > > > >  Castle
> > > > > > 1.76 - link:
> > > > > > https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF
> > > > > >  4.0.3
> > > > > > (jakarta namespace) - link:
> > > > > >
> > https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate
> > > > > > 6.1.7 - link:
> > > > > >
> > https://issues.apache.org/jira

Re: [VOTE] TomEE 9.1.1

2023-10-16 Thread Cesar Hernandez

+1 thank you!

On Mon, Oct 16, 2023 at 04:30 Richard Zowalla  wrote:

> Thanks for testing, Alex!
>
> Am Montag, dem 16.10.2023 um 12:24 +0200 schrieb Alex The Rocker:
> > +1 (non binding)
> >
> > Ran various tests with web apps based on JAX-WS, JAX-RS, JMS, CDI,
> > Entiy Beans; with some relying on Tomcat SSL connector, etc running
> > with Java 17 on Red Hat Linux 8
> > => Found no regressions, thank you very much for the security fixes !
> >
> > Alex
> >
> > Le jeu. 12 oct. 2023 à 17:14, Alex The Rocker 
> > a écrit :
> > >
> > > Excellent news!
> > > I'm going to run some deep (applicative) tests with this candidate
> > > release and I will provide feedbacks asap
> > >
> > > Le jeu. 12 oct. 2023 à 15:28, Daniel Dias Dos Santos
> > >  a écrit :
> > > >
> > > > Hi
> > > >
> > > > +1
> > > >
> > > > Thanks
> > > >
> > > > On Thu, Oct 12, 2023, 10:26 benedict 
> > > > wrote:
> > > >
> > > > > +1
> > > > >  Ursprüngliche Nachricht Von: Richard Zowalla <
> > > > > r...@apache.org> Datum: 12.10.23  14:59  (GMT+01:00) An:
> > > > > dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is
> > > > > a vote
> > > > > for a release of Apache TomEE 9.1.1.It is a maintenance release
> > > > > with
> > > > > dependenciesupgrades and bug fixes. The most notible change is
> > > > > dropping our
> > > > > owncxf-shade in favour of CXF 4.0.3It also fixes the latest
> > > > > Tomcat
> > > > > vulnerabilities by backporting andpatching Tomcat inside the
> > > > > TomEE 9
> > > > > build.This release still passes the full EE9.1 TCK (thx to
> > > > > Jean-Louis &
> > > > > Jonfor triggering the builds) as well as the MP 5.0
> > > > > TCK.###Maven Repo:
> > > > >
> https://repository.apache.org/content/repositories/orgapachetomee-1220/
> > > > > tomee-9.1.1-rc1Testing
> > > > > TomEE 9.1.1 RC1
> > > > >
> https://repository.apache.org/content/repositories/orgapachetomee-1220/
> > > > > ###Binaries
> > > > > & Source:
> > > > >
> https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release
> > > > > notes:
> > > > >
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here
> > > > > is an adoc generated version of the changelog as well:==
> > > > > Dependency
> > > > > upgrade[.compact] - link:
> > > > >
> https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ
> > > > > 5.18.2 - link:
> > > > >
> https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport
> > > > >  fix
> > > > > for CVE-2023-34981 - link:
> > > > >
> https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport
> > > > >  fix
> > > > > for CVE-2023-41080 - link:
> > > > > https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy
> > > > >  Castle
> > > > > 1.75 - link:
> > > > > https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy
> > > > >  Castle
> > > > > 1.76 - link:
> > > > > https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF
> > > > >  4.0.3
> > > > > (jakarta namespace) - link:
> > > > >
> https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate
> > > > > 6.1.7 - link:
> > > > >
> https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson
> > > > > 2.15.2 - link:
> > > > >
> https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon
> > > > > 1.2.21 - link:
> > > > >
> https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra
> > > > >  3.0.5
> > > > > -
> > > > > link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-425
> > > > > 4]Port
> > > > > fix for CVE-2023-42795 - link:
> > > > > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]P

Re: [VOTE] TomEE 9.1.1

2023-10-16 Thread Richard Zowalla

Thanks for testing, Alex!

Am Montag, dem 16.10.2023 um 12:24 +0200 schrieb Alex The Rocker:
> +1 (non binding)
> 
> Ran various tests with web apps based on JAX-WS, JAX-RS, JMS, CDI,
> Entiy Beans; with some relying on Tomcat SSL connector, etc running
> with Java 17 on Red Hat Linux 8
> => Found no regressions, thank you very much for the security fixes !
> 
> Alex
> 
> Le jeu. 12 oct. 2023 à 17:14, Alex The Rocker 
> a écrit :
> > 
> > Excellent news!
> > I'm going to run some deep (applicative) tests with this candidate
> > release and I will provide feedbacks asap
> > 
> > Le jeu. 12 oct. 2023 à 15:28, Daniel Dias Dos Santos
> >  a écrit :
> > > 
> > > Hi
> > > 
> > > +1
> > > 
> > > Thanks
> > > 
> > > On Thu, Oct 12, 2023, 10:26 benedict 
> > > wrote:
> > > 
> > > > +1
> > > >  Ursprüngliche Nachricht Von: Richard Zowalla <
> > > > r...@apache.org> Datum: 12.10.23  14:59  (GMT+01:00) An:
> > > > dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is
> > > > a vote
> > > > for a release of Apache TomEE 9.1.1.It is a maintenance release
> > > > with
> > > > dependenciesupgrades and bug fixes. The most notible change is
> > > > dropping our
> > > > owncxf-shade in favour of CXF 4.0.3It also fixes the latest
> > > > Tomcat
> > > > vulnerabilities by backporting andpatching Tomcat inside the
> > > > TomEE 9
> > > > build.This release still passes the full EE9.1 TCK (thx to
> > > > Jean-Louis &
> > > > Jonfor triggering the builds) as well as the MP 5.0
> > > > TCK.###Maven Repo:
> > > > https://repository.apache.org/content/repositories/orgapachetomee-1220/
> > > > tomee-9.1.1-rc1Testing
> > > > TomEE 9.1.1 RC1
> > > > https://repository.apache.org/content/repositories/orgapachetomee-1220/
> > > > ###Binaries
> > > > & Source:
> > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release
> > > > notes:
> > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here
> > > > is an adoc generated version of the changelog as well:==
> > > > Dependency
> > > > upgrade[.compact] - link:
> > > > https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ
> > > > 5.18.2 - link:
> > > > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport
> > > >  fix
> > > > for CVE-2023-34981 - link:
> > > > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport
> > > >  fix
> > > > for CVE-2023-41080 - link:
> > > > https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy
> > > >  Castle
> > > > 1.75 - link:
> > > > https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy
> > > >  Castle
> > > > 1.76 - link:
> > > > https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF
> > > >  4.0.3
> > > > (jakarta namespace) - link:
> > > > https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate
> > > > 6.1.7 - link:
> > > > https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson
> > > > 2.15.2 - link:
> > > > https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon
> > > > 1.2.21 - link:
> > > > https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra
> > > >  3.0.5
> > > > -
> > > > link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-425
> > > > 4]Port
> > > > fix for CVE-2023-42795 - link:
> > > > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port
> > > >  fix for
> > > > CVE-2023-44487 - link:
> > > > https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port
> > > >  fix for
> > > > CVE-2023-45648 - link:
> > > > https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML
> > > >  2.2
> > > > -
> > > > link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-425
> > > > 0]WSS4J
> > > > 3.0.1 - link:
> > > > https://issues.apache.org/jira/browse/

Re: [VOTE] TomEE 9.1.1

2023-10-16 Thread Alex The Rocker

+1 (non binding)

Ran various tests with web apps based on JAX-WS, JAX-RS, JMS, CDI,
Entiy Beans; with some relying on Tomcat SSL connector, etc running
with Java 17 on Red Hat Linux 8
=> Found no regressions, thank you very much for the security fixes !

Alex

Le jeu. 12 oct. 2023 à 17:14, Alex The Rocker  a écrit :
>
> Excellent news!
> I'm going to run some deep (applicative) tests with this candidate
> release and I will provide feedbacks asap
>
> Le jeu. 12 oct. 2023 à 15:28, Daniel Dias Dos Santos
>  a écrit :
> >
> > Hi
> >
> > +1
> >
> > Thanks
> >
> > On Thu, Oct 12, 2023, 10:26 benedict  wrote:
> >
> > > +1
> > >  Ursprüngliche Nachricht Von: Richard Zowalla <
> > > r...@apache.org> Datum: 12.10.23  14:59  (GMT+01:00) An:
> > > dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is a vote
> > > for a release of Apache TomEE 9.1.1.It is a maintenance release with
> > > dependenciesupgrades and bug fixes. The most notible change is dropping 
> > > our
> > > owncxf-shade in favour of CXF 4.0.3It also fixes the latest Tomcat
> > > vulnerabilities by backporting andpatching Tomcat inside the TomEE 9
> > > build.This release still passes the full EE9.1 TCK (thx to Jean-Louis &
> > > Jonfor triggering the builds) as well as the MP 5.0
> > > TCK.###Maven Repo:
> > > https://repository.apache.org/content/repositories/orgapachetomee-1220/tomee-9.1.1-rc1Testing
> > > TomEE 9.1.1 RC1
> > > https://repository.apache.org/content/repositories/orgapachetomee-1220/###Binaries
> > > & Source:
> > > https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release
> > > notes:
> > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here
> > > is an adoc generated version of the changelog as well:== Dependency
> > > upgrade[.compact] - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ
> > > 5.18.2 - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix
> > > for CVE-2023-34981 - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix
> > > for CVE-2023-41080 - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy Castle
> > > 1.75 - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy Castle
> > > 1.76 - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF 4.0.3
> > > (jakarta namespace) - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate
> > > 6.1.7 - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson
> > > 2.15.2 - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon
> > > 1.2.21 - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra 3.0.5
> > > - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port
> > > fix for CVE-2023-42795 - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for
> > > CVE-2023-44487 - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for
> > > CVE-2023-45648 - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML 2.2
> > > - link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250]WSS4J
> > > 3.0.1 - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]bcprov-jdk15to18-1.74.jar
> > > - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251]xmlsec
> > > 3.0.2== Bug[.compact] - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]@LoginToContinue
> > > JSR-375 (JavaEE Security API) causesIllegalArgumentException - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]Remove
> > > commons-net from TomEE distribution - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]DataSource
> > > definition fails when @DataSourceDefinition doesn't defineurl property==
> > > Improvement[.compact] - link:
> > > https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]Improve TomEE
> > > Jmx Mbean Support for Parameter Names== Fixed Common Vulnerabilities and
> > > Exposures (CVEs)[.c

Re: [VOTE] TomEE 9.1.1

2023-10-12 Thread Alex The Rocker

Excellent news!
I'm going to run some deep (applicative) tests with this candidate
release and I will provide feedbacks asap

Le jeu. 12 oct. 2023 à 15:28, Daniel Dias Dos Santos
 a écrit :
>
> Hi
>
> +1
>
> Thanks
>
> On Thu, Oct 12, 2023, 10:26 benedict  wrote:
>
> > +1
> >  Ursprüngliche Nachricht Von: Richard Zowalla <
> > r...@apache.org> Datum: 12.10.23  14:59  (GMT+01:00) An:
> > dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is a vote
> > for a release of Apache TomEE 9.1.1.It is a maintenance release with
> > dependenciesupgrades and bug fixes. The most notible change is dropping our
> > owncxf-shade in favour of CXF 4.0.3It also fixes the latest Tomcat
> > vulnerabilities by backporting andpatching Tomcat inside the TomEE 9
> > build.This release still passes the full EE9.1 TCK (thx to Jean-Louis &
> > Jonfor triggering the builds) as well as the MP 5.0
> > TCK.###Maven Repo:
> > https://repository.apache.org/content/repositories/orgapachetomee-1220/tomee-9.1.1-rc1Testing
> > TomEE 9.1.1 RC1
> > https://repository.apache.org/content/repositories/orgapachetomee-1220/###Binaries
> > & Source:
> > https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release
> > notes:
> > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here
> > is an adoc generated version of the changelog as well:== Dependency
> > upgrade[.compact] - link:
> > https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ
> > 5.18.2 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix
> > for CVE-2023-34981 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix
> > for CVE-2023-41080 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy Castle
> > 1.75 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy Castle
> > 1.76 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF 4.0.3
> > (jakarta namespace) - link:
> > https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate
> > 6.1.7 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson
> > 2.15.2 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon
> > 1.2.21 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra 3.0.5
> > - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port
> > fix for CVE-2023-42795 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for
> > CVE-2023-44487 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for
> > CVE-2023-45648 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML 2.2
> > - link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250]WSS4J
> > 3.0.1 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]bcprov-jdk15to18-1.74.jar
> > - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251]xmlsec
> > 3.0.2== Bug[.compact] - link:
> > https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]@LoginToContinue
> > JSR-375 (JavaEE Security API) causesIllegalArgumentException - link:
> > https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]Remove
> > commons-net from TomEE distribution - link:
> > https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]DataSource
> > definition fails when @DataSourceDefinition doesn't defineurl property==
> > Improvement[.compact] - link:
> > https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]Improve TomEE
> > Jmx Mbean Support for Parameter Names== Fixed Common Vulnerabilities and
> > Exposures (CVEs)[.compact] - link:
> > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix
> > for CVE-2023-34981 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix
> > for CVE-2023-41080 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for
> > CVE-2023-42795 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for
> > CVE-2023-44487 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for
> > CVE-2023-45648 - link:
> > https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson
> > 2.15.2###Here is the

Re: [VOTE] TomEE 9.1.1

2023-10-12 Thread Daniel Dias Dos Santos

Hi

+1

Thanks

On Thu, Oct 12, 2023, 10:26 benedict  wrote:

> +1
>  Ursprüngliche Nachricht Von: Richard Zowalla <
> r...@apache.org> Datum: 12.10.23  14:59  (GMT+01:00) An:
> dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is a vote
> for a release of Apache TomEE 9.1.1.It is a maintenance release with
> dependenciesupgrades and bug fixes. The most notible change is dropping our
> owncxf-shade in favour of CXF 4.0.3It also fixes the latest Tomcat
> vulnerabilities by backporting andpatching Tomcat inside the TomEE 9
> build.This release still passes the full EE9.1 TCK (thx to Jean-Louis &
> Jonfor triggering the builds) as well as the MP 5.0
> TCK.###Maven Repo:
> https://repository.apache.org/content/repositories/orgapachetomee-1220/tomee-9.1.1-rc1Testing
> TomEE 9.1.1 RC1
> https://repository.apache.org/content/repositories/orgapachetomee-1220/###Binaries
> & Source:
> https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release
> notes:
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here
> is an adoc generated version of the changelog as well:== Dependency
> upgrade[.compact] - link:
> https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ
> 5.18.2 - link:
> https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix
> for CVE-2023-34981 - link:
> https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix
> for CVE-2023-41080 - link:
> https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy Castle
> 1.75 - link:
> https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy Castle
> 1.76 - link:
> https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF 4.0.3
> (jakarta namespace) - link:
> https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate
> 6.1.7 - link:
> https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson
> 2.15.2 - link:
> https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon
> 1.2.21 - link:
> https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra 3.0.5
> - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port
> fix for CVE-2023-42795 - link:
> https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for
> CVE-2023-44487 - link:
> https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for
> CVE-2023-45648 - link:
> https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML 2.2
> - link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250]WSS4J
> 3.0.1 - link:
> https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]bcprov-jdk15to18-1.74.jar
> - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251]xmlsec
> 3.0.2== Bug[.compact] - link:
> https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]@LoginToContinue
> JSR-375 (JavaEE Security API) causesIllegalArgumentException - link:
> https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]Remove
> commons-net from TomEE distribution - link:
> https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]DataSource
> definition fails when @DataSourceDefinition doesn't defineurl property==
> Improvement[.compact] - link:
> https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]Improve TomEE
> Jmx Mbean Support for Parameter Names== Fixed Common Vulnerabilities and
> Exposures (CVEs)[.compact] - link:
> https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix
> for CVE-2023-34981 - link:
> https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix
> for CVE-2023-41080 - link:
> https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for
> CVE-2023-42795 - link:
> https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for
> CVE-2023-44487 - link:
> https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for
> CVE-2023-45648 - link:
> https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson
> 2.15.2###Here is the dependency diff from 9.1.0 to 9.1.1
> created with ourrelease tools: artifactId from to
> ---   jackson-annotations
> 2.15.1 2.15.2  jackson-core 2.15.1 2.15.2  jackson-databind 2.15.1 2.15.2
> jackson-dataformat-yaml 2.15.1 2.15.2  java-support 8.3.1 8.4.0
> activemq-client-jakarta 5.18.1 5.18.2  activemq-jdbc-store 5.18.1 5.18.2
> johnzon-core 1.2.20 1.2.21  johnzon-jaxrs 1.2.20 1.2.21  johnzon-jsonb
> 1.2.20 1.2.21  johnzon-jsonp-strict 1.2.20 1.2.21  johnzon-mapper 1.2.20
> 1.2.21  xmlsec 3.0.1 3.0.2  activemq-broker-shade

RE: [VOTE] TomEE 9.1.1

2023-10-12 Thread benedict

+1
 Ursprüngliche Nachricht Von: Richard Zowalla  
Datum: 12.10.23  14:59  (GMT+01:00) An: dev@tomee.apache.org Betreff: [VOTE] 
TomEE 9.1.1 Hi all,this is a vote for a release of Apache TomEE 9.1.1.It is a 
maintenance release with dependenciesupgrades and bug fixes. The most notible 
change is dropping our owncxf-shade in favour of CXF 4.0.3It also fixes the 
latest Tomcat vulnerabilities by backporting andpatching Tomcat inside the 
TomEE 9 build.This release still passes the full EE9.1 TCK (thx to Jean-Louis & 
Jonfor triggering the builds) as well as the MP 5.0 TCK.###Maven 
Repo:https://repository.apache.org/content/repositories/orgapachetomee-1220/tomee-9.1.1-rc1Testing
 TomEE 9.1.1 
RC1https://repository.apache.org/content/repositories/orgapachetomee-1220/###Binaries
 & 
Source:https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release
 
notes:https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here
 is an adoc generated version of the changelog as well:== Dependency 
upgrade[.compact] - 
link:https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ 
5.18.2 - 
link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix 
for CVE-2023-34981 - 
link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix 
for CVE-2023-41080 - 
link:https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy Castle 
1.75 - link:https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy 
Castle 1.76 - 
link:https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF 4.0.3 
(jakarta namespace) - 
link:https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate 
6.1.7 - 
link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson 2.15.2 
- link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon 
1.2.21 - 
link:https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra 3.0.5 
- link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for 
CVE-2023-42795 - 
link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for 
CVE-2023-44487 - 
link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for 
CVE-2023-45648 - 
link:https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML 2.2 
- link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250]WSS4J 3.0.1 
- 
link:https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]bcprov-jdk15to18-1.74.jar
 - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251]xmlsec 
3.0.2== Bug[.compact] - 
link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]@LoginToContinue
 JSR-375 (JavaEE Security API) causesIllegalArgumentException - 
link:https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]Remove 
commons-net from TomEE distribution - 
link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]DataSource 
definition fails when @DataSourceDefinition doesn't defineurl property== 
Improvement[.compact] - 
link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]Improve TomEE 
Jmx Mbean Support for Parameter Names== Fixed Common Vulnerabilities and 
Exposures (CVEs)[.compact] - 
link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix 
for CVE-2023-34981 - 
link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix 
for CVE-2023-41080 - 
link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for 
CVE-2023-42795 - 
link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for 
CVE-2023-44487 - 
link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for 
CVE-2023-45648 - 
link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson 
2.15.2###Here is the dependency diff from 9.1.0 to 9.1.1 created 
with ourrelease tools: artifactId from to --- 
  jackson-annotations 2.15.1 2.15.2  jackson-core 2.15.1 2.15.2 
 jackson-databind 2.15.1 2.15.2  jackson-dataformat-yaml 2.15.1 2.15.2  
java-support 8.3.1 8.4.0  activemq-client-jakarta 5.18.1 5.18.2  
activemq-jdbc-store 5.18.1 5.18.2  johnzon-core 1.2.20 1.2.21  johnzon-jaxrs 
1.2.20 1.2.21  johnzon-jsonb 1.2.20 1.2.21  johnzon-jsonp-strict 1.2.20 1.2.21  
johnzon-mapper 1.2.20 1.2.21  xmlsec 3.0.1 3.0.2  activemq-broker-shade 9.1.0 
9.1.1  activemq-kahadb-store-shade 9.1.0 9.1.1  activemq-ra-shade 9.1.0 9.1.1  
commons-dbcp2-shade 9.1.0 9.1.1  servicemix-bcel-shade 9.1.0 9.1.1  sxc-shade 
9.1.0 9.1.1  taglibs-shade 9.1.0 9.1.1  tomee-bootstrap 9.1.0 9.1.1  
xmlschema-core 2.2.5 2.3.1  wss4j-bindings 3.0.0 3.0.1  wss4j-policy 3.0.0 
3.0.1  wss4j-ws-security-common 3.0.0 3.0.1  wss4j-ws-security-dom 3.0.0 3.0.1  
wss4j-ws-security-policy-stax 3.0.0 3.0.1  wss4j-ws-

RE: [VOTE] TomEE 9.1.1

2023-10-12 Thread benedict

+1
 Ursprüngliche Nachricht Von: Richard Zowalla  
Datum: 12.10.23  14:59  (GMT+01:00) An: dev@tomee.apache.org Betreff: [VOTE] 
TomEE 9.1.1 Hi all,this is a vote for a release of Apache TomEE 9.1.1.It is a 
maintenance release with dependenciesupgrades and bug fixes. The most notible 
change is dropping our owncxf-shade in favour of CXF 4.0.3It also fixes the 
latest Tomcat vulnerabilities by backporting andpatching Tomcat inside the 
TomEE 9 build.This release still passes the full EE9.1 TCK (thx to Jean-Louis & 
Jonfor triggering the builds) as well as the MP 5.0 TCK.###Maven 
Repo:https://repository.apache.org/content/repositories/orgapachetomee-1220/tomee-9.1.1-rc1Testing
 TomEE 9.1.1 
RC1https://repository.apache.org/content/repositories/orgapachetomee-1220/###Binaries
 & 
Source:https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###Release
 
notes:https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331###Here
 is an adoc generated version of the changelog as well:== Dependency 
upgrade[.compact] - 
link:https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ 
5.18.2 - 
link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix 
for CVE-2023-34981 - 
link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix 
for CVE-2023-41080 - 
link:https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy Castle 
1.75 - link:https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy 
Castle 1.76 - 
link:https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF 4.0.3 
(jakarta namespace) - 
link:https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate 
6.1.7 - 
link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson 2.15.2 
- link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon 
1.2.21 - 
link:https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra 3.0.5 
- link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for 
CVE-2023-42795 - 
link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for 
CVE-2023-44487 - 
link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for 
CVE-2023-45648 - 
link:https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML 2.2 
- link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250]WSS4J 3.0.1 
- 
link:https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]bcprov-jdk15to18-1.74.jar
 - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251]xmlsec 
3.0.2== Bug[.compact] - 
link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]@LoginToContinue
 JSR-375 (JavaEE Security API) causesIllegalArgumentException - 
link:https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]Remove 
commons-net from TomEE distribution - 
link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]DataSource 
definition fails when @DataSourceDefinition doesn't defineurl property== 
Improvement[.compact] - 
link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]Improve TomEE 
Jmx Mbean Support for Parameter Names== Fixed Common Vulnerabilities and 
Exposures (CVEs)[.compact] - 
link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix 
for CVE-2023-34981 - 
link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix 
for CVE-2023-41080 - 
link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for 
CVE-2023-42795 - 
link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for 
CVE-2023-44487 - 
link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for 
CVE-2023-45648 - 
link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson 
2.15.2###Here is the dependency diff from 9.1.0 to 9.1.1 created 
with ourrelease tools: artifactId from to --- 
  jackson-annotations 2.15.1 2.15.2  jackson-core 2.15.1 2.15.2 
 jackson-databind 2.15.1 2.15.2  jackson-dataformat-yaml 2.15.1 2.15.2  
java-support 8.3.1 8.4.0  activemq-client-jakarta 5.18.1 5.18.2  
activemq-jdbc-store 5.18.1 5.18.2  johnzon-core 1.2.20 1.2.21  johnzon-jaxrs 
1.2.20 1.2.21  johnzon-jsonb 1.2.20 1.2.21  johnzon-jsonp-strict 1.2.20 1.2.21  
johnzon-mapper 1.2.20 1.2.21  xmlsec 3.0.1 3.0.2  activemq-broker-shade 9.1.0 
9.1.1  activemq-kahadb-store-shade 9.1.0 9.1.1  activemq-ra-shade 9.1.0 9.1.1  
commons-dbcp2-shade 9.1.0 9.1.1  servicemix-bcel-shade 9.1.0 9.1.1  sxc-shade 
9.1.0 9.1.1  taglibs-shade 9.1.0 9.1.1  tomee-bootstrap 9.1.0 9.1.1  
xmlschema-core 2.2.5 2.3.1  wss4j-bindings 3.0.0 3.0.1  wss4j-policy 3.0.0 
3.0.1  wss4j-ws-security-common 3.0.0 3.0.1  wss4j-ws-security-dom 3.0.0 3.0.1  
wss4j-ws-security-policy-stax 3.0.0 3.0.1  wss4j-ws-

[VOTE] TomEE 9.1.1

2023-10-12 Thread Richard Zowalla

Hi all,

this is a vote for a release of Apache TomEE 9.1.1.

It is a maintenance release with dependencies
upgrades and bug fixes. The most notible change is dropping our own
cxf-shade in favour of CXF 4.0.3

It also fixes the latest Tomcat vulnerabilities by backporting and
patching Tomcat inside the TomEE 9 build.

This release still passes the full EE9.1 TCK (thx to Jean-Louis & Jon
for triggering the builds) as well as the MP 5.0 TCK.

###

Maven Repo:
https://repository.apache.org/content/repositories/orgapachetomee-1220/



tomee-9.1.1-rc1
Testing TomEE 9.1.1 RC1

https://repository.apache.org/content/repositories/orgapachetomee-1220/




###

Binaries & Source:

https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/

###

Tag:

https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1


###

Release notes:

https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320=12353331

###

Here is an adoc generated version of the changelog as well:


== Dependency upgrade

[.compact]
 - link:https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]
ActiveMQ 5.18.2
 - link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]
Backport fix for CVE-2023-34981
 - link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]
Backport fix for CVE-2023-41080
 - link:https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]
Bouncy Castle 1.75
 - link:https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]
Bouncy Castle 1.76
 - link:https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]
CXF 4.0.3 (jakarta namespace)
 - link:https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]
Hibernate 6.1.7
 - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
Jackson 2.15.2
 - link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]
Johnzon 1.2.21
 - link:https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]
Mojarra 3.0.5
 - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]
Port fix for CVE-2023-42795
 - link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]
Port fix for CVE-2023-44487
 - link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]
Port fix for CVE-2023-45648
 - link:https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]
SnakeYAML 2.2
 - link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250]
WSS4J 3.0.1
 - link:https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]
bcprov-jdk15to18-1.74.jar
 - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251]
xmlsec 3.0.2

== Bug

[.compact]
 - link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]
@LoginToContinue JSR-375 (JavaEE Security API) causes
IllegalArgumentException
 - link:https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]
Remove commons-net from TomEE distribution
 - link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]
DataSource definition fails when @DataSourceDefinition doesn't define
url property

== Improvement

[.compact]
 - link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]
Improve TomEE Jmx Mbean Support for Parameter Names

== Fixed Common Vulnerabilities and Exposures (CVEs)

[.compact]
 - link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]
Backport fix for CVE-2023-34981
 - link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]
Backport fix for CVE-2023-41080
 - link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]
Port fix for CVE-2023-42795
 - link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]
Port fix for CVE-2023-44487
 - link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]
Port fix for CVE-2023-45648
 - link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]
Jackson 2.15.2


###

Here is the dependency diff from 9.1.0 to 9.1.1 created with our
release tools:


 artifactId from to 
---  
 jackson-annotations 2.15.1 2.15.2 
 jackson-core 2.15.1 2.15.2 
 jackson-databind 2.15.1 2.15.2 
 jackson-dataformat-yaml 2.15.1 2.15.2 
 java-support 8.3.1 8.4.0 
 activemq-client-jakarta 5.18.1 5.18.2 
 activemq-jdbc-store 5.18.1 5.18.2 
 johnzon-core 1.2.20 1.2.21 
 johnzon-jaxrs 1.2.20 1.2.21 
 johnzon-jsonb 1.2.20 1.2.21 
 johnzon-jsonp-strict 1.2.20 1.2.21 
 johnzon-mapper 1.2.20 1.2.21 
 xmlsec 3.0.1 3.0.2 
 activemq-broker-shade 9.1.0 9.1.1 
 activemq-kahadb-store-shade 9.1.0 9.1.1 
 activemq-ra-shade 9.1.0 9.1.1 
 commons-dbcp2-shade 9.1.0 9.1.1 
 servicemix-bcel-shade 9.1.0 9.1.1 
 sxc-shade 9.1.0 9.1.1 
 taglibs-shade 9.1.0 9.1.1 
 tomee-bootstrap 9.1.0 9.1.1 
 xmlschema-core 2.2.5 2.3.1 
 wss4j-bindings 3.0.0 3.0.1 
 wss4j-policy 3.0.0 3.0.1 
 wss4j-ws-security-common 3.0.0 3.0.1 
 wss4j-ws-security-dom 3.0.0 3.0.1 
 wss4j-ws-security-policy-stax 3.0.0 3.0.1 
 wss4j-ws-security-stax 3.0.0 3.0.1 
 bcpkix-jdk15to18 1.73 1.76 
 bcprov-jdk15to18 1.73

Re: [VOTE] TomEE 9.1.1

Re: [VOTE] TomEE 9.1.1

Re: [VOTE] TomEE 9.1.1

Re: [VOTE] TomEE 9.1.1

Re: [VOTE] TomEE 9.1.1

Re: [VOTE] TomEE 9.1.1

Re: [VOTE] TomEE 9.1.1

RE: [VOTE] TomEE 9.1.1

RE: [VOTE] TomEE 9.1.1

[VOTE] TomEE 9.1.1

10 matches

Site Navigation

Mail list logo

Footer information