Please note my comment on the JIRA: These have already been done: Update to Jackson Databind 2.10.0: https://github.com/apache/tomee/commit/5e38138463f65146c4087da8085c8dcd93079ef1 TOMEE-2725 update beanutils to 1.9.4: https://github.com/apache/tomee/commit/0e433e9e565dac45c2c04368f8da6f1e827db295 TOMEE-2726 update Xmlsec to 2.1.4: https://github.com/apache/tomee/commit/e3b05ddf8e4e06286f45a936474fee4eee6dcc99
Shout if you think there are other dependency updates needed. Jon On Wed, Nov 13, 2019 at 2:09 PM Zowalla, Richard < richard.zowa...@hs-heilbronn.de> wrote: > Alright, I will proceed :) > > Best, > Richard > > Am Mittwoch, den 13.11.2019, 07:52 -0600 schrieb Richard Monson-Haefel: > > If you don't mind, Richard, can you do the upgrades and create a PR? We > can let it run overnight and see how it goes. > > I'm not sure as to what the best policy is for announcing the CVE so that > people know to upgrade. I think we should figure that out after the ci has > run. As an alternative you can run the full test suite on your own machine > (takes about an hour or something like that) and see if you pick up any > errors. I did this yesterday with a different PR but I don't have the > extra cycles to do it again today. > > On Wed, Nov 13, 2019 at 7:07 AM Zowalla, Richard < > richard.zowa...@hs-heilbronn.de> wrote: > > Sounds reasonable to me. If I can assist in upgrading, let me know. > > However, we should publish the link to the ASF CI somewhere, so we can > better monitor the current build status. > > Best, > Richard Z > > Am Mittwoch, den 13.11.2019, 07:00 -0600 schrieb Richard Monson-Haefel: > > Is this a matter of upgrading and testing or is there more to it than > > that? If that's it we can create a PR with the updates and let the asf ci > > run the tests and look for problems. > > > > On Wed, Nov 13, 2019 at 5:58 AM COURTAULT Francois < > > francois.courta...@thalesgroup.com> wrote: > > > Hello, > > > Could you take this JIRA entry ( > > https://issues.apache.org/jira/browse/TOMEE-2737) into account please ? > > > Best Regard. > > > > > ________________________________ > > This message and any attachments are intended solely for the addressees > > and may contain confidential information. Any unauthorized use or > > disclosure, either whole or partial, is prohibited. > > E-mails are susceptible to alteration. Our company shall not be liable for > > the message if altered, changed or falsified. If you are not the intended > > recipient of this message, please delete it and notify the sender. > > Although all reasonable efforts have been made to keep this transmission > > free from viruses, the sender will not be liable for damages caused by a > > transmitted virus. > > > > > > -- > > Richard Zowalla, M.Sc. > Research Associate, PhD Student | Medical Informatics > > > > Hochschule Heilbronn – University of Applied Sciences > Max-Planck-Str. 39 > D-74081 Heilbronn > phone: +49 7131 504 6791 > mail: richard.zowa...@hs-heilbronn.de > web: http://www.mi.hs-heilbronn.de/ > > > > -- > Richard Monson-Haefel > https://twitter.com/rmonson > https://www.linkedin.com/in/monsonhaefel/ > > -- > > Richard Zowalla, M.Sc. > Research Associate, PhD Student | Medical Informatics > > > > Hochschule Heilbronn – University of Applied Sciences > Max-Planck-Str. 39 > D-74081 Heilbronn > phone: +49 7131 504 6791 > mail: richard.zowa...@hs-heilbronn.de > web: http://www.mi.hs-heilbronn.de/ >