[tomee-tck] 01/02: Set TomEE version to 10
This is an automated email from the ASF dual-hosted git repository.
dblevins pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomee-tck.git
commit 188a9c8508e43864b09807a9856c0041b043cbe4
Author: David Blevins
AuthorDate: Wed Jan 11 10:24:33 2023 -0800
Set TomEE version to 10
---
pom.xml | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/pom.xml b/pom.xml
index 12ac98c..a2e6325 100644
--- a/pom.xml
+++ b/pom.xml
@@ -39,10 +39,10 @@
org.apache.tomee
-9.0.0-SNAPSHOT
-9.0.0-SNAPSHOT
+10.0.0-SNAPSHOT
+10.0.0-SNAPSHOT
org.apache.tomee
-9.0.0-SNAPSHOT
+10.0.0-SNAPSHOT
@@ -59,8 +59,8 @@
NOTE: User must define "javaee8.cts.home" and "javaee8.ri.home" in
~/.m2/settings.xml
NOTE: Same for the Jakarta version "jakartaee9.cts.home" and
"jakartaee9.ri.home" in ~/.m2/settings.xml
-->
-${jakartaee9.cts.home}
-${jakartaee9.ri.home}
+${jakartaee10.cts.home}
+${jakartaee10.ri.home}
9.0
${settings.localRepository}
[tomee-tck] 02/02: Initial Setup for Jakarta EE 10 Platform/WebProfile
This is an automated email from the ASF dual-hosted git repository.
dblevins pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomee-tck.git
commit af6d3ed2ec73d566460f96c448cf8a4079453ed3
Author: David Blevins
AuthorDate: Wed Jan 11 17:43:33 2023 -0800
Initial Setup for Jakarta EE 10 Platform/WebProfile
---
pom.xml | 16 +---
setup.sh | 16
src/test/script/openejb/tck/commands/SetupCommand.groovy | 6 +++---
3 files changed, 20 insertions(+), 18 deletions(-)
diff --git a/pom.xml b/pom.xml
index a2e6325..30aae00 100644
--- a/pom.xml
+++ b/pom.xml
@@ -190,13 +190,6 @@
system
${cts.home}/lib/tsharness.jar
-
- com.sun.javaee.tck
- tssv
- ${tck.version}
- system
- ${cts.home}/lib/tssv.jar
-
com.sun.javaee.tck
tsprovider
@@ -672,6 +665,15 @@
9.1
+
+
+ com.sun.javaee.tck
+ tssv
+ ${tck.version}
+ system
+ ${cts.home}/lib/tssv.jar
+
+
diff --git a/setup.sh b/setup.sh
index 6e1c398..28a7a8c 100755
--- a/setup.sh
+++ b/setup.sh
@@ -10,8 +10,8 @@
TCKDIR="${1?Specify the directory where you would like the TCK to be
downloaded and setup}"
-TCK_URL="https://download.eclipse.org/jakartaee/platform/9.1/jakarta-jakartaeetck-9.1.0.zip;
-RI_URL="https://download.eclipse.org/ee4j/glassfish/glassfish-6.2.5.zip;
+TCK_URL="https://download.eclipse.org/jakartaee/platform/10/jakarta-jakartaeetck-10.0.1.zip;
+RI_URL="https://download.eclipse.org/ee4j/glassfish/glassfish-7.0.0-M8.zip;
ANT_URL="https://archive.apache.org/dist/ant/binaries/apache-ant-1.10.9-bin.zip;
@@ -50,15 +50,15 @@ grep -q "$TCK" $M2 || perl -i -pe
"s,(),\$1
true
-
-
+
+
," $M2
## Update paths in ~/.m2/settings.xml
-perl -i -pe "s,()[^<]*,\${1}$TCKDIR/$TCK," $M2
-perl -i -pe "s,()[^<]*,\${1}$TCKDIR/$RI/glassfish," $M2
+perl -i -pe "s,()[^<]*,\${1}$TCKDIR/$TCK," $M2
+perl -i -pe "s,()[^<]*,\${1}$TCKDIR/$RI/glassfish," $M2
@@ -81,13 +81,13 @@ cat > pom.xml
[tomee-tck] branch main updated (54a8384 -> af6d3ed)
This is an automated email from the ASF dual-hosted git repository. dblevins pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomee-tck.git from 54a8384 Ability to run against TomEE 9.0.0-M7 new 188a9c8 Set TomEE version to 10 new af6d3ed Initial Setup for Jakarta EE 10 Platform/WebProfile The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: pom.xml| 26 -- setup.sh | 16 ++--- .../openejb/tck/commands/SetupCommand.groovy | 6 ++--- 3 files changed, 25 insertions(+), 23 deletions(-)
[jira] [Commented] (TOMEE-4114) TomEE 8 Webapp Fails to Load
[
https://issues.apache.org/jira/browse/TOMEE-4114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17675749#comment-17675749
]
Tim Clapp commented on TOMEE-4114:
--
this appears to be the fix:
[https://stackoverflow.com/questions/60900156/java-lang-linkageerror-on-tomcat9-java-net-urlclassloader-attempted-duplicate-c]
I added the {color:#0747a6}{_}-XX:+AllowParallelDefineClas{_}s{color} jvm
argument and the exception went away.
> TomEE 8 Webapp Fails to Load
>
>
> Key: TOMEE-4114
> URL: https://issues.apache.org/jira/browse/TOMEE-4114
> Project: TomEE
> Issue Type: Bug
>Reporter: Tim Clapp
>Priority: Major
>
> I can't get a simple webapp (war) to load in TomEE 8.13
> Here's the stack trace:
>
> {code:java}
> SEVERE: Application could not be deployed:
> /Volumes/ext/tomee/apache-tomee-plus-8.0.13/apps/other/tomee8webapp.war
> javax.enterprise.inject.spi.DeploymentException: couldn't start owb context
> at
> org.apache.openejb.cdi.ThreadSingletonServiceImpl.initialize(ThreadSingletonServiceImpl.java:263)
> at org.apache.openejb.cdi.CdiBuilder.build(CdiBuilder.java:43)
> at
> org.apache.openejb.assembler.classic.Assembler.createApplication(Assembler.java:974)
> at
> org.apache.openejb.assembler.classic.Assembler.createApplication(Assembler.java:762)
> at
> org.apache.openejb.assembler.classic.Assembler.buildContainerSystem(Assembler.java:640)
> at org.apache.openejb.assembler.classic.Assembler.build(Assembler.java:497)
> at org.apache.openejb.OpenEJB$Instance.(OpenEJB.java:150)
> at org.apache.openejb.OpenEJB.init(OpenEJB.java:307)
> at org.apache.tomee.catalina.TomcatLoader.initialize(TomcatLoader.java:245)
> at
> org.apache.tomee.catalina.ServerListener.lifecycleEvent(ServerListener.java:165)
> at
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
> at
> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:137)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:760)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:476)
> Caused by: org.apache.openejb.OpenEJBRuntimeException:
> org.apache.webbeans.exception.WebBeansConfigurationException: Problem while
> loading CDI Extensions
> at
> org.apache.openejb.cdi.OpenEJBLifecycle.startApplication(OpenEJBLifecycle.java:200)
> at
> org.apache.openejb.cdi.ThreadSingletonServiceImpl.initialize(ThreadSingletonServiceImpl.java:261)
> ... 20 more
> Caused by: org.apache.webbeans.exception.WebBeansConfigurationException:
> Problem while loading CDI Extensions
> at
> org.apache.webbeans.service.DefaultLoaderService.load(DefaultLoaderService.java:64)
> at
> org.apache.openejb.cdi.OptimizedLoaderService.loadExtensions(OptimizedLoaderService.java:87)
> at
> org.apache.openejb.cdi.OptimizedLoaderService.load(OptimizedLoaderService.java:81)
> at
> org.apache.webbeans.portable.events.ExtensionLoader.loadExtensionServices(ExtensionLoader.java:100)
> at
> org.apache.webbeans.portable.events.ExtensionLoader.loadExtensionServices(ExtensionLoader.java:89)
> at org.apache.webbeans.config.BeansDeployer.deploy(BeansDeployer.java:218)
> at
> org.apache.openejb.cdi.OpenEJBLifecycle.startApplication(OpenEJBLifecycle.java:196)
> ... 21 more
> Caused by: java.util.ServiceConfigurationError:
> javax.enterprise.inject.spi.Extension: Provider
> org.apache.bval.cdi.BValExtension could not be instantiated
> at java.util.ServiceLoader.fail(ServiceLoader.java:232)
> at java.util.ServiceLoader.access$100(ServiceLoader.java:185)
> at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:384)
> at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:404)
> at java.util.ServiceLoader$1.next(ServiceLoader.java:480)
> at java.util.Iterator.forEachRemaining(Iterator.java:116)
> at
> java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
> at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
> at
> java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
> at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
> at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234)
> at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:566)
> at
>
[jira] [Commented] (TOMEE-4114) TomEE 8 Webapp Fails to Load
[
https://issues.apache.org/jira/browse/TOMEE-4114?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17675732#comment-17675732
]
Tim Clapp commented on TOMEE-4114:
--
Thanks Eric,
I tried to set it myself, e.g. startStopThreads="10", and in so doing, the
error still occurs. Am I missing the obvious ?
The full stack trace is shown in the comment from 23/Nov/22 19:30
Do you think the error is TomEE-specific or Tomcat ?
Is there any other method of having the server load/unload webapps in parallel
?
Anyone else complain about not being able to load webapps in parallel in TomEE
8 ?
> TomEE 8 Webapp Fails to Load
>
>
> Key: TOMEE-4114
> URL: https://issues.apache.org/jira/browse/TOMEE-4114
> Project: TomEE
> Issue Type: Bug
>Reporter: Tim Clapp
>Priority: Major
>
> I can't get a simple webapp (war) to load in TomEE 8.13
> Here's the stack trace:
>
> {code:java}
> SEVERE: Application could not be deployed:
> /Volumes/ext/tomee/apache-tomee-plus-8.0.13/apps/other/tomee8webapp.war
> javax.enterprise.inject.spi.DeploymentException: couldn't start owb context
> at
> org.apache.openejb.cdi.ThreadSingletonServiceImpl.initialize(ThreadSingletonServiceImpl.java:263)
> at org.apache.openejb.cdi.CdiBuilder.build(CdiBuilder.java:43)
> at
> org.apache.openejb.assembler.classic.Assembler.createApplication(Assembler.java:974)
> at
> org.apache.openejb.assembler.classic.Assembler.createApplication(Assembler.java:762)
> at
> org.apache.openejb.assembler.classic.Assembler.buildContainerSystem(Assembler.java:640)
> at org.apache.openejb.assembler.classic.Assembler.build(Assembler.java:497)
> at org.apache.openejb.OpenEJB$Instance.(OpenEJB.java:150)
> at org.apache.openejb.OpenEJB.init(OpenEJB.java:307)
> at org.apache.tomee.catalina.TomcatLoader.initialize(TomcatLoader.java:245)
> at
> org.apache.tomee.catalina.ServerListener.lifecycleEvent(ServerListener.java:165)
> at
> org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
> at
> org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
> at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:137)
> at org.apache.catalina.startup.Catalina.load(Catalina.java:724)
> at org.apache.catalina.startup.Catalina.start(Catalina.java:760)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:498)
> at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:476)
> Caused by: org.apache.openejb.OpenEJBRuntimeException:
> org.apache.webbeans.exception.WebBeansConfigurationException: Problem while
> loading CDI Extensions
> at
> org.apache.openejb.cdi.OpenEJBLifecycle.startApplication(OpenEJBLifecycle.java:200)
> at
> org.apache.openejb.cdi.ThreadSingletonServiceImpl.initialize(ThreadSingletonServiceImpl.java:261)
> ... 20 more
> Caused by: org.apache.webbeans.exception.WebBeansConfigurationException:
> Problem while loading CDI Extensions
> at
> org.apache.webbeans.service.DefaultLoaderService.load(DefaultLoaderService.java:64)
> at
> org.apache.openejb.cdi.OptimizedLoaderService.loadExtensions(OptimizedLoaderService.java:87)
> at
> org.apache.openejb.cdi.OptimizedLoaderService.load(OptimizedLoaderService.java:81)
> at
> org.apache.webbeans.portable.events.ExtensionLoader.loadExtensionServices(ExtensionLoader.java:100)
> at
> org.apache.webbeans.portable.events.ExtensionLoader.loadExtensionServices(ExtensionLoader.java:89)
> at org.apache.webbeans.config.BeansDeployer.deploy(BeansDeployer.java:218)
> at
> org.apache.openejb.cdi.OpenEJBLifecycle.startApplication(OpenEJBLifecycle.java:196)
> ... 21 more
> Caused by: java.util.ServiceConfigurationError:
> javax.enterprise.inject.spi.Extension: Provider
> org.apache.bval.cdi.BValExtension could not be instantiated
> at java.util.ServiceLoader.fail(ServiceLoader.java:232)
> at java.util.ServiceLoader.access$100(ServiceLoader.java:185)
> at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:384)
> at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:404)
> at java.util.ServiceLoader$1.next(ServiceLoader.java:480)
> at java.util.Iterator.forEachRemaining(Iterator.java:116)
> at
> java.util.Spliterators$IteratorSpliterator.forEachRemaining(Spliterators.java:1801)
> at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482)
> at
> java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472)
> at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708)
> at
svn commit: r59283 - in /dev/tomee/staging-1212_jakartaee-api: ./ jakartaee-api-10.0-M1-source-release.zip jakartaee-api-10.0-M1-source-release.zip.asc jakartaee-api-10.0-M1-source-release.zip.sha512
Author: jlmonteiro Date: Wed Jan 11 21:15:04 2023 New Revision: 59283 Log: Apache TomEE jakartaee-api 1.0-M1 ready for vote Added: dev/tomee/staging-1212_jakartaee-api/ dev/tomee/staging-1212_jakartaee-api/jakartaee-api-10.0-M1-source-release.zip (with props) dev/tomee/staging-1212_jakartaee-api/jakartaee-api-10.0-M1-source-release.zip.asc dev/tomee/staging-1212_jakartaee-api/jakartaee-api-10.0-M1-source-release.zip.sha512 Added: dev/tomee/staging-1212_jakartaee-api/jakartaee-api-10.0-M1-source-release.zip == Binary file - no diff available. Propchange: dev/tomee/staging-1212_jakartaee-api/jakartaee-api-10.0-M1-source-release.zip -- svn:mime-type = application/octet-stream Added: dev/tomee/staging-1212_jakartaee-api/jakartaee-api-10.0-M1-source-release.zip.asc == --- dev/tomee/staging-1212_jakartaee-api/jakartaee-api-10.0-M1-source-release.zip.asc (added) +++ dev/tomee/staging-1212_jakartaee-api/jakartaee-api-10.0-M1-source-release.zip.asc Wed Jan 11 21:15:04 2023 @@ -0,0 +1,16 @@ +-BEGIN PGP SIGNATURE- + +iQIzBAABCgAdFiEEOUiCk4SyadMzzFuYNYgHxStLDiMFAmO/JisACgkQNYgHxStL +DiP6oQ/+MKedeR4OMqJpIyh9BUoOxOsi3XaAnWrDiJihvex2/OhzOhr8Jdv2Cx3J +2ZxoJV2PJYlQc7WCulVdlrRpwrwlMXyRodckRRDty4RQfP+G4vLWZogaQos0Aaqv +RsOaDVjZr5ImUWJe0NZ5xXncgIYFBfehpzO39ELBA4lXzRWMHL8Yn4wggP9GAGmR +pgxQS2eMKZDJCHF7gdy8q/SqmkcWk1gaX/4JVwa3pDQxG1L1b8ss3mJUnpiy+5+7 +XXpeRljmI8fZ7OzbL81Wue0NJHqq2z06L7ECGSdNSFMXn6AjWIgqyK8/2wLCET9e +j94BODFEXB8E3ViskNrihDCafS5oMBEFyMyMxHiLPpRGCZc071Lr5IOkL7srzsYH +AKVOOQ46p/xZDip7eBmc3VhYIfzRfF5KMRB0LnacARetZ3Fpf/LASA1N1ypggQ3k +xoAzjS/ymNY5okNLq0Wd7pllwTawsrgtz7YC85VkFu1K+lpzmh3hIYDgdoLNmgXA +apq1u7lkBuqcAGd0bJZrYwjyg2kJjy/7zcoeTnZuNoHpgSx30u7vhWKV7HQqVDEZ +UouJZbwnUvST/wWBMh6R6wWwmqAIsy3nQZUPLXzBbnpo7LeX6ZC+GvtVZXs6A+Rc +squrzxeVb+RB526s0z4Ix97N8Ii+EOvaAyLIKyV8t6BchCpWUy0= +=teBV +-END PGP SIGNATURE- Added: dev/tomee/staging-1212_jakartaee-api/jakartaee-api-10.0-M1-source-release.zip.sha512 == --- dev/tomee/staging-1212_jakartaee-api/jakartaee-api-10.0-M1-source-release.zip.sha512 (added) +++ dev/tomee/staging-1212_jakartaee-api/jakartaee-api-10.0-M1-source-release.zip.sha512 Wed Jan 11 21:15:04 2023 @@ -0,0 +1 @@ +f2a14647c099d613006d2cbbd585af3ba6f410d59fdf85526203327048567a8c08d0e5c5752cc10337dc46ce6e5fa9883f950705d7efc7c714b49d1f70e4d80f jakartaee-api-10.0-M1-source-release.zip
[tomee-jakartaee-api] branch master updated: [maven-release-plugin] prepare for next development iteration
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git The following commit(s) were added to refs/heads/master by this push: new fc72dcd [maven-release-plugin] prepare for next development iteration fc72dcd is described below commit fc72dcd2bb6bea611e0703bc282758bd05a9a398 Author: Jean-Louis Monteiro AuthorDate: Wed Jan 11 22:11:29 2023 +0100 [maven-release-plugin] prepare for next development iteration --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 60526fe..7eb53c6 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ org.apache.tomee jakartaee-api - 10.0-M1 + 10.0-SNAPSHOT jar Apache TomEE :: Jakarta EE 10 Full API @@ -99,7 +99,7 @@ - 2023-01-11T21:09:49Z + 2023-01-11T21:11:29Z
[tomee-jakartaee-api] annotated tag jakartaee-api-10.0-M1 created (now e57e19c)
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a change to annotated tag jakartaee-api-10.0-M1 in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git at e57e19c (tag) tagging 1e78abfca803ca456accfbe2718c02cf799d577d (commit) replaces jakartaee-api-9.1 by Jean-Louis Monteiro on Wed Jan 11 22:11:24 2023 +0100 - Log - [maven-release-plugin] copy for tag jakartaee-api-10.0-M1 --- No new revisions were added by this update.
[tomee-jakartaee-api] branch master updated: [maven-release-plugin] prepare release jakartaee-api-10.0-M1
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git The following commit(s) were added to refs/heads/master by this push: new 1e78abf [maven-release-plugin] prepare release jakartaee-api-10.0-M1 1e78abf is described below commit 1e78abfca803ca456accfbe2718c02cf799d577d Author: Jean-Louis Monteiro AuthorDate: Wed Jan 11 22:10:03 2023 +0100 [maven-release-plugin] prepare release jakartaee-api-10.0-M1 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 2d5ea2e..60526fe 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ org.apache.tomee jakartaee-api - 10.0-SNAPSHOT + 10.0-M1 jar Apache TomEE :: Jakarta EE 10 Full API @@ -41,7 +41,7 @@ scm:git:https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git scm:git:https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git https://gitbox.apache.org/repos/asf?p=tomee-jakartaee-api.git -HEAD +jakartaee-api-10.0-M1 @@ -99,7 +99,7 @@ - 2023-01-04T21:52:31Z + 2023-01-11T21:09:49Z
[tomee-jakartaee-api] annotated tag jakartaee-api-10.0-M1 deleted (was fe76d1b)
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a change to annotated tag jakartaee-api-10.0-M1 in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git *** WARNING: tag jakartaee-api-10.0-M1 was deleted! *** tag was fe76d1b The revisions that were on this annotated tag are still contained in other references; therefore, this change does not discard any commits from the repository.
[tomee-jakartaee-api] branch master updated: [maven-release-plugin] rollback the release of jakartaee-api-10.0-M1
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git The following commit(s) were added to refs/heads/master by this push: new 233b854 [maven-release-plugin] rollback the release of jakartaee-api-10.0-M1 233b854 is described below commit 233b85480ab8936cb2c58ec3b10cbb81b76098b7 Author: Jean-Louis Monteiro AuthorDate: Wed Jan 11 22:03:01 2023 +0100 [maven-release-plugin] rollback the release of jakartaee-api-10.0-M1 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3b6809e..2d5ea2e 100644 --- a/pom.xml +++ b/pom.xml @@ -99,7 +99,7 @@ - 2023-01-11T20:57:11Z + 2023-01-04T21:52:31Z
[tomee-jakartaee-api] branch master updated: [maven-release-plugin] prepare for next development iteration
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git The following commit(s) were added to refs/heads/master by this push: new 8966a1e [maven-release-plugin] prepare for next development iteration 8966a1e is described below commit 8966a1e3e93c75ee23ecd86f98f0d39a3c77d9f6 Author: Jean-Louis Monteiro AuthorDate: Wed Jan 11 21:57:11 2023 +0100 [maven-release-plugin] prepare for next development iteration --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 31bea85..3b6809e 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ org.apache.tomee jakartaee-api - 10.0-M1 + 10.0-SNAPSHOT jar Apache TomEE :: Jakarta EE 10 Full API @@ -41,7 +41,7 @@ scm:git:https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git scm:git:https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git https://gitbox.apache.org/repos/asf?p=tomee-jakartaee-api.git -jakartaee-api-10.0-M1 +HEAD @@ -99,7 +99,7 @@ - 2023-01-11T20:56:43Z + 2023-01-11T20:57:11Z
[tomee-jakartaee-api] annotated tag jakartaee-api-10.0-M1 created (now fe76d1b)
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a change to annotated tag jakartaee-api-10.0-M1 in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git at fe76d1b (tag) tagging 68d2a769d204c821d5bc19b2eec27901236569dd (commit) replaces jakartaee-api-9.1 by Jean-Louis Monteiro on Wed Jan 11 21:57:07 2023 +0100 - Log - [maven-release-plugin] copy for tag jakartaee-api-10.0-M1 --- No new revisions were added by this update.
[tomee-jakartaee-api] branch master updated (a77924a -> 68d2a76)
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git from a77924a [maven-release-plugin] rollback the release of jakartaee-api-10.0-M1 new 2f282a1 Update name to EE 10 new 68d2a76 [maven-release-plugin] prepare release jakartaee-api-10.0-M1 The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: pom.xml | 8 1 file changed, 4 insertions(+), 4 deletions(-)
[tomee-jakartaee-api] 01/02: Update name to EE 10
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git commit 2f282a15b6eb85380167a726bb72e8e23716d83e Author: Jean-Louis Monteiro AuthorDate: Wed Jan 11 21:56:10 2023 +0100 Update name to EE 10 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 40705f2..2d5ea2e 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ 10.0-SNAPSHOT jar - Apache TomEE :: Jakarta EE 9 Full API + Apache TomEE :: Jakarta EE 10 Full API 3.0
[tomee-jakartaee-api] 02/02: [maven-release-plugin] prepare release jakartaee-api-10.0-M1
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git commit 68d2a769d204c821d5bc19b2eec27901236569dd Author: Jean-Louis Monteiro AuthorDate: Wed Jan 11 21:57:02 2023 +0100 [maven-release-plugin] prepare release jakartaee-api-10.0-M1 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 2d5ea2e..31bea85 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ org.apache.tomee jakartaee-api - 10.0-SNAPSHOT + 10.0-M1 jar Apache TomEE :: Jakarta EE 10 Full API @@ -41,7 +41,7 @@ scm:git:https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git scm:git:https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git https://gitbox.apache.org/repos/asf?p=tomee-jakartaee-api.git -HEAD +jakartaee-api-10.0-M1 @@ -99,7 +99,7 @@ - 2023-01-04T21:52:31Z + 2023-01-11T20:56:43Z
[tomee-jakartaee-api] branch master updated: [maven-release-plugin] rollback the release of jakartaee-api-10.0-M1
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git The following commit(s) were added to refs/heads/master by this push: new a77924a [maven-release-plugin] rollback the release of jakartaee-api-10.0-M1 a77924a is described below commit a77924afd20e22d2d0617d5f47a9208cdd70d257 Author: Jean-Louis Monteiro AuthorDate: Wed Jan 11 21:55:43 2023 +0100 [maven-release-plugin] rollback the release of jakartaee-api-10.0-M1 --- pom.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pom.xml b/pom.xml index 77b5716..40705f2 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ 10.0-SNAPSHOT jar - Apache TomEE :: Jakarta EE 10 Full API + Apache TomEE :: Jakarta EE 9 Full API 3.0 @@ -99,7 +99,7 @@ - 2023-01-11T20:43:42Z + 2023-01-04T21:52:31Z
[tomee-jakartaee-api] branch master updated: Update name to EE 10
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git The following commit(s) were added to refs/heads/master by this push: new 8dd741a Update name to EE 10 8dd741a is described below commit 8dd741a8348e6eeab0f18007eabf9429be615758 Author: Jean-Louis Monteiro AuthorDate: Wed Jan 11 21:48:58 2023 +0100 Update name to EE 10 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 9f5d8bc..77b5716 100644 --- a/pom.xml +++ b/pom.xml @@ -31,7 +31,7 @@ 10.0-SNAPSHOT jar - Apache TomEE :: Jakarta EE 9 Full API + Apache TomEE :: Jakarta EE 10 Full API 3.0
[tomee-jakartaee-api] branch master updated: [maven-release-plugin] prepare for next development iteration
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git The following commit(s) were added to refs/heads/master by this push: new 6ec87ad [maven-release-plugin] prepare for next development iteration 6ec87ad is described below commit 6ec87ad0a4f856c3b15b969be5c3b23ffbbea64b Author: Jean-Louis Monteiro AuthorDate: Wed Jan 11 21:43:42 2023 +0100 [maven-release-plugin] prepare for next development iteration --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index a3265cb..9f5d8bc 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ org.apache.tomee jakartaee-api - 10.0-M1 + 10.0-SNAPSHOT jar Apache TomEE :: Jakarta EE 9 Full API @@ -41,7 +41,7 @@ scm:git:https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git scm:git:https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git https://gitbox.apache.org/repos/asf?p=tomee-jakartaee-api.git -jakartaee-api-10.0-M1 +HEAD @@ -99,7 +99,7 @@ - 2023-01-11T20:43:26Z + 2023-01-11T20:43:42Z
[tomee-jakartaee-api] annotated tag jakartaee-api-10.0-M1 created (now 2c32c0d)
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a change to annotated tag jakartaee-api-10.0-M1 in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git at 2c32c0d (tag) tagging 1c64cd75f219fec9938acbea095028ab009427da (commit) replaces jakartaee-api-9.1 by Jean-Louis Monteiro on Wed Jan 11 21:43:36 2023 +0100 - Log - [maven-release-plugin] copy for tag jakartaee-api-10.0-M1 --- No new revisions were added by this update.
[tomee-jakartaee-api] branch master updated: [maven-release-plugin] prepare release jakartaee-api-10.0-M1
This is an automated email from the ASF dual-hosted git repository. jlmonteiro pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git The following commit(s) were added to refs/heads/master by this push: new 1c64cd7 [maven-release-plugin] prepare release jakartaee-api-10.0-M1 1c64cd7 is described below commit 1c64cd75f219fec9938acbea095028ab009427da Author: Jean-Louis Monteiro AuthorDate: Wed Jan 11 21:43:30 2023 +0100 [maven-release-plugin] prepare release jakartaee-api-10.0-M1 --- pom.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pom.xml b/pom.xml index 40705f2..a3265cb 100644 --- a/pom.xml +++ b/pom.xml @@ -28,7 +28,7 @@ org.apache.tomee jakartaee-api - 10.0-SNAPSHOT + 10.0-M1 jar Apache TomEE :: Jakarta EE 9 Full API @@ -41,7 +41,7 @@ scm:git:https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git scm:git:https://gitbox.apache.org/repos/asf/tomee-jakartaee-api.git https://gitbox.apache.org/repos/asf?p=tomee-jakartaee-api.git -HEAD +jakartaee-api-10.0-M1 @@ -99,7 +99,7 @@ - 2023-01-04T21:52:31Z + 2023-01-11T20:43:26Z
[tomee] branch tomee-8.x updated: Fix minor Maven issues
This is an automated email from the ASF dual-hosted git repository. rzo1 pushed a commit to branch tomee-8.x in repository https://gitbox.apache.org/repos/asf/tomee.git The following commit(s) were added to refs/heads/tomee-8.x by this push: new ae29bb3887 Fix minor Maven issues ae29bb3887 is described below commit ae29bb388770cb9abf48e870fcdd05f5a4c059f1 Author: Richard Zowalla AuthorDate: Wed Jan 11 20:15:48 2023 +0100 Fix minor Maven issues --- examples/tomee-jms-portability/pom.xml | 2 +- tomee/tomee-microprofile/mp-common/pom.xml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/examples/tomee-jms-portability/pom.xml b/examples/tomee-jms-portability/pom.xml index fd00dadbde..665b3c1075 100644 --- a/examples/tomee-jms-portability/pom.xml +++ b/examples/tomee-jms-portability/pom.xml @@ -76,7 +76,7 @@ org.apache.tomee javaee-api - [8.0,) + 8.0-6 provided diff --git a/tomee/tomee-microprofile/mp-common/pom.xml b/tomee/tomee-microprofile/mp-common/pom.xml index 82da9f7a6f..27aa17b6d0 100644 --- a/tomee/tomee-microprofile/mp-common/pom.xml +++ b/tomee/tomee-microprofile/mp-common/pom.xml @@ -260,8 +260,8 @@ jakarta.xml.ws-api - jakarta.jws:jakarta - jws-api + jakarta.jws + jakarta.jws-api jakarta.xml.soap
[jira] [Resolved] (TOMEE-4170) Hibernate 5.6.14
[ https://issues.apache.org/jira/browse/TOMEE-4170?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Richard Zowalla resolved TOMEE-4170. Fix Version/s: 8.0.14 Resolution: Fixed > Hibernate 5.6.14 > > > Key: TOMEE-4170 > URL: https://issues.apache.org/jira/browse/TOMEE-4170 > Project: TomEE > Issue Type: Dependency upgrade > Components: TomEE Core Server >Affects Versions: 8.0.13 >Reporter: Richard Zowalla >Assignee: Richard Zowalla >Priority: Minor > Fix For: 8.0.14 > > -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Created] (TOMEE-4170) Hibernate 5.6.14
Richard Zowalla created TOMEE-4170: -- Summary: Hibernate 5.6.14 Key: TOMEE-4170 URL: https://issues.apache.org/jira/browse/TOMEE-4170 Project: TomEE Issue Type: Dependency upgrade Components: TomEE Core Server Affects Versions: 8.0.13 Reporter: Richard Zowalla Assignee: Richard Zowalla -- This message was sent by Atlassian Jira (v8.20.10#820010)
[tomee] branch tomee-8.x updated: TOMEE-4170 - Hibernate 5.6.14
This is an automated email from the ASF dual-hosted git repository. rzo1 pushed a commit to branch tomee-8.x in repository https://gitbox.apache.org/repos/asf/tomee.git The following commit(s) were added to refs/heads/tomee-8.x by this push: new 67ceeeb357 TOMEE-4170 - Hibernate 5.6.14 67ceeeb357 is described below commit 67ceeeb357e3771c1b60b1ea1977159a27b43f23 Author: Richard Zowalla AuthorDate: Wed Jan 11 20:10:59 2023 +0100 TOMEE-4170 - Hibernate 5.6.14 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 344c74e27f..a22aca046c 100644 --- a/pom.xml +++ b/pom.xml @@ -220,7 +220,7 @@ 2.3.18 -5.6.12.Final +5.6.14.Final 6.2.5.Final
[jira] [Commented] (TOMEE-4169) SnakeYAML - CVE-2022-1471
[
https://issues.apache.org/jira/browse/TOMEE-4169?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17675587#comment-17675587
]
Richard Zowalla commented on TOMEE-4169:
snakeyaml in TomEE is a transient dependency from jackson-dataformat-yaml,
which is used by OpenAPI.
According to the Jackson people, they are not affected
https://github.com/FasterXML/jackson-dataformats-text/issues/361
Thus, I don't think, that we are affected as well.
> SnakeYAML - CVE-2022-1471
> -
>
> Key: TOMEE-4169
> URL: https://issues.apache.org/jira/browse/TOMEE-4169
> Project: TomEE
> Issue Type: Dependency upgrade
> Components: TomEE Core Server
>Affects Versions: 8.0.13
>Reporter: Nikhil
>Priority: Major
>
> The security have reported an issue with one of the library ( SnakeYAML )
> which is part of the TomEE distribution.
>
> with TomEE 8.0.13 - we have this library updated to *1.30..* though it is
> never mentioned about the affected versions of this jar but a following
> information is provided -
> {color:#4c9aff}*The maintainers of SnakeYAML have stated in an
> [advisory|https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md]
> that SnakeYAML is not designed to be used to process YAML files from
> untrusted sources.*{color}
> {color:#172b4d}We wanted to check if TomEE is vulnerable to this CVE since
> there is nothing to update from SnakeYAML perspective but more of a
> configuration / usage of its libraries in respective used projects (here
> TomEE){color}
>
> {color:#172b4d}Please help if there is already discussion around this and
> would be happy to coordinate.{color}
>
> {color:#172b4d}---{color}
>
> {*}Summary{*}: SnakeYaml's Constructor() class does not restrict types which
> can be instantiated during deserialization. Deserializing yaml content
> provided by an attacker can lead to remote code execution. We recommend using
> SnakeYaml's SafeConsturctor when parsing untrusted content to restrict
> deserialization.
> {*}Solution{*}: N/A
> {*}Workaround{*}: N/A
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (TOMEE-4169) SnakeYAML - CVE-2022-1471
[
https://issues.apache.org/jira/browse/TOMEE-4169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nikhil updated TOMEE-4169:
--
Description:
The security have reported an issue with one of the library ( SnakeYAML ) which
is part of the TomEE distribution.
with TomEE 8.0.13 - we have this library updated to *1.30..* though it is never
mentioned about the affected versions of this jar but a following information
is provided -
{color:#4c9aff}*The maintainers of SnakeYAML have stated in an
[advisory|https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md]
that SnakeYAML is not designed to be used to process YAML files from untrusted
sources.*{color}
{color:#172b4d}We wanted to check if TomEE is vulnerable to this CVE since
there is nothing to update from SnakeYAML perspective but more of a
configuration / usage of its libraries in respective used projects (here
TomEE){color}
{color:#172b4d}Please help if there is already discussion around this and would
be happy to coordinate.{color}
{color:#172b4d}---{color}
{*}Summary{*}: SnakeYaml's Constructor() class does not restrict types which
can be instantiated during deserialization. Deserializing yaml content provided
by an attacker can lead to remote code execution. We recommend using
SnakeYaml's SafeConsturctor when parsing untrusted content to restrict
deserialization.
{*}Solution{*}: N/A
{*}Workaround{*}: N/A
was:
The security have reported an issue with one of the library ( SnakeYAML ) which
is part of the TomEE distribution.
with TomEE 8.0.13 - we have this library updated to *1.30..* though it is never
mentioned about the affected versions of this jar but a following information
is provided -
{color:#4c9aff}*The maintainers of SnakeYAML have stated in an
[advisory|https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md]
that SnakeYAML is not designed to be used to process YAML files from untrusted
sources.*{color}
{color:#172b4d}We wanted to check if TomEE is vulnerable to this CVE since
there is nothing to update from SnakeYAML perspective but more of a
configuration / usage of its libraries in respective used projects (here
TomEE){color}
{color:#172b4d}Please help if there is already discussion around this and would
be happy to coordinate.{color}
> SnakeYAML - CVE-2022-1471
> -
>
> Key: TOMEE-4169
> URL: https://issues.apache.org/jira/browse/TOMEE-4169
> Project: TomEE
> Issue Type: Dependency upgrade
> Components: TomEE Core Server
>Affects Versions: 8.0.13
>Reporter: Nikhil
>Priority: Major
>
> The security have reported an issue with one of the library ( SnakeYAML )
> which is part of the TomEE distribution.
>
> with TomEE 8.0.13 - we have this library updated to *1.30..* though it is
> never mentioned about the affected versions of this jar but a following
> information is provided -
> {color:#4c9aff}*The maintainers of SnakeYAML have stated in an
> [advisory|https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md]
> that SnakeYAML is not designed to be used to process YAML files from
> untrusted sources.*{color}
> {color:#172b4d}We wanted to check if TomEE is vulnerable to this CVE since
> there is nothing to update from SnakeYAML perspective but more of a
> configuration / usage of its libraries in respective used projects (here
> TomEE){color}
>
> {color:#172b4d}Please help if there is already discussion around this and
> would be happy to coordinate.{color}
>
> {color:#172b4d}---{color}
>
> {*}Summary{*}: SnakeYaml's Constructor() class does not restrict types which
> can be instantiated during deserialization. Deserializing yaml content
> provided by an attacker can lead to remote code execution. We recommend using
> SnakeYaml's SafeConsturctor when parsing untrusted content to restrict
> deserialization.
> {*}Solution{*}: N/A
> {*}Workaround{*}: N/A
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Updated] (TOMEE-4169) SnakeYAML - CVE-2022-1471
[
https://issues.apache.org/jira/browse/TOMEE-4169?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nikhil updated TOMEE-4169:
--
Description:
The security have reported an issue with one of the library ( SnakeYAML ) which
is part of the TomEE distribution.
with TomEE 8.0.13 - we have this library updated to *1.30..* though it is never
mentioned about the affected versions of this jar but a following information
is provided -
{color:#4c9aff}*The maintainers of SnakeYAML have stated in an
[advisory|https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md]
that SnakeYAML is not designed to be used to process YAML files from untrusted
sources.*{color}
{color:#172b4d}We wanted to check if TomEE is vulnerable to this CVE since
there is nothing to update from SnakeYAML perspective but more of a
configuration / usage of its libraries in respective used projects (here
TomEE){color}
{color:#172b4d}Please help if there is already discussion around this and would
be happy to coordinate.{color}
was:
The security have reported an issue with one of the library ( SnakeYAML ) which
is part of the TomEE distribution.
with TomEE 8.0.13 - we have this library updated to *1.30..* though it is never
mentioned about the affected versions of this jar but a note is provided to the
users stating below -
{color:#4c9aff}*The maintainers of SnakeYAML have stated in an
[advisory|https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md]
that SnakeYAML is not designed to be used to be used to process YAML files from
untrusted sources.*{color}
{color:#172b4d}We wanted to check if TomEE is vulnerable to this CVE since
there is nothing to update from SnakeYAML perspective but more of a
configuration / usage of its libraries in respective used projects (here
TomEE){color}
{color:#172b4d}Please help if there is already discussion around this and would
be happy to coordinate.{color}
> SnakeYAML - CVE-2022-1471
> -
>
> Key: TOMEE-4169
> URL: https://issues.apache.org/jira/browse/TOMEE-4169
> Project: TomEE
> Issue Type: Dependency upgrade
> Components: TomEE Core Server
>Affects Versions: 8.0.13
>Reporter: Nikhil
>Priority: Major
>
> The security have reported an issue with one of the library ( SnakeYAML )
> which is part of the TomEE distribution.
>
> with TomEE 8.0.13 - we have this library updated to *1.30..* though it is
> never mentioned about the affected versions of this jar but a following
> information is provided -
>
> {color:#4c9aff}*The maintainers of SnakeYAML have stated in an
> [advisory|https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md]
> that SnakeYAML is not designed to be used to process YAML files from
> untrusted sources.*{color}
>
> {color:#172b4d}We wanted to check if TomEE is vulnerable to this CVE since
> there is nothing to update from SnakeYAML perspective but more of a
> configuration / usage of its libraries in respective used projects (here
> TomEE){color}
>
> {color:#172b4d}Please help if there is already discussion around this and
> would be happy to coordinate.{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
[jira] [Created] (TOMEE-4169) SnakeYAML - CVE-2022-1471
Nikhil created TOMEE-4169:
-
Summary: SnakeYAML - CVE-2022-1471
Key: TOMEE-4169
URL: https://issues.apache.org/jira/browse/TOMEE-4169
Project: TomEE
Issue Type: Dependency upgrade
Components: TomEE Core Server
Affects Versions: 8.0.13
Reporter: Nikhil
The security have reported an issue with one of the library ( SnakeYAML ) which
is part of the TomEE distribution.
with TomEE 8.0.13 - we have this library updated to *1.30..* though it is never
mentioned about the affected versions of this jar but a note is provided to the
users stating below -
{color:#4c9aff}*The maintainers of SnakeYAML have stated in an
[advisory|https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md]
that SnakeYAML is not designed to be used to be used to process YAML files from
untrusted sources.*{color}
{color:#172b4d}We wanted to check if TomEE is vulnerable to this CVE since
there is nothing to update from SnakeYAML perspective but more of a
configuration / usage of its libraries in respective used projects (here
TomEE){color}
{color:#172b4d}Please help if there is already discussion around this and would
be happy to coordinate.{color}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
