[RESULT][VOTE] Release quartz-openejb-shade 2.2.4
Hi Thanks for the reviews and votes. We've had 3 binding +1 votes: Jean-Louis Monteiro David Blevins Jonathan Gallimore and no other votes, so this vote has passed, and I'll promote the artifacts. Thanks Jon On Sun, Sep 8, 2019 at 9:26 PM Jonathan Gallimore < jonathan.gallim...@gmail.com> wrote: > Hi > > This is a vote for releasing an updated quartz-openejb-shade jar. This is > used by OpenEJB core to provide EJB timer services. We shade quartz to > avoid conflicts if users provide it in their applications themselves. > Quartz itself was vulnerable to an External XML Entity Processing issue > (XXE), and in turn, so is our shaded version. This release shades an up to > date Quartz package with the XXE fixed. > > *Sources* > > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip > > *Binary* > > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar > > *Change* > https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the > update in TomEE will refer to this as well). > > Please VOTE > [+1] all fine, ship it > [+0] don't care > [-1] stop, because ${reason} > > The VOTE is open for 72h. > > Many thanks > > Jon >
Re: [VOTE] Release quartz-openejb-shade 2.2.4
Here's my +1. On Wed, Sep 25, 2019 at 1:27 AM David Blevins wrote: > +1 > > > -- > David Blevins > http://twitter.com/dblevins > http://www.tomitribe.com > > > On Sep 8, 2019, at 1:26 PM, Jonathan Gallimore < > jonathan.gallim...@gmail.com> wrote: > > > > Hi > > > > This is a vote for releasing an updated quartz-openejb-shade jar. This is > > used by OpenEJB core to provide EJB timer services. We shade quartz to > > avoid conflicts if users provide it in their applications themselves. > > Quartz itself was vulnerable to an External XML Entity Processing issue > > (XXE), and in turn, so is our shaded version. This release shades an up > to > > date Quartz package with the XXE fixed. > > > > *Sources* > > > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip > > > > *Binary* > > > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar > > > > *Change* > > https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the > update > > in TomEE will refer to this as well). > > > > Please VOTE > > [+1] all fine, ship it > > [+0] don't care > > [-1] stop, because ${reason} > > > > The VOTE is open for 72h. > > > > Many thanks > > > > Jon > >
Re: [VOTE] Release quartz-openejb-shade 2.2.4
+1 -- David Blevins http://twitter.com/dblevins http://www.tomitribe.com > On Sep 8, 2019, at 1:26 PM, Jonathan Gallimore > wrote: > > Hi > > This is a vote for releasing an updated quartz-openejb-shade jar. This is > used by OpenEJB core to provide EJB timer services. We shade quartz to > avoid conflicts if users provide it in their applications themselves. > Quartz itself was vulnerable to an External XML Entity Processing issue > (XXE), and in turn, so is our shaded version. This release shades an up to > date Quartz package with the XXE fixed. > > *Sources* > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip > > *Binary* > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar > > *Change* > https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the update > in TomEE will refer to this as well). > > Please VOTE > [+1] all fine, ship it > [+0] don't care > [-1] stop, because ${reason} > > The VOTE is open for 72h. > > Many thanks > > Jon
Re: [VOTE] Release quartz-openejb-shade 2.2.4
Bumping this one up - this addresses a CVE (CVE-2019-13990 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13990), and it would be good to release unless there are issues with it. Thanks Jon On Mon, Sep 9, 2019 at 4:58 PM Jean-Louis Monteiro wrote: > Looks good. > +1 > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com > > > On Sun, Sep 8, 2019 at 10:26 PM Jonathan Gallimore < > jonathan.gallim...@gmail.com> wrote: > > > Hi > > > > This is a vote for releasing an updated quartz-openejb-shade jar. This is > > used by OpenEJB core to provide EJB timer services. We shade quartz to > > avoid conflicts if users provide it in their applications themselves. > > Quartz itself was vulnerable to an External XML Entity Processing issue > > (XXE), and in turn, so is our shaded version. This release shades an up > to > > date Quartz package with the XXE fixed. > > > > *Sources* > > > > > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip > > > > *Binary* > > > > > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar > > > > *Change* > > https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the > update > > in TomEE will refer to this as well). > > > > Please VOTE > > [+1] all fine, ship it > > [+0] don't care > > [-1] stop, because ${reason} > > > > The VOTE is open for 72h. > > > > Many thanks > > > > Jon > > >
Re: [VOTE] Release quartz-openejb-shade 2.2.4
Looks good. +1 -- Jean-Louis Monteiro http://twitter.com/jlouismonteiro http://www.tomitribe.com On Sun, Sep 8, 2019 at 10:26 PM Jonathan Gallimore < jonathan.gallim...@gmail.com> wrote: > Hi > > This is a vote for releasing an updated quartz-openejb-shade jar. This is > used by OpenEJB core to provide EJB timer services. We shade quartz to > avoid conflicts if users provide it in their applications themselves. > Quartz itself was vulnerable to an External XML Entity Processing issue > (XXE), and in turn, so is our shaded version. This release shades an up to > date Quartz package with the XXE fixed. > > *Sources* > > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip > > *Binary* > > https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar > > *Change* > https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the update > in TomEE will refer to this as well). > > Please VOTE > [+1] all fine, ship it > [+0] don't care > [-1] stop, because ${reason} > > The VOTE is open for 72h. > > Many thanks > > Jon >
[VOTE] Release quartz-openejb-shade 2.2.4
Hi This is a vote for releasing an updated quartz-openejb-shade jar. This is used by OpenEJB core to provide EJB timer services. We shade quartz to avoid conflicts if users provide it in their applications themselves. Quartz itself was vulnerable to an External XML Entity Processing issue (XXE), and in turn, so is our shaded version. This release shades an up to date Quartz package with the XXE fixed. *Sources* https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip *Binary* https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar *Change* https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the update in TomEE will refer to this as well). Please VOTE [+1] all fine, ship it [+0] don't care [-1] stop, because ${reason} The VOTE is open for 72h. Many thanks Jon