Ok - judging from the changelog of bval 2.0.6, there isn't that much
different aside from the jakarta migrations.
I will - for now - revert the upgrade on 8.x back to 2.0.5, document
the issue and we can come back to it later again.
Am Donnerstag, dem 06.10.2022 um 17:00 +0200 schrieb Jean-Louis
I'm fully focused on TomEE 9 at the moment. I'll have a look to the BVal
failure though in case it comes to my mind.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Thu, Oct 6, 2022 at 2:31 PM Zowalla, Richard <
richard.zowa...@hs-heilbronn.de> wrote:
> Hi,
>
+1 for a TomEE 8.0.3 with fixes for CVE-2022-40149, CVE-2022-40150,
CVE-2022-42003 and CVE-2022-42004 : all 4 CVEs have 7.5 (High) score
according to https://nvd.nist.gov/vuln
=> it's important to make sure any new TomEE release has no know High
(or higher severity) CVEs when released, since "repu
Hi,
a short update here. Looks like we are +1 for doing a release rather
soon than later.
Swell and myself did some dependency updates in the last days.
I think, that we are in a good shape soon but need to address the
following things:
(A) BVAL 2.0.6
Currently, we have one bval tck test faili
+1. And yes, this willinclude the fix to mitigate CVE-2021-43980.
Jon
On Wed, Sep 28, 2022 at 6:45 PM Alex The Rocker
wrote:
> Hi there,
>
> +1 for a TomEE 8.013 ASAP provided it includes fix for:
>
> CVE-2021-43980 Apache Tomcat - Information Disclosure
>
> Kind regards,
> Alex
>
> Le mer. 28
+1
Am Mi., 28. Sept. 2022 um 19:45 Uhr schrieb Alex The Rocker <
alex.m3...@gmail.com>:
> Hi there,
>
> +1 for a TomEE 8.013 ASAP provided it includes fix for:
>
> CVE-2021-43980 Apache Tomcat - Information Disclosure
>
> Kind regards,
> Alex
>
> Le mer. 28 sept. 2022 à 18:45, Zowalla, Richard
>
Hi there,
+1 for a TomEE 8.013 ASAP provided it includes fix for:
CVE-2021-43980 Apache Tomcat - Information Disclosure
Kind regards,
Alex
Le mer. 28 sept. 2022 à 18:45, Zowalla, Richard
a écrit :
>
> Hi all,
>
> our last 8.x release was in June and we have 22 pending updates/issues
> for 8.0.
Hi all,
our last 8.x release was in June and we have 22 pending updates/issues
for 8.0.13. Mostly dependency updates (johnzon, dbcp2, myfaces, hsqldb,
tomcat, jakarta faces), and some minor bugs (windows, jdk17+ related
backports), see below.
We might need to go through the 3rd party libs again