You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomee.apache.org by Jonathan Gallimore <jo...@gmail.com> on 2019/09/25 10:22:25 UTC

[RESULT][VOTE] Release quartz-openejb-shade 2.2.4

Hi

Thanks for the reviews and votes. We've had 3 binding +1 votes:

Jean-Louis Monteiro
David Blevins
Jonathan Gallimore

and no other votes, so this vote has passed, and I'll promote the artifacts.

Thanks

Jon

On Sun, Sep 8, 2019 at 9:26 PM Jonathan Gallimore <
jonathan.gallimore@gmail.com> wrote:

> Hi
>
> This is a vote for releasing an updated quartz-openejb-shade jar. This is
> used by OpenEJB core to provide EJB timer services. We shade quartz to
> avoid conflicts if users provide it in their applications themselves.
> Quartz itself was vulnerable to an External XML Entity Processing issue
> (XXE), and in turn, so is our shaded version. This release shades an up to
> date Quartz package with the XXE fixed.
>
> *Sources*
>
> https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4-source-release.zip
>
> *Binary*
>
> https://repository.apache.org/content/repositories/orgapachetomee-1144/org/apache/openejb/shade/quartz-openejb-shade/2.2.4/quartz-openejb-shade-2.2.4.jar
>
> *Change*
> https://issues.apache.org/jira/browse/TOMEE-2672 (still open as the
> update in TomEE will refer to this as well).
>
> Please VOTE
> [+1] all fine, ship it
> [+0] don't care
> [-1] stop, because ${reason}
>
> The VOTE is open for 72h.
>
> Many thanks
>
> Jon
>