I will note that I am of course happy to either: a) track down why that is now included, and remove it if appropriate b) modify the license/notice files as appropriate
and re-roll. A note on dependencies - there a is legal report in the original post which should contain all the details for review. The following dependencies have been upgraded since 7.0.4: Tomcat => 8.5.30 CXF => 3.1.15 Johnzon => 1.0.1 OWB => 1.7.5 XBean => 4.9 XmlSchema core => 2.2.3 No other libraries have changed, but I do suggest you verify for yourself (I have the zips for both 7.0.4 and 7.0.5 in a diff viewer here). Jon On Mon, Jul 9, 2018 at 10:27 AM, Jonathan Gallimore < [email protected]> wrote: > That library was also present in 7.0.4 Plus. > > Jon > > On Mon, Jul 9, 2018 at 10:01 AM, Romain Manni-Bucau <[email protected] > > wrote: > >> Hi, >> >> It seems we bundle javax.xml.soap-api-1.3.5.jar now in plus flavor (guess >> it is a "leak" due to some dep upgrade), its license is CDDL+GPL1.1. I >> didn't see the notice/license work done. Was it intended or as I'm >> thinking >> a silent transitive issue? >> >> Romain Manni-Bucau >> @rmannibucau <https://twitter.com/rmannibucau> | Blog >> <https://rmannibucau.metawerx.net/> | Old Blog >> <http://rmannibucau.wordpress.com> | Github < >> https://github.com/rmannibucau> | >> LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book >> <https://www.packtpub.com/application-development/java-ee-8- >> high-performance> >> >> >> Le lun. 9 juil. 2018 à 10:55, Jean-Louis Monteiro < >> [email protected]> >> a écrit : >> >> > +1 >> > >> > Build ok >> > Small demo and test applications running. >> > >> > -- >> > Jean-Louis Monteiro >> > http://twitter.com/jlouismonteiro >> > http://www.tomitribe.com >> > >> > On Mon, Jul 9, 2018 at 9:57 AM, Alex The Rocker <[email protected]> >> > wrote: >> > >> > > Hello, >> > > >> > > +1 (non binding) >> > > >> > > Used this 7.0.5 release candidate to deploy 15+ different web apps >> > > (including one on Windows, all others on Linux) using very different >> > > aspects of Java EE. >> > > All running with ORACLE Server JRE 8 update 172. >> > > And got no regression as far as we're checking tests results. >> > > >> > > But if there's another 7.0.5 build + vote cycle, then upgrading Tomcat >> > > dependency to Tomcat 8.5.32 (instead of Tomcat 8.5.30 part of this >> > > vote cycle) would be nice to include this security fix: >> > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8014 >> > > >> > > Kind regards, >> > > Alexandre >> > > >> > > >> > > 2018-07-04 10:33 GMT+02:00 Jonathan Gallimore < >> > > [email protected]>: >> > > > Hi Everyone, >> > > > >> > > > Here is the initial roll of TomEE 7.0.5. Please can you take a look >> and >> > > > vote? Everyone, committer or not, is encouraged to test and vote. >> > > > >> > > > Staging repo: >> > > > https://repository.apache.org/content/repositories/orgapache >> tomee-1113 >> > > > >> > > > Source zip: >> > > > /org/apache/tomee/tomee-project/7.0.5/tomee-project-7. >> > > 0.5-source-release.zip >> > > > <https://repository.apache.org/service/local/ >> > > repositories/orgapachetomee-1113/content/org/apache/tomee/ >> > > tomee-project/7.0.5/tomee-project-7.0.5-source-release.zip> >> > > > >> > > > Dist area: >> > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1113/ >> > > > >> > > > Legal: >> > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1113/legal.zip >> > > > >> > > > Keys: >> > > > https://dist.apache.org/repos/dist/release/tomee/KEYS >> > > > >> > > > Changelog: >> > > > https://issues.apache.org/jira/browse/TOMEE-2175?jql= >> > > > project%20%3D%20TOMEE%20AND%20(status%20%3D%20Resolved% >> > > > 20OR%20status%20%3D%20CLOSED)%20AND%20fixVersion%20%3D%207. >> > > > 0.5%20ORDER%20BY%20priority%20DESC%2C%20updated%20DESC >> > > > >> > > > (If anyone knows a better way to get that list, let me know ;-) ) >> > > > >> > > > Please vote: >> > > > +1: Release >> > > > -1 Do not release because ... >> > > > >> > > > The vote will be open for 3 days or the consensus is binding (At >> least >> > 3 >> > > > binding votes). >> > > > >> > > > Many thanks >> > > > >> > > > Jon >> > > >> > >> > >
