Apache TomEE 9.1.0 Release Notes
Apache TomEE 9.1.0 has been released.
It is a maintenance release with some bug fixes and dependencies upgrades (MicroProfile 5, ActiveMQ, Johnzon, XBean, etc).
It fixes the latest Tomcat vulnerabilities (CVE-2023-28708, CVE-2023-24998, CVE-2023-28709) by back porting and patching Tomcat inside the TomEE build.
Dependency upgrade
-
TOMEE-4217 Arquillian 1.7.0.Final
-
TOMEE-4204 Bouncycastle 1.73
-
TOMEE-4187 Commons FileUpload 1.5
-
TOMEE-4218 HSQLDB 2.7.2
-
TOMEE-4221 JUnit 5.9.3
-
TOMEE-4212 Jackson 2.15.0
-
TOMEE-4216 Jackson 2.15.1
-
TOMEE-4208 Johnzon 1.2.20
-
TOMEE-4205 Jose4j 0.9.3
-
TOMEE-4203 Microprofile Config API 3.0.3, Fault Tolerance Impl 6.2.2, OpenTracing Impl 3.0.3
-
TOMEE-4141 SmallRye on 9.x branch
-
TOMEE-4061 Wrap up updates for TomEE 9.x
-
TOMEE-4220 log4j 2.20.0 (integration)
-
TOMEE-4213 snakeyaml version 2.0 mitigate CVE-2022-1471
-
TOMEE-4219 xbeans 4.23
Bug
-
TOMEE-4181 BCProv jar loses its signature during the patch process
-
TOMEE-4183 TomEE 9.0.0 is not creating service in Windows 10 incompatible software
-
TOMEE-4189 java.lang.ClassNotFoundException: org.apache.openejb.loader.SystemInstance
-
TOMEE-4192 ApplicationComposers do not clear GC references on release
-
TOMEE-4174 Port TOMEE-3779 to 9.x
-
TOMEE-4199 jakartaee-api with tomcat classifier has too much in it
-
TOMEE-4112 Performance Regression in bean resolution in EAR files
Improvement
-
TOMEE-4200 Use ActiveMQ client jakarta instead of shading it in TomEE
-
TOMEE-4202 Backport CVE fixes of Tomcat 10.1.x to 10.0.27
Task
-
TOMEE-4053 Dependency properties cleanup
Documentation
-
TOMEE-4186 Update download page for discontinued branches
Wish
-
TOMEE-4190 RunWithApplicationComposer should support inheritance
Fixed Common Vulnerabilities and Exposures (CVEs)
-
TOMEE-4187 Commons FileUpload 1.5
-
TOMEE-4202 Backport CVE fixes of Tomcat 10.1.x to 10.0.27