I did the upload for you ;-) - should be fine now and the VOTE is up.
Am Sonntag, dem 29.10.2023 um 13:47 -0500 schrieb Jonathan Fisher:
> They’re playing in Frankfurt next week!
>
> I re-ran the tool, I’m not sure what fixed it, but the binaries
> appear to be there now.
>
> Sent from my
They’re playing in Frankfurt next week!
I re-ran the tool, I’m not sure what fixed it, but the binaries appear to be
there now.
Sent from my iPhone
> On Oct 29, 2023, at 1:25 PM, Richard Zowalla wrote:
>
> I will take care of it, so we can start the vote.
> Have fun @ KC Chiefs play,
I will take care of it, so we can start the vote.
Have fun @ KC Chiefs play, Jonathan. Many thanks for re-doing the
release.
Am Sonntag, dem 29.10.2023 um 19:06 +0100 schrieb Richard Zowalla:
> https://dist.apache.org/repos/dist/dev/tomee/staging-1223/tomee-8.0.16/
> seems to be empty?
>
> Am
https://dist.apache.org/repos/dist/dev/tomee/staging-1223/tomee-8.0.16/ seems
to be empty?
Am 29. Oktober 2023 18:45:06 MEZ schrieb "Jonathan S. Fisher"
:
>Done.
>
>Staging repo is closed.
>
>Artifacts uploaded here:
>https://dist.apache.org/repos/dist/dev/tomee/staging-1223
>
>tomee-8.x pushed
Alright. Will do some checks later and start a new vote. Thanks!
Am 29. Oktober 2023 18:45:06 MEZ schrieb "Jonathan S. Fisher"
:
>Done.
>
>Staging repo is closed.
>
>Artifacts uploaded here:
>https://dist.apache.org/repos/dist/dev/tomee/staging-1223
>
>tomee-8.x pushed
>
>Tag pushed:
Done.
Staging repo is closed.
Artifacts uploaded here:
https://dist.apache.org/repos/dist/dev/tomee/staging-1223
tomee-8.x pushed
Tag pushed: https://github.com/apache/tomee/releases/tag/tomee-project-8.0.16
On Sun, Oct 29, 2023 at 12:08 PM Jonathan S. Fisher wrote:
>
> Perfect thanks, that
Perfect thanks, that is done.
New release is building and uploading. I checked the bom poms before I
started. KC Chiefs play in a few hours so I'm hoping to have it ready
before then.
On Sun, Oct 29, 2023 at 11:41 AM Richard Zowalla wrote:
>
> Checkout
Checkout https://dist.apache.org/repos/dist/dev/tomee/ via SVN, run an SVN
delete in staging-1222 and commit :-)
Am 29. Oktober 2023 17:34:47 MEZ schrieb "Jonathan S. Fisher"
:
>1) Logged into Nexus, clicked "drop repo"
>2) git tag -d from the command line, went into github, also deleted the
1) Logged into Nexus, clicked "drop repo"
2) git tag -d from the command line, went into github, also deleted the tag
3) for the life of me I can't figure out how to do this. I see the
artifacts here:
https://dist.apache.org/repos/dist/dev/tomee/staging-1222/
On Sun, Oct 29, 2023 at 11:06 AM
Doing this now, thanks
On Sun, Oct 29, 2023 at 10:46 AM Richard Zowalla wrote:
>
> Hey Jonathan,
>
> if you want to do the re-roll, you need to:
>
> (1) drop the staging repo
> (2) drop the tag
> (3) drop the staged binaries in dist/dev
> (4) do the re-roll (as with the release before)
>
> I
Hey Jonathan,
if you want to do the re-roll, you need to:
(1) drop the staging repo
(2) drop the tag
(3) drop the staged binaries in dist/dev
(4) do the re-roll (as with the release before)
I will fix the release notes regarding 9.0.82. Just give me a ping, if we can
start a new vote.
Gruß
Don't worry about the side thing ;-) - it can even wait until the vote
is other.
You can see an example for it here: [1]
I'll check the signatures and if that looks good, I am going to start
the vote for you.
Thnaks, Jonathan!!
[1]
A... just kidding, I need to do the tomee-site-generator thing.
I'll have to figure that out or do it by hand.
On Sat, Oct 28, 2023 at 1:52 PM Jonathan S. Fisher wrote:
>
> Awesome! Thank you!
>
> I've pushed the tag, the binaries are uploaded, release notes are now
> generated. Please
Awesome! Thank you!
I've pushed the tag, the binaries are uploaded, release notes are now
generated. Please double check my tag!
https://github.com/apache/tomee/releases/tag/tomee-project-8.0.16
If everything is all good, yes please and thank you, call the vote!
On Sat, Oct 28, 2023 at 1:42 PM
FYI: Just did it on the staged 8.0.16 version on dist/dev. Looks ok (so
no need to worry about).
Am Samstag, dem 28.10.2023 um 20:35 +0200 schrieb Richard Zowalla:
> Regarding (1):
>
> You can run grype on the lib folder [1] and check the output.
> There will be some false-positive entries but
Regarding (1):
You can run grype on the lib folder [1] and check the output.
There will be some false-positive entries but if you missed something
really important, it should appear there.
With the ActiveMQ upgrade I do not expect anything unforseen though ;-)
Gruß
Richard
[1]
Yes. This is a bit creepy to configure ;-)
You need to add credentials in a folder in your userhome
~/.jamira
In this directory just add a file "asf.properties" with the following
content:
#asf
#Fri May 05 20:19:56 CEST 2023
password=
serverUri=https\://issues.apache.org/jira
username=
As an
Good morning everyone, I'm still stuck at the "Generate release notes
(website)" step on https://tomee.apache.org/dev/release-tomee.html
~/opensource/tomee-release-tools$ ./target/release release-notes generate 8.0.16
No jira accounts configured. Run `account add` to configure a jira account
Thanks to you and Richard for helping me stumble through.
I'm stuck at this step:
~/opensource/tomee-release-tools$ ./target/release release-notes generate 8.0.16
No jira accounts configured. Run `account add` to configure a jira account
~/opensource/tomee-release-tools$ ./target/release
Upload to here: https://dist.apache.org/repos/dist/dev/tomee/ - this is
where we'll all be getting the artifacts to vote on. If you're using the
release tools, you'll be on this step: "Deploy Source and Distributions to
dist/dev".
Thanks for all your work on this.
Jon
On Fri, Oct 27, 2023 at
Ok repository is uploaded and closed:
https://repository.apache.org/content/repositories/orgapachetomee-1222/org/apache/tomee/apache-tomee/8.0.16/
What's next? The directions say to upload but that seems a bit
premature before calling for a vote or what not... sorry I'm new here!
Thanks Jonathan. If it helps, the changeset from 5.17.5 to 5.17.6 isn't
massive: https://github.com/apache/activemq/commits/activemq-5.17.x.
Jon
On Fri, Oct 27, 2023 at 10:00 PM Jonathan S. Fisher
wrote:
> ope, it's in there now. Just popped up and I merged.
>
> ActiveMQ merges make a be a bit
ope, it's in there now. Just popped up and I merged.
ActiveMQ merges make a be a bit nervous :) I'll go ahead
release:perform but stop again before closing the repository.
I'll try running this too with some of our bigger apps and see if I
can find anything wrong.
On Fri, Oct 27, 2023 at 3:58
Those should be there for 8.0.x, 9.1.x and 10.0.x (I think you merged the
PR for 8.0.x yourself :-) )
Jon
On Fri, Oct 27, 2023 at 9:56 PM Jonathan Gallimore <
jonathan.gallim...@gmail.com> wrote:
> It should be done by the build, but I can do that and push it as well.
>
> Jon
>
> On Fri, Oct
It should be done by the build, but I can do that and push it as well.
Jon
On Fri, Oct 27, 2023 at 9:55 PM Jonathan S. Fisher
wrote:
> Thanks, do we need to do the bom thing?
>
> On Fri, Oct 27, 2023 at 3:53 PM Jonathan Gallimore
> wrote:
> >
> > Done:
> >
>
Thanks, do we need to do the bom thing?
On Fri, Oct 27, 2023 at 3:53 PM Jonathan Gallimore
wrote:
>
> Done:
> https://github.com/apache/tomee/commit/c63eacac4956c29454a0efc3e75e933dd4316b26
>
> On Fri, Oct 27, 2023 at 9:46 PM Jonathan Gallimore <
> jonathan.gallim...@gmail.com> wrote:
>
> >
Done:
https://github.com/apache/tomee/commit/c63eacac4956c29454a0efc3e75e933dd4316b26
On Fri, Oct 27, 2023 at 9:46 PM Jonathan Gallimore <
jonathan.gallim...@gmail.com> wrote:
> Thanks. That commit is incoming in about 1 minute.
>
> Jon
>
> On Fri, Oct 27, 2023 at 9:43 PM Jonathan S. Fisher
>
Thanks. That commit is incoming in about 1 minute.
Jon
On Fri, Oct 27, 2023 at 9:43 PM Jonathan S. Fisher
wrote:
> No problemo. I'll cancel, do the pr two step, and rebuild
>
> On Fri, Oct 27, 2023 at 3:39 PM Jonathan Gallimore
> wrote:
> >
> > I was about to ask the same. Happy to push the
No problemo. I'll cancel, do the pr two step, and rebuild
On Fri, Oct 27, 2023 at 3:39 PM Jonathan Gallimore
wrote:
>
> I was about to ask the same. Happy to push the update to the branch before
> a release is kicked off.
>
> Jon
>
> On Fri, 27 Oct 2023, 21:23 Alex The Rocker, wrote:
>
> > Hi
>
I was about to ask the same. Happy to push the update to the branch before
a release is kicked off.
Jon
On Fri, 27 Oct 2023, 21:23 Alex The Rocker, wrote:
> Hi
>
> Before it's too late, can 8.0.16 release include (if not already done)
> the dependency update to ActiveMQ version fixing
Hi
Before it's too late, can 8.0.16 release include (if not already done)
the dependency update to ActiveMQ version fixing CVE-2023-46604 (which
has High 8.8 score by
https://nvd.nist.gov/vuln/detail/CVE-2022-46604), as it's enabling
remote code execution ?
As a reminder, ActiveMQ is embedded in
Alright, I have the build completed, signed, and uploaded the the
Nexus staging repository: orgapachetomee-1221
What's next? I'm a little apprehensive to close out the staging repo
for fear of prematurely publishing a release...
On Fri, Oct 27, 2023 at 9:42 AM Jonathan S. Fisher wrote:
>
> I
I got another good build locally and CI is happy too. I'm going to
stage the release!
On Thu, Oct 26, 2023 at 9:27 AM Jonathan S. Fisher wrote:
>
> Yep! I just logged that one and pushed a PR. Waiting on CI
>
> On Thu, Oct 26, 2023 at 9:24 AM Jamie Johnson wrote:
> >
> > Should this be
Yep! I just logged that one and pushed a PR. Waiting on CI
On Thu, Oct 26, 2023 at 9:24 AM Jamie Johnson wrote:
>
> Should this be included?
>
> TOMEE-4263: Update Apache Santuario to 2.3.4 from 2.3.2 (xmlsec) to
> mitigate CVE-2023-4448
>
> Not sure how to find the others without going through
Should this be included?
TOMEE-4263: Update Apache Santuario to 2.3.4 from 2.3.2 (xmlsec) to
mitigate CVE-2023-4448
Not sure how to find the others without going through commit history.
Jamie
On Thu, Oct 26, 2023 at 8:19 AM Jonathan S. Fisher
wrote:
> Richard, thank you sir; I assigned that
Richard, thank you sir; I assigned that ticket to myself. If anyone
else is aware of anything else I can upgrade before release, please
speak up :)
Also good news: for whatever reason, I'm able to build
tomee-release-tools now. The atlassian maven repository hit me with a
rate limit briefly but
Might be relevant for your release preperations:
https://issues.apache.org/jira/browse/TOMEE-4263
Am 26. Oktober 2023 00:11:14 MESZ schrieb "Jonathan S. Fisher"
:
>Thank you, eclipselink has been updated and boms also updated.
>
>Are the tomee release tools still needed?
>
>[ERROR] Failed to
No, you can also do the sha512 gen + svn upload manually.
Am 26. Oktober 2023 00:11:14 MESZ schrieb "Jonathan S. Fisher"
:
>Thank you, eclipselink has been updated and boms also updated.
>
>Are the tomee release tools still needed?
>
>[ERROR] Failed to execute goal on project release-tools:
Thank you, eclipselink has been updated and boms also updated.
Are the tomee release tools still needed?
[ERROR] Failed to execute goal on project release-tools: Could not
resolve dependencies for project
org.apache.openejb.tools:release-tools:jar:1.0-SNAPSHOT: Failed to
collect dependencies at
Feel free to update 3rd party dependencies (make sure to create a Jira,
so it gets into the release notes). To update the BOMs you can either
rely on the related GitHub action (will do it automatically via a PR)
or just run a quick build.
Am Mittwoch, dem 25.10.2023 um 08:40 -0500 schrieb
They are NOT apart of the main build. I take care of those manually.
Thanks,
Rod.
Sent from my iPhone
> On Oct 25, 2023, at 8:40 AM, Jonathan S. Fisher wrote:
>
> Richard: thank you sir, I see my key in there.
> Rod: Are the docker images part of the main build? I don't use Docker
>
Richard: thank you sir, I see my key in there.
Rod: Are the docker images part of the main build? I don't use Docker
professionally, so I'm not very familiar with the whole process.
I see Tomcat 9.0.82 in tomee-8.x. Yeehaw!
Does anyone have an issue with me updating to eclipselink 2.7.13?
Is there anyway to test the keys before we deploy? We have issues in the past
with new keys and verifying the packages when the docker images are built.
Thanks,
Rod.
>
> On Oct 24, 2023, at 9:06 AM, Richard Zowalla wrote:
>
> Added to https://dist.apache.org/repos/dist/release/tomee/KEYS
Added to https://dist.apache.org/repos/dist/release/tomee/KEYS
Am Dienstag, dem 24.10.2023 um 08:54 -0500 schrieb Jonathan S. Fisher:
> pasted here:
>
> -BEGIN PGP PUBLIC KEY BLOCK-
>
> mJMEV5tUvhMFK4EEACMEIwQBDFKWRWNFys17LQRo18NBQ0cJk9HitooLx1k3dGTA
>
pasted here:
-BEGIN PGP PUBLIC KEY BLOCK-
mJMEV5tUvhMFK4EEACMEIwQBDFKWRWNFys17LQRo18NBQ0cJk9HitooLx1k3dGTA
G2By4TUnNYaR/ranOPJ47IRVr/1E0DBy9RKayUDNFElly6kAfhn/ALMmdv68cet9
GWkNjV/DwEGmtdXnhuGxXioxN1XkoJJNbjDCBEzx/mDDIna7w3jE2v28bXYP9kfv
The list doesn't allow attachments, so maybe add it as plain text (or put it
into a gist)
Gruß
Richard
Am 22. Oktober 2023 21:48:22 MESZ schrieb "Jonathan S. Fisher"
:
>Attached! Thank you!
>
>On Sat, Oct 21, 2023 at 7:42 PM Richard Zowalla wrote:
>>
>> Just send it in the required ascii
Attached! Thank you!
On Sat, Oct 21, 2023 at 7:42 PM Richard Zowalla wrote:
>
> Just send it in the required ascii armored format via your apache mail (or
> via die web ui on lists.apache.org after login.
>
> I can take care of it.
>
>
> Am 22. Oktober 2023 01:05:53 MESZ schrieb "Jonathan S.
Just send it in the required ascii armored format via your apache mail (or via
die web ui on lists.apache.org after login.
I can take care of it.
Am 22. Oktober 2023 01:05:53 MESZ schrieb "Jonathan S. Fisher"
:
>Richard thanks. Anyone on this thread able to add me to the KEYS file?
>I'd like
Richard thanks. Anyone on this thread able to add me to the KEYS file?
I'd like to give this a roll :)
cheers,
On Thu, Oct 19, 2023 at 7:12 AM Jamie Johnson wrote:
>
> Just checking in on this. Anything the community can do to facilitate the
> release?
>
> On Tue, Oct 17, 2023 at 9:58 AM
Just checking in on this. Anything the community can do to facilitate the
release?
On Tue, Oct 17, 2023 at 9:58 AM Richard Zowalla wrote:
> Hi,
>
> see https://tomee.apache.org/dev/release-tomee.html
>
> Might be beneficial to join the ASF slack with your apache.org mail.
>
> Starting the VOTE,
Hi,
see https://tomee.apache.org/dev/release-tomee.html
Might be beneficial to join the ASF slack with your apache.org mail.
Starting the VOTE, moving artifacts to release area as well as updating
https://downloads.apache.org/tomee/KEYS needs to be done by a PMC member.
Gruß
Richard
Am 17.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
ello other TomEE committers :)
If I wanted to cut 8.0.16, how do I do that? My personal GPG key is
871638A21A7F2C38066471420306A354336B4F0D. I'll sign this text block to
prove I have control of my key.
Thank you!
-BEGIN PGP SIGNATURE-
Looks like tomcat 9.0.82 was released!
On Wed, Oct 11, 2023 at 12:54 PM Jamie Johnson wrote:
> Looks right to me as well. Thanks Richard!
>
> On Wed, Oct 11, 2023 at 12:45 PM Richard Zowalla
> wrote:
>
>> I think we are running into
>> https://bz.apache.org/bugzilla/show_bug.cgi?id=67664
>>
>>
Looks right to me as well. Thanks Richard!
On Wed, Oct 11, 2023 at 12:45 PM Richard Zowalla
wrote:
> I think we are running into
> https://bz.apache.org/bugzilla/show_bug.cgi?id=67664
>
> This requires 9.0.82 to become available.
>
> They are already voting:
>
I think we are running into https://bz.apache.org/bugzilla/show_bug.cgi?id=67664
This requires 9.0.82 to become available.
They are already voting:
https://lists.apache.org/thread/qro48x3xnvhvvxxv3hwnqnnsrrry773j
After 9.0.82 becomes available, we are most likely in a good shape to start a
It seems the Tomcat upgrade breaks some connection pool related tests.
I guess we need to check our integration code to fix it:
https://ci-builds.apache.org/job/Tomee/job/tomee-8.x-build-full-java8/lastCompletedBuild/testReport/
So if anyone wants to dig, feel free.
Am 11. Oktober 2023
Looking in the distribution I don't see any of these jars then. Do you
agree?
On Wed, Oct 11, 2023 at 11:11 AM Richard Zowalla
wrote:
> Some of these dependencies aren't shipped with the TomEE distribution.
> Best way to check is to actually look through /lib
>
>
>
> Am 11. Oktober 2023
Some of these dependencies aren't shipped with the TomEE distribution. Best way
to check is to actually look through /lib
Am 11. Oktober 2023 16:56:27 MESZ schrieb Jamie Johnson :
>There are other vulnerabilities (pulled from https://osv.dev/) that can be
>addressed, but need to be reviewed.
There are other vulnerabilities (pulled from https://osv.dev/) that can be
addressed, but need to be reviewed. The format below is dependency
current_version (fix_version).
org.apache.httpcomponents:httpclient 4.2.2 (>= 4.5.13)
GHSA-2x83-r56g-cv47 (4.2.3), GHSA-7r82-7xv7-xcpj
(4.5.13),
How deep down the rabbit hole should the dependency checks normally go?
Looks like the big ones I was tracking with security updates were done.
johnzon 1.2.21
tomcat 9.0.81
bouncy castle 1.76
Still poking around a bit but there’s obviously a lot.
On Wed, Oct 11, 2023 at 2:09 AM Richard Zowalla
In theory, every committer can act as release manager.
There are some steps in the process, which requires PMC karma, though
(such as adding a key to the KEYS file, moving stuff to the release are
on SVN, start the VOTE, etc.).
The process is documented here: [1]
That being said:
I am
Jean-Louis, are there directions anywhere? Not promising anything :)
On Tue, Oct 10, 2023 at 5:22 PM Jean-Louis Monteiro
wrote:
>
> Whomever is committer can do it.
>
> I was just trying to give you an honest reply regarding my availabilities
> and give visibility to the rest of the community
Whomever is committer can do it.
I was just trying to give you an honest reply regarding my availabilities
and give visibility to the rest of the community and the other committers
at the same time.
Hope it helps.
Le mar. 10 oct. 2023, 23:27, Jamie Johnson a écrit :
> I’m not sure what that
I’m not sure what that entails or who would go about doing it. Is it a
community or contributor driven thing?
On Tue, Oct 10, 2023 at 3:25 PM Jean-Louis Monteiro <
jlmonte...@tomitribe.com> wrote:
> I think most of the energy is currently on TomEE 9 and the new TomEE 10.
> I've also noticed some
+1 for a 8.0.16 to get these recent urgent CVEs fixed ASAP
Le mar. 10 oct. 2023 à 21:25, Jean-Louis Monteiro
a écrit :
>
> I think most of the energy is currently on TomEE 9 and the new TomEE 10.
> I've also noticed some Tomcat CVE today if I remember correctly.
>
> I'm all hands on TomEE 10
I think most of the energy is currently on TomEE 9 and the new TomEE 10.
I've also noticed some Tomcat CVE today if I remember correctly.
I'm all hands on TomEE 10 currently because we need to fill the feature
gaps on all implementations. So speaking about myself, not sure I can
trigger a build
66 matches
Mail list logo
