Thanks for testing the release candidate, Alex! It is very much appreciated.
Regarding TomEE 9.0.x / 9.1.x - yes, we were discussing doing a release. We need to run the tck to get some actual numbers after the updates for it, but I am confident, that we didn't broke too much. Stay tuned. Gruß Richard Am Sonntag, dem 14.05.2023 um 18:29 +0200 schrieb Alex The Rocker: > On a side note, shouldn't there be a TomEE 9.0.1 with al least same > fixes as 8.0.15 - security fixes of course, but bug fixes as well if > any ? > Having TomEE 9.0.0 lagging behind in term of security & bug fixes > wouldn't be a good incentive for Jakarta EE adoption, isn't it ? > > Thanks, > Alex > > Le dim. 14 mai 2023 à 18:26, Alex The Rocker <[email protected]> a > écrit : > > > > +1 (non-binding) > > > > Tested with several web apps based on servlet, JAX-RS, JAX-WS, > > websockets, JMS, EJB ; with IBM Semeru 17.0.6 Java runtime on Linux > > CentOS 7.9, and found no regressions. > > (I was curious about impact of snakeyaml update to major 2.0 > > version, > > my web apps rely on snakeyaml, and got no issue with Yaml parsing > > with > > this upgrade). > > > > Thanks! > > Alex > > > > Le lun. 8 mai 2023 à 14:50, Richard Zowalla <[email protected]> a > > écrit : > > > > > > Hi all, > > > > > > this is a vote for a release of Apache TomEE 8.0.15. > > > > > > It is a maintenance release with some bug fixes and dependencies > > > upgrades (addressing some CVEs) > > > > > > ############### > > > > > > Maven Repo: > > > https://repository.apache.org/content/repositories/orgapachetomee-1214/ > > > > > > <repositories> > > > <repository> > > > <id>tomee-8.0.15-rc1</id> > > > <name>Testing TomEE 8.0.15 RC1</name> > > > <url> > > > https://repository.apache.org/content/repositories/orgapachetomee-1214/ > > > </url> > > > </repository> > > > </repositories> > > > > > > ############### > > > > > > Binaries & Source: > > > > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1214/tomee-8.0.15/ > > > > > > ############### > > > > > > Tag: > > > > > > https://github.com/apache/tomee/releases/tag/tomee-project-8.0.15 > > > > > > > > > ############### > > > > > > Release notes: > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12352766 > > > > > > ############### > > > > > > Here is an adoc generated version of the changelog as well: > > > > > > == Dependency upgrade > > > > > > [.compact] > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4188[TOMEE-4188] > > > ActiveMQ 5.16.6 > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4180[TOMEE-4180] > > > CXF 3.5.5 > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] > > > Commons FileUpload 1.5 > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4210[TOMEE-4210] > > > EclipseLink 2.7.12 > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4211[TOMEE-4211] > > > Hibernate Integration 5.6.15.Final > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4206[TOMEE-4206] > > > Jackson 2.15.0 > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4207[TOMEE-4207] > > > Johnzon 1.2.20 > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4205[TOMEE-4205] > > > Jose4j 0.9.3 > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4209[TOMEE-4209] > > > Mojarra 2.3.19 > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195] > > > Tomcat 9.0.72 (CVE-2023-28708) > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4191[TOMEE-4191] > > > Tomcat 9.0.73 > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4201[TOMEE-4201] > > > Tomcat 9.0.74 > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194] > > > snakeyaml version 2.0 mitigate CVE-2022-1471 > > > > > > == Bug > > > > > > [.compact] > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4192[TOMEE-4192] > > > ApplicationComposers do not clear GC references on release > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4181[TOMEE-4181] > > > BCProv jar loses its signature during the patch process > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4122[TOMEE-4122] > > > Performance Regression in bean resolution in EAR files > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4189[TOMEE-4189] > > > java.lang.ClassNotFoundException: > > > org.apache.openejb.loader.SystemInstance > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4179[TOMEE-4179] > > > Fix creeping in API JARs which should be in javaee-api > > > > > > == Wish > > > > > > [.compact] > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4190[TOMEE-4190] > > > RunWithApplicationComposer should support inheritance > > > > > > == Fixed Common Vulnerabilities and Exposures (CVEs) > > > > > > [.compact] > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194] > > > Update snakeyaml version to 2.0 to mitigate CVE-2022-1471 > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195] > > > Upgrade to Apache Tomcat 9.0.72 (CVE-2023-28708) > > > - > > > link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] > > > Commons FileUpload 1.5 > > > > > > > > > ############### > > > > > > Here is the dependency diff from 8.0.14 to 8.0.15 created with > > > our > > > release tools: > > > > > > artifactId from to > > > ------------------------------- -------- ----------------- > > > jackson-annotations 2.14.1 2.15.0 > > > jackson-core 2.14.1 2.15.0 > > > jackson-databind 2.14.1 2.15.0 > > > jackson-dataformat-yaml 2.14.1 2.15.0 > > > saaj-impl 1.5.1 1.5.3 > > > activemq-broker 5.16.5 5.16.6 > > > activemq-client 5.16.5 5.16.6 > > > activemq-jdbc-store 5.16.5 5.16.6 > > > activemq-kahadb-store 5.16.5 5.16.6 > > > activemq-openwire-legacy 5.16.5 5.16.6 > > > activemq-ra 5.16.5 5.16.6 > > > cxf-rt-rs-mp-client 3.4.10 3.5.5 > > > johnzon-core 1.2.19 1.2.20 > > > johnzon-jaxrs 1.2.19 1.2.20 > > > johnzon-jsonb 1.2.19 1.2.20 > > > johnzon-jsonp-strict 1.2.19 1.2.20 > > > johnzon-mapper 1.2.19 1.2.20 > > > xmlsec 2.2.3 2.3.2 > > > wss4j-bindings 2.3.3 2.4.1 > > > wss4j-policy 2.3.3 2.4.1 > > > wss4j-ws-security-common 2.3.3 2.4.1 > > > wss4j-ws-security-dom 2.3.3 2.4.1 > > > wss4j-ws-security-policy-stax 2.3.3 2.4.1 > > > wss4j-ws-security-stax 2.3.3 2.4.1 > > > jose4j 0.6.0 0.9.3 > > > eclipselink 2.7.11 2.7.12 > > > jakarta.faces 2.3.18 2.3.19 > > > stax-ex 1.8.1 1.8.3 > > > snakeyaml 1.33 2.0 > > > > > > ############### > > > > > > Please VOTE > > > > > > [+1] go ship it > > > [+0] meh, don't care > > > [-1] stop, there is a ${showstopper} > > > > > > The VOTE is open for 72h or as long as needed. > > > > > > Gruß > > > Richard > > >
