+1 (non-binding) Tested with several web apps based on servlet, JAX-RS, JAX-WS, websockets, JMS, EJB ; with IBM Semeru 17.0.6 Java runtime on Linux CentOS 7.9, and found no regressions. (I was curious about impact of snakeyaml update to major 2.0 version, my web apps rely on snakeyaml, and got no issue with Yaml parsing with this upgrade).
Thanks! Alex Le lun. 8 mai 2023 à 14:50, Richard Zowalla <[email protected]> a écrit : > > Hi all, > > this is a vote for a release of Apache TomEE 8.0.15. > > It is a maintenance release with some bug fixes and dependencies > upgrades (addressing some CVEs) > > ############### > > Maven Repo: > https://repository.apache.org/content/repositories/orgapachetomee-1214/ > > <repositories> > <repository> > <id>tomee-8.0.15-rc1</id> > <name>Testing TomEE 8.0.15 RC1</name> > <url> > https://repository.apache.org/content/repositories/orgapachetomee-1214/ > </url> > </repository> > </repositories> > > ############### > > Binaries & Source: > > https://dist.apache.org/repos/dist/dev/tomee/staging-1214/tomee-8.0.15/ > > ############### > > Tag: > > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.15 > > > ############### > > Release notes: > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12352766 > > ############### > > Here is an adoc generated version of the changelog as well: > > == Dependency upgrade > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4188[TOMEE-4188] > ActiveMQ 5.16.6 > - link:https://issues.apache.org/jira/browse/TOMEE-4180[TOMEE-4180] > CXF 3.5.5 > - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] > Commons FileUpload 1.5 > - link:https://issues.apache.org/jira/browse/TOMEE-4210[TOMEE-4210] > EclipseLink 2.7.12 > - link:https://issues.apache.org/jira/browse/TOMEE-4211[TOMEE-4211] > Hibernate Integration 5.6.15.Final > - link:https://issues.apache.org/jira/browse/TOMEE-4206[TOMEE-4206] > Jackson 2.15.0 > - link:https://issues.apache.org/jira/browse/TOMEE-4207[TOMEE-4207] > Johnzon 1.2.20 > - link:https://issues.apache.org/jira/browse/TOMEE-4205[TOMEE-4205] > Jose4j 0.9.3 > - link:https://issues.apache.org/jira/browse/TOMEE-4209[TOMEE-4209] > Mojarra 2.3.19 > - link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195] > Tomcat 9.0.72 (CVE-2023-28708) > - link:https://issues.apache.org/jira/browse/TOMEE-4191[TOMEE-4191] > Tomcat 9.0.73 > - link:https://issues.apache.org/jira/browse/TOMEE-4201[TOMEE-4201] > Tomcat 9.0.74 > - link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194] > snakeyaml version 2.0 mitigate CVE-2022-1471 > > == Bug > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4192[TOMEE-4192] > ApplicationComposers do not clear GC references on release > - link:https://issues.apache.org/jira/browse/TOMEE-4181[TOMEE-4181] > BCProv jar loses its signature during the patch process > - link:https://issues.apache.org/jira/browse/TOMEE-4122[TOMEE-4122] > Performance Regression in bean resolution in EAR files > - link:https://issues.apache.org/jira/browse/TOMEE-4189[TOMEE-4189] > java.lang.ClassNotFoundException: > org.apache.openejb.loader.SystemInstance > - link:https://issues.apache.org/jira/browse/TOMEE-4179[TOMEE-4179] > Fix creeping in API JARs which should be in javaee-api > > == Wish > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4190[TOMEE-4190] > RunWithApplicationComposer should support inheritance > > == Fixed Common Vulnerabilities and Exposures (CVEs) > > [.compact] > - link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194] > Update snakeyaml version to 2.0 to mitigate CVE-2022-1471 > - link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195] > Upgrade to Apache Tomcat 9.0.72 (CVE-2023-28708) > - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] > Commons FileUpload 1.5 > > > ############### > > Here is the dependency diff from 8.0.14 to 8.0.15 created with our > release tools: > > artifactId from to > ------------------------------- -------- ----------------- > jackson-annotations 2.14.1 2.15.0 > jackson-core 2.14.1 2.15.0 > jackson-databind 2.14.1 2.15.0 > jackson-dataformat-yaml 2.14.1 2.15.0 > saaj-impl 1.5.1 1.5.3 > activemq-broker 5.16.5 5.16.6 > activemq-client 5.16.5 5.16.6 > activemq-jdbc-store 5.16.5 5.16.6 > activemq-kahadb-store 5.16.5 5.16.6 > activemq-openwire-legacy 5.16.5 5.16.6 > activemq-ra 5.16.5 5.16.6 > cxf-rt-rs-mp-client 3.4.10 3.5.5 > johnzon-core 1.2.19 1.2.20 > johnzon-jaxrs 1.2.19 1.2.20 > johnzon-jsonb 1.2.19 1.2.20 > johnzon-jsonp-strict 1.2.19 1.2.20 > johnzon-mapper 1.2.19 1.2.20 > xmlsec 2.2.3 2.3.2 > wss4j-bindings 2.3.3 2.4.1 > wss4j-policy 2.3.3 2.4.1 > wss4j-ws-security-common 2.3.3 2.4.1 > wss4j-ws-security-dom 2.3.3 2.4.1 > wss4j-ws-security-policy-stax 2.3.3 2.4.1 > wss4j-ws-security-stax 2.3.3 2.4.1 > jose4j 0.6.0 0.9.3 > eclipselink 2.7.11 2.7.12 > jakarta.faces 2.3.18 2.3.19 > stax-ex 1.8.1 1.8.3 > snakeyaml 1.33 2.0 > > ############### > > Please VOTE > > [+1] go ship it > [+0] meh, don't care > [-1] stop, there is a ${showstopper} > > The VOTE is open for 72h or as long as needed. > > Gruß > Richard >
