Could we have Tomcat's fix for CVE-2025-24813 be part of 10.0.1 before it's relased ?
Thanks, Alexandre Le lun. 10 mars 2025 à 10:57, Markus Jung <ju...@apache.org> a écrit : > > Hi Richard, > > > +1 from me as well. Like Alex said, the last release has been ~3 months > ago and it would be worth it just for the updated dependencies/CVE > fixes. We also have been fixing a few bugs reported by users. We should > at least wait a couple days for the running BVal release vote so we can > close TOMEE-4449 IMO. Don't have strong opinions on OWB/Geronimo mail, > but having these would of course be nice as well. > > > Thanks > > Markus > > > On 10.03.25 08:57, Richard Zowalla wrote: > > Hi all, > > > > With CXF 4.1.1 now available, a few Tomcat updates and some fixes from > > Mojarra ready for delivery, what do you think about scheduling a release > > soon? > > > > We're currently waiting on: > > > > A pending Geronimo Mail release (fixing the regression contained in 1.0.0) > > A BVAL release (fixing a bug) > > A potential OWB fix (@Jon: How critical is this for you? Has the release > > process started?) > > From my perspective, it would be great to include these pending updates in > > 10.0.1. > > > > WDYT? > > > > > > > > Gruß > > > > Richard
