Short update: JL did some fixes on the TCK setup and the TCK looks
good. Bug fixes and dep upgrades did not introduce any regression.
There is a full build running to include the final version of
arquillian (1.7.0.Final) + Jackson 2.15.1 (with some bug fixes included
in 2.15.0). If this is
Hi,
I reviewed and merged the PR. Go ahead with the API release and place
backport to 10.x so we don't introduce the issue again.
I did not close the issue as fixed for that reason.
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Tue, May 16, 2023 at 11:02
Hi all,
I provided a possible fix for TOMEE-4199 via [1]. If it is sufficient,
we can do an api release and proceed with 9.1.0 (after we have some tck
results).
Gruß
Richard
[1] https://github.com/apache/tomee-jakartaee-api/pull/2
Am Dienstag, dem 18.04.2023 um 10:01 +0200 schrieb Jean-Louis
Hi Richard,
I reviewed the PR and it looks good, so I don't see any reason why we would
not merge it.
Good point with the security scanners, we need to make sure it's somewhere
in the release notes, and in our website if possible.
Ok for a 9.1.0 because it's not only a patch, we have dependency
Hi,
I've ported the cve-related changes for 10.0.x in [1].
If we want to do 9.0.1 / 9.1.0 (whatever we want to name it), we should
integrate these change, so happy to have some eyes on it.
Patching Tomcat inside TomEE will most likely confuse security
scanners, so we would need to add a
Thanks Swell for providing more information on the consequences/side
effects.
This helps.
I'd say it depends how fast we can get a 10.0
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Tue, Apr 18, 2023 at 11:38 AM Swell wrote:
> Fixing cve should have
Backporting the change and patching within TomEE shouldn't be a big
deal (as we already patch Tomcat within TomEE) :)
Am Dienstag, dem 18.04.2023 um 11:37 +0200 schrieb Swell:
> Fixing cve should have priority over tck results, right ? That said
> do we
> want to maintain efforts on 9.1 or focus
Fixing cve should have priority over tck results, right ? That said do we
want to maintain efforts on 9.1 or focus our resources and time on 10.0 ?
On the other hand, If we upgrade TomEE 9 with tomcat 10.1 we loose a status
method of servlet api used by EE9 versions of resteasy/jersey/etc.
It's not only TCK it's breaking backward compatibility and potentially
impacting users because we'll change APIs signature and of course
implementation in Tomcat.
EL 3, Servlet 6 and TagLib 3 have breaking changes and methods/classes
removed.
--
Jean-Louis Monteiro
Hi,
I am +1 for it, but we need to decide, if we want to port the commons
fileupload cve to tomcat 10.0.27 or if we upgrade tp 10.1.x (and loose
EE9.1 tck compliance).
Gruß
Richard
Am Dienstag, dem 18.04.2023 um 10:01 +0200 schrieb Jean-Louis Monteiro:
> Hi all,
>
> Looks like our backlog is
Hi all,
Looks like our backlog is starting to grow. We've done quite a lot of
updates and I was wondering if we should do a release for 9.1.0?
Note that there is an issue to fix before with the API Uber jar where the
tomcat classifier has the same content as the non tomcat classifier. This
was
11 matches
Mail list logo