Hi all, +1 (non-binding)
Tested with several projects (primarily web services, JSF…), both on Linux & Mac OS, each under OpenJDK 17 (latest). Best Martin — https://twitter.com/mawiesne <https://twitter.com/mawiesne> > Am 15.10.2022 um 19:41 schrieb Daniel Dias Dos Santos > <daniel.dias.analist...@gmail.com>: > > Hello, > > +1 > > On Sat, Oct 15, 2022, 14:39 Richard Zowalla <r...@apache.org> wrote: > >> Any more votes? >> >> Am Dienstag, dem 11.10.2022 um 19:59 +0200 schrieb Richard Zowalla: >>> Hi all, >>> >>> this is a first attempt at a vote for a release of Apache TomEE >>> 8.0.13. >>> >>> It is a maintenance release with some bug fixes and dependencies >>> upgrades. >>> >>> ############### >>> >>> Maven Repo: >>> https://repository.apache.org/content/repositories/orgapachetomee-1207 >>> >>> <repositories> >>> <repository> >>> <id>tomee-8.0.13-release-test</id> >>> <name>Testing TomEE 8.0.13 release candidate</name> >>> <url> >>> https://repository.apache.org/content/repositories/orgapachetomee-1207 >>> </url> >>> </repository> >>> </repositories> >>> >>> ############### >>> >>> Binaries & Source: >>> >>> https://dist.apache.org/repos/dist/dev/tomee/staging-1207/tomee-8.0.13/ >>> >>> ############### >>> >>> Tag: >>> >>> https://github.com/apache/tomee/releases/tag/tomee-project-8.0.13 >>> >>> ############### >>> >>> Latest CI/CD build: >>> >>> https://ci-builds.apache.org/job/Tomee/job/tomee-8.x-build-full/226/ >>> >>> ############### >>> >>> Release notes: >>> >>> >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12351820 >>> >>> ############### >>> >>> Here is an adoc generated version of the changelog as well: >>> >>> == Dependency upgrade >>> >>> [.compact] >>> - link:https://issues.apache.org/jira/browse/TOMEE-3985[TOMEE-3985] >>> BatchEE 1.0.2 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4057[TOMEE-4057] >>> CXF 3.4.8 >>> - link:https://issues.apache.org/jira/browse/TOMEE-3800[TOMEE-3800] >>> DBCP 2.9.0 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4059[TOMEE-4059] >>> EclipseLink 2.7.11 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4063[TOMEE-4063] >>> Geronimo Transaction Manager 3.1.5 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4019[TOMEE-4019] >>> HSQLDB 2.7.0 >>> - link:https://issues.apache.org/jira/browse/TOMEE-3986[TOMEE-3986] >>> Hibernate Integration 5.6.9.Final >>> - link:https://issues.apache.org/jira/browse/TOMEE-4042[TOMEE-4042] >>> Jackson 2.13.4 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4067[TOMEE-4067] >>> Jackson 2.14.0-rc1 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4020[TOMEE-4020] >>> Jakarta Faces 2.3.18 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4026[TOMEE-4026] >>> Johnzon 1.2.19 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4030[TOMEE-4030] >>> Log4J2 2.18.0 >>> - link:https://issues.apache.org/jira/browse/TOMEE-3998[TOMEE-3998] >>> MyFaces 2.3.10 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4044[TOMEE-4044] >>> Snakeyaml 1.32 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4054[TOMEE-4054] >>> Snakeyaml 1.33 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4002[TOMEE-4002] >>> Tomcat 9.0.64 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4051[TOMEE-4051] >>> Tomcat 9.0.65 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4060[TOMEE-4060] >>> Tomcat 9.0.67 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4087[TOMEE-4087] >>> Tomcat 9.0.68 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4018[TOMEE-4018] >>> bcprov-jdk15on 1.70 >>> >>> == New Feature >>> >>> [.compact] >>> - link:https://issues.apache.org/jira/browse/TOMEE-3928[TOMEE-3928] >>> Example for properties provider >>> >>> == Bug >>> >>> [.compact] >>> - link:https://issues.apache.org/jira/browse/TOMEE-4021[TOMEE-4021] >>> Unexpected ehcache 3.8.1 in tomee/lib >>> - link:https://issues.apache.org/jira/browse/TOMEE-3850[TOMEE-3850] >>> HTTP(S) connections are not reused >>> - link:https://issues.apache.org/jira/browse/TOMEE-4014[TOMEE-4014] >>> Unable to see TomEE version in Tomcat home page with Java 17 >>> - link:https://issues.apache.org/jira/browse/TOMEE-3979[TOMEE-3979] >>> service.bat issue when using JRE_HOME on Windows >>> - link:https://issues.apache.org/jira/browse/TOMEE-4041[TOMEE-4041] >>> 4 >>> CVE Vulnerabilities in snakeyaml-1.30.jar >>> - link:https://issues.apache.org/jira/browse/TOMEE-4001[TOMEE-4001] >>> CVE-2022-34305 displaying user provided data without filtering, >>> exposing a XSS vulnerability >>> >>> == Improvement >>> >>> [.compact] >>> - link:https://issues.apache.org/jira/browse/TOMEE-3878[TOMEE-3878] >>> Backport 'No interface view EJB proxies broken on JDK16+' [TOMEE- >>> 3877] to TomEE 8.x >>> >>> == Task >>> >>> [.compact] >>> - link:https://issues.apache.org/jira/browse/TOMEE-4064[TOMEE-4064] >>> OpenJPA 3.2.2 (examples), EclipseLink 2.7.11 (examples), Derby >>> 10.14.2.0 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4022[TOMEE-4022] >>> Move to Apache Rat >>> - link:https://issues.apache.org/jira/browse/TOMEE-4056[TOMEE-4056] >>> Log4J2 2.19.0 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4058[TOMEE-4058] >>> Update Krazo, DeltaSpike and Hibernate >>> - link:https://issues.apache.org/jira/browse/TOMEE-3914[TOMEE-3914] >>> Spring 3 Dependencies in TomEE Root POM >>> - link:https://issues.apache.org/jira/browse/TOMEE-4088[TOMEE-4088] >>> Add workaround for CVE-2022-41853 (hsqldb) >>> >>> == Documentation >>> >>> [.compact] >>> - link:https://issues.apache.org/jira/browse/TOMEE-4023[TOMEE-4023] >>> Comparison pages with wrong specs per profiles >>> - link:https://issues.apache.org/jira/browse/TOMEE-3981[TOMEE-3981] >>> update javadoc to reflect updates on Jakarta EE >>> >>> == Fixed Common Vulnerabilities and Exposures (CVEs) >>> >>> [.compact] >>> - link:https://issues.apache.org/jira/browse/TOMEE-4041[TOMEE-4041] >>> 4 >>> CVE Vulnerabilities in snakeyaml-1.30.jar >>> - link:https://issues.apache.org/jira/browse/TOMEE-4001[TOMEE-4001] >>> CVE-2022-34305 displaying user provided data without filtering, >>> exposing a XSS vulnerability >>> - link:https://issues.apache.org/jira/browse/TOMEE-4088[TOMEE-4088] >>> Add workaround for CVE-2022-41853 (hsqldb) >>> >>> ############### >>> >>> Here is the dependency diff from 8.0.12 to 8.0.13 created with >>> David's >>> new feature in our release tools: >>> >>> artifactId from to >>> ------------------------------- ---------- ------------------- >>> jackson-annotations 2.13.2 2.14.0-rc1 >>> jackson-core 2.13.2 2.14.0-rc1 >>> jackson-databind 2.13.2.2 2.14.0-rc1 >>> jackson-dataformat-yaml 2.13.2 2.14.0-rc1 >>> commons-cli 1.4 1.5.0 >>> batchee-jbatch 1.0.1 1.0.2 >>> commons-dbcp2 2.3.0 2.9.0 >>> cxf-rt-bindings-soap 3.4.5 3.4.8 >>> cxf-rt-bindings-xml 3.4.5 3.4.8 >>> cxf-rt-frontend-jaxws 3.4.5 3.4.8 >>> cxf-rt-frontend-simple 3.4.5 3.4.8 >>> cxf-rt-management 3.4.5 3.4.8 >>> cxf-rt-rs-extension-providers 3.4.5 3.4.8 >>> cxf-rt-rs-extension-search 3.4.5 3.4.8 >>> cxf-rt-rs-json-basic 3.4.5 3.4.8 >>> cxf-rt-rs-mp-client 3.4.5 3.4.8 >>> cxf-rt-rs-security-cors 3.4.5 3.4.8 >>> cxf-rt-rs-security-jose 3.4.5 3.4.8 >>> cxf-rt-rs-security-jose-jaxrs 3.4.5 3.4.8 >>> cxf-rt-rs-security-oauth2 3.4.5 3.4.8 >>> cxf-rt-rs-service-description 3.4.5 3.4.8 >>> cxf-rt-rs-sse 3.4.5 3.4.8 >>> cxf-rt-security 3.4.5 3.4.8 >>> cxf-rt-security-saml 3.4.5 3.4.8 >>> cxf-rt-ws-addr 3.4.5 3.4.8 >>> cxf-rt-ws-policy 3.4.5 3.4.8 >>> cxf-rt-ws-security 3.4.5 3.4.8 >>> cxf-rt-wsdl 3.4.5 3.4.8 >>> geronimo-connector 3.1.4 3.1.5 >>> geronimo-transaction 3.1.4 3.1.5 >>> johnzon-core 1.2.18 1.2.19 >>> johnzon-jaxrs 1.2.18 1.2.19 >>> johnzon-jsonb 1.2.18 1.2.19 >>> johnzon-jsonp-strict 1.2.18 1.2.19 >>> johnzon-mapper 1.2.18 1.2.19 >>> myfaces-api 2.3.9 2.3.10 >>> myfaces-impl 2.3.9 2.3.10 >>> cxf-shade 8.0.12 8.0.13 >>> taglibs-shade 8.0.12 8.0.13 >>> tomee-bootstrap 8.0.12 8.0.13 >>> bcprov-jdk15on 1.69 1.70 >>> eclipselink 2.7.9 2.7.11 >>> jakarta.faces 2.3.15 2.3.18 >>> hsqldb 2.5.2 2.7.0 >>> snakeyaml 1.30 1.33 >>> >>> ############### >>> >>> Please note: >>> >>> (1) CVE-2022-42003 (jackson-databind): Users are only affected, if >>> 'UNWRAP_SINGLE_VALUE_ARRAYS' is set to enabled. Mitigation is >>> included >>> in 2.14.0-rc1 - as discussed in a separate thread, we are "ok" to >>> ship >>> a RC version. We aim to do a follow up release of TomEE 8.x soon. >>> >>> (2) CVE-2022-41853 (hsqldb): As v2.7.1 isn't available yet, TomEE >>> sets >>> "hsqldb.method_class_names" to an invalid value to mitigate the >>> vulnerability. Users can override the property as needed. >>> >>> ############### >>> >>> >>> Please VOTE >>> >>> [+1] go ship it >>> [+0] meh, don't care >>> [-1] stop, there is a ${showstopper} >>> >>> The VOTE is open for 72h or as long as needed. >>> >>> Gruß >>> Richard >>> >>> >>> >>> >>> >>> >> >>
smime.p7s
Description: S/MIME cryptographic signature