pasted here: -----BEGIN PGP PUBLIC KEY BLOCK-----
mJMEV5tUvhMFK4EEACMEIwQBDFKWRWNFys17LQRo18NBQ0cJk9HitooLx1k3dGTA G2By4TUnNYaR/ranOPJ47IRVr/1E0DBy9RKayUDNFElly6kAfhn/ALMmdv68cet9 GWkNjV/DwEGmtdXnhuGxXioxN1XkoJJNbjDCBEzx/mDDIna7w3jE2v28bXYP9kfv aLgvUdK0J0pvbmF0aGFuIFMuIEZpc2hlciA8ZXhhYnJpYWxAZ21haWwuY29tPoja BBMTCgA+AhsBBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAFiEEhxY4ohp/LDgGZHFC AwajVDNrTw0FAloq3hgFCQWj6loACgkQAwajVDNrTw2uBwIJASDBvmAQDW59SVMf HZ27HF6CeH1OQM6fdKxfSGZmwZXBp45MsZjzO5cXh1cuJgA1jm72Wblh7PNjAxzl 9lD4Q2o0AgkBJYXTSjXnH395kY//RPzsuibRj4Xzdx2Riwa22h6Nl/TFf1xoFDDZ /9CBP7sNvBpSh4ZohSwr5aYCLxObxvsF/B+I2gQTEwoAPgULCQgHAgYVCAkKCwIE FgIDAQIeAQIXgAUJDxWK5RYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJi12J8AhsD AAoJEAMGo1Qza08N2hoCCQGJD79oA4k1FDY+cStkLQS8QkvTpS8xZScNRKwIW1lv uBKrHpfzYa7RHFh6rdbW5D+07+pNvNBg8o03+h+vr4ezqQIJAUwYTOJZlBIXeujf 4LngH6C0Hc6bb0FtdMh9bHC82Iv7KSIlXcq8PZgrkWMADUu0yeJhLPXQXBzvnejC z6dlmR9uiNgEExMKAD4CGwEFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AWIQSHFjii Gn8sOAZkcUIDBqNUM2tPDQUCYtdhegUJDxWK5QAKCRADBqNUM2tPDXbsAgjQhVzd OuT6ZSo+3wXUQjl3scKnSPrzFDimknaZw6Zo0MYpnClY8wSTiYKrmgyUgQ8aQVlB +A3R1NUa/BfhRWyB3QIIjd1IFc8MosTtO3odKhbfmBWsLjKPjupRm6buZWBVNmtE mkY86nmp+vbrjFFYR5gQYa5pY045gXikw86aGUSpv3iI2AQTEwoAPgIbAQULCQgH AgYVCAkKCwIEFgIDAQIeAQIXgBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJhC/Oj BQkNMwXlAAoJEAMGo1Qza08N994CB1IAohe6KsGMKJx6ucfvv7bKfqU+BUaS0m6c CsSDea7wNFFuqK7+21QcJqTyAgIcIsgtkizDqTWQRr5az/l98Q2AAgifl3v+6sJH zisMQffJ9S7C0BKN7vbkmyg+2PxW0Mnvsvr2s34NOmdOTav+jdK4RFrH9bO4UI2H uqb5oBWOCmaf2IjZBBMTCgA+BQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQkJZTvo FiEEhxY4ohp/LDgGZHFCAwajVDNrTw0FAl1eDRACGwMACgkQAwajVDNrTw10zQII yVoClrNxQ/D4szu3XhJ9PXPyVelg3TPWpngxPLSvtPcBTrmM88nYCjsYr2YkZm7F KVn0TfxpafDCp3+c0vmXrdwCCQEA3lZ0TMbS6g1qVjr8tP/LcclUl9EcTQBhwrMz ptaKpK5KbwIGqCH/8osk1xBA3sTCCZidQ1DDWR8PDtLtkyv5mYjZBBMTCgA+AhsB BQsJCAcCBhUICQoLAgQWAgMBAh4BAheAFiEEhxY4ohp/LDgGZHFCAwajVDNrTw0F Al0+b/YFCQllO+gACgkQAwajVDNrTw03OwIJAetmR3/nyb7FGWX9a47CgH/4itKa J3wET5QXNBT0G9oJYMBLMpbfchaSaodc2B2ZoGJLE8193CVDjWpVQTpX1Q+aAgjn gqkOqPGRSGBbf4oJjsCCxNd1BQDptepfIxLPnJr9n9LWXhFQJ6m1dX0TYhXqwF+c InjN/G8QtQ6K5M09dg0T44jZBBMTCgAnBQJXm1S+AhsBBQkDwmcABQsJCAcCBhUI CQoLAgQWAgMBAh4BAheAACEJEAMGo1Qza08NFiEEhxY4ohp/LDgGZHFCAwajVDNr Tw1yfwIGMWuJgOMUPEsOMpKowBo5H0hZ+7FXB9pSJO4tw2JR2lmCNlS7dL8BSUg6 8iuUFNLuACPYv3yREYwtWgPHMI/9M/ICCQGLN09dQYTesY5Ivd1YGDdY7WQSoYwo wQm0ggBKH6myPOa/SLizr5o1glhYEfusgLaOYDa9v8FPIIiW0vOWHp6RIYjcBBMT CgBBBQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQkPFYrlAhkBFiEEhxY4ohp/LDgG ZHFCAwajVDNrTw0FAmU1ZXcCGwEACgkQAwajVDNrTw1kSAIIiTKmmWLKGT6/pEFe A+4Nrfm9O7KRRGB7xThijjOKXjHYi2n38fYjod/1oWHFI9h2YRsCiBKF6LDQ6f6L i0cCpbQCCQE9u7C6xrf/139K+KrN31c9BoMx+L/jDcMErzk+lT1O3HbeoXtiKWX6 WD6t/AvqHfvEkg34h1dd8I+2/MzfQ+Ml0oihBBATCgAGBQJadScvAAoJEFdOlh1P 9inBYDwCCQGMrDpimY/uwGoixIwHeca14nCWtCatfyuqX67pMUhNSGGDVmoSEAdS mJ6OhGM2jzqG2qzdAuOxH9tMu8WswAetkQIIhd02g0k2h8fPAQb0G7DSJyUCogQS PC8ZP1KrHFJ4gbt+8EJRDC2K7GnEn0MoMnlQCJflc6bB0qgYkdceTq28kQmIuAQQ EwoAHRYhBKiwEqxbUFuB2WVeFek/s8oe5jeGBQJbY9mZAAoJEOk/s8oe5jeGpFYC COHHPH2dYN7UgbSjo10XQUbZmnCWYLbVUp85QpX4SfcELJiWpTDeIA+yx/l1oA5q YOxrnUVoqU7DqlX8q+axXXVCAgkBXjEWxhj7U1dX09WdLjMt0IacphezlXyatDXs HQfAgkA7vvP+rYlhA0Wj0ZFSGX6ITUZ33vtElf9YZBN1RtMFmdKI3AQTEwoAQQUL CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAIZAQUJEPa+ZRYhBIcWOKIafyw4BmRxQgMG o1Qza08NBQJlNX/GAhsBAAoJEAMGo1Qza08NpvkCCIEyKQ4n6erY/9g10YKXZwEK UjDXr2EsCCcXSGHjoU14xyMtAYA+mfhF4xv6KnubHGQOQn2EfCvsagnYCJJXX0Kc AgkBeGP8Js90a1BvZ7cFV6JL8vMsp7HYhsjSZSy/y2HxpFtsnBTi4WJ1PbViN8aK KpABSPhR4u4ACNBYfDjPzhKUjOGI3QQTEwoAQQULCQgHAgYVCAkKCwIEFgIDAQIe AQIXgAUJDxWK5QIbAxYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJkrYWJAhkBAAoJ EAMGo1Qza08N6wsCCQHyd3RKJE4X2HyY2fx6tmRkBtj9eMiupsMZMa2brctqQ/zX j+lKxC21H99mfoVS6VFpyM7ipIaSmzc+Xa9ZwLIM0QIJARNw2zzOe7Pdmkkvsrxv 5Dyp3qsX40tGuok3S2R/xPQ2npvs1SpHQUX6VYqqFwPtsxDssgfq9U3xHAj3mDct el5ziN0EExMKAEEFCwkIBwIGFQgJCgsCBBYCAwECHgECF4ACGQEFCRD2vmUWIQSH FjiiGn8sOAZkcUIDBqNUM2tPDQUCZTV+DgIbAwAKCRADBqNUM2tPDRNJAgkBA2dX HkNTZ+XLKLTdVwcTTV9YUbN0xvjTdAE2ioxIpF9PolZ8xjKFTIHSuOjn65O9NBZi hYFD3mPDTwoIZY5xLKMCCQHDFKa1G5SXndrTA3ZYF99m/38Py4x7WpQdLwosJIe3 EsHkbRShpOxOJ8tSTCgl/fbQbXySUTZ4dtRDQd+PamJ5HrQvSm9uYXRoYW4gUy4g RmlzaGVyIDxleGFicmlhbCtlY2xpcHNlQGdtYWlsLmNvbT6I2QQTEwoAPhYhBIcW OKIafyw4BmRxQgMGo1Qza08NBQJkrYWJAhsDBQkPFYrlBQsJCAcCBhUKCQgLAgQW AgMBAh4BAheAAAoJEAMGo1Qza08NzA0CCLZ3s9y1hMPWSSEuuqPtvU8s4+MLuI+t aVGCq3Oe7fOrM9C9SkIK5gYLNSgm2ucM/Qz0UmMRQMt7yFPbbpj5CiTEAgkBg7GS 565j0SQYMJD2A8xJLy68K70TN8J4dE6DOFTbEH++z7UcdSbTJdaEh7nhhNnQS9px /yPw+gQZz3NUFCOJW8aI2QQTEwoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX gBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNWvGBQkQ9r5lAAoJEAMGo1Qza08N QhECCQFmodrh64RuDR2t4H1ne+zLQUOxlkM6JO8BC8s/nSS8CGJdPi0rpRQCliiM RgCkbIUdbmBFzx28r7KIabwKBTE+HAIHfeUtjs1wzN6r4qKLscAIDr/p75FvaOYi u7AQYLTIamdSbOBXd731koJro7t9q3JVZPiL2s3KAXCjxHAfYz9w7E20J0pvbmF0 aGFuIFMuIEZpc2hlciA8amZpc2hlckBhcGFjaGUub3JnPojaBBMTCgA+FiEEhxY4 ohp/LDgGZHFCAwajVDNrTw0FAmU1V3QCGwMFCQ8ViuUFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQAwajVDNrTw30jwIJASdHa+NzU2uObSBwFvNE2ee9ybppHyz4 UUjnlJPFlIq96jTH+F5CaLDNdLWVTjqxFwKioxqyzV5M/j3WwacOaJ4pAgkB2kPI lc+TYMtxSiCxOEvdv1N9K81U0gopOhaKCUOR2zijh5Oor9PWT6JGRBb+soYsJN65 rsfRiWyhMgwwiPlxbQmI2QQTEwoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX gBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNWvGBQkQ9r5lAAoJEAMGo1Qza08N fYQCBRdnOvBBhop8FuZxv2h3i2J7dxSaIXi5mt82EpHIVnElENuA0n9eJfYE6AyX go39MnHRb3mWaFMsbrwEk4R63nwSAgkBsOP9gMNn43p85xCvPfvqaMeUcFCtRrgb 7MSEDDQBdhF1eMGTttfujwpz/sKwc9YR6K8LUvpDrv4E7eIbIQwxzvi4bwRXm1Uv EwUrgQQAIgMDBEgqj2iDPClSIPOk6iARFYD7hMsdZG8rto1sKz0Y4bed1ushUqQO MKs2EB4owrTZNCCjwWc/73UIC2GF9MsDfrlvWhbXflqmNlBuyjDbvEQJqcjOassV 8CTuypP8A58j44kBQQQYEwoAJgIbAhYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJd Xg7CBQkFy63CAIoJEAMGo1Qza08NfyAEGRMJAAYFAlebVS8ACgkQNBblQhq5rGBm FQGAlQdk/wWnQBH9Ngbw5sF/NLc+AoAXH0sEfeKCQEQlbpyeyY8gjyXxxGPgQWQV YykjAYCtoKc2mwj65XHI1HSpokNSpD/0si5WefHsrwg1HfAiNJ6bRwjYx2G8C5Ye +qRlzq26UQIJATPSxwz7kP4mBp3ktX/nSj1VaZNO//Wz03ij/Hbgy+ctD1bF/cLg IJ9YQlqUPY6XR5ZRxbps30A9BrfFeryEekruAgjU7o53MPXjNPQQICqjTg6C5Pq8 A6HnGt4GKg59GwtWj+w7FFnDBxkxTUGsu9jTaipOn5Rz2pONPGXu7N25VEDb+7hz BFebVZYSBSuBBAAiAwMEtxtCjT1dG+sKZCq1YrL/RCjiGngEC53EoWSKtV8xOV3/ J0F0R2w5MI+MxovpHcKYNIF6gtr8LMrACbaNK/be3Pmg6Sji/cbtNzNdQO2XF0EW OOGfl3nUzCtnl7jyHCo1AwEJCYjABBgTCgAmAhsMFiEEhxY4ohp/LDgGZHFCAwaj VDNrTw0FAmU1XjEFCRDtsYsACgkQAwajVDNrTw3cegIHfrcTHHTeVKY/8D/tRJyQ fApIKz77u54996bgZBvcnzX/bXoA/FR26nBhMptw3PjCAYDOgPIPITAgVDSmkxmg JmMCCMrXtr98Ol7mKJfRDoWmGE++m/XlU5mz5J/XX1e0mhq/WXOMI3apE/fJ+FTF +/4s646I0MrlcIruMiFmpi2oxoH7uG8EV5tVzRMFK4EEACIDAwQjHqSreOLWs/FW O5Rpb1W5nJrfv5bXbeV5UfTzw+A6fq9rIorVMhchGApxRfSMIOcXLXuhk0yoUPlh TRwEGZveBTXkoSYSWWIDllQBNZ/a91f0QyTIxcR312ppCewzPyiIwQQYEwoAJgIb IBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNV5JBQkQ7YLiAAoJEAMGo1Qza08N xJYCCOpTXah+2r20hsQCHYhwpgGkRzT0KWyO6NeTzFZvUFTiAWbqYg7CyXztsVBn 0cCqjRtFATS2QeJL1sUcjwxhN3BBAgkBB3qOlUuVC9skeUEus4QzM07uSTTiicUZ /i9ifDuYt1ujM/QtV4CsICKpyWs4NDdEsssLJ8SzqM9eFAlqnocatI+4bwRlNWUI EwUrgQQAIgMDBLP99mJt/J4jBP4CjORKeKpjxRN6sj02/8IS8LeLRYbUJzSkubqh SQ19rQBxu6vBOVgVCTpLLfY/31cw5RsLa5On0wuhEn3KtXTtEJZ4kLHsD+dJX4Ux imVW5vaQ8skA24kBVwQYEwoAJhYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNWUI AhsCBQkDwmcAAKEJEAMGo1Qza08NliAEGRMJAB0WIQS11zr9EsR/oJTH1IT5dcJ7 sXr2sQUCZTVlCAAKCRD5dcJ7sXr2sRO0AX9+nni0M/NhMLCvkwyyO6au+0wBXtRk sav2zdLMHUJnGhzW7IebTZHBdLYV8bH/WpIBfinshcGugAErswVDg40rGp39hUFG 17Ayi5P9hSLc4JNwQqFppoRr40+tPKyDUOVyuCKuAgiwtGUSRYNccVnGrwvy9Qff +XIkQXpWrpHbNIxkmWLxh2p3ZhBJBFTyXzfiHXySquFF427JfmBZ6j4N2fBykpON CQIHRxmTg3wOCOoM0HVhvEG5lsjHWGCHW12P7UzY5dkLExG+lGLvK9TSEKupGuNQ Ecwv7rh7ke+e7+0UC6B0mY7yJtSJAVcEGBMKACYCGwIWIQSHFjiiGn8sOAZkcUID BqNUM2tPDQUCZTVr4gUJA1OpAAChCRADBqNUM2tPDZYgBBkTCQAdFiEEtdc6/RLE f6CUx9SE+XXCe7F69rEFAmU1ZQgACgkQ+XXCe7F69rETtAF/fp54tDPzYTCwr5MM sjumrvtMAV7UZLGr9s3SzB1CZxoc1uyHm02RwXS2FfGx/1qSAX4p7IXBroABK7MF Q4ONKxqd/YVBRtewMouT/YUi3OCTcEKhaaaEa+NPrTysg1DlcrhkeAIHSX0cWOGH EHDY4/lDeQUT6CzdkrK4EoLv5GtwbqTIG8knGjX+jWsIA3c11vtuq5nCl30+tTPY 3F74/CTdimP0+c4CCPfukMGeA1iwD/7oqRVzs+ULbXdZjqiNFl6fR6j0uvs99r6l 9T3ugXY9lBQhvQ3zoYvTzJoX4P2i1P1L2CS6HwiG =AdHB -----END PGP PUBLIC KEY BLOCK----- On Sun, Oct 22, 2023 at 11:35 PM Richard Zowalla <rich...@zowalla.com> wrote: > > The list doesn't allow attachments, so maybe add it as plain text (or put it > into a gist) > > Gruß > Richard > > > Am 22. Oktober 2023 21:48:22 MESZ schrieb "Jonathan S. Fisher" > <jfis...@apache.org>: > >Attached! Thank you! > > > >On Sat, Oct 21, 2023 at 7:42 PM Richard Zowalla <rich...@zowalla.com> wrote: > >> > >> Just send it in the required ascii armored format via your apache mail (or > >> via die web ui on lists.apache.org after login. > >> > >> I can take care of it. > >> > >> > >> Am 22. Oktober 2023 01:05:53 MESZ schrieb "Jonathan S. Fisher" > >> <exabr...@gmail.com>: > >> >Richard thanks. Anyone on this thread able to add me to the KEYS file? > >> >I'd like to give this a roll :) > >> > > >> >cheers, > >> > > >> > > >> >On Thu, Oct 19, 2023 at 7:12 AM Jamie Johnson <jej2...@gmail.com> wrote: > >> >> > >> >> Just checking in on this. Anything the community can do to facilitate > >> >> the > >> >> release? > >> >> > >> >> On Tue, Oct 17, 2023 at 9:58 AM Richard Zowalla <rich...@zowalla.com> > >> >> wrote: > >> >> > >> >> > Hi, > >> >> > > >> >> > see https://tomee.apache.org/dev/release-tomee.html > >> >> > > >> >> > Might be beneficial to join the ASF slack with your apache.org mail. > >> >> > > >> >> > Starting the VOTE, moving artifacts to release area as well as > >> >> > updating > >> >> > https://downloads.apache.org/tomee/KEYS needs to be done by a PMC > >> >> > member. > >> >> > > >> >> > Gruß > >> >> > Richard > >> >> > > >> >> > Am 17. Oktober 2023 15:50:33 MESZ schrieb "Jonathan S. Fisher" < > >> >> > exabr...@gmail.com>: > >> >> > >-----BEGIN PGP SIGNED MESSAGE----- > >> >> > >Hash: SHA512 > >> >> > > > >> >> > >ello other TomEE committers :) > >> >> > > > >> >> > >If I wanted to cut 8.0.16, how do I do that? My personal GPG key is > >> >> > >871638A21A7F2C38066471420306A354336B4F0D. I'll sign this text block > >> >> > >to > >> >> > >prove I have control of my key. > >> >> > > > >> >> > >Thank you! > >> >> > >-----BEGIN PGP SIGNATURE----- > >> >> > > > >> >> > >iLkEARMKAB0WIQSHFjiiGn8sOAZkcUIDBqNUM2tPDQUCZS6RIAAKCRADBqNUM2tP > >> >> > >DYahAgkBNYn+LlIdFttvNW6KAJXHgNEQxmjJ6ALb7VaaEdqAXjMNxwglLQQQVOVY > >> >> > >NtRxRj5nHDOXUVqwLjftisxyNnAkx50CCQHYbqySGYuWOxMdS8jsDGA2/UjTp0ib > >> >> > >RkLoChrMvppzIK5GOvd0UyBKmrvG3dkzJwQllPZ3EYvNZfLyl+/K5oOshg== > >> >> > >=d0gl > >> >> > >-----END PGP SIGNATURE----- > >> >> > > > >> >> > > > >> >> > > > >> >> > >On Sat, Oct 14, 2023 at 6:12 AM Jamie Johnson <jej2...@gmail.com> > >> >> > >wrote: > >> >> > >> > >> >> > >> Looks like tomcat 9.0.82 was released! > >> >> > >> > >> >> > >> On Wed, Oct 11, 2023 at 12:54 PM Jamie Johnson <jej2...@gmail.com> > >> >> > wrote: > >> >> > >> > >> >> > >> > Looks right to me as well. Thanks Richard! > >> >> > >> > > >> >> > >> > On Wed, Oct 11, 2023 at 12:45 PM Richard Zowalla > >> >> > >> > <rich...@zowalla.com > >> >> > > > >> >> > >> > wrote: > >> >> > >> > > >> >> > >> >> I think we are running into > >> >> > >> >> https://bz.apache.org/bugzilla/show_bug.cgi?id=67664 > >> >> > >> >> > >> >> > >> >> This requires 9.0.82 to become available. > >> >> > >> >> > >> >> > >> >> They are already voting: > >> >> > >> >> > >> >> > >> >> https://lists.apache.org/thread/qro48x3xnvhvvxxv3hwnqnnsrrry773j > >> >> > >> >> > >> >> > >> >> After 9.0.82 becomes available, we are most likely in a good > >> >> > >> >> shape to > >> >> > >> >> start a release > >> >> > >> >> > >> >> > >> >> Gruß > >> >> > >> >> Richard > >> >> > >> >> > >> >> > >> >> Am 11. Oktober 2023 18:14:09 MESZ schrieb Richard Zowalla < > >> >> > >> >> rich...@zowalla.com>: > >> >> > >> >> >It seems the Tomcat upgrade breaks some connection pool related > >> >> > tests. > >> >> > >> >> > > >> >> > >> >> >I guess we need to check our integration code to fix it: > >> >> > >> >> > >> >> > https://ci-builds.apache.org/job/Tomee/job/tomee-8.x-build-full-java8/lastCompletedBuild/testReport/ > >> >> > >> >> > > >> >> > >> >> >So if anyone wants to dig, feel free. > >> >> > >> >> > > >> >> > >> >> > > >> >> > >> >> > > >> >> > >> >> >Am 11. Oktober 2023 16:56:27 MESZ schrieb Jamie Johnson < > >> >> > >> >> jej2...@gmail.com>: > >> >> > >> >> >>There are other vulnerabilities (pulled from https://osv.dev/) > >> >> > that > >> >> > >> >> can be > >> >> > >> >> >>addressed, but need to be reviewed. The format below is > >> >> > >> >> >>dependency > >> >> > >> >> >>current_version (fix_version). > >> >> > >> >> >> > >> >> > >> >> >>org.apache.httpcomponents:httpclient 4.2.2 (>= 4.5.13) > >> >> > >> >> >>GHSA-2x83-r56g-cv47 (4.2.3), GHSA-7r82-7xv7-xcpj > >> >> > >> >> >>(4.5.13), GHSA-fmj5-wv96-r2ch (4.3.6), GHSA-cfh5-3ghh-wfjx > >> >> > >> >> >>(4.3.5) > >> >> > >> >> >> > >> >> > >> >> >>xalan:xalan 2.7.2 (2.7.3) > >> >> > >> >> >>GHSA-9339-86wc-4qgf (2.7.3) > >> >> > >> >> >> > >> >> > >> >> >>org.apache.commons:commons-compress 1.14 (>=1.24.0) > >> >> > >> >> >>GHSA-hrmr-f5m6-m9pq (1.18), GHSA-xqfj-vm6h-2x34 (1.22), > >> >> > >> >> GHSA-h436-432x-8fvx > >> >> > >> >> >>(1.16), GHSA-crv7-7245-f45f (1.21), GHSA-mc84-pj99-q6hh > >> >> > >> >> >>(1.21), GHSA-7hfm-57qf-j43q (1.21), GHSA-cgwf-w82q-5jrr > >> >> > >> >> >>(1.24.0) > >> >> > >> >> >> > >> >> > >> >> >>org.eclipse.jetty:jetty-server 9.4.49.v20220914 > >> >> > >> >> >>(9.4.51.v20230217) > >> >> > >> >> >>GHSA-qw69-rqj8-6qw8 (9.4.51.v20230217), GHSA-p26g-97m4-6q7c > >> >> > >> >> >>(9.4.51.v20230217) > >> >> > >> >> >> > >> >> > >> >> >>org.eclipse.jetty:jetty-http 9.4.49.v20220914 (>=9.4.53) > >> >> > >> >> >>GHSA-hmr7-m48g-48f6 (9.4.52), GHSA-wgh7-54f2-x98r (9.4.53) > >> >> > >> >> >> > >> >> > >> >> >>org.eclipse.jetty:jetty-servlets 9.4.49.v20220914 (9.4.53) > >> >> > >> >> >>GHSA-3gh6-v5v9-6v9j (9.4.53) > >> >> > >> >> >> > >> >> > >> >> >>org.apache.sshd:sshd-core 2.1.0 (>=2.10.0) > >> >> > >> >> >>GHSA-9279-7hph-r3xw (2.7.0), GHSA-fhw8-8j55-vwgq > >> >> > >> >> >>(2.9.2), GHSA-mjmq-gwgm-5qhm (2.10.0) > >> >> > >> >> >> > >> >> > >> >> >>com.google.code.gson:gson 2.2.4 (2.8.9) > >> >> > >> >> >>GHSA-4jrv-ppp4-jm57 (2.8.9) > >> >> > >> >> >> > >> >> > >> >> >>org.webjars:handlebars 1.2.1 (4.7.7) > >> >> > >> >> >>GHSA-f2jv-r9rf-7988 (4.7.7) > >> >> > >> >> >> > >> >> > >> >> >>org.apache.ivy:ivy 2.3.0 (>= 2.5.2) > >> >> > >> >> >>GHSA-wv7w-rj2x-556x (2.5.1), GHSA-2jc4-r94c-rp7h (2.5.2) > >> >> > >> >> >> > >> >> > >> >> >> > >> >> > >> >> >>On Wed, Oct 11, 2023 at 6:49 AM Jamie Johnson > >> >> > >> >> >><jej2...@gmail.com> > >> >> > >> >> wrote: > >> >> > >> >> >> > >> >> > >> >> >>> How deep down the rabbit hole should the dependency checks > >> >> > normally > >> >> > >> >> go? > >> >> > >> >> >>> Looks like the big ones I was tracking with security > >> >> > >> >> >>> updates were > >> >> > >> >> done. > >> >> > >> >> >>> > >> >> > >> >> >>> johnzon 1.2.21 > >> >> > >> >> >>> tomcat 9.0.81 > >> >> > >> >> >>> bouncy castle 1.76 > >> >> > >> >> >>> > >> >> > >> >> >>> Still poking around a bit but there’s obviously a lot. > >> >> > >> >> >>> > >> >> > >> >> >>> On Wed, Oct 11, 2023 at 2:09 AM Richard Zowalla > >> >> > >> >> >>> <r...@apache.org > >> >> > > > >> >> > >> >> wrote: > >> >> > >> >> >>> > >> >> > >> >> >>>> In theory, every committer can act as release manager. > >> >> > >> >> >>>> > >> >> > >> >> >>>> There are some steps in the process, which requires PMC > >> >> > >> >> >>>> karma, > >> >> > though > >> >> > >> >> >>>> (such as adding a key to the KEYS file, moving stuff to the > >> >> > release > >> >> > >> >> are > >> >> > >> >> >>>> on SVN, start the VOTE, etc.). > >> >> > >> >> >>>> > >> >> > >> >> >>>> The process is documented here: [1] > >> >> > >> >> >>>> > >> >> > >> >> >>>> That being said: > >> >> > >> >> >>>> > >> >> > >> >> >>>> I am currently planning to start the release process for > >> >> > >> >> >>>> TomEE > >> >> > 9.1.1 > >> >> > >> >> >>>> within this week. Due to the Tomcat security issues > >> >> > >> >> >>>> released > >> >> > >> >> yesterday, > >> >> > >> >> >>>> we need to do some backporting, which will consume > >> >> > >> >> >>>> additional > >> >> > time. > >> >> > >> >> (It > >> >> > >> >> >>>> just interrupted my preparations, so it needs additional > >> >> > >> >> >>>> CI / > >> >> > TCK > >> >> > >> >> >>>> cycles) > >> >> > >> >> >>>> > >> >> > >> >> >>>> A release usally consumes around 1-3 hours of work. Mostly > >> >> > because > >> >> > >> >> you > >> >> > >> >> >>>> have to wait for stuff being build or to run some basic > >> >> > >> >> >>>> sanity > >> >> > checks > >> >> > >> >> >>>> before starting and to not forget any step. > >> >> > >> >> >>>> > >> >> > >> >> >>>> What would really help for a TomEE 8.0.16 is to carefully > >> >> > re-check > >> >> > >> >> the > >> >> > >> >> >>>> current dependencies for important 3rd party dependencies > >> >> > >> >> >>>> (and > >> >> > update > >> >> > >> >> >>>> if needed. Note: Each update or bunch of updates shouldn't > >> >> > break the > >> >> > >> >> >>>> build. A full build on CI takes around 4-8 hours) on that > >> >> > branch, > >> >> > >> >> build > >> >> > >> >> >>>> it locally and conduct some sanity checks (for example: > >> >> > >> >> >>>> same > >> >> > lib in > >> >> > >> >> >>>> different versions in /lib -> check and fix) with the > >> >> > >> >> >>>> created > >> >> > >> >> >>>> tar.gz/zip files. > >> >> > >> >> >>>> > >> >> > >> >> >>>> This is one of the steps, which usually consumes a lot of > >> >> > >> >> >>>> time. > >> >> > If > >> >> > >> >> you > >> >> > >> >> >>>> want to give it a try, I am happy to help out for the steps > >> >> > which > >> >> > >> >> >>>> require PMC involvement. Otherwise, I might find some time > >> >> > >> >> >>>> in > >> >> > the > >> >> > >> >> next > >> >> > >> >> >>>> week to start a release of 8.0.16 - just let me know and I > >> >> > >> >> >>>> can > >> >> > plan > >> >> > >> >> my > >> >> > >> >> >>>> time accordingly ;-) > >> >> > >> >> >>>> > >> >> > >> >> >>>> Gruß > >> >> > >> >> >>>> Richard > >> >> > >> >> >>>> > >> >> > >> >> >>>> > >> >> > >> >> >>>> > >> >> > >> >> >>>> > >> >> > >> >> >>>> [1] https://tomee.apache.org/dev/release-tomee.html > >> >> > >> >> >>>> > >> >> > >> >> >>>> > >> >> > >> >> >>>> Am Dienstag, dem 10.10.2023 um 17:56 -0500 schrieb > >> >> > >> >> >>>> Jonathan S. > >> >> > >> >> Fisher: > >> >> > >> >> >>>> > Jean-Louis, are there directions anywhere? Not promising > >> >> > anything > >> >> > >> >> :) > >> >> > >> >> >>>> > > >> >> > >> >> >>>> > On Tue, Oct 10, 2023 at 5:22 PM Jean-Louis Monteiro > >> >> > >> >> >>>> > <jlmonte...@tomitribe.com> wrote: > >> >> > >> >> >>>> > > > >> >> > >> >> >>>> > > Whomever is committer can do it. > >> >> > >> >> >>>> > > > >> >> > >> >> >>>> > > I was just trying to give you an honest reply > >> >> > >> >> >>>> > > regarding my > >> >> > >> >> >>>> > > availabilities > >> >> > >> >> >>>> > > and give visibility to the rest of the community and > >> >> > >> >> >>>> > > the > >> >> > other > >> >> > >> >> >>>> > > committers > >> >> > >> >> >>>> > > at the same time. > >> >> > >> >> >>>> > > > >> >> > >> >> >>>> > > Hope it helps. > >> >> > >> >> >>>> > > > >> >> > >> >> >>>> > > > >> >> > >> >> >>>> > > Le mar. 10 oct. 2023, 23:27, Jamie Johnson < > >> >> > jej2...@gmail.com> a > >> >> > >> >> >>>> > > écrit : > >> >> > >> >> >>>> > > > >> >> > >> >> >>>> > > > I’m not sure what that entails or who would go about > >> >> > doing it. > >> >> > >> >> Is > >> >> > >> >> >>>> > > > it a > >> >> > >> >> >>>> > > > community or contributor driven thing? > >> >> > >> >> >>>> > > > > >> >> > >> >> >>>> > > > On Tue, Oct 10, 2023 at 3:25 PM Jean-Louis Monteiro < > >> >> > >> >> >>>> > > > jlmonte...@tomitribe.com> wrote: > >> >> > >> >> >>>> > > > > >> >> > >> >> >>>> > > > > I think most of the energy is currently on TomEE 9 > >> >> > >> >> >>>> > > > > and > >> >> > the > >> >> > >> >> new > >> >> > >> >> >>>> > > > > TomEE 10. > >> >> > >> >> >>>> > > > > I've also noticed some Tomcat CVE today if I > >> >> > >> >> >>>> > > > > remember > >> >> > >> >> >>>> > > > > correctly. > >> >> > >> >> >>>> > > > > > >> >> > >> >> >>>> > > > > I'm all hands on TomEE 10 currently because we > >> >> > >> >> >>>> > > > > need to > >> >> > fill > >> >> > >> >> the > >> >> > >> >> >>>> > > > > feature > >> >> > >> >> >>>> > > > > gaps on all implementations. So speaking about > >> >> > >> >> >>>> > > > > myself, > >> >> > not > >> >> > >> >> sure > >> >> > >> >> >>>> > > > > I can > >> >> > >> >> >>>> > > > > trigger a build and deliver the whole process in > >> >> > >> >> >>>> > > > > the > >> >> > next > >> >> > >> >> >>>> > > > > couple of days > >> >> > >> >> >>>> > > > or > >> >> > >> >> >>>> > > > > weeks. > >> >> > >> >> >>>> > > > > > >> >> > >> >> >>>> > > > > If someone can do it, I'm happy to review, test and > >> >> > vote on > >> >> > >> >> the > >> >> > >> >> >>>> > > > > release. > >> >> > >> >> >>>> > > > > -- > >> >> > >> >> >>>> > > > > Jean-Louis Monteiro > >> >> > >> >> >>>> > > > > http://twitter.com/jlouismonteiro > >> >> > >> >> >>>> > > > > http://www.tomitribe.com > >> >> > >> >> >>>> > > > > > >> >> > >> >> >>>> > > > > > >> >> > >> >> >>>> > > > > On Tue, Oct 10, 2023 at 5:48 PM Jamie Johnson > >> >> > >> >> >>>> > > > > <jej2...@gmail.com> wrote: > >> >> > >> >> >>>> > > > > > >> >> > >> >> >>>> > > > > > Is there a timeline for the release of 8.0.16? > >> >> > >> >> >>>> > > > > > There > >> >> > are a > >> >> > >> >> >>>> > > > > > few > >> >> > >> >> >>>> > > > security > >> >> > >> >> >>>> > > > > > issues associated with johnzon that we’d like to > >> >> > leverage > >> >> > >> >> >>>> > > > > > while we > >> >> > >> >> >>>> > > > > migrate > >> >> > >> >> >>>> > > > > > to a newer version of TomEE. > >> >> > >> >> >>>> > > > > > > >> >> > >> >> >>>> > > > > > >> >> > >> >> >>>> > > > > >> >> > >> >> >>>> > > >> >> > >> >> >>>> > > >> >> > >> >> >>>> > > >> >> > >> >> >>>> > >> >> > >> >> >>>> > >> >> > >> >> > >> >> > >> > > >> >> > > > >> >> > > > >> >> > > > >> >> > >-- > >> >> > >Jonathan | exabr...@gmail.com > >> >> > >Pessimists, see a jar as half empty. Optimists, in contrast, see it > >> >> > >as > >> >> > >half full. > >> >> > >Engineers, of course, understand the glass is twice as big as it > >> >> > >needs to > >> >> > be. > >> >> > > >> > > >> > > >> > > >> >-- > >> >Jonathan | exabr...@gmail.com > >> >Pessimists, see a jar as half empty. Optimists, in contrast, see it as > >> >half full. > >> >Engineers, of course, understand the glass is twice as big as it needs to > >> >be.
