This is a good week for me to get the docker images out. I’ll be ready.
Rod. Sent from my iPhone > On May 14, 2023, at 1:15 PM, Jean-Louis Monteiro <[email protected]> wrote: > > I promise I'll have a look tomorrow morning > > Le dim. 14 mai 2023, 20:02, Richard Zowalla <[email protected]> a écrit : > >> Any more votes? >> >> >>> Am Montag, dem 08.05.2023 um 14:50 +0200 schrieb Richard Zowalla: >>> Hi all, >>> >>> this is a vote for a release of Apache TomEE 8.0.15. >>> >>> It is a maintenance release with some bug fixes and dependencies >>> upgrades (addressing some CVEs) >>> >>> ############### >>> >>> Maven Repo: >>> https://repository.apache.org/content/repositories/orgapachetomee-1214/ >>> >>> <repositories> >>> <repository> >>> <id>tomee-8.0.15-rc1</id> >>> <name>Testing TomEE 8.0.15 RC1</name> >>> <url> >>> https://repository.apache.org/content/repositories/orgapachetomee-1214/ >>> </url> >>> </repository> >>> </repositories> >>> >>> ############### >>> >>> Binaries & Source: >>> >>> https://dist.apache.org/repos/dist/dev/tomee/staging-1214/tomee-8.0.15/ >>> >>> ############### >>> >>> Tag: >>> >>> https://github.com/apache/tomee/releases/tag/tomee-project-8.0.15 >>> >>> >>> ############### >>> >>> Release notes: >>> >>> >> https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12352766 >>> >>> ############### >>> >>> Here is an adoc generated version of the changelog as well: >>> >>> == Dependency upgrade >>> >>> [.compact] >>> - link:https://issues.apache.org/jira/browse/TOMEE-4188[TOMEE-4188] >>> ActiveMQ 5.16.6 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4180[TOMEE-4180] >>> CXF 3.5.5 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] >>> Commons FileUpload 1.5 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4210[TOMEE-4210] >>> EclipseLink 2.7.12 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4211[TOMEE-4211] >>> Hibernate Integration 5.6.15.Final >>> - link:https://issues.apache.org/jira/browse/TOMEE-4206[TOMEE-4206] >>> Jackson 2.15.0 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4207[TOMEE-4207] >>> Johnzon 1.2.20 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4205[TOMEE-4205] >>> Jose4j 0.9.3 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4209[TOMEE-4209] >>> Mojarra 2.3.19 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195] >>> Tomcat 9.0.72 (CVE-2023-28708) >>> - link:https://issues.apache.org/jira/browse/TOMEE-4191[TOMEE-4191] >>> Tomcat 9.0.73 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4201[TOMEE-4201] >>> Tomcat 9.0.74 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194] >>> snakeyaml version 2.0 mitigate CVE-2022-1471 >>> >>> == Bug >>> >>> [.compact] >>> - link:https://issues.apache.org/jira/browse/TOMEE-4192[TOMEE-4192] >>> ApplicationComposers do not clear GC references on release >>> - link:https://issues.apache.org/jira/browse/TOMEE-4181[TOMEE-4181] >>> BCProv jar loses its signature during the patch process >>> - link:https://issues.apache.org/jira/browse/TOMEE-4122[TOMEE-4122] >>> Performance Regression in bean resolution in EAR files >>> - link:https://issues.apache.org/jira/browse/TOMEE-4189[TOMEE-4189] >>> java.lang.ClassNotFoundException: >>> org.apache.openejb.loader.SystemInstance >>> - link:https://issues.apache.org/jira/browse/TOMEE-4179[TOMEE-4179] >>> Fix creeping in API JARs which should be in javaee-api >>> >>> == Wish >>> >>> [.compact] >>> - link:https://issues.apache.org/jira/browse/TOMEE-4190[TOMEE-4190] >>> RunWithApplicationComposer should support inheritance >>> >>> == Fixed Common Vulnerabilities and Exposures (CVEs) >>> >>> [.compact] >>> - link:https://issues.apache.org/jira/browse/TOMEE-4194[TOMEE-4194] >>> Update snakeyaml version to 2.0 to mitigate CVE-2022-1471 >>> - link:https://issues.apache.org/jira/browse/TOMEE-4195[TOMEE-4195] >>> Upgrade to Apache Tomcat 9.0.72 (CVE-2023-28708) >>> - link:https://issues.apache.org/jira/browse/TOMEE-4187[TOMEE-4187] >>> Commons FileUpload 1.5 >>> >>> >>> ############### >>> >>> Here is the dependency diff from 8.0.14 to 8.0.15 created with our >>> release tools: >>> >>> artifactId from to >>> ------------------------------- -------- ----------------- >>> jackson-annotations 2.14.1 2.15.0 >>> jackson-core 2.14.1 2.15.0 >>> jackson-databind 2.14.1 2.15.0 >>> jackson-dataformat-yaml 2.14.1 2.15.0 >>> saaj-impl 1.5.1 1.5.3 >>> activemq-broker 5.16.5 5.16.6 >>> activemq-client 5.16.5 5.16.6 >>> activemq-jdbc-store 5.16.5 5.16.6 >>> activemq-kahadb-store 5.16.5 5.16.6 >>> activemq-openwire-legacy 5.16.5 5.16.6 >>> activemq-ra 5.16.5 5.16.6 >>> cxf-rt-rs-mp-client 3.4.10 3.5.5 >>> johnzon-core 1.2.19 1.2.20 >>> johnzon-jaxrs 1.2.19 1.2.20 >>> johnzon-jsonb 1.2.19 1.2.20 >>> johnzon-jsonp-strict 1.2.19 1.2.20 >>> johnzon-mapper 1.2.19 1.2.20 >>> xmlsec 2.2.3 2.3.2 >>> wss4j-bindings 2.3.3 2.4.1 >>> wss4j-policy 2.3.3 2.4.1 >>> wss4j-ws-security-common 2.3.3 2.4.1 >>> wss4j-ws-security-dom 2.3.3 2.4.1 >>> wss4j-ws-security-policy-stax 2.3.3 2.4.1 >>> wss4j-ws-security-stax 2.3.3 2.4.1 >>> jose4j 0.6.0 0.9.3 >>> eclipselink 2.7.11 2.7.12 >>> jakarta.faces 2.3.18 2.3.19 >>> stax-ex 1.8.1 1.8.3 >>> snakeyaml 1.33 2.0 >>> >>> ############### >>> >>> Please VOTE >>> >>> [+1] go ship it >>> [+0] meh, don't care >>> [-1] stop, there is a ${showstopper} >>> >>> The VOTE is open for 72h or as long as needed. >>> >>> Gruß >>> Richard >>> >> >>
