Thanks a lot Jean-Louis, if you could trigger a vote over this
week-end then it would be fantastic !
Alex
Le mer. 3 avr. 2024 à 15:07, Jean-Louis Monteiro
a écrit :
>
> Being a bit busy, I have no time for it in the upcoming weeks to do a 9.1.3.
>
> I'll try to do the release check and vote over
Being a bit busy, I have no time for it in the upcoming weeks to do a 9.1.3.
I'll try to do the release check and vote over the weekend.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Wed, Apr 3, 2024 at 2:31 PM Richard Zowalla wrote:
> To answer that q
To answer that question, we are currently waiting for
(1) Someone from the committership/PMC to do the mechanical work (as
mentioned above, ~1h) - so far no one has shown interest in doing a
release (this may change once we have M1 available).
(2) It takes the time of at least 3 PMC people to vo
Hello,
So is it possible to run a TomEE 9.1.3 vote soon, or are we waiting
for more inputs?
Thanks
Alex
Le ven. 29 mars 2024 à 21:11, Richard Zowalla a écrit :
>
> FYI: apache-mime4j-core is a shaded dependency of the Jakarta Mail spec
> jar inside of Geronimo Mail. I did a quick search in IDE
FYI: apache-mime4j-core is a shaded dependency of the Jakarta Mail spec
jar inside of Geronimo Mail. I did a quick search in IDE and it's code
doesn't seem to be actually used, so no big deal here (aside from
confusing vulnerability scanners).
Am Freitag, dem 29.03.2024 um 13:07 +0100 schrieb Ale
I'm more interested in working for 10.x milestone and Jakarta 11 which is
about to be released.
Le ven. 29 mars 2024, 13:52, Alex The Rocker a
écrit :
> Hello Richard,
>
> I don't see other dependencies which would be vital to upgrade in TomEE
> 9.1.3.
>
> As discussed on another thread on TomE
Hello Richard,
I don't see other dependencies which would be vital to upgrade in TomEE 9.1.3.
As discussed on another thread on TomEE dev list, I think that we
should keep 9.1.x series as stable as possible until 10.x is released,
so as to unlock from the weird Tomcat deprecated dependency (Servl
It was more or less a: if you think there is something additional to look at
related to dependencies (CVE or critical bugs), feel free to shout out loud.
Mime4J might be a thing and has already a Jira (If I remember correctly). Boils
down to a dependency management on our side but need to check.
Hi Richard,
Maybe not fully answering your request to get dependencies analysis on
lib/, but running latest grype led to this small finding:
NAMEINSTALLED FIXED-IN TYPE VULNERABILITY
SEVERITY
apache-mime4j-core 0.8.7 0.8.10java-archive
GHSA-jw7r-rxff-gv24
Hi,
I have nothing against doing a TomEE 9.1.3, which is merely a time
thing. Doing the actual release preperation, starting the vote, etc.
takes ~ 30-60min depending on a machine.
If we need to do additional library upgrades, it might take some
additional time to wait until CI is complete and to
Hi,
I would love it!
Frankie
> -Ursprüngliche Nachricht-
> Von: Alex The Rocker
> Gesendet: Freitag, 29. März 2024 11:01
> An: dev@tomee.apache.org
> Betreff: About a TomEE 9.1.3 soon?
>
> Hi there,
>
> It's been more than 3 monthes since TomEE
Hi there,
It's been more than 3 monthes since TomEE 9.1.2 was released.
Couples of updates have been delivered in 9.1.3 in-work, including 2 CVE fixes.
Wouln't it be a good thing to release a 9.1.3 within coming weeks?
(I know we would like to have 10.0.0 asap, but a small patch release
on 9.2.x
12 matches
Mail list logo