Thanks Richard, I first merged the PR, but had to revert the version because of some compilation issues. I don't think it's hard to fix, but I'll have to look later -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com
On Mon, Dec 21, 2020 at 8:39 AM Zowalla, Richard < richard.zowa...@hs-heilbronn.de> wrote: > I created a related PR https://github.com/apache/tomee/pull/742 > > Gruss > Richard > > Am Montag, den 21.12.2020, 00:18 +0000 schrieb Bruce Heavey: > > I don’t really feel comfortable making contributions yet sorry - > > better to leave that to the experts! > > > > But I’m happy to raise the JIRA ticket, I've created TOMEE 2947 for > > this, cheers! > > https://issues.apache.org/jira/browse/TOMEE-2947 > > > > > > -----Original Message----- > > From: Jean-Louis Monteiro <jlmonte...@tomitribe.com> > > Sent: Friday, 18 December 2020 6:11 PM > > To: users@tomee.apache.org > > Subject: Re: TomEE 8.0.5 tomcat/quartz-openejb-shade dependency > > versions > > > > Hi Bruce, > > > > Glad the upgrade went well. > > > > 1/ I checked the pom file of the 8.0.5 > > https://github.com/apache/tomee/blob/tomee-8.0.5/pom.xml#L148 > > Tomcat seems to be 9.0.39 in there so what you see in the logs is > > fine. > > > > It probably got added after the release. > > > https://github.com/apache/tomee/commit/eb2928435685d3e5fb184d0aa945efbfe06f26a4 > > > > The day after the release actually. > > > > 2/ You are correct I think. > > We should upgrade to 2.2.4 > > > > Would you like to create the ticket and the PR? > > It's fairly simple and would be awesome to have you fix it. > > > > If not, lemme know and I can do it. > > > > -- > > Jean-Louis Monteiro > > http://twitter.com/jlouismonteiro > > http://www.tomitribe.com > > > > > > On Fri, Dec 18, 2020 at 6:17 AM Bruce Heavey <bru...@rmt.com.au> > > wrote: > > > > > Hi, > > > > > > > > > > > > We've recently upgraded from TomEE 1.7.5 up to TomEE 8.0.5 which > > > has > > > been a pretty smooth transition for us, but and I'm a bit puzzled > > > by 2 things: > > > > > > > > > 1. The list of changes in 8.0.5 ( > > > https://github.com/apache/tomee/compare/tomee-8.0.5...master) > > > indicates the version of Tomcat has bumped up to 9.0.40, but when > > > my > > > TomEE 8.0.5 starts up it looks like it's still using 9.0.39: > > > "Server version name: > > > Apache Tomcat (TomEE)/9.0.39 (8.0.5)". > > > > > > 2. Really happy to see CVE-2019-13990 addressed in TOMEE- > > > 2672 ( > > > https://issues.apache.org/jira/browse/TOMEE-2672). But TomEE 8.0.5 > > > still seems to be shipping the old jar file not the new one with > > > the fix in it. > > > https://github.com/apache/tomee/blob/master/pom.xml should the > > > version > > > of quartz-openejb-shade have been bumped up to 2.2.4 when TOMEE- > > > 2672 > > > was fixed? In our local build we're currently replacing the old > > > jar > > > file with the new jar file to address the issue. > > > > > > > > > > > > Thanks in advance, > > > > > > Bruce > > > > -- > Richard Zowalla, M.Sc. > Research Associate, PhD Student | Medical Informatics > > Hochschule Heilbronn – University of Applied Sciences > Max-Planck-Str. 39 > D-74081 Heilbronn > phone: +49 7131 504 6791 > mail: richard.zowa...@hs-heilbronn.de > web: https://www.mi.hs-heilbronn.de/ >