You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomee.apache.org by Jean-Louis Monteiro <jl...@tomitribe.com> on 2022/04/12 09:14:01 UTC
Time for a TomEE 8.0.11 maintenance release?
Hi all,
We have a couple of important fixes and the CVE (Tomcat at least).
Is it ok to do a release?
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
Re: Time for a TomEE 8.0.11 maintenance release?
Posted by Jean-Louis Monteiro <jl...@tomitribe.com>.
Thanks so much Richard
--
Jean-Louis Monteiro
http://twitter.com/jlouismonteiro
http://www.tomitribe.com
On Tue, Apr 12, 2022 at 2:45 PM Zowalla, Richard <
richard.zowalla@hs-heilbronn.de> wrote:
> As a short update: JL and myself discussed the idea by David from [1]
> via Slack. We will try out the 4-eye approach in order to share
> knowledge of doing releases for TomEE.
>
> I will take some notes during the process to put it back into up 2 date
> release documentation.
>
> Gruß
> Richard
>
> Am Dienstag, dem 12.04.2022 um 09:33 +0000 schrieb Zowalla, Richard:
> > +1
> >
> > Question: We once talked about sharing knowledge about doing releases
> > [1], so I am wondering, if we should use 8.0.11 as a pilot test for
> > this approach?
> >
> > For reference changes currently targeted for 8.0.11 (from Jira)
> > attached below.
> >
> > Gruß
> > Richard
> >
> > [1] https://lists.apache.org/thread/dj0s8lldxlkqnfy43hwnclzwbgv40xht
> >
> >
> > == Dependency upgrade
> >
> > [.compact]
> > - link:https://issues.apache.org/jira/browse/TOMEE-3872[TOMEE-3872]
> > Hibernate Integration 5.6.7
> > - link:https://issues.apache.org/jira/browse/TOMEE-3858[TOMEE-3858]
> > OpenJPA 3.2.2
> > - link:https://issues.apache.org/jira/browse/TOMEE-3841[TOMEE-3841]
> > SLF4J 1.7.36
> > - link:https://issues.apache.org/jira/browse/TOMEE-3845[TOMEE-3845]
> > Tomcat 9.0.59
> > - link:https://issues.apache.org/jira/browse/TOMEE-3855[TOMEE-3855]
> > Tomcat 9.0.60
> > - link:https://issues.apache.org/jira/browse/TOMEE-3856[TOMEE-3856]
> > jackson 2.13.2
> > - link:https://issues.apache.org/jira/browse/TOMEE-3893[TOMEE-3893]
> > jackson 2.13.2.2
> > - link:https://issues.apache.org/jira/browse/TOMEE-3886[TOMEE-3886]
> > tomcat 9.0.62
> >
> > == Bug
> >
> > [.compact]
> > - link:https://issues.apache.org/jira/browse/TOMEE-3892[TOMEE-3892]
> > TomEE Maven Plugin does not allow to override default "-ea" in
> > RemoteServer
> > - link:https://issues.apache.org/jira/browse/TOMEE-3871[TOMEE-3871]
> > TomEE Plume is missing BatchEE / JCS Cache
> > - link:https://issues.apache.org/jira/browse/TOMEE-3876[TOMEE-3876]
> > BOM generation corrupted under windows (slash problems)
> > - link:https://issues.apache.org/jira/browse/TOMEE-3848[TOMEE-3848]
> > Apache TomEE 8.0.6 onwards is packaged with quartz-2.2.4.jar
> > - link:https://issues.apache.org/jira/browse/TOMEE-3840[TOMEE-3840]
> > TomEE WebProfile 8.0.9 does not start with security enabled
> > - link:https://issues.apache.org/jira/browse/TOMEE-3860[TOMEE-3860]
> > Upgrade jackson-databind for CVE-2020-36518
> >
> > == Improvement
> >
> > [.compact]
> > - link:https://issues.apache.org/jira/browse/TOMEE-3851[TOMEE-3851]
> > Replace Google Analytics with ASF Matomo
> > - link:https://issues.apache.org/jira/browse/TOMEE-3842[TOMEE-3842]
> > GitHub Actions fails for PullRequest Builds due to BOM auto
> > generation
> > - link:https://issues.apache.org/jira/browse/TOMEE-3859[TOMEE-3859]
> > Update tomee.xml file so it refers to the right location
> >
> > == Task
> >
> > [.compact]
> > - link:https://issues.apache.org/jira/browse/TOMEE-3852[TOMEE-3852]
> > Review the website in regard to external embedding of resources (JS,
> > Fonts, CSS)
> > - link:https://issues.apache.org/jira/browse/TOMEE-3853[TOMEE-3853]
> > Link ASF Privacy Policy from TomEE Website
> >
> > == Documentation
> >
> > [.compact]
> > - link:https://issues.apache.org/jira/browse/TOMEE-3894[TOMEE-3894]
> > website generation broken under windows
> > - link:https://issues.apache.org/jira/browse/TOMEE-3854[TOMEE-3854]
> > Provide a first draft of a link collection page targeting
> > contributor/committer resources
> > - link:https://issues.apache.org/jira/browse/TOMEE-3888[TOMEE-3888]
> > Cleanup documentation
> > - link:https://issues.apache.org/jira/browse/TOMEE-3846[TOMEE-3846]
> > Inconsistence between tomee flavors comparison in website and actual
> > jars
> > - link:https://issues.apache.org/jira/browse/TOMEE-3847[TOMEE-3847]
> > Exception when building website from windows os
> > - link:https://issues.apache.org/jira/browse/TOMEE-3814[TOMEE-3814]
> > Commented SSL Connector fix for tomee server.xml
> >
> > == Fixed Common Vulnerabilities and Exposures (CVEs)
> >
> > [.compact]
> > - link:https://issues.apache.org/jira/browse/TOMEE-3893[TOMEE-3893]
> > Upgrade to jackson 2.13.2.2
> > - link:https://issues.apache.org/jira/browse/TOMEE-3856[TOMEE-3856]
> > Upgrade to jackson 2.13.2
> > - link:https://issues.apache.org/jira/browse/TOMEE-3860[TOMEE-3860]
> > Upgrade jackson-databind for CVE-2020-36518
> >
> >
> > Am Dienstag, dem 12.04.2022 um 11:14 +0200 schrieb Jean-Louis
> > Monteiro:
> > > Hi all,
> > >
> > > We have a couple of important fixes and the CVE (Tomcat at least).
> > > Is it ok to do a release?
> > > --
> > > Jean-Louis Monteiro
> > > http://twitter.com/jlouismonteiro
> > > http://www.tomitribe.com
>
Re: Time for a TomEE 8.0.11 maintenance release?
Posted by "Zowalla, Richard" <ri...@hs-heilbronn.de>.
As a short update: JL and myself discussed the idea by David from [1]
via Slack. We will try out the 4-eye approach in order to share
knowledge of doing releases for TomEE.
I will take some notes during the process to put it back into up 2 date
release documentation.
Gruß
Richard
Am Dienstag, dem 12.04.2022 um 09:33 +0000 schrieb Zowalla, Richard:
> +1
>
> Question: We once talked about sharing knowledge about doing releases
> [1], so I am wondering, if we should use 8.0.11 as a pilot test for
> this approach?
>
> For reference changes currently targeted for 8.0.11 (from Jira)
> attached below.
>
> Gruß
> Richard
>
> [1] https://lists.apache.org/thread/dj0s8lldxlkqnfy43hwnclzwbgv40xht
>
>
> == Dependency upgrade
>
> [.compact]
> - link:https://issues.apache.org/jira/browse/TOMEE-3872[TOMEE-3872]
> Hibernate Integration 5.6.7
> - link:https://issues.apache.org/jira/browse/TOMEE-3858[TOMEE-3858]
> OpenJPA 3.2.2
> - link:https://issues.apache.org/jira/browse/TOMEE-3841[TOMEE-3841]
> SLF4J 1.7.36
> - link:https://issues.apache.org/jira/browse/TOMEE-3845[TOMEE-3845]
> Tomcat 9.0.59
> - link:https://issues.apache.org/jira/browse/TOMEE-3855[TOMEE-3855]
> Tomcat 9.0.60
> - link:https://issues.apache.org/jira/browse/TOMEE-3856[TOMEE-3856]
> jackson 2.13.2
> - link:https://issues.apache.org/jira/browse/TOMEE-3893[TOMEE-3893]
> jackson 2.13.2.2
> - link:https://issues.apache.org/jira/browse/TOMEE-3886[TOMEE-3886]
> tomcat 9.0.62
>
> == Bug
>
> [.compact]
> - link:https://issues.apache.org/jira/browse/TOMEE-3892[TOMEE-3892]
> TomEE Maven Plugin does not allow to override default "-ea" in
> RemoteServer
> - link:https://issues.apache.org/jira/browse/TOMEE-3871[TOMEE-3871]
> TomEE Plume is missing BatchEE / JCS Cache
> - link:https://issues.apache.org/jira/browse/TOMEE-3876[TOMEE-3876]
> BOM generation corrupted under windows (slash problems)
> - link:https://issues.apache.org/jira/browse/TOMEE-3848[TOMEE-3848]
> Apache TomEE 8.0.6 onwards is packaged with quartz-2.2.4.jar
> - link:https://issues.apache.org/jira/browse/TOMEE-3840[TOMEE-3840]
> TomEE WebProfile 8.0.9 does not start with security enabled
> - link:https://issues.apache.org/jira/browse/TOMEE-3860[TOMEE-3860]
> Upgrade jackson-databind for CVE-2020-36518
>
> == Improvement
>
> [.compact]
> - link:https://issues.apache.org/jira/browse/TOMEE-3851[TOMEE-3851]
> Replace Google Analytics with ASF Matomo
> - link:https://issues.apache.org/jira/browse/TOMEE-3842[TOMEE-3842]
> GitHub Actions fails for PullRequest Builds due to BOM auto
> generation
> - link:https://issues.apache.org/jira/browse/TOMEE-3859[TOMEE-3859]
> Update tomee.xml file so it refers to the right location
>
> == Task
>
> [.compact]
> - link:https://issues.apache.org/jira/browse/TOMEE-3852[TOMEE-3852]
> Review the website in regard to external embedding of resources (JS,
> Fonts, CSS)
> - link:https://issues.apache.org/jira/browse/TOMEE-3853[TOMEE-3853]
> Link ASF Privacy Policy from TomEE Website
>
> == Documentation
>
> [.compact]
> - link:https://issues.apache.org/jira/browse/TOMEE-3894[TOMEE-3894]
> website generation broken under windows
> - link:https://issues.apache.org/jira/browse/TOMEE-3854[TOMEE-3854]
> Provide a first draft of a link collection page targeting
> contributor/committer resources
> - link:https://issues.apache.org/jira/browse/TOMEE-3888[TOMEE-3888]
> Cleanup documentation
> - link:https://issues.apache.org/jira/browse/TOMEE-3846[TOMEE-3846]
> Inconsistence between tomee flavors comparison in website and actual
> jars
> - link:https://issues.apache.org/jira/browse/TOMEE-3847[TOMEE-3847]
> Exception when building website from windows os
> - link:https://issues.apache.org/jira/browse/TOMEE-3814[TOMEE-3814]
> Commented SSL Connector fix for tomee server.xml
>
> == Fixed Common Vulnerabilities and Exposures (CVEs)
>
> [.compact]
> - link:https://issues.apache.org/jira/browse/TOMEE-3893[TOMEE-3893]
> Upgrade to jackson 2.13.2.2
> - link:https://issues.apache.org/jira/browse/TOMEE-3856[TOMEE-3856]
> Upgrade to jackson 2.13.2
> - link:https://issues.apache.org/jira/browse/TOMEE-3860[TOMEE-3860]
> Upgrade jackson-databind for CVE-2020-36518
>
>
> Am Dienstag, dem 12.04.2022 um 11:14 +0200 schrieb Jean-Louis
> Monteiro:
> > Hi all,
> >
> > We have a couple of important fixes and the CVE (Tomcat at least).
> > Is it ok to do a release?
> > --
> > Jean-Louis Monteiro
> > http://twitter.com/jlouismonteiro
> > http://www.tomitribe.com
Re: Time for a TomEE 8.0.11 maintenance release?
Posted by "Zowalla, Richard" <ri...@hs-heilbronn.de>.
+1
Question: We once talked about sharing knowledge about doing releases
[1], so I am wondering, if we should use 8.0.11 as a pilot test for
this approach?
For reference changes currently targeted for 8.0.11 (from Jira)
attached below.
Gruß
Richard
[1] https://lists.apache.org/thread/dj0s8lldxlkqnfy43hwnclzwbgv40xht
== Dependency upgrade
[.compact]
- link:https://issues.apache.org/jira/browse/TOMEE-3872[TOMEE-3872]
Hibernate Integration 5.6.7
- link:https://issues.apache.org/jira/browse/TOMEE-3858[TOMEE-3858]
OpenJPA 3.2.2
- link:https://issues.apache.org/jira/browse/TOMEE-3841[TOMEE-3841]
SLF4J 1.7.36
- link:https://issues.apache.org/jira/browse/TOMEE-3845[TOMEE-3845]
Tomcat 9.0.59
- link:https://issues.apache.org/jira/browse/TOMEE-3855[TOMEE-3855]
Tomcat 9.0.60
- link:https://issues.apache.org/jira/browse/TOMEE-3856[TOMEE-3856]
jackson 2.13.2
- link:https://issues.apache.org/jira/browse/TOMEE-3893[TOMEE-3893]
jackson 2.13.2.2
- link:https://issues.apache.org/jira/browse/TOMEE-3886[TOMEE-3886]
tomcat 9.0.62
== Bug
[.compact]
- link:https://issues.apache.org/jira/browse/TOMEE-3892[TOMEE-3892]
TomEE Maven Plugin does not allow to override default "-ea" in RemoteServer
- link:https://issues.apache.org/jira/browse/TOMEE-3871[TOMEE-3871]
TomEE Plume is missing BatchEE / JCS Cache
- link:https://issues.apache.org/jira/browse/TOMEE-3876[TOMEE-3876]
BOM generation corrupted under windows (slash problems)
- link:https://issues.apache.org/jira/browse/TOMEE-3848[TOMEE-3848]
Apache TomEE 8.0.6 onwards is packaged with quartz-2.2.4.jar
- link:https://issues.apache.org/jira/browse/TOMEE-3840[TOMEE-3840]
TomEE WebProfile 8.0.9 does not start with security enabled
- link:https://issues.apache.org/jira/browse/TOMEE-3860[TOMEE-3860]
Upgrade jackson-databind for CVE-2020-36518
== Improvement
[.compact]
- link:https://issues.apache.org/jira/browse/TOMEE-3851[TOMEE-3851]
Replace Google Analytics with ASF Matomo
- link:https://issues.apache.org/jira/browse/TOMEE-3842[TOMEE-3842]
GitHub Actions fails for PullRequest Builds due to BOM auto generation
- link:https://issues.apache.org/jira/browse/TOMEE-3859[TOMEE-3859]
Update tomee.xml file so it refers to the right location
== Task
[.compact]
- link:https://issues.apache.org/jira/browse/TOMEE-3852[TOMEE-3852]
Review the website in regard to external embedding of resources (JS, Fonts, CSS)
- link:https://issues.apache.org/jira/browse/TOMEE-3853[TOMEE-3853]
Link ASF Privacy Policy from TomEE Website
== Documentation
[.compact]
- link:https://issues.apache.org/jira/browse/TOMEE-3894[TOMEE-3894]
website generation broken under windows
- link:https://issues.apache.org/jira/browse/TOMEE-3854[TOMEE-3854]
Provide a first draft of a link collection page targeting contributor/committer resources
- link:https://issues.apache.org/jira/browse/TOMEE-3888[TOMEE-3888]
Cleanup documentation
- link:https://issues.apache.org/jira/browse/TOMEE-3846[TOMEE-3846]
Inconsistence between tomee flavors comparison in website and actual jars
- link:https://issues.apache.org/jira/browse/TOMEE-3847[TOMEE-3847]
Exception when building website from windows os
- link:https://issues.apache.org/jira/browse/TOMEE-3814[TOMEE-3814]
Commented SSL Connector fix for tomee server.xml
== Fixed Common Vulnerabilities and Exposures (CVEs)
[.compact]
- link:https://issues.apache.org/jira/browse/TOMEE-3893[TOMEE-3893]
Upgrade to jackson 2.13.2.2
- link:https://issues.apache.org/jira/browse/TOMEE-3856[TOMEE-3856]
Upgrade to jackson 2.13.2
- link:https://issues.apache.org/jira/browse/TOMEE-3860[TOMEE-3860]
Upgrade jackson-databind for CVE-2020-36518
Am Dienstag, dem 12.04.2022 um 11:14 +0200 schrieb Jean-Louis Monteiro:
> Hi all,
>
> We have a couple of important fixes and the CVE (Tomcat at least).
> Is it ok to do a release?
> --
> Jean-Louis Monteiro
> http://twitter.com/jlouismonteiro
> http://www.tomitribe.com