Ok - judging from the changelog of bval 2.0.6, there isn't that much different aside from the jakarta migrations.
I will - for now - revert the upgrade on 8.x back to 2.0.5, document the issue and we can come back to it later again. Am Donnerstag, dem 06.10.2022 um 17:00 +0200 schrieb Jean-Louis Monteiro: > I'm fully focused on TomEE 9 at the moment. I'll have a look to the > BVal > failure though in case it comes to my mind. > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com > > > On Thu, Oct 6, 2022 at 2:31 PM Zowalla, Richard < > [email protected]> wrote: > > > Hi, > > > > a short update here. Looks like we are +1 for doing a release > > rather > > soon than later. > > > > Swell and myself did some dependency updates in the last days. > > > > I think, that we are in a good shape soon but need to address the > > following things: > > > > (A) BVAL 2.0.6 > > > > Currently, we have one bval tck test failing in TomEE, which is > > similar > > to [1]. I asked JL on Slack for help as he seems to be the person > > who > > solved it in [1]. Otherwise, we might revert the upgrade. > > > > (B) TOMEE-4066 > > > > Jackson seems to be affected by CVE-2022-42004 and CVE-2022-42003. > > The > > latter requires 2.14.0-rc1 as a fixed version. 2.14.0 final is > > planned > > for mid october [2], so we either ship with rc1 or wait until mid > > october. > > > > Gruß > > Richard > > > > > > > > [1] https://www.mail-archive.com/[email protected]/msg14542.html > > [2] > > https://groups.google.com/g/jackson-dev/c/RuiMDNM3vpQ/m/FgLnTxBPAwAJ > > > > > > Am Donnerstag, dem 29.09.2022 um 10:22 +0100 schrieb Jonathan > > Gallimore: > > > +1. And yes, this willinclude the fix to mitigate CVE-2021-43980. > > > > > > Jon > > > > > > On Wed, Sep 28, 2022 at 6:45 PM Alex The Rocker < > > > [email protected] > > > wrote: > > > > > > > Hi there, > > > > > > > > +1 for a TomEE 8.013 ASAP provided it includes fix for: > > > > > > > > CVE-2021-43980 Apache Tomcat - Information Disclosure > > > > > > > > Kind regards, > > > > Alex > > > > > > > > Le mer. 28 sept. 2022 à 18:45, Zowalla, Richard > > > > <[email protected]> a écrit : > > > > > Hi all, > > > > > > > > > > our last 8.x release was in June and we have 22 pending > > > > > updates/issues > > > > > for 8.0.13. Mostly dependency updates (johnzon, dbcp2, > > > > > myfaces, > > > > > hsqldb, > > > > > tomcat, jakarta faces), and some minor bugs (windows, jdk17+ > > > > > related > > > > > backports), see below. > > > > > > > > > > We might need to go through the 3rd party libs again and see, > > > > > if > > > > > there > > > > > are additional updates we might want to include. > > > > > > > > > > Would be worth to do a release soon (Mid/End of October?), > > > > > imho. > > > > > > > > > > Is there anything else we should include / patch before doing > > > > > a > > > > > 8.0.13? > > > > > Any objections? > > > > > > > > > > Wdyt? > > > > > > > > > > Gruß > > > > > Richard > > > > > > > > > > > > > > > == Dependency upgrade > > > > > > > > > > [.compact] > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-3985[TOMEE-3985] > > > > BatchEE 1.0.2 > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-3800[TOMEE-3800] > > > > DBCP 2.9.0 > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-3986[TOMEE-3986] > > > > Hibernate Integration 5.6.9.Final > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4042[TOMEE-4042] > > > > Jackson 2.13.4 > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4020[TOMEE-4020] > > > > Jakarta Faces 2.3.18 > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4026[TOMEE-4026] > > > > Johnzon 1.2.19 > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4030[TOMEE-4030] > > > > Log4J2 2.18.0 > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-3998[TOMEE-3998] > > > > MyFaces 2.3.10 > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4044[TOMEE-4044] > > > > Snakeyaml 1.32 > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4002[TOMEE-4002] > > > > Tomcat 9.0.64 > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4051[TOMEE-4051] > > > > Tomcat 9.0.65 > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4018[TOMEE-4018] > > > > bcprov-jdk15on 1.70 > > > > > == Bug > > > > > > > > > > [.compact] > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4021[TOMEE-4021] > > > > Unexpected ehcache 3.8.1 in tomee/lib > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4014[TOMEE-4014] > > > > Unable to see TomEE version in Tomcat home page with Java 17 > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4019[TOMEE-4019] > > > > HSQLDB 2.7.0 > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-3979[TOMEE-3979] > > > > service.bat issue when using JRE_HOME on Windows > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4041[TOMEE-4041] > > > > > 4 > > > > CVE Vulnerabilities in snakeyaml-1.30.jar > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4001[TOMEE-4001] > > > > CVE-2022-34305 displaying user provided data without filtering, > > > > exposing a > > > > XSS vulnerability > > > > > == Improvement > > > > > > > > > > [.compact] > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4000[TOMEE-4000] > > > > Add security.txt to website > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-3878[TOMEE-3878] > > > > Backport TOMEE-3877 to TomEE 8.x > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-3914[TOMEE-3914] > > > > Spring 3 Dependencies in TomEE Root POM > > > > > == Task > > > > > > > > > > [.compact] > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4022[TOMEE-4022] > > > > Move to Apache Rat > > > > > == Fixed Common Vulnerabilities and Exposures (CVEs) > > > > > > > > > > [.compact] > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4041[TOMEE-4041] > > > > > 4 > > > > CVE Vulnerabilities in snakeyaml-1.30.jar > > > > > - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4001[TOMEE-4001] > > > > CVE-2022-34305 displaying user provided data without filtering, > > > > exposing a > > > > XSS vulnerability > > > >
smime.p7s
Description: S/MIME cryptographic signature
