+1 thank you! On Mon, Oct 16, 2023 at 04:30 Richard Zowalla <r...@apache.org> wrote:
> Thanks for testing, Alex! > > Am Montag, dem 16.10.2023 um 12:24 +0200 schrieb Alex The Rocker: > > +1 (non binding) > > > > Ran various tests with web apps based on JAX-WS, JAX-RS, JMS, CDI, > > Entiy Beans; with some relying on Tomcat SSL connector, etc running > > with Java 17 on Red Hat Linux 8 > > => Found no regressions, thank you very much for the security fixes ! > > > > Alex > > > > Le jeu. 12 oct. 2023 à 17:14, Alex The Rocker <alex.m3...@gmail.com> > > a écrit : > > > > > > Excellent news! > > > I'm going to run some deep (applicative) tests with this candidate > > > release and I will provide feedbacks asap > > > > > > Le jeu. 12 oct. 2023 à 15:28, Daniel Dias Dos Santos > > > <daniel.dias.analist...@gmail.com> a écrit : > > > > > > > > Hi > > > > > > > > +1 > > > > > > > > Thanks > > > > > > > > On Thu, Oct 12, 2023, 10:26 benedict <bened...@eisenkramer.de> > > > > wrote: > > > > > > > > > +1 > > > > > -------- Ursprüngliche Nachricht --------Von: Richard Zowalla < > > > > > r...@apache.org> Datum: 12.10.23 14:59 (GMT+01:00) An: > > > > > dev@tomee.apache.org Betreff: [VOTE] TomEE 9.1.1 Hi all,this is > > > > > a vote > > > > > for a release of Apache TomEE 9.1.1.It is a maintenance release > > > > > with > > > > > dependenciesupgrades and bug fixes. The most notible change is > > > > > dropping our > > > > > owncxf-shade in favour of CXF 4.0.3It also fixes the latest > > > > > Tomcat > > > > > vulnerabilities by backporting andpatching Tomcat inside the > > > > > TomEE 9 > > > > > build.This release still passes the full EE9.1 TCK (thx to > > > > > Jean-Louis & > > > > > Jonfor triggering the builds) as well as the MP 5.0 > > > > > TCK.###############Maven Repo: > > > > > > https://repository.apache.org/content/repositories/orgapachetomee-1220/ > > > > > <repositories><repository><id>tomee-9.1.1-rc1</id><name>Testing > > > > > TomEE 9.1.1 RC1</name><url> > > > > > > https://repository.apache.org/content/repositories/orgapachetomee-1220/ > > > > > </url></repository></repositories>###############Binaries > > > > > & Source: > > > > > > https://dist.apache.org/repos/dist/dev/tomee/staging-1220/tomee-9.1.1/###############Tag:https://github.com/apache/tomee/releases/tag/tomee-project-9.1.1###############Release > > > > > notes: > > > > > > https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12312320&version=12353331###############Here > > > > > is an adoc generated version of the changelog as well:== > > > > > Dependency > > > > > upgrade[.compact] - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4246[TOMEE-4246]ActiveMQ > > > > > 5.18.2 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport > > > > > fix > > > > > for CVE-2023-34981 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport > > > > > fix > > > > > for CVE-2023-41080 - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4235[TOMEE-4235]Bouncy > > > > > Castle > > > > > 1.75 - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4243[TOMEE-4243]Bouncy > > > > > Castle > > > > > 1.76 - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4139[TOMEE-4139]CXF > > > > > 4.0.3 > > > > > (jakarta namespace) - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4247[TOMEE-4247]Hibernate > > > > > 6.1.7 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson > > > > > 2.15.2 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4228[TOMEE-4228]Johnzon > > > > > 1.2.21 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4248[TOMEE-4248]Mojarra > > > > > 3.0.5 > > > > > - > > > > > link:https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-425 > > > > > 4]Port > > > > > fix for CVE-2023-42795 - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port > > > > > fix for > > > > > CVE-2023-44487 - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port > > > > > fix for > > > > > CVE-2023-45648 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4249[TOMEE-4249]SnakeYAML > > > > > 2.2 > > > > > - > > > > > link:https://issues.apache.org/jira/browse/TOMEE-4250[TOMEE-425 > > > > > 0]WSS4J > > > > > 3.0.1 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4232[TOMEE-4232]bcprov-jdk15to18-1.74.jar > > > > > - > > > > > link:https://issues.apache.org/jira/browse/TOMEE-4251[TOMEE-425 > > > > > 1]xmlsec > > > > > 3.0.2== Bug[.compact] - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4222[TOMEE-4222]@LoginToContinue > > > > > JSR-375 (JavaEE Security API) causesIllegalArgumentException - > > > > > link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4225[TOMEE-4225]Remove > > > > > commons-net from TomEE distribution - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4226[TOMEE-4226]DataSource > > > > > definition fails when @DataSourceDefinition doesn't defineurl > > > > > property== > > > > > Improvement[.compact] - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4031[TOMEE-4031]Improve > > > > > TomEE > > > > > Jmx Mbean Support for Parameter Names== Fixed Common > > > > > Vulnerabilities and > > > > > Exposures (CVEs)[.compact] - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4230[TOMEE-4230]Backport > > > > > fix > > > > > for CVE-2023-34981 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4239[TOMEE-4239]Backport > > > > > fix > > > > > for CVE-2023-41080 - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4254[TOMEE-4254]Port > > > > > fix for > > > > > CVE-2023-42795 - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4255[TOMEE-4255]Port > > > > > fix for > > > > > CVE-2023-44487 - link: > > > > > https://issues.apache.org/jira/browse/TOMEE-4256[TOMEE-4256]Port > > > > > fix for > > > > > CVE-2023-45648 - link: > > > > > > https://issues.apache.org/jira/browse/TOMEE-4227[TOMEE-4227]Jackson > > > > > 2.15.2###############Here is the dependency diff from 9.1.0 to > > > > > 9.1.1 > > > > > created with ourrelease tools: artifactId from to > > > > > ------------------------------- -------- -------- jackson- > > > > > annotations > > > > > 2.15.1 2.15.2 jackson-core 2.15.1 2.15.2 jackson-databind > > > > > 2.15.1 2.15.2 > > > > > jackson-dataformat-yaml 2.15.1 2.15.2 java-support 8.3.1 8.4.0 > > > > > activemq-client-jakarta 5.18.1 5.18.2 activemq-jdbc-store > > > > > 5.18.1 5.18.2 > > > > > johnzon-core 1.2.20 1.2.21 johnzon-jaxrs 1.2.20 1.2.21 > > > > > johnzon-jsonb > > > > > 1.2.20 1.2.21 johnzon-jsonp-strict 1.2.20 1.2.21 johnzon- > > > > > mapper 1.2.20 > > > > > 1.2.21 xmlsec 3.0.1 3.0.2 activemq-broker-shade 9.1.0 9.1.1 > > > > > activemq-kahadb-store-shade 9.1.0 9.1.1 activemq-ra-shade > > > > > 9.1.0 9.1.1 > > > > > commons-dbcp2-shade 9.1.0 9.1.1 servicemix-bcel-shade 9.1.0 > > > > > 9.1.1 > > > > > sxc-shade 9.1.0 9.1.1 taglibs-shade 9.1.0 9.1.1 tomee- > > > > > bootstrap 9.1.0 > > > > > 9.1.1 xmlschema-core 2.2.5 2.3.1 wss4j-bindings 3.0.0 3.0.1 > > > > > wss4j-policy > > > > > 3.0.0 3.0.1 wss4j-ws-security-common 3.0.0 3.0.1 wss4j-ws- > > > > > security-dom > > > > > 3.0.0 3.0.1 wss4j-ws-security-policy-stax 3.0.0 3.0.1 > > > > > wss4j-ws-security-stax 3.0.0 3.0.1 bcpkix-jdk15to18 1.73 1.76 > > > > > bcprov-jdk15to18 1.73 1.76 bcutil-jdk15to18 1.73 1.76 > > > > > jakarta.faces 3.0.2 > > > > > 3.0.5 stax-ex 1.8.3 2.0.1 opensaml-core 4.2.0 4.3.0 > > > > > opensaml-profile-api > > > > > 4.2.0 4.3.0 opensaml-saml-api 4.2.0 4.3.0 opensaml-saml-impl > > > > > 4.2.0 4.3.0 > > > > > opensaml-security-api 4.2.0 4.3.0 opensaml-security-impl 4.2.0 > > > > > 4.3.0 > > > > > opensaml-soap-api 4.2.0 4.3.0 opensaml-xacml-api 4.2.0 4.3.0 > > > > > opensaml-xacml-impl 4.2.0 4.3.0 opensaml-xacml-saml-api 4.2.0 > > > > > 4.3.0 > > > > > opensaml-xacml-saml-impl 4.2.0 4.3.0 opensaml-xmlsec-api 4.2.0 > > > > > 4.3.0 > > > > > opensaml-xmlsec-impl 4.2.0 4.3.0 asm 9.3 9.5 reactive-streams > > > > > 1.0.3 > > > > > 1.0.4 snakeyaml 2.0 2.2 ###############Please VOTE[+1] go ship > > > > > it[+0] meh, > > > > > don't care[-1] stop, there is a ${showstopper}The VOTE is open > > > > > for 72h or > > > > > as long as needed.GrußRichard > >
