rzo1 commented on PR #1033:
URL: https://github.com/apache/tomee/pull/1033#issuecomment-1514061904
Build is OK:
https://ci-builds.apache.org/job/Tomee/job/pull-request-9.x-manual/4/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to Gi
dependabot[bot] closed pull request #57: Bump jetty-server from 8.0.3.v20111011
to 9.4.41.v20210516 in /sandbox/jettyfun
URL: https://github.com/apache/openejb/pull/57
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
U
dependabot[bot] opened a new pull request, #76:
URL: https://github.com/apache/openejb/pull/76
Bumps [jetty-server](https://github.com/eclipse/jetty.project) from
8.0.3.v20111011 to 10.0.14.
Release notes
Sourced from https://github.com/eclipse/jetty.project/releases";>jetty-server
dependabot[bot] commented on PR #57:
URL: https://github.com/apache/openejb/pull/57#issuecomment-1513865650
Superseded by #76.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment
dependabot[bot] closed pull request #56: Bump jetty-server from 7.5.3.v20111011
to 9.4.41.v20210516 in /openejb
URL: https://github.com/apache/openejb/pull/56
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above
dependabot[bot] commented on PR #56:
URL: https://github.com/apache/openejb/pull/56#issuecomment-1513863664
Superseded by #75.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment
dependabot[bot] opened a new pull request, #75:
URL: https://github.com/apache/openejb/pull/75
Bumps [jetty-server](https://github.com/eclipse/jetty.project) from
7.5.3.v20111011 to 10.0.14.
Release notes
Sourced from https://github.com/eclipse/jetty.project/releases";>jetty-server
Yes, This will greatly help people with decision to move forward with
upgrade to a specific version.
I would be happy to collaborate with team but I’m very much new to this
process / doesn’t have clear steps on supporting such projects.
Thank you!
Nikhil Somasani
On Fri, 17 Mar 2023 at 12:52 AM,
rzo1 opened a new pull request, #1033:
URL: https://github.com/apache/tomee/pull/1033
This PR
1. patches Tomcat 10.0.27 for CVE-2023-28708 by applying the changeset from
https://github.com/apache/tomcat/commit/f509bbf31fc00abe3d9f25ebfabca5e05173da5b
2. patches Tomcat 1
Thanks Swell for providing more information on the consequences/side
effects.
This helps.
I'd say it depends how fast we can get a 10.0
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Tue, Apr 18, 2023 at 11:38 AM Swell wrote:
> Fixing cve should have prio
Backporting the change and patching within TomEE shouldn't be a big
deal (as we already patch Tomcat within TomEE) :)
Am Dienstag, dem 18.04.2023 um 11:37 +0200 schrieb Swell:
> Fixing cve should have priority over tck results, right ? That said
> do we
> want to maintain efforts on 9.1 or focus o
Fixing cve should have priority over tck results, right ? That said do we
want to maintain efforts on 9.1 or focus our resources and time on 10.0 ?
On the other hand, If we upgrade TomEE 9 with tomcat 10.1 we loose a status
method of servlet api used by EE9 versions of resteasy/jersey/etc.
Resulti
It's not only TCK it's breaking backward compatibility and potentially
impacting users because we'll change APIs signature and of course
implementation in Tomcat.
EL 3, Servlet 6 and TagLib 3 have breaking changes and methods/classes
removed.
--
Jean-Louis Monteiro
http://twitter.com/jlouismont
Hi,
I am +1 for it, but we need to decide, if we want to port the commons
fileupload cve to tomcat 10.0.27 or if we upgrade tp 10.1.x (and loose
EE9.1 tck compliance).
Gruß
Richard
Am Dienstag, dem 18.04.2023 um 10:01 +0200 schrieb Jean-Louis Monteiro:
> Hi all,
>
> Looks like our backlog is s
Hi all,
Looks like our backlog is starting to grow. We've done quite a lot of
updates and I was wondering if we should do a release for 9.1.0?
Note that there is an issue to fix before with the API Uber jar where the
tomcat classifier has the same content as the non tomcat classifier. This
was me
15 matches
Mail list logo