also created 2 issues for further dependency upgrades:
https://issues.apache.org/jira/browse/TOMEE-4130
https://issues.apache.org/jira/browse/TOMEE-4129
is there a reason we dont have the github dependabot on master and 8.0x?
Am Do., 22. Dez. 2022 um 15:07 Uhr schrieb Thomas Andraschko <
+1 for this as it will fix the new CXF CVE
Am Mi., 21. Dez. 2022 um 11:03 Uhr schrieb Richard Zowalla :
> To follow up on that:
>
> I had a quick conversation with Jon about that topic.
> We need to fix TOMEE-4014 (regarding the keep.version property, see
> [1]) before we can bring up a release
