Added to https://dist.apache.org/repos/dist/release/tomee/KEYS
Am Dienstag, dem 24.10.2023 um 08:54 -0500 schrieb Jonathan S. Fisher: > pasted here: > > -----BEGIN PGP PUBLIC KEY BLOCK----- > > mJMEV5tUvhMFK4EEACMEIwQBDFKWRWNFys17LQRo18NBQ0cJk9HitooLx1k3dGTA > G2By4TUnNYaR/ranOPJ47IRVr/1E0DBy9RKayUDNFElly6kAfhn/ALMmdv68cet9 > GWkNjV/DwEGmtdXnhuGxXioxN1XkoJJNbjDCBEzx/mDDIna7w3jE2v28bXYP9kfv > aLgvUdK0J0pvbmF0aGFuIFMuIEZpc2hlciA8ZXhhYnJpYWxAZ21haWwuY29tPoja > BBMTCgA+AhsBBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAFiEEhxY4ohp/LDgGZHFC > AwajVDNrTw0FAloq3hgFCQWj6loACgkQAwajVDNrTw2uBwIJASDBvmAQDW59SVMf > HZ27HF6CeH1OQM6fdKxfSGZmwZXBp45MsZjzO5cXh1cuJgA1jm72Wblh7PNjAxzl > 9lD4Q2o0AgkBJYXTSjXnH395kY//RPzsuibRj4Xzdx2Riwa22h6Nl/TFf1xoFDDZ > /9CBP7sNvBpSh4ZohSwr5aYCLxObxvsF/B+I2gQTEwoAPgULCQgHAgYVCAkKCwIE > FgIDAQIeAQIXgAUJDxWK5RYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJi12J8AhsD > AAoJEAMGo1Qza08N2hoCCQGJD79oA4k1FDY+cStkLQS8QkvTpS8xZScNRKwIW1lv > uBKrHpfzYa7RHFh6rdbW5D+07+pNvNBg8o03+h+vr4ezqQIJAUwYTOJZlBIXeujf > 4LngH6C0Hc6bb0FtdMh9bHC82Iv7KSIlXcq8PZgrkWMADUu0yeJhLPXQXBzvnejC > z6dlmR9uiNgEExMKAD4CGwEFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AWIQSHFjii > Gn8sOAZkcUIDBqNUM2tPDQUCYtdhegUJDxWK5QAKCRADBqNUM2tPDXbsAgjQhVzd > OuT6ZSo+3wXUQjl3scKnSPrzFDimknaZw6Zo0MYpnClY8wSTiYKrmgyUgQ8aQVlB > +A3R1NUa/BfhRWyB3QIIjd1IFc8MosTtO3odKhbfmBWsLjKPjupRm6buZWBVNmtE > mkY86nmp+vbrjFFYR5gQYa5pY045gXikw86aGUSpv3iI2AQTEwoAPgIbAQULCQgH > AgYVCAkKCwIEFgIDAQIeAQIXgBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJhC/Oj > BQkNMwXlAAoJEAMGo1Qza08N994CB1IAohe6KsGMKJx6ucfvv7bKfqU+BUaS0m6c > CsSDea7wNFFuqK7+21QcJqTyAgIcIsgtkizDqTWQRr5az/l98Q2AAgifl3v+6sJH > zisMQffJ9S7C0BKN7vbkmyg+2PxW0Mnvsvr2s34NOmdOTav+jdK4RFrH9bO4UI2H > uqb5oBWOCmaf2IjZBBMTCgA+BQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQkJZTvo > FiEEhxY4ohp/LDgGZHFCAwajVDNrTw0FAl1eDRACGwMACgkQAwajVDNrTw10zQII > yVoClrNxQ/D4szu3XhJ9PXPyVelg3TPWpngxPLSvtPcBTrmM88nYCjsYr2YkZm7F > KVn0TfxpafDCp3+c0vmXrdwCCQEA3lZ0TMbS6g1qVjr8tP/LcclUl9EcTQBhwrMz > ptaKpK5KbwIGqCH/8osk1xBA3sTCCZidQ1DDWR8PDtLtkyv5mYjZBBMTCgA+AhsB > BQsJCAcCBhUICQoLAgQWAgMBAh4BAheAFiEEhxY4ohp/LDgGZHFCAwajVDNrTw0F > Al0+b/YFCQllO+gACgkQAwajVDNrTw03OwIJAetmR3/nyb7FGWX9a47CgH/4itKa > J3wET5QXNBT0G9oJYMBLMpbfchaSaodc2B2ZoGJLE8193CVDjWpVQTpX1Q+aAgjn > gqkOqPGRSGBbf4oJjsCCxNd1BQDptepfIxLPnJr9n9LWXhFQJ6m1dX0TYhXqwF+c > InjN/G8QtQ6K5M09dg0T44jZBBMTCgAnBQJXm1S+AhsBBQkDwmcABQsJCAcCBhUI > CQoLAgQWAgMBAh4BAheAACEJEAMGo1Qza08NFiEEhxY4ohp/LDgGZHFCAwajVDNr > Tw1yfwIGMWuJgOMUPEsOMpKowBo5H0hZ+7FXB9pSJO4tw2JR2lmCNlS7dL8BSUg6 > 8iuUFNLuACPYv3yREYwtWgPHMI/9M/ICCQGLN09dQYTesY5Ivd1YGDdY7WQSoYwo > wQm0ggBKH6myPOa/SLizr5o1glhYEfusgLaOYDa9v8FPIIiW0vOWHp6RIYjcBBMT > CgBBBQsJCAcCBhUICQoLAgQWAgMBAh4BAheABQkPFYrlAhkBFiEEhxY4ohp/LDgG > ZHFCAwajVDNrTw0FAmU1ZXcCGwEACgkQAwajVDNrTw1kSAIIiTKmmWLKGT6/pEFe > A+4Nrfm9O7KRRGB7xThijjOKXjHYi2n38fYjod/1oWHFI9h2YRsCiBKF6LDQ6f6L > i0cCpbQCCQE9u7C6xrf/139K+KrN31c9BoMx+L/jDcMErzk+lT1O3HbeoXtiKWX6 > WD6t/AvqHfvEkg34h1dd8I+2/MzfQ+Ml0oihBBATCgAGBQJadScvAAoJEFdOlh1P > 9inBYDwCCQGMrDpimY/uwGoixIwHeca14nCWtCatfyuqX67pMUhNSGGDVmoSEAdS > mJ6OhGM2jzqG2qzdAuOxH9tMu8WswAetkQIIhd02g0k2h8fPAQb0G7DSJyUCogQS > PC8ZP1KrHFJ4gbt+8EJRDC2K7GnEn0MoMnlQCJflc6bB0qgYkdceTq28kQmIuAQQ > EwoAHRYhBKiwEqxbUFuB2WVeFek/s8oe5jeGBQJbY9mZAAoJEOk/s8oe5jeGpFYC > COHHPH2dYN7UgbSjo10XQUbZmnCWYLbVUp85QpX4SfcELJiWpTDeIA+yx/l1oA5q > YOxrnUVoqU7DqlX8q+axXXVCAgkBXjEWxhj7U1dX09WdLjMt0IacphezlXyatDXs > HQfAgkA7vvP+rYlhA0Wj0ZFSGX6ITUZ33vtElf9YZBN1RtMFmdKI3AQTEwoAQQUL > CQgHAgYVCAkKCwIEFgIDAQIeAQIXgAIZAQUJEPa+ZRYhBIcWOKIafyw4BmRxQgMG > o1Qza08NBQJlNX/GAhsBAAoJEAMGo1Qza08NpvkCCIEyKQ4n6erY/9g10YKXZwEK > UjDXr2EsCCcXSGHjoU14xyMtAYA+mfhF4xv6KnubHGQOQn2EfCvsagnYCJJXX0Kc > AgkBeGP8Js90a1BvZ7cFV6JL8vMsp7HYhsjSZSy/y2HxpFtsnBTi4WJ1PbViN8aK > KpABSPhR4u4ACNBYfDjPzhKUjOGI3QQTEwoAQQULCQgHAgYVCAkKCwIEFgIDAQIe > AQIXgAUJDxWK5QIbAxYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJkrYWJAhkBAAoJ > EAMGo1Qza08N6wsCCQHyd3RKJE4X2HyY2fx6tmRkBtj9eMiupsMZMa2brctqQ/zX > j+lKxC21H99mfoVS6VFpyM7ipIaSmzc+Xa9ZwLIM0QIJARNw2zzOe7Pdmkkvsrxv > 5Dyp3qsX40tGuok3S2R/xPQ2npvs1SpHQUX6VYqqFwPtsxDssgfq9U3xHAj3mDct > el5ziN0EExMKAEEFCwkIBwIGFQgJCgsCBBYCAwECHgECF4ACGQEFCRD2vmUWIQSH > FjiiGn8sOAZkcUIDBqNUM2tPDQUCZTV+DgIbAwAKCRADBqNUM2tPDRNJAgkBA2dX > HkNTZ+XLKLTdVwcTTV9YUbN0xvjTdAE2ioxIpF9PolZ8xjKFTIHSuOjn65O9NBZi > hYFD3mPDTwoIZY5xLKMCCQHDFKa1G5SXndrTA3ZYF99m/38Py4x7WpQdLwosJIe3 > EsHkbRShpOxOJ8tSTCgl/fbQbXySUTZ4dtRDQd+PamJ5HrQvSm9uYXRoYW4gUy4g > RmlzaGVyIDxleGFicmlhbCtlY2xpcHNlQGdtYWlsLmNvbT6I2QQTEwoAPhYhBIcW > OKIafyw4BmRxQgMGo1Qza08NBQJkrYWJAhsDBQkPFYrlBQsJCAcCBhUKCQgLAgQW > AgMBAh4BAheAAAoJEAMGo1Qza08NzA0CCLZ3s9y1hMPWSSEuuqPtvU8s4+MLuI+t > aVGCq3Oe7fOrM9C9SkIK5gYLNSgm2ucM/Qz0UmMRQMt7yFPbbpj5CiTEAgkBg7GS > 565j0SQYMJD2A8xJLy68K70TN8J4dE6DOFTbEH++z7UcdSbTJdaEh7nhhNnQS9px > /yPw+gQZz3NUFCOJW8aI2QQTEwoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX > gBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNWvGBQkQ9r5lAAoJEAMGo1Qza08N > QhECCQFmodrh64RuDR2t4H1ne+zLQUOxlkM6JO8BC8s/nSS8CGJdPi0rpRQCliiM > RgCkbIUdbmBFzx28r7KIabwKBTE+HAIHfeUtjs1wzN6r4qKLscAIDr/p75FvaOYi > u7AQYLTIamdSbOBXd731koJro7t9q3JVZPiL2s3KAXCjxHAfYz9w7E20J0pvbmF0 > aGFuIFMuIEZpc2hlciA8amZpc2hlckBhcGFjaGUub3JnPojaBBMTCgA+FiEEhxY4 > ohp/LDgGZHFCAwajVDNrTw0FAmU1V3QCGwMFCQ8ViuUFCwkIBwIGFQoJCAsCBBYC > AwECHgECF4AACgkQAwajVDNrTw30jwIJASdHa+NzU2uObSBwFvNE2ee9ybppHyz4 > UUjnlJPFlIq96jTH+F5CaLDNdLWVTjqxFwKioxqyzV5M/j3WwacOaJ4pAgkB2kPI > lc+TYMtxSiCxOEvdv1N9K81U0gopOhaKCUOR2zijh5Oor9PWT6JGRBb+soYsJN65 > rsfRiWyhMgwwiPlxbQmI2QQTEwoAPgIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIX > gBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNWvGBQkQ9r5lAAoJEAMGo1Qza08N > fYQCBRdnOvBBhop8FuZxv2h3i2J7dxSaIXi5mt82EpHIVnElENuA0n9eJfYE6AyX > go39MnHRb3mWaFMsbrwEk4R63nwSAgkBsOP9gMNn43p85xCvPfvqaMeUcFCtRrgb > 7MSEDDQBdhF1eMGTttfujwpz/sKwc9YR6K8LUvpDrv4E7eIbIQwxzvi4bwRXm1Uv > EwUrgQQAIgMDBEgqj2iDPClSIPOk6iARFYD7hMsdZG8rto1sKz0Y4bed1ushUqQO > MKs2EB4owrTZNCCjwWc/73UIC2GF9MsDfrlvWhbXflqmNlBuyjDbvEQJqcjOassV > 8CTuypP8A58j44kBQQQYEwoAJgIbAhYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJd > Xg7CBQkFy63CAIoJEAMGo1Qza08NfyAEGRMJAAYFAlebVS8ACgkQNBblQhq5rGBm > FQGAlQdk/wWnQBH9Ngbw5sF/NLc+AoAXH0sEfeKCQEQlbpyeyY8gjyXxxGPgQWQV > YykjAYCtoKc2mwj65XHI1HSpokNSpD/0si5WefHsrwg1HfAiNJ6bRwjYx2G8C5Ye > +qRlzq26UQIJATPSxwz7kP4mBp3ktX/nSj1VaZNO//Wz03ij/Hbgy+ctD1bF/cLg > IJ9YQlqUPY6XR5ZRxbps30A9BrfFeryEekruAgjU7o53MPXjNPQQICqjTg6C5Pq8 > A6HnGt4GKg59GwtWj+w7FFnDBxkxTUGsu9jTaipOn5Rz2pONPGXu7N25VEDb+7hz > BFebVZYSBSuBBAAiAwMEtxtCjT1dG+sKZCq1YrL/RCjiGngEC53EoWSKtV8xOV3/ > J0F0R2w5MI+MxovpHcKYNIF6gtr8LMrACbaNK/be3Pmg6Sji/cbtNzNdQO2XF0EW > OOGfl3nUzCtnl7jyHCo1AwEJCYjABBgTCgAmAhsMFiEEhxY4ohp/LDgGZHFCAwaj > VDNrTw0FAmU1XjEFCRDtsYsACgkQAwajVDNrTw3cegIHfrcTHHTeVKY/8D/tRJyQ > fApIKz77u54996bgZBvcnzX/bXoA/FR26nBhMptw3PjCAYDOgPIPITAgVDSmkxmg > JmMCCMrXtr98Ol7mKJfRDoWmGE++m/XlU5mz5J/XX1e0mhq/WXOMI3apE/fJ+FTF > +/4s646I0MrlcIruMiFmpi2oxoH7uG8EV5tVzRMFK4EEACIDAwQjHqSreOLWs/FW > O5Rpb1W5nJrfv5bXbeV5UfTzw+A6fq9rIorVMhchGApxRfSMIOcXLXuhk0yoUPlh > TRwEGZveBTXkoSYSWWIDllQBNZ/a91f0QyTIxcR312ppCewzPyiIwQQYEwoAJgIb > IBYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNV5JBQkQ7YLiAAoJEAMGo1Qza08N > xJYCCOpTXah+2r20hsQCHYhwpgGkRzT0KWyO6NeTzFZvUFTiAWbqYg7CyXztsVBn > 0cCqjRtFATS2QeJL1sUcjwxhN3BBAgkBB3qOlUuVC9skeUEus4QzM07uSTTiicUZ > /i9ifDuYt1ujM/QtV4CsICKpyWs4NDdEsssLJ8SzqM9eFAlqnocatI+4bwRlNWUI > EwUrgQQAIgMDBLP99mJt/J4jBP4CjORKeKpjxRN6sj02/8IS8LeLRYbUJzSkubqh > SQ19rQBxu6vBOVgVCTpLLfY/31cw5RsLa5On0wuhEn3KtXTtEJZ4kLHsD+dJX4Ux > imVW5vaQ8skA24kBVwQYEwoAJhYhBIcWOKIafyw4BmRxQgMGo1Qza08NBQJlNWUI > AhsCBQkDwmcAAKEJEAMGo1Qza08NliAEGRMJAB0WIQS11zr9EsR/oJTH1IT5dcJ7 > sXr2sQUCZTVlCAAKCRD5dcJ7sXr2sRO0AX9+nni0M/NhMLCvkwyyO6au+0wBXtRk > sav2zdLMHUJnGhzW7IebTZHBdLYV8bH/WpIBfinshcGugAErswVDg40rGp39hUFG > 17Ayi5P9hSLc4JNwQqFppoRr40+tPKyDUOVyuCKuAgiwtGUSRYNccVnGrwvy9Qff > +XIkQXpWrpHbNIxkmWLxh2p3ZhBJBFTyXzfiHXySquFF427JfmBZ6j4N2fBykpON > CQIHRxmTg3wOCOoM0HVhvEG5lsjHWGCHW12P7UzY5dkLExG+lGLvK9TSEKupGuNQ > Ecwv7rh7ke+e7+0UC6B0mY7yJtSJAVcEGBMKACYCGwIWIQSHFjiiGn8sOAZkcUID > BqNUM2tPDQUCZTVr4gUJA1OpAAChCRADBqNUM2tPDZYgBBkTCQAdFiEEtdc6/RLE > f6CUx9SE+XXCe7F69rEFAmU1ZQgACgkQ+XXCe7F69rETtAF/fp54tDPzYTCwr5MM > sjumrvtMAV7UZLGr9s3SzB1CZxoc1uyHm02RwXS2FfGx/1qSAX4p7IXBroABK7MF > Q4ONKxqd/YVBRtewMouT/YUi3OCTcEKhaaaEa+NPrTysg1DlcrhkeAIHSX0cWOGH > EHDY4/lDeQUT6CzdkrK4EoLv5GtwbqTIG8knGjX+jWsIA3c11vtuq5nCl30+tTPY > 3F74/CTdimP0+c4CCPfukMGeA1iwD/7oqRVzs+ULbXdZjqiNFl6fR6j0uvs99r6l > 9T3ugXY9lBQhvQ3zoYvTzJoX4P2i1P1L2CS6HwiG > =AdHB > -----END PGP PUBLIC KEY BLOCK----- > > > On Sun, Oct 22, 2023 at 11:35 PM Richard Zowalla > <rich...@zowalla.com> wrote: > > > > The list doesn't allow attachments, so maybe add it as plain text > > (or put it into a gist) > > > > Gruß > > Richard > > > > > > Am 22. Oktober 2023 21:48:22 MESZ schrieb "Jonathan S. Fisher" > > <jfis...@apache.org>: > > > Attached! Thank you! > > > > > > On Sat, Oct 21, 2023 at 7:42 PM Richard Zowalla > > > <rich...@zowalla.com> wrote: > > > > > > > > Just send it in the required ascii armored format via your > > > > apache mail (or via die web ui on lists.apache.org after login. > > > > > > > > I can take care of it. > > > > > > > > > > > > Am 22. Oktober 2023 01:05:53 MESZ schrieb "Jonathan S. Fisher" > > > > <exabr...@gmail.com>: > > > > > Richard thanks. Anyone on this thread able to add me to the > > > > > KEYS file? > > > > > I'd like to give this a roll :) > > > > > > > > > > cheers, > > > > > > > > > > > > > > > On Thu, Oct 19, 2023 at 7:12 AM Jamie Johnson > > > > > <jej2...@gmail.com> wrote: > > > > > > > > > > > > Just checking in on this. Anything the community can do to > > > > > > facilitate the > > > > > > release? > > > > > > > > > > > > On Tue, Oct 17, 2023 at 9:58 AM Richard Zowalla > > > > > > <rich...@zowalla.com> wrote: > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > see https://tomee.apache.org/dev/release-tomee.html > > > > > > > > > > > > > > Might be beneficial to join the ASF slack with your > > > > > > > apache.org mail. > > > > > > > > > > > > > > Starting the VOTE, moving artifacts to release area as > > > > > > > well as updating > > > > > > > https://downloads.apache.org/tomee/KEYS needs to be done > > > > > > > by a PMC member. > > > > > > > > > > > > > > Gruß > > > > > > > Richard > > > > > > > > > > > > > > Am 17. Oktober 2023 15:50:33 MESZ schrieb "Jonathan S. > > > > > > > Fisher" < > > > > > > > exabr...@gmail.com>: > > > > > > > > -----BEGIN PGP SIGNED MESSAGE----- > > > > > > > > Hash: SHA512 > > > > > > > > > > > > > > > > ello other TomEE committers :) > > > > > > > > > > > > > > > > If I wanted to cut 8.0.16, how do I do that? My > > > > > > > > personal GPG key is > > > > > > > > 871638A21A7F2C38066471420306A354336B4F0D. I'll sign > > > > > > > > this text block to > > > > > > > > prove I have control of my key. > > > > > > > > > > > > > > > > Thank you! > > > > > > > > -----BEGIN PGP SIGNATURE----- > > > > > > > > > > > > > > > > iLkEARMKAB0WIQSHFjiiGn8sOAZkcUIDBqNUM2tPDQUCZS6RIAAKCRA > > > > > > > > DBqNUM2tP > > > > > > > > DYahAgkBNYn+LlIdFttvNW6KAJXHgNEQxmjJ6ALb7VaaEdqAXjMNxwg > > > > > > > > lLQQQVOVY > > > > > > > > NtRxRj5nHDOXUVqwLjftisxyNnAkx50CCQHYbqySGYuWOxMdS8jsDGA > > > > > > > > 2/UjTp0ib > > > > > > > > RkLoChrMvppzIK5GOvd0UyBKmrvG3dkzJwQllPZ3EYvNZfLyl+/K5oO > > > > > > > > shg== > > > > > > > > =d0gl > > > > > > > > -----END PGP SIGNATURE----- > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Sat, Oct 14, 2023 at 6:12 AM Jamie Johnson > > > > > > > > <jej2...@gmail.com> wrote: > > > > > > > > > > > > > > > > > > Looks like tomcat 9.0.82 was released! > > > > > > > > > > > > > > > > > > On Wed, Oct 11, 2023 at 12:54 PM Jamie Johnson > > > > > > > > > <jej2...@gmail.com> > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > Looks right to me as well. Thanks Richard! > > > > > > > > > > > > > > > > > > > > On Wed, Oct 11, 2023 at 12:45 PM Richard Zowalla > > > > > > > > > > <rich...@zowalla.com > > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > I think we are running into > > > > > > > > > > > https://bz.apache.org/bugzilla/show_bug.cgi?id=67664 > > > > > > > > > > > > > > > > > > > > > > This requires 9.0.82 to become available. > > > > > > > > > > > > > > > > > > > > > > They are already voting: > > > > > > > > > > > > > > > > > > > > > > https://lists.apache.org/thread/qro48x3xnvhvvxxv3h > > > > > > > > > > > wnqnnsrrry773j > > > > > > > > > > > > > > > > > > > > > > After 9.0.82 becomes available, we are most > > > > > > > > > > > likely in a good shape to > > > > > > > > > > > start a release > > > > > > > > > > > > > > > > > > > > > > Gruß > > > > > > > > > > > Richard > > > > > > > > > > > > > > > > > > > > > > Am 11. Oktober 2023 18:14:09 MESZ schrieb Richard > > > > > > > > > > > Zowalla < > > > > > > > > > > > rich...@zowalla.com>: > > > > > > > > > > > > It seems the Tomcat upgrade breaks some > > > > > > > > > > > > connection pool related > > > > > > > tests. > > > > > > > > > > > > > > > > > > > > > > > > I guess we need to check our integration code > > > > > > > > > > > > to fix it: > > > > > > > > > > > > > > > > > > https://ci-builds.apache.org/job/Tomee/job/tomee-8.x-build-full-java8/lastCompletedBuild/testReport/ > > > > > > > > > > > > > > > > > > > > > > > > So if anyone wants to dig, feel free. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Am 11. Oktober 2023 16:56:27 MESZ schrieb Jamie > > > > > > > > > > > > Johnson < > > > > > > > > > > > jej2...@gmail.com>: > > > > > > > > > > > > > There are other vulnerabilities (pulled from > > > > > > > > > > > > > https://osv.dev/) > > > > > > > that > > > > > > > > > > > can be > > > > > > > > > > > > > addressed, but need to be reviewed. The > > > > > > > > > > > > > format below is dependency > > > > > > > > > > > > > current_version (fix_version). > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.httpcomponents:httpclient 4.2.2 > > > > > > > > > > > > > (>= 4.5.13) > > > > > > > > > > > > > GHSA-2x83-r56g-cv47 (4.2.3), GHSA-7r82-7xv7- > > > > > > > > > > > > > xcpj > > > > > > > > > > > > > (4.5.13), GHSA-fmj5-wv96-r2ch (4.3.6), GHSA- > > > > > > > > > > > > > cfh5-3ghh-wfjx (4.3.5) > > > > > > > > > > > > > > > > > > > > > > > > > > xalan:xalan 2.7.2 (2.7.3) > > > > > > > > > > > > > GHSA-9339-86wc-4qgf (2.7.3) > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.commons:commons-compress 1.14 > > > > > > > > > > > > > (>=1.24.0) > > > > > > > > > > > > > GHSA-hrmr-f5m6-m9pq (1.18), GHSA-xqfj-vm6h- > > > > > > > > > > > > > 2x34 (1.22), > > > > > > > > > > > GHSA-h436-432x-8fvx > > > > > > > > > > > > > (1.16), GHSA-crv7-7245-f45f (1.21), GHSA- > > > > > > > > > > > > > mc84-pj99-q6hh > > > > > > > > > > > > > (1.21), GHSA-7hfm-57qf-j43q (1.21), GHSA- > > > > > > > > > > > > > cgwf-w82q-5jrr (1.24.0) > > > > > > > > > > > > > > > > > > > > > > > > > > org.eclipse.jetty:jetty-server > > > > > > > > > > > > > 9.4.49.v20220914 (9.4.51.v20230217) > > > > > > > > > > > > > GHSA-qw69-rqj8-6qw8 (9.4.51.v20230217), GHSA- > > > > > > > > > > > > > p26g-97m4-6q7c > > > > > > > > > > > > > (9.4.51.v20230217) > > > > > > > > > > > > > > > > > > > > > > > > > > org.eclipse.jetty:jetty-http 9.4.49.v20220914 > > > > > > > > > > > > > (>=9.4.53) > > > > > > > > > > > > > GHSA-hmr7-m48g-48f6 (9.4.52), GHSA-wgh7-54f2- > > > > > > > > > > > > > x98r (9.4.53) > > > > > > > > > > > > > > > > > > > > > > > > > > org.eclipse.jetty:jetty-servlets > > > > > > > > > > > > > 9.4.49.v20220914 (9.4.53) > > > > > > > > > > > > > GHSA-3gh6-v5v9-6v9j (9.4.53) > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.sshd:sshd-core 2.1.0 (>=2.10.0) > > > > > > > > > > > > > GHSA-9279-7hph-r3xw (2.7.0), GHSA-fhw8-8j55- > > > > > > > > > > > > > vwgq > > > > > > > > > > > > > (2.9.2), GHSA-mjmq-gwgm-5qhm (2.10.0) > > > > > > > > > > > > > > > > > > > > > > > > > > com.google.code.gson:gson 2.2.4 (2.8.9) > > > > > > > > > > > > > GHSA-4jrv-ppp4-jm57 (2.8.9) > > > > > > > > > > > > > > > > > > > > > > > > > > org.webjars:handlebars 1.2.1 (4.7.7) > > > > > > > > > > > > > GHSA-f2jv-r9rf-7988 (4.7.7) > > > > > > > > > > > > > > > > > > > > > > > > > > org.apache.ivy:ivy 2.3.0 (>= 2.5.2) > > > > > > > > > > > > > GHSA-wv7w-rj2x-556x (2.5.1), GHSA-2jc4-r94c- > > > > > > > > > > > > > rp7h (2.5.2) > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Wed, Oct 11, 2023 at 6:49 AM Jamie Johnson > > > > > > > > > > > > > <jej2...@gmail.com> > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > How deep down the rabbit hole should the > > > > > > > > > > > > > > dependency checks > > > > > > > normally > > > > > > > > > > > go? > > > > > > > > > > > > > > Looks like the big ones I was tracking with > > > > > > > > > > > > > > security updates were > > > > > > > > > > > done. > > > > > > > > > > > > > > > > > > > > > > > > > > > > johnzon 1.2.21 > > > > > > > > > > > > > > tomcat 9.0.81 > > > > > > > > > > > > > > bouncy castle 1.76 > > > > > > > > > > > > > > > > > > > > > > > > > > > > Still poking around a bit but there’s > > > > > > > > > > > > > > obviously a lot. > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Wed, Oct 11, 2023 at 2:09 AM Richard > > > > > > > > > > > > > > Zowalla <r...@apache.org > > > > > > > > > > > > > > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > In theory, every committer can act as > > > > > > > > > > > > > > > release manager. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > There are some steps in the process, > > > > > > > > > > > > > > > which requires PMC karma, > > > > > > > though > > > > > > > > > > > > > > > (such as adding a key to the KEYS file, > > > > > > > > > > > > > > > moving stuff to the > > > > > > > release > > > > > > > > > > > are > > > > > > > > > > > > > > > on SVN, start the VOTE, etc.). > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > The process is documented here: [1] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > That being said: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I am currently planning to start the > > > > > > > > > > > > > > > release process for TomEE > > > > > > > 9.1.1 > > > > > > > > > > > > > > > within this week. Due to the Tomcat > > > > > > > > > > > > > > > security issues released > > > > > > > > > > > yesterday, > > > > > > > > > > > > > > > we need to do some backporting, which > > > > > > > > > > > > > > > will consume additional > > > > > > > time. > > > > > > > > > > > (It > > > > > > > > > > > > > > > just interrupted my preparations, so it > > > > > > > > > > > > > > > needs additional CI / > > > > > > > TCK > > > > > > > > > > > > > > > cycles) > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > A release usally consumes around 1-3 > > > > > > > > > > > > > > > hours of work. Mostly > > > > > > > because > > > > > > > > > > > you > > > > > > > > > > > > > > > have to wait for stuff being build or to > > > > > > > > > > > > > > > run some basic sanity > > > > > > > checks > > > > > > > > > > > > > > > before starting and to not forget any > > > > > > > > > > > > > > > step. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > What would really help for a TomEE 8.0.16 > > > > > > > > > > > > > > > is to carefully > > > > > > > re-check > > > > > > > > > > > the > > > > > > > > > > > > > > > current dependencies for important 3rd > > > > > > > > > > > > > > > party dependencies (and > > > > > > > update > > > > > > > > > > > > > > > if needed. Note: Each update or bunch of > > > > > > > > > > > > > > > updates shouldn't > > > > > > > break the > > > > > > > > > > > > > > > build. A full build on CI takes around 4- > > > > > > > > > > > > > > > 8 hours) on that > > > > > > > branch, > > > > > > > > > > > build > > > > > > > > > > > > > > > it locally and conduct some sanity checks > > > > > > > > > > > > > > > (for example: same > > > > > > > lib in > > > > > > > > > > > > > > > different versions in /lib -> check and > > > > > > > > > > > > > > > fix) with the created > > > > > > > > > > > > > > > tar.gz/zip files. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > This is one of the steps, which usually > > > > > > > > > > > > > > > consumes a lot of time. > > > > > > > If > > > > > > > > > > > you > > > > > > > > > > > > > > > want to give it a try, I am happy to help > > > > > > > > > > > > > > > out for the steps > > > > > > > which > > > > > > > > > > > > > > > require PMC involvement. Otherwise, I > > > > > > > > > > > > > > > might find some time in > > > > > > > the > > > > > > > > > > > next > > > > > > > > > > > > > > > week to start a release of 8.0.16 - just > > > > > > > > > > > > > > > let me know and I can > > > > > > > plan > > > > > > > > > > > my > > > > > > > > > > > > > > > time accordingly ;-) > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Gruß > > > > > > > > > > > > > > > Richard > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > [1] > > > > > > > > > > > > > > > https://tomee.apache.org/dev/release-tomee.html > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Am Dienstag, dem 10.10.2023 um 17:56 - > > > > > > > > > > > > > > > 0500 schrieb Jonathan S. > > > > > > > > > > > Fisher: > > > > > > > > > > > > > > > > Jean-Louis, are there directions > > > > > > > > > > > > > > > > anywhere? Not promising > > > > > > > anything > > > > > > > > > > > :) > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Oct 10, 2023 at 5:22 PM Jean- > > > > > > > > > > > > > > > > Louis Monteiro > > > > > > > > > > > > > > > > <jlmonte...@tomitribe.com> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Whomever is committer can do it. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I was just trying to give you an > > > > > > > > > > > > > > > > > honest reply regarding my > > > > > > > > > > > > > > > > > availabilities > > > > > > > > > > > > > > > > > and give visibility to the rest of > > > > > > > > > > > > > > > > > the community and the > > > > > > > other > > > > > > > > > > > > > > > > > committers > > > > > > > > > > > > > > > > > at the same time. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Hope it helps. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Le mar. 10 oct. 2023, 23:27, Jamie > > > > > > > > > > > > > > > > > Johnson < > > > > > > > jej2...@gmail.com> a > > > > > > > > > > > > > > > > > écrit : > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I’m not sure what that entails or > > > > > > > > > > > > > > > > > > who would go about > > > > > > > doing it. > > > > > > > > > > > Is > > > > > > > > > > > > > > > > > > it a > > > > > > > > > > > > > > > > > > community or contributor driven > > > > > > > > > > > > > > > > > > thing? > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Oct 10, 2023 at 3:25 PM > > > > > > > > > > > > > > > > > > Jean-Louis Monteiro < > > > > > > > > > > > > > > > > > > jlmonte...@tomitribe.com> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I think most of the energy is > > > > > > > > > > > > > > > > > > > currently on TomEE 9 and > > > > > > > the > > > > > > > > > > > new > > > > > > > > > > > > > > > > > > > TomEE 10. > > > > > > > > > > > > > > > > > > > I've also noticed some Tomcat CVE > > > > > > > > > > > > > > > > > > > today if I remember > > > > > > > > > > > > > > > > > > > correctly. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I'm all hands on TomEE 10 > > > > > > > > > > > > > > > > > > > currently because we need to > > > > > > > fill > > > > > > > > > > > the > > > > > > > > > > > > > > > > > > > feature > > > > > > > > > > > > > > > > > > > gaps on all implementations. So > > > > > > > > > > > > > > > > > > > speaking about myself, > > > > > > > not > > > > > > > > > > > sure > > > > > > > > > > > > > > > > > > > I can > > > > > > > > > > > > > > > > > > > trigger a build and deliver the > > > > > > > > > > > > > > > > > > > whole process in the > > > > > > > next > > > > > > > > > > > > > > > > > > > couple of days > > > > > > > > > > > > > > > > > > or > > > > > > > > > > > > > > > > > > > weeks. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > If someone can do it, I'm happy > > > > > > > > > > > > > > > > > > > to review, test and > > > > > > > vote on > > > > > > > > > > > the > > > > > > > > > > > > > > > > > > > release. > > > > > > > > > > > > > > > > > > > -- > > > > > > > > > > > > > > > > > > > Jean-Louis Monteiro > > > > > > > > > > > > > > > > > > > http://twitter.com/jlouismonteiro > > > > > > > > > > > > > > > > > > > http://www.tomitribe.com > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Tue, Oct 10, 2023 at 5:48 PM > > > > > > > > > > > > > > > > > > > Jamie Johnson > > > > > > > > > > > > > > > > > > > <jej2...@gmail.com> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > Is there a timeline for the > > > > > > > > > > > > > > > > > > > > release of 8.0.16? There > > > > > > > are a > > > > > > > > > > > > > > > > > > > > few > > > > > > > > > > > > > > > > > > security > > > > > > > > > > > > > > > > > > > > issues associated with johnzon > > > > > > > > > > > > > > > > > > > > that we’d like to > > > > > > > leverage > > > > > > > > > > > > > > > > > > > > while we > > > > > > > > > > > > > > > > > > > migrate > > > > > > > > > > > > > > > > > > > > to a newer version of TomEE. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > > > > Jonathan | exabr...@gmail.com > > > > > > > > Pessimists, see a jar as half empty. Optimists, in > > > > > > > > contrast, see it as > > > > > > > > half full. > > > > > > > > Engineers, of course, understand the glass is twice as > > > > > > > > big as it needs to > > > > > > > be. > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Jonathan | exabr...@gmail.com > > > > > Pessimists, see a jar as half empty. Optimists, in contrast, > > > > > see it as > > > > > half full. > > > > > Engineers, of course, understand the glass is twice as big as > > > > > it needs to be.
