Apache TomEE

Apache TomEE 9.0.0 has been released.

We are very proud to release Apache TomEE 9.0.0 It’s been almost a year since we certified TomEE using a bytecode enhancement approach. Even though it worked, it introduced a lot of restrictions especially with tooling such as IDE, Arquillian, Embedded container, etc.

Thus, we started migrating the entire TomEE codebase to the new jakarta namespace and 9.0.0 is the result of this work.

We fully pass the entire TCK for the Jakarta EE 9.1 Web Profile and - as a cherry on the cake - we decided to address a long time request to support a newer version of MicroProfil. Thus, we are pleased to announce that TomEE 9.0.0 is fully MicroProfile 5.0 compliant.

In addition, we fixed a couple of bugs and did some dependency upgrades.

Thank you to everyone who contributed to this release, including all of our users and the people who submitted bug reports, contributed code or documentation enhancements.

Dependency upgrade

TOMEE-4132 commons-compress 1.22
TOMEE-4127 CXF 3.5.5
TOMEE-4125 CXF versions mitigate CVE-2022-46364 and CVE-2022-46363
TOMEE-4081 Jackson 2.13.4
TOMEE-4107 Jackson 2.14.0
TOMEE-4131 Jackson 2.14.1
TOMEE-4109 Velocity 2.3
TOMEE-4082 Woodstox 6.2.6
TOMEE-4110 Woodstox 6.4.0 (CVE-2022-40152)
TOMEE-4111 bcel component
TOMEE-4103 woodstox-core mitigate CVE-2022-40153

New Feature

TOMEE-4123 Implement @AroundConstruct from Interceptor 1.2
TOMEE-4068 MicroProfile 5.0
TOMEE-4069 MicroProfile Config 3.0
TOMEE-3946 MicroProfile JWT 2.0
TOMEE-4070 MicroProfile Fault Tolerance 4.0
TOMEE-4071 MicroProfile Health 4.0
TOMEE-4072 MicroProfile Metrics 4.0
TOMEE-4050 Retry and Refresh for MP JWT keys supplied via HTTP
TOMEE-4073 MicroProfile Rest Client 3.0
TOMEE-4074 MicroProfile OpenAPI 3.0
TOMEE-4075 MicroProfile OpenTracing 3.0
TOMEE-4076 Public Keys in OpenSSH format
TOMEE-4077 Public Keys in SSH2 format
TOMEE-4078 RSA keys PKCS 1 format
TOMEE-4079 Elliptic Curve JWS and JWE

Bug

TOMEE-4065 LoginToContinue interceptor fails on custom auth mechanism
TOMEE-4119 TomEEJsonbProvider triggered for / mime types
TOMEE-4135 Unable to see TomEE version in Tomcat home page with Java 17
TOMEE-4117 MicroProfile OpenAPI not generating model

Improvement

TOMEE-4124 Remove timing of timing just for logging
TOMEE-4080 Improved Logging for Public and Private Key resolution

Documentation

TOMEE-4104 Documentation Website: XA DataSource Configuration: Bug in MySQL Sample Code
TOMEE-3733 TCK Results page for website

Sub-task

TOMEE-3950 Support for JWT token cookies
TOMEE-3951 JWT token groups claim is now optional
TOMEE-3952 Deprecate RSA keys of 1024 bit length

Fixed Common Vulnerabilities and Exposures (CVEs)

TOMEE-4125 Update Apache CXF versions to mitigate CVE-2022-46364 and CVE-2022-46363
TOMEE-4103 Update woodstox-core to mitigate CVE-2022-40153
TOMEE-4111 Upgrade bcel component in TomEE