AW: [VOTE] Apache TomEE 9.1.3

Mon, 08 Apr 2024 03:28:48 -0700 

+1

Thank you!
Frankie
> -----Ursprüngliche Nachricht-----
> Von: Richard Zowalla <r...@apache.org>
> Gesendet: Montag, 8. April 2024 11:34
> An: dev@tomee.apache.org
> Betreff: [VOTE] Apache TomEE 9.1.3
> 
> Hello everyone,
> 
> This is a vote for the release of Apache TomEE 9.1.3
> 
> It contains some version upgrades (cxf, jackson, batchee) and security
> backports for the recent Tomcat CVEs.
> 
> Here are the hard facts:
> 
> ###############
> 
> Maven Repo:
> https://repository.apache.org/content/repositories/orgapachetomee-1227/
> 
> <repositories>
> <repository>
> <id>tomee-9.1.3-rc1</id>
> <name>Testing TomEE 9.1.3</name>
> <url>
> https://repository.apache.org/content/repositories/orgapachetomee-1227/
> </url>
> </repository>
> </repositories>
> 
> ###############
> 
> Binaries & Source:
> 
> https://dist.apache.org/repos/dist/dev/tomee/staging-1227/tomee-9.1.3/
> 
> ###############
> 
> Tag:
> 
> https://github.com/apache/tomee/releases/tag/tomee-project-9.1.3
> 
> ###############
> 
> Release notes:
> 
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320
> &version=12354125
> 
> ###############
> 
> Here is an adoc generated version of the changelog as well:
> 
> == Dependency upgrade
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4305[TOMEE-4305]
> Backport fix for CVE-2024-23672 for TomEE 9.x
>  - link:https://issues.apache.org/jira/browse/TOMEE-4306[TOMEE-4306]
> Backport fix for CVE-2024-24549 for TomEE 9.x
>  - link:https://issues.apache.org/jira/browse/TOMEE-4316[TOMEE-4316]
> BatchEE 1.0.4
>  - link:https://issues.apache.org/jira/browse/TOMEE-4290[TOMEE-4290]
> Jackson 2.16.2
>  - link:https://issues.apache.org/jira/browse/TOMEE-4304[TOMEE-4304]
> cxf-core 4.0.4
> 
> == New Feature
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-3902[TOMEE-3902]
> Introduce placeholder replacement to enable MDB activation properties to
> be more customizable
> 
> == Bug
> 
> [.compact]
>  - link:https://issues.apache.org/jira/browse/TOMEE-4295[TOMEE-4295]
> tomee-embedded-maven-plugin does not register microprofile endpoints
> 
> 
> ###############
> 
> Please note:
> 
> Grype will report a vulnerability for
> 
> apache-mime4j-core  0.8.7      0.8.10    java-archive  GHSA-jw7r-rxff-
> gv24  Medium
> 
> which is shaded inside of "geronimo-mail_2.1_spec-1.0.0-M1.jar".
> 
> In it's current version, the dependency is _NOT_ used inside of geronimo
> mail impl, so unless you are using the shaded classes yourself, we are not
> affected here.
> There is also another mail thread related to mail.
> 
> For signature verification, you can check on the example script here:
> https://gist.github.com/rzo1/9fb1ca0d58e1fc982d596f2a94b10b32
> 
> ###############
> 
> Please VOTE
> 
> [+1] go ship it
> [+0] meh, don't care
> [-1] stop, there is a ${showstopper}
> 
> The VOTE is open for 72h or as long as needed.
> 
> Gruß
> Richard
> 
> 
> P.S. On a personal note: This will be the last TomEE 9.1.x release I will be
> working on (no backports from my side anymore). I decided to invest my
> volunteer time in TomEE 10+ only. If someone else wants to maintain the 9.x
> line, I am happy to review related PRs.

Reply via email to