Re: Cutting 9.1.2 release?
Done - looks good. Thank you Zoltán! On Wed, Dec 6, 2023 at 3:14 PM Richard Zowalla wrote: > Maybe TOMEE-4284 regarding the property deprecation? > TOMEE-4112 is in TomEE 8.x, so maybe time to bring it to main/9.x too ? > > But no hard blockers. I am fine with it :) > > Gruß > Richard > > > Am Mittwoch, dem 06.12.2023 um 15:10 + schrieb Jonathan Gallimore: > > Ok - is there anything else we want to try and pull in before I cut a > > release? I note there's 3 PRs here for main from the last couple of > > weeks - > > should any be ported to 9.x? https://github.com/apache/tomee/pulls > > > > Jon > > > > > > > > On Mon, Dec 4, 2023 at 12:22 PM Richard Zowalla > > wrote: > > > > > Thx, Jon. > > > > > > Am Freitag, dem 01.12.2023 um 16:02 + schrieb Jonathan > > > Gallimore: > > > > I've merged in a fix for CVE-2023-46589, and a test for it. I'll > > > > kick > > > > off a > > > > release either over the weekend if I get time, or on Monday. Let > > > > me > > > > know if > > > > there's any objections. > > > > > > > > Jon > > > > > > > > On Wed, Nov 29, 2023 at 3:48 PM Alex The Rocker > > > > > > > > wrote: > > > > > > > > > +1 and thanks Richard for raising attention on CVE-2023-46589 > > > > > which > > > > > is > > > > > fairly new > > > > > > > > > > Le mer. 29 nov. 2023 à 12:51, Richard Zowalla > > > > > a > > > > > écrit : > > > > > > > > > > > > +1 and yes, CVE-2023-46589 is missing. > > > > > > > > > > > > Am Mittwoch, dem 29.11.2023 um 11:23 + schrieb Jonathan > > > > > > Gallimore: > > > > > > > +1 > > > > > > > > > > > > > > I think there's one CVE to patch before release: CVE-2023- > > > > > > > 46589 > > > > > > > which > > > > > > > I'm > > > > > > > happy to do. I'm also happy to cut the release as its been > > > > > > > a > > > > > > > while > > > > > > > since I > > > > > > > last did it. > > > > > > > > > > > > > > Jon > > > > > > > > > > > > > > On Wed, Nov 29, 2023 at 11:20 AM Jean-Louis Monteiro < > > > > > > > jlmonte...@tomitribe.com> wrote: > > > > > > > > > > > > > > > Hi all, > > > > > > > > > > > > > > > > There are a couple of CVEs attached to the latest 9.x > > > > > > > > release. Is > > > > > > > > it time > > > > > > > > to cut a release? > > > > > > > > > > > > > > > > Best > > > > > > > > -- > > > > > > > > Jean-Louis Monteiro > > > > > > > > http://twitter.com/jlouismonteiro > > > > > > > > http://www.tomitribe.com > > > > > > > > > > > > > > > > > > > > > > > > > > >
Re: Cutting 9.1.2 release?
Maybe TOMEE-4284 regarding the property deprecation? TOMEE-4112 is in TomEE 8.x, so maybe time to bring it to main/9.x too ? But no hard blockers. I am fine with it :) Gruß Richard Am Mittwoch, dem 06.12.2023 um 15:10 + schrieb Jonathan Gallimore: > Ok - is there anything else we want to try and pull in before I cut a > release? I note there's 3 PRs here for main from the last couple of > weeks - > should any be ported to 9.x? https://github.com/apache/tomee/pulls > > Jon > > > > On Mon, Dec 4, 2023 at 12:22 PM Richard Zowalla > wrote: > > > Thx, Jon. > > > > Am Freitag, dem 01.12.2023 um 16:02 + schrieb Jonathan > > Gallimore: > > > I've merged in a fix for CVE-2023-46589, and a test for it. I'll > > > kick > > > off a > > > release either over the weekend if I get time, or on Monday. Let > > > me > > > know if > > > there's any objections. > > > > > > Jon > > > > > > On Wed, Nov 29, 2023 at 3:48 PM Alex The Rocker > > > > > > wrote: > > > > > > > +1 and thanks Richard for raising attention on CVE-2023-46589 > > > > which > > > > is > > > > fairly new > > > > > > > > Le mer. 29 nov. 2023 à 12:51, Richard Zowalla > > > > a > > > > écrit : > > > > > > > > > > +1 and yes, CVE-2023-46589 is missing. > > > > > > > > > > Am Mittwoch, dem 29.11.2023 um 11:23 + schrieb Jonathan > > > > > Gallimore: > > > > > > +1 > > > > > > > > > > > > I think there's one CVE to patch before release: CVE-2023- > > > > > > 46589 > > > > > > which > > > > > > I'm > > > > > > happy to do. I'm also happy to cut the release as its been > > > > > > a > > > > > > while > > > > > > since I > > > > > > last did it. > > > > > > > > > > > > Jon > > > > > > > > > > > > On Wed, Nov 29, 2023 at 11:20 AM Jean-Louis Monteiro < > > > > > > jlmonte...@tomitribe.com> wrote: > > > > > > > > > > > > > Hi all, > > > > > > > > > > > > > > There are a couple of CVEs attached to the latest 9.x > > > > > > > release. Is > > > > > > > it time > > > > > > > to cut a release? > > > > > > > > > > > > > > Best > > > > > > > -- > > > > > > > Jean-Louis Monteiro > > > > > > > http://twitter.com/jlouismonteiro > > > > > > > http://www.tomitribe.com > > > > > > > > > > > > > > > > > > > > signature.asc Description: This is a digitally signed message part
Re: Cutting 9.1.2 release?
Ok - is there anything else we want to try and pull in before I cut a release? I note there's 3 PRs here for main from the last couple of weeks - should any be ported to 9.x? https://github.com/apache/tomee/pulls Jon On Mon, Dec 4, 2023 at 12:22 PM Richard Zowalla wrote: > Thx, Jon. > > Am Freitag, dem 01.12.2023 um 16:02 + schrieb Jonathan Gallimore: > > I've merged in a fix for CVE-2023-46589, and a test for it. I'll kick > > off a > > release either over the weekend if I get time, or on Monday. Let me > > know if > > there's any objections. > > > > Jon > > > > On Wed, Nov 29, 2023 at 3:48 PM Alex The Rocker > > > > wrote: > > > > > +1 and thanks Richard for raising attention on CVE-2023-46589 which > > > is > > > fairly new > > > > > > Le mer. 29 nov. 2023 à 12:51, Richard Zowalla a > > > écrit : > > > > > > > > +1 and yes, CVE-2023-46589 is missing. > > > > > > > > Am Mittwoch, dem 29.11.2023 um 11:23 + schrieb Jonathan > > > > Gallimore: > > > > > +1 > > > > > > > > > > I think there's one CVE to patch before release: CVE-2023-46589 > > > > > which > > > > > I'm > > > > > happy to do. I'm also happy to cut the release as its been a > > > > > while > > > > > since I > > > > > last did it. > > > > > > > > > > Jon > > > > > > > > > > On Wed, Nov 29, 2023 at 11:20 AM Jean-Louis Monteiro < > > > > > jlmonte...@tomitribe.com> wrote: > > > > > > > > > > > Hi all, > > > > > > > > > > > > There are a couple of CVEs attached to the latest 9.x > > > > > > release. Is > > > > > > it time > > > > > > to cut a release? > > > > > > > > > > > > Best > > > > > > -- > > > > > > Jean-Louis Monteiro > > > > > > http://twitter.com/jlouismonteiro > > > > > > http://www.tomitribe.com > > > > > > > > > > > > > > >
Re: Cutting 9.1.2 release?
Thx, Jon. Am Freitag, dem 01.12.2023 um 16:02 + schrieb Jonathan Gallimore: > I've merged in a fix for CVE-2023-46589, and a test for it. I'll kick > off a > release either over the weekend if I get time, or on Monday. Let me > know if > there's any objections. > > Jon > > On Wed, Nov 29, 2023 at 3:48 PM Alex The Rocker > > wrote: > > > +1 and thanks Richard for raising attention on CVE-2023-46589 which > > is > > fairly new > > > > Le mer. 29 nov. 2023 à 12:51, Richard Zowalla a > > écrit : > > > > > > +1 and yes, CVE-2023-46589 is missing. > > > > > > Am Mittwoch, dem 29.11.2023 um 11:23 + schrieb Jonathan > > > Gallimore: > > > > +1 > > > > > > > > I think there's one CVE to patch before release: CVE-2023-46589 > > > > which > > > > I'm > > > > happy to do. I'm also happy to cut the release as its been a > > > > while > > > > since I > > > > last did it. > > > > > > > > Jon > > > > > > > > On Wed, Nov 29, 2023 at 11:20 AM Jean-Louis Monteiro < > > > > jlmonte...@tomitribe.com> wrote: > > > > > > > > > Hi all, > > > > > > > > > > There are a couple of CVEs attached to the latest 9.x > > > > > release. Is > > > > > it time > > > > > to cut a release? > > > > > > > > > > Best > > > > > -- > > > > > Jean-Louis Monteiro > > > > > http://twitter.com/jlouismonteiro > > > > > http://www.tomitribe.com > > > > > > > > > > signature.asc Description: This is a digitally signed message part
Re: Cutting 9.1.2 release?
I've merged in a fix for CVE-2023-46589, and a test for it. I'll kick off a release either over the weekend if I get time, or on Monday. Let me know if there's any objections. Jon On Wed, Nov 29, 2023 at 3:48 PM Alex The Rocker wrote: > +1 and thanks Richard for raising attention on CVE-2023-46589 which is > fairly new > > Le mer. 29 nov. 2023 à 12:51, Richard Zowalla a écrit : > > > > +1 and yes, CVE-2023-46589 is missing. > > > > Am Mittwoch, dem 29.11.2023 um 11:23 + schrieb Jonathan Gallimore: > > > +1 > > > > > > I think there's one CVE to patch before release: CVE-2023-46589 which > > > I'm > > > happy to do. I'm also happy to cut the release as its been a while > > > since I > > > last did it. > > > > > > Jon > > > > > > On Wed, Nov 29, 2023 at 11:20 AM Jean-Louis Monteiro < > > > jlmonte...@tomitribe.com> wrote: > > > > > > > Hi all, > > > > > > > > There are a couple of CVEs attached to the latest 9.x release. Is > > > > it time > > > > to cut a release? > > > > > > > > Best > > > > -- > > > > Jean-Louis Monteiro > > > > http://twitter.com/jlouismonteiro > > > > http://www.tomitribe.com > > > > > > >
Re: Cutting 9.1.2 release?
+1 and thanks Richard for raising attention on CVE-2023-46589 which is fairly new Le mer. 29 nov. 2023 à 12:51, Richard Zowalla a écrit : > > +1 and yes, CVE-2023-46589 is missing. > > Am Mittwoch, dem 29.11.2023 um 11:23 + schrieb Jonathan Gallimore: > > +1 > > > > I think there's one CVE to patch before release: CVE-2023-46589 which > > I'm > > happy to do. I'm also happy to cut the release as its been a while > > since I > > last did it. > > > > Jon > > > > On Wed, Nov 29, 2023 at 11:20 AM Jean-Louis Monteiro < > > jlmonte...@tomitribe.com> wrote: > > > > > Hi all, > > > > > > There are a couple of CVEs attached to the latest 9.x release. Is > > > it time > > > to cut a release? > > > > > > Best > > > -- > > > Jean-Louis Monteiro > > > http://twitter.com/jlouismonteiro > > > http://www.tomitribe.com > > > >
Re: Cutting 9.1.2 release?
+1 and yes, CVE-2023-46589 is missing. Am Mittwoch, dem 29.11.2023 um 11:23 + schrieb Jonathan Gallimore: > +1 > > I think there's one CVE to patch before release: CVE-2023-46589 which > I'm > happy to do. I'm also happy to cut the release as its been a while > since I > last did it. > > Jon > > On Wed, Nov 29, 2023 at 11:20 AM Jean-Louis Monteiro < > jlmonte...@tomitribe.com> wrote: > > > Hi all, > > > > There are a couple of CVEs attached to the latest 9.x release. Is > > it time > > to cut a release? > > > > Best > > -- > > Jean-Louis Monteiro > > http://twitter.com/jlouismonteiro > > http://www.tomitribe.com > > signature.asc Description: This is a digitally signed message part
Re: Cutting 9.1.2 release?
+1 I think there's one CVE to patch before release: CVE-2023-46589 which I'm happy to do. I'm also happy to cut the release as its been a while since I last did it. Jon On Wed, Nov 29, 2023 at 11:20 AM Jean-Louis Monteiro < jlmonte...@tomitribe.com> wrote: > Hi all, > > There are a couple of CVEs attached to the latest 9.x release. Is it time > to cut a release? > > Best > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com >
