I created a related PR https://github.com/apache/tomee/pull/742
Gruss Richard Am Montag, den 21.12.2020, 00:18 +0000 schrieb Bruce Heavey: > I don’t really feel comfortable making contributions yet sorry - > better to leave that to the experts! > > But I’m happy to raise the JIRA ticket, I've created TOMEE 2947 for > this, cheers! > https://issues.apache.org/jira/browse/TOMEE-2947 > > > -----Original Message----- > From: Jean-Louis Monteiro <[email protected]> > Sent: Friday, 18 December 2020 6:11 PM > To: [email protected] > Subject: Re: TomEE 8.0.5 tomcat/quartz-openejb-shade dependency > versions > > Hi Bruce, > > Glad the upgrade went well. > > 1/ I checked the pom file of the 8.0.5 > https://github.com/apache/tomee/blob/tomee-8.0.5/pom.xml#L148 > Tomcat seems to be 9.0.39 in there so what you see in the logs is > fine. > > It probably got added after the release. > https://github.com/apache/tomee/commit/eb2928435685d3e5fb184d0aa945efbfe06f26a4 > > The day after the release actually. > > 2/ You are correct I think. > We should upgrade to 2.2.4 > > Would you like to create the ticket and the PR? > It's fairly simple and would be awesome to have you fix it. > > If not, lemme know and I can do it. > > -- > Jean-Louis Monteiro > http://twitter.com/jlouismonteiro > http://www.tomitribe.com > > > On Fri, Dec 18, 2020 at 6:17 AM Bruce Heavey <[email protected]> > wrote: > > > Hi, > > > > > > > > We've recently upgraded from TomEE 1.7.5 up to TomEE 8.0.5 which > > has > > been a pretty smooth transition for us, but and I'm a bit puzzled > > by 2 things: > > > > > > 1. The list of changes in 8.0.5 ( > > https://github.com/apache/tomee/compare/tomee-8.0.5...master) > > indicates the version of Tomcat has bumped up to 9.0.40, but when > > my > > TomEE 8.0.5 starts up it looks like it's still using 9.0.39: > > "Server version name: > > Apache Tomcat (TomEE)/9.0.39 (8.0.5)". > > > > 2. Really happy to see CVE-2019-13990 addressed in TOMEE- > > 2672 ( > > https://issues.apache.org/jira/browse/TOMEE-2672). But TomEE 8.0.5 > > still seems to be shipping the old jar file not the new one with > > the fix in it. > > https://github.com/apache/tomee/blob/master/pom.xml should the > > version > > of quartz-openejb-shade have been bumped up to 2.2.4 when TOMEE- > > 2672 > > was fixed? In our local build we're currently replacing the old > > jar > > file with the new jar file to address the issue. > > > > > > > > Thanks in advance, > > > > Bruce > > -- Richard Zowalla, M.Sc. Research Associate, PhD Student | Medical Informatics Hochschule Heilbronn – University of Applied Sciences Max-Planck-Str. 39 D-74081 Heilbronn phone: +49 7131 504 6791 mail: [email protected] web: https://www.mi.hs-heilbronn.de/
smime.p7s
Description: S/MIME cryptographic signature
