[RESULT][VOTE] Release quartz-openejb-shade 2.2.4
Hi
Thanks for the reviews and votes. We've had 3 binding +1 votes:
Jean-Louis Monteiro
David Blevins
Jonathan Gallimore
and no other votes, so this vote has passed, and I'll promote the artifacts.
Thanks
Jon
On Sun, Sep 8, 2019 at 9:26 PM Jonathan Gallimore <
jonathan.gallim...@gmail.com> wrote:
> Hi
>
> This is a vote for releasing an updated quartz-openejb-shade jar. This is
> used by OpenEJB core to provide EJB timer services. We shade quartz to
> avoid conflicts if users provide it in their applications themselves.
> Quartz itself was vulnerable to an External XML Entity Processing issue
> (XXE), and in turn, so is our shaded version. This release shades an up to
> date Quartz package with the XXE fixed.
>
> *Sources*
>
> https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip
>
> *Binary*
>
> https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar
>
> *Change*
> https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the
> update in TomEE will refer to this as well).
>
> Please VOTE
> [+1] all fine, ship it
> [+0] don't care
> [-1] stop, because ${reason}
>
> The VOTE is open for 72h.
>
> Many thanks
>
> Jon
>
Re: [VOTE] Release quartz-openejb-shade 2.2.4
Here's my +1.
On Wed, Sep 25, 2019 at 1:27 AM David Blevins
wrote:
> +1
>
>
> --
> David Blevins
> http://twitter.com/dblevins
> http://www.tomitribe.com
>
> > On Sep 8, 2019, at 1:26 PM, Jonathan Gallimore <
> jonathan.gallim...@gmail.com> wrote:
> >
> > Hi
> >
> > This is a vote for releasing an updated quartz-openejb-shade jar. This is
> > used by OpenEJB core to provide EJB timer services. We shade quartz to
> > avoid conflicts if users provide it in their applications themselves.
> > Quartz itself was vulnerable to an External XML Entity Processing issue
> > (XXE), and in turn, so is our shaded version. This release shades an up
> to
> > date Quartz package with the XXE fixed.
> >
> > *Sources*
> >
> https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip
> >
> > *Binary*
> >
> https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar
> >
> > *Change*
> > https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the
> update
> > in TomEE will refer to this as well).
> >
> > Please VOTE
> > [+1] all fine, ship it
> > [+0] don't care
> > [-1] stop, because ${reason}
> >
> > The VOTE is open for 72h.
> >
> > Many thanks
> >
> > Jon
>
>
Re: [VOTE] Release quartz-openejb-shade 2.2.4
+1
--
David Blevins
http://twitter.com/dblevins
http://www.tomitribe.com
> On Sep 8, 2019, at 1:26 PM, Jonathan Gallimore
> wrote:
>
> Hi
>
> This is a vote for releasing an updated quartz-openejb-shade jar. This is
> used by OpenEJB core to provide EJB timer services. We shade quartz to
> avoid conflicts if users provide it in their applications themselves.
> Quartz itself was vulnerable to an External XML Entity Processing issue
> (XXE), and in turn, so is our shaded version. This release shades an up to
> date Quartz package with the XXE fixed.
>
> *Sources*
> https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip
>
> *Binary*
> https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar
>
> *Change*
> https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the update
> in TomEE will refer to this as well).
>
> Please VOTE
> [+1] all fine, ship it
> [+0] don't care
> [-1] stop, because ${reason}
>
> The VOTE is open for 72h.
>
> Many thanks
>
> Jon
Re: [VOTE] Release quartz-openejb-shade 2.2.4
Bumping this one up - this addresses a CVE (CVE-2019-13990 -
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13990), and it
would be good to release unless there are issues with it.
Thanks
Jon
On Mon, Sep 9, 2019 at 4:58 PM Jean-Louis Monteiro
wrote:
> Looks good.
> +1
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com
>
>
> On Sun, Sep 8, 2019 at 10:26 PM Jonathan Gallimore <
> jonathan.gallim...@gmail.com> wrote:
>
> > Hi
> >
> > This is a vote for releasing an updated quartz-openejb-shade jar. This is
> > used by OpenEJB core to provide EJB timer services. We shade quartz to
> > avoid conflicts if users provide it in their applications themselves.
> > Quartz itself was vulnerable to an External XML Entity Processing issue
> > (XXE), and in turn, so is our shaded version. This release shades an up
> to
> > date Quartz package with the XXE fixed.
> >
> > *Sources*
> >
> >
> https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip
> >
> > *Binary*
> >
> >
> https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar
> >
> > *Change*
> > https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the
> update
> > in TomEE will refer to this as well).
> >
> > Please VOTE
> > [+1] all fine, ship it
> > [+0] don't care
> > [-1] stop, because ${reason}
> >
> > The VOTE is open for 72h.
> >
> > Many thanks
> >
> > Jon
> >
>
Re: [VOTE] Release quartz-openejb-shade 2.2.4
Looks good.
+1
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Sun, Sep 8, 2019 at 10:26 PM Jonathan Gallimore <
jonathan.gallim...@gmail.com> wrote:
> Hi
>
> This is a vote for releasing an updated quartz-openejb-shade jar. This is
> used by OpenEJB core to provide EJB timer services. We shade quartz to
> avoid conflicts if users provide it in their applications themselves.
> Quartz itself was vulnerable to an External XML Entity Processing issue
> (XXE), and in turn, so is our shaded version. This release shades an up to
> date Quartz package with the XXE fixed.
>
> *Sources*
>
> https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip
>
> *Binary*
>
> https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar
>
> *Change*
> https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the update
> in TomEE will refer to this as well).
>
> Please VOTE
> [+1] all fine, ship it
> [+0] don't care
> [-1] stop, because ${reason}
>
> The VOTE is open for 72h.
>
> Many thanks
>
> Jon
>
[VOTE] Release quartz-openejb-shade 2.2.4
Hi
This is a vote for releasing an updated quartz-openejb-shade jar. This is
used by OpenEJB core to provide EJB timer services. We shade quartz to
avoid conflicts if users provide it in their applications themselves.
Quartz itself was vulnerable to an External XML Entity Processing issue
(XXE), and in turn, so is our shaded version. This release shades an up to
date Quartz package with the XXE fixed.
*Sources*
https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip
*Binary*
https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar
*Change*
https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the update
in TomEE will refer to this as well).
Please VOTE
[+1] all fine, ship it
[+0] don't care
[-1] stop, because ${reason}
The VOTE is open for 72h.
Many thanks
Jon
