RE: [VOTE] TomEE 9.1.1

benedict Thu, 12 Oct 2023 06:26:07 -0700
+1
-------- Ursprüngliche Nachricht --------Von: Richard Zowalla <r...@apache.org> 
Datum: 12.10.23  14:59  (GMT+01:00) An: dev@tomee.apache.org Betreff: [VOTE] 
TomEE 9.1.1 Hi all,this is a vote for a release of Apache TomEE 9.1.1.It is a 
maintenance release with dependenciesupgrades and bug fixes. The most notible 
change is dropping our owncxf-shade in favour of CXF 4.0.3It also fixes the 
latest Tomcat vulnerabilities by backporting andpatching Tomcat inside the 
TomEE 9 build.This release still passes the full EE9.1 TCK (thx to Jean-Louis & 
Jonfor triggering the builds) as well as the MP 5.0 TCK.###############Maven 
Repo:https://repository.apache.org/content/repositories/orgapachetomee-1220/<repositories><repository><id>tomee-9.1.1-rc1</id><name>Testing
 TomEE 9.1.1 
RC1</name><url>https://repository.apache.org/content/repositories/orgapachetomee-1220/</url></repository></repositories>###############Binaries
 & 
Source:https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###############Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###############Release
 
notes:https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12353331###############Here
 is an adoc generated version of the changelog as well:== Dependency 
upgrade[.compact] - 
link:https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ 
5.18.2 - 
link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix 
for CVE-2023-34981 - 
link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix 
for CVE-2023-41080 - 
link:https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy Castle 
1.75 - link:https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy 
Castle 1.76 - 
link:https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF 4.0.3 
(jakarta namespace) - 
link:https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate 
6.1.7 - 
link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson 2.15.2 
- link:https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon 
1.2.21 - 
link:https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra 3.0.5 
- link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for 
CVE-2023-42795 - 
link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for 
CVE-2023-44487 - 
link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for 
CVE-2023-45648 - 
link:https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML 2.2 
- link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-4250]WSS4J 3.0.1 
- 
link:https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]bcprov-jdk15to18-1.74.jar
 - link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-4251]xmlsec 
3.0.2== Bug[.compact] - 
link:https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]@LoginToContinue
 JSR-375 (JavaEE Security API) causesIllegalArgumentException - 
link:https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]Remove 
commons-net from TomEE distribution - 
link:https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]DataSource 
definition fails when @DataSourceDefinition doesn't defineurl property== 
Improvement[.compact] - 
link:https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]Improve TomEE 
Jmx Mbean Support for Parameter Names== Fixed Common Vulnerabilities and 
Exposures (CVEs)[.compact] - 
link:https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport fix 
for CVE-2023-34981 - 
link:https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport fix 
for CVE-2023-41080 - 
link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port fix for 
CVE-2023-42795 - 
link:https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port fix for 
CVE-2023-44487 - 
link:https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port fix for 
CVE-2023-45648 - 
link:https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson 
2.15.2###############Here is the dependency diff from 9.1.0 to 9.1.1 created 
with ourrelease tools: artifactId from to ------------------------------- 
-------- -------- jackson-annotations 2.15.1 2.15.2  jackson-core 2.15.1 2.15.2 
 jackson-databind 2.15.1 2.15.2  jackson-dataformat-yaml 2.15.1 2.15.2  
java-support 8.3.1 8.4.0  activemq-client-jakarta 5.18.1 5.18.2  
activemq-jdbc-store 5.18.1 5.18.2  johnzon-core 1.2.20 1.2.21  johnzon-jaxrs 
1.2.20 1.2.21  johnzon-jsonb 1.2.20 1.2.21  johnzon-jsonp-strict 1.2.20 1.2.21  
johnzon-mapper 1.2.20 1.2.21  xmlsec 3.0.1 3.0.2  activemq-broker-shade 9.1.0 
9.1.1  activemq-kahadb-store-shade 9.1.0 9.1.1  activemq-ra-shade 9.1.0 9.1.1  
commons-dbcp2-shade 9.1.0 9.1.1  servicemix-bcel-shade 9.1.0 9.1.1  sxc-shade 
9.1.0 9.1.1  taglibs-shade 9.1.0 9.1.1  tomee-bootstrap 9.1.0 9.1.1  
xmlschema-core 2.2.5 2.3.1  wss4j-bindings 3.0.0 3.0.1  wss4j-policy 3.0.0 
3.0.1  wss4j-ws-security-common 3.0.0 3.0.1  wss4j-ws-security-dom 3.0.0 3.0.1  
wss4j-ws-security-policy-stax 3.0.0 3.0.1  wss4j-ws-security-stax 3.0.0 3.0.1  
bcpkix-jdk15to18 1.73 1.76  bcprov-jdk15to18 1.73 1.76  bcutil-jdk15to18 1.73 
1.76  jakarta.faces 3.0.2 3.0.5  stax-ex 1.8.3 2.0.1  opensaml-core 4.2.0 4.3.0 
 opensaml-profile-api 4.2.0 4.3.0  opensaml-saml-api 4.2.0 4.3.0  
opensaml-saml-impl 4.2.0 4.3.0  opensaml-security-api 4.2.0 4.3.0  
opensaml-security-impl 4.2.0 4.3.0  opensaml-soap-api 4.2.0 4.3.0  
opensaml-xacml-api 4.2.0 4.3.0  opensaml-xacml-impl 4.2.0 4.3.0  
opensaml-xacml-saml-api 4.2.0 4.3.0  opensaml-xacml-saml-impl 4.2.0 4.3.0  
opensaml-xmlsec-api 4.2.0 4.3.0  opensaml-xmlsec-impl 4.2.0 4.3.0  asm 9.3 9.5  
reactive-streams 1.0.3 1.0.4  snakeyaml 2.0 2.2 ###############Please VOTE[+1] 
go ship it[+0] meh, don't care[-1] stop, there is a ${showstopper}The VOTE is 
open for 72h or as long as needed.GrußRichard
RE: [VOTE] TomEE 9.1.1

Reply via email to
