+1 Am Mi., 28. Sept. 2022 um 19:45 Uhr schrieb Alex The Rocker < [email protected]>:
> Hi there, > > +1 for a TomEE 8.013 ASAP provided it includes fix for: > > CVE-2021-43980 Apache Tomcat - Information Disclosure > > Kind regards, > Alex > > Le mer. 28 sept. 2022 à 18:45, Zowalla, Richard > <[email protected]> a écrit : > > > > Hi all, > > > > our last 8.x release was in June and we have 22 pending updates/issues > > for 8.0.13. Mostly dependency updates (johnzon, dbcp2, myfaces, hsqldb, > > tomcat, jakarta faces), and some minor bugs (windows, jdk17+ related > > backports), see below. > > > > We might need to go through the 3rd party libs again and see, if there > > are additional updates we might want to include. > > > > Would be worth to do a release soon (Mid/End of October?), imho. > > > > Is there anything else we should include / patch before doing a 8.0.13? > > Any objections? > > > > Wdyt? > > > > Gruß > > Richard > > > > > > == Dependency upgrade > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-3985[TOMEE-3985] > BatchEE 1.0.2 > > - link:https://issues.apache.org/jira/browse/TOMEE-3800[TOMEE-3800] > DBCP 2.9.0 > > - link:https://issues.apache.org/jira/browse/TOMEE-3986[TOMEE-3986] > Hibernate Integration 5.6.9.Final > > - link:https://issues.apache.org/jira/browse/TOMEE-4042[TOMEE-4042] > Jackson 2.13.4 > > - link:https://issues.apache.org/jira/browse/TOMEE-4020[TOMEE-4020] > Jakarta Faces 2.3.18 > > - link:https://issues.apache.org/jira/browse/TOMEE-4026[TOMEE-4026] > Johnzon 1.2.19 > > - link:https://issues.apache.org/jira/browse/TOMEE-4030[TOMEE-4030] > Log4J2 2.18.0 > > - link:https://issues.apache.org/jira/browse/TOMEE-3998[TOMEE-3998] > MyFaces 2.3.10 > > - link:https://issues.apache.org/jira/browse/TOMEE-4044[TOMEE-4044] > Snakeyaml 1.32 > > - link:https://issues.apache.org/jira/browse/TOMEE-4002[TOMEE-4002] > Tomcat 9.0.64 > > - link:https://issues.apache.org/jira/browse/TOMEE-4051[TOMEE-4051] > Tomcat 9.0.65 > > - link:https://issues.apache.org/jira/browse/TOMEE-4018[TOMEE-4018] > bcprov-jdk15on 1.70 > > > > == Bug > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4021[TOMEE-4021] > Unexpected ehcache 3.8.1 in tomee/lib > > - link:https://issues.apache.org/jira/browse/TOMEE-4014[TOMEE-4014] > Unable to see TomEE version in Tomcat home page with Java 17 > > - link:https://issues.apache.org/jira/browse/TOMEE-4019[TOMEE-4019] > HSQLDB 2.7.0 > > - link:https://issues.apache.org/jira/browse/TOMEE-3979[TOMEE-3979] > service.bat issue when using JRE_HOME on Windows > > - link:https://issues.apache.org/jira/browse/TOMEE-4041[TOMEE-4041] 4 > CVE Vulnerabilities in snakeyaml-1.30.jar > > - link:https://issues.apache.org/jira/browse/TOMEE-4001[TOMEE-4001] > CVE-2022-34305 displaying user provided data without filtering, exposing a > XSS vulnerability > > > > == Improvement > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4000[TOMEE-4000] > Add security.txt to website > > - link:https://issues.apache.org/jira/browse/TOMEE-3878[TOMEE-3878] > Backport TOMEE-3877 to TomEE 8.x > > - link:https://issues.apache.org/jira/browse/TOMEE-3914[TOMEE-3914] > Spring 3 Dependencies in TomEE Root POM > > > > == Task > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4022[TOMEE-4022] > Move to Apache Rat > > > > == Fixed Common Vulnerabilities and Exposures (CVEs) > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4041[TOMEE-4041] 4 > CVE Vulnerabilities in snakeyaml-1.30.jar > > - link:https://issues.apache.org/jira/browse/TOMEE-4001[TOMEE-4001] > CVE-2022-34305 displaying user provided data without filtering, exposing a > XSS vulnerability >
