Tomcat is already updated on the main branch.
> Am 11.03.2025 um 10:09 schrieb Alex The Rocker <alex.m3...@gmail.com>:
>
> Could we have Tomcat's fix for CVE-2025-24813 be part of 10.0.1 before
> it's relased ?
>
> Thanks,
> Alexandre
>
> Le lun. 10 mars 2025 à 10:57, Markus Jung <ju...@apache.org> a écrit :
>>
>> Hi Richard,
>>
>>
>> +1 from me as well. Like Alex said, the last release has been ~3 months
>> ago and it would be worth it just for the updated dependencies/CVE
>> fixes. We also have been fixing a few bugs reported by users. We should
>> at least wait a couple days for the running BVal release vote so we can
>> close TOMEE-4449 IMO. Don't have strong opinions on OWB/Geronimo mail,
>> but having these would of course be nice as well.
>>
>>
>> Thanks
>>
>> Markus
>>
>>
>> On 10.03.25 08:57, Richard Zowalla wrote:
>>> Hi all,
>>>
>>> With CXF 4.1.1 now available, a few Tomcat updates and some fixes from
>>> Mojarra ready for delivery, what do you think about scheduling a release
>>> soon?
>>>
>>> We're currently waiting on:
>>>
>>> A pending Geronimo Mail release (fixing the regression contained in 1.0.0)
>>> A BVAL release (fixing a bug)
>>> A potential OWB fix (@Jon: How critical is this for you? Has the release
>>> process started?)
>>> From my perspective, it would be great to include these pending updates in
>>> 10.0.1.
>>>
>>> WDYT?
>>>
>>>
>>>
>>> Gruß
>>>
>>> Richard
