Hi Thanks for the reviews and votes. We've had 3 binding +1 votes:
Jean-Louis Monteiro David Blevins Jonathan Gallimore and no other votes, so this vote has passed, and I'll promote the artifacts. Thanks Jon On Sun, Sep 8, 2019 at 9:26 PM Jonathan Gallimore < [email protected]> wrote: > Hi > > This is a vote for releasing an updated quartz-openejb-shade jar. This is > used by OpenEJB core to provide EJB timer services. We shade quartz to > avoid conflicts if users provide it in their applications themselves. > Quartz itself was vulnerable to an External XML Entity Processing issue > (XXE), and in turn, so is our shaded version. This release shades an up to > date Quartz package with the XXE fixed. > > *Sources* > > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip > > *Binary* > > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar > > *Change* > https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the > update in TomEE will refer to this as well). > > Please VOTE > [+1] all fine, ship it > [+0] don't care > [-1] stop, because ${reason} > > The VOTE is open for 72h. > > Many thanks > > Jon >
