Here's my +1 (non-binding) Alex
Le jeu. 19 janv. 2023 à 15:54, Richard Zowalla <[email protected]> a écrit : > > Here is my own +1 (binding) > > Am Dienstag, dem 17.01.2023 um 14:40 +0100 schrieb Richard Zowalla: > > Hi all, > > > > this is a vote for a release of Apache TomEE 8.0.14. > > > > It is a maintenance release with some bug fixes and dependencies > > upgrades. > > > > ############### > > > > Maven Repo: > > https://repository.apache.org/content/repositories/orgapachetomee-1213/ > > > > <repositories> > > <repository> > > <id>tomee-8.0.14-release-test</id> > > <name>Testing TomEE 8.0.14 release candidate</name> > > <url> > > https://repository.apache.org/content/repositories/orgapachetomee-1213/ > > </url> > > </repository> > > </repositories> > > > > ############### > > > > Binaries & Source: > > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1213/tomee-8.0.14/ > > > > ############### > > > > Tag: > > > > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.14 > > > > > > ############### > > > > Release notes: > > > > https://issues.apache.org/jira/projects/TOMEE/versions/12352390 > > > > ############### > > > > Here is an adoc generated version of the changelog as well: > > > > == Dependency upgrade > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4100[TOMEE-4100] > > XBean 4.22 > > - link:https://issues.apache.org/jira/browse/TOMEE-4126[TOMEE-4126] > > CXF 3.4.10 > > - link:https://issues.apache.org/jira/browse/TOMEE-4118[TOMEE-4118] > > CXF 3.4.9 > > - link:https://issues.apache.org/jira/browse/TOMEE-4125[TOMEE-4125] > > CXF versions mitigate CVE-2022-46364 and CVE-2022-46363 > > - link:https://issues.apache.org/jira/browse/TOMEE-4086[TOMEE-4086] > > HSQLDB 2.7.1 > > - link:https://issues.apache.org/jira/browse/TOMEE-4170[TOMEE-4170] > > Hibernate 5.6.14 > > - link:https://issues.apache.org/jira/browse/TOMEE-4107[TOMEE-4107] > > Jackson 2.14.0 > > - link:https://issues.apache.org/jira/browse/TOMEE-4129[TOMEE-4129] > > Jackson 2.14.1 > > - link:https://issues.apache.org/jira/browse/TOMEE-4169[TOMEE-4169] > > SnakeYAML - CVE-2022-1471 > > - link:https://issues.apache.org/jira/browse/TOMEE-4116[TOMEE-4116] > > Tomcat 9.0.69 > > - link:https://issues.apache.org/jira/browse/TOMEE-4121[TOMEE-4121] > > Tomcat 9.0.70 > > - link:https://issues.apache.org/jira/browse/TOMEE-4173[TOMEE-4173] > > Tomcat 9.0.71 > > - link:https://issues.apache.org/jira/browse/TOMEE-4109[TOMEE-4109] > > Velocity 2.3 > > - link:https://issues.apache.org/jira/browse/TOMEE-4110[TOMEE-4110] > > Woodstox 6.4.0 (CVE-2022-40152) > > - link:https://issues.apache.org/jira/browse/TOMEE-4111[TOMEE-4111] > > bcel component > > - link:https://issues.apache.org/jira/browse/TOMEE-4130[TOMEE-4130] > > commons-compress 1.22 > > - link:https://issues.apache.org/jira/browse/TOMEE-4094[TOMEE-4094] > > jackson 2.14.0-rc2 > > - link:https://issues.apache.org/jira/browse/TOMEE-4103[TOMEE-4103] > > woodstox-core mitigate CVE-2022-40153 > > > > == Bug > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4120[TOMEE-4120] > > Remote EJB2 BMP Memory Leak > > - link:https://issues.apache.org/jira/browse/TOMEE-4122[TOMEE-4122] > > Performance Regression in bean resolution in EAR files > > - link:https://issues.apache.org/jira/browse/TOMEE-4101[TOMEE-4101] > > Typo with EL22Adaptor implementation in openwebbeans.properties > > - link:https://issues.apache.org/jira/browse/TOMEE-4102[TOMEE-4102] > > TomEE logs SEVERE: Expected ContextBinding to have the method > > getThreadName() > > - link:https://issues.apache.org/jira/browse/TOMEE-4106[TOMEE-4106] > > TomEE version no longer appearing at default manager page > > - link:https://issues.apache.org/jira/browse/TOMEE-4014[TOMEE-4014] > > Unable to see TomEE version in Tomcat home page with Java 17 > > - link:https://issues.apache.org/jira/browse/TOMEE-4108[TOMEE-4108] > > Backport TOMEE-4065: LoginToContinue interceptor fails on custom auth > > mechanism > > - link:https://issues.apache.org/jira/browse/TOMEE-3779[TOMEE-3779] > > tomee-embedded-maven-plugin fails with NPE > > - link:https://issues.apache.org/jira/browse/TOMEE-4176[TOMEE-4176] > > CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection on > > TomEE's tomcat-websocket.jar > > > > == Improvement > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4124[TOMEE-4124] > > Remove timing of timing just for logging > > > > == Task > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4171[TOMEE-4171] > > Apache Parent 29 > > - link:https://issues.apache.org/jira/browse/TOMEE-4172[TOMEE-4172] > > JUnit 5.9.2 > > - link:https://issues.apache.org/jira/browse/TOMEE-4177[TOMEE-4177] > > Patch Plugin 0.10 > > > > == Documentation > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4104[TOMEE-4104] > > Documentation Website: XA DataSource Configuration: Bug in MySQL > > Sample Code > > > > == Fixed Common Vulnerabilities and Exposures (CVEs) > > > > [.compact] > > - link:https://issues.apache.org/jira/browse/TOMEE-4086[TOMEE-4086] > > HSQLDB 2.7.1 > > - link:https://issues.apache.org/jira/browse/TOMEE-4125[TOMEE-4125] > > Update Apache CXF versions to mitigate CVE-2022-46364 and CVE-2022- > > 46363 > > - link:https://issues.apache.org/jira/browse/TOMEE-4103[TOMEE-4103] > > Update woodstox-core to mitigate CVE-2022-40153 > > - link:https://issues.apache.org/jira/browse/TOMEE-4111[TOMEE-4111] > > Upgrade bcel component in TomEE > > - link:https://issues.apache.org/jira/browse/TOMEE-4176[TOMEE-4176] > > CVE-2022-45143 Apache Tomcat - JsonErrorReportValve injection on > > TomEE's tomcat-websocket.jar > > > > > > > > > > ############### > > > > Here is the dependency diff from 8.0.13 to 8.0.14 created with our > > release tools: > > > > artifactId from to > > ------------------------------- ------------ -------- > > jackson-annotations 2.14.0-rc1 2.14.1 > > jackson-core 2.14.0-rc1 2.14.1 > > jackson-databind 2.14.0-rc1 2.14.1 > > jackson-dataformat-yaml 2.14.0-rc1 2.14.1 > > woodstox-core 6.2.4 6.4.0 > > cxf-rt-bindings-soap 3.4.8 3.4.10 > > cxf-rt-bindings-xml 3.4.8 3.4.10 > > cxf-rt-frontend-jaxws 3.4.8 3.4.10 > > cxf-rt-frontend-simple 3.4.8 3.4.10 > > cxf-rt-management 3.4.8 3.4.10 > > cxf-rt-rs-extension-providers 3.4.8 3.4.10 > > cxf-rt-rs-extension-search 3.4.8 3.4.10 > > cxf-rt-rs-json-basic 3.4.8 3.4.10 > > cxf-rt-rs-mp-client 3.4.8 3.4.10 > > cxf-rt-rs-security-cors 3.4.8 3.4.10 > > cxf-rt-rs-security-jose 3.4.8 3.4.10 > > cxf-rt-rs-security-jose-jaxrs 3.4.8 3.4.10 > > cxf-rt-rs-security-oauth2 3.4.8 3.4.10 > > cxf-rt-rs-service-description 3.4.8 3.4.10 > > cxf-rt-rs-sse 3.4.8 3.4.10 > > cxf-rt-security 3.4.8 3.4.10 > > cxf-rt-security-saml 3.4.8 3.4.10 > > cxf-rt-ws-addr 3.4.8 3.4.10 > > cxf-rt-ws-policy 3.4.8 3.4.10 > > cxf-rt-ws-security 3.4.8 3.4.10 > > cxf-rt-wsdl 3.4.8 3.4.10 > > cxf-shade 8.0.13 8.0.14 > > taglibs-shade 8.0.13 8.0.14 > > tomee-bootstrap 8.0.13 8.0.14 > > xbean-asm9-shaded 4.21 4.22 > > xbean-bundleutils 4.21 4.22 > > xbean-finder-shaded 4.21 4.22 > > xbean-naming 4.21 4.22 > > xbean-reflect 4.21 4.22 > > > > ############### > > > > Note: > > > > (1) CVE-2022-1471 (snakeyaml): Snakeyaml is a transient dependency of > > jackson-dataformat-yaml (which is used in OpenAPI). > > According to the Jackson people, they are not affected: > > https://github.com/FasterXML/jackson-dataformats-text/issues/361 > > > > ############### > > > > > > Please VOTE > > > > [+1] go ship it > > [+0] meh, don't care > > [-1] stop, there is a ${showstopper} > > > > The VOTE is open for 72h or as long as needed. > > > > Gruß > > Richard > >
