Apache TomEE 9.1.1 Release Notes
Apache TomEE 9.1.1 has been released.
It is a maintenance release with some bug fixes and dependencies upgrades. The most notable change is dropping our own cxf-shade in favour of CXF 4.0.
It fixes the latest Tomcat vulnerabilities by back porting and patching Tomcat inside the TomEE build. This release still passes the EE9.1 TCK as well as the MicroProfile 5.0 TCK.
Dependency upgrade
-
TOMEE-4246 ActiveMQ 5.18.2
-
TOMEE-4230 Backport fix for CVE-2023-34981
-
TOMEE-4239 Backport fix for CVE-2023-41080
-
TOMEE-4235 Bouncy Castle 1.75
-
TOMEE-4243 Bouncy Castle 1.76
-
TOMEE-4139 CXF 4.0.3 (jakarta namespace)
-
TOMEE-4247 Hibernate 6.1.7
-
TOMEE-4227 Jackson 2.15.2
-
TOMEE-4228 Johnzon 1.2.21
-
TOMEE-4248 Mojarra 3.0.5
-
TOMEE-4254 Port fix for CVE-2023-42795
-
TOMEE-4255 Port fix for CVE-2023-44487
-
TOMEE-4256 Port fix for CVE-2023-45648
-
TOMEE-4249 SnakeYAML 2.2
-
TOMEE-4250 WSS4J 3.0.1
-
TOMEE-4232 bcprov-jdk15to18-1.74.jar
-
TOMEE-4251 xmlsec 3.0.2
Bug
-
TOMEE-4222 @LoginToContinue JSR-375 (JavaEE Security API) causes IllegalArgumentException
-
TOMEE-4225 Remove commons-net from TomEE distribution
-
TOMEE-4226 DataSource definition fails when @DataSourceDefinition doesn’t define url property
Improvement
-
TOMEE-4031 Improve TomEE Jmx Mbean Support for Parameter Names
Fixed Common Vulnerabilities and Exposures (CVEs)
-
TOMEE-4230 Backport fix for CVE-2023-34981
-
TOMEE-4254 Port fix for CVE-2023-42795
-
TOMEE-4227 Jackson 2.15.2