blob: c59bfbc4e3226fdffd2ff33e87dc2cbd5adf8394 [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Apache TomEE</title>
<meta name="description"
content="Apache TomEE is a lightweight, yet powerful, JavaEE Application server with feature rich tooling." />
<meta name="keywords" content="tomee,asf,apache,javaee,jee,shade,embedded,test,junit,applicationcomposer,maven,arquillian" />
<meta name="author" content="Luka Cvetinovic for Codrops" />
<link rel="icon" href="../favicon.ico">
<link rel="icon" type="image/png" href="../favicon.png">
<meta name="msapplication-TileColor" content="#80287a">
<meta name="theme-color" content="#80287a">
<link rel="stylesheet" type="text/css" href="../css/normalize.css">
<link rel="stylesheet" type="text/css" href="../css/bootstrap.css">
<link rel="stylesheet" type="text/css" href="../css/owl.css">
<link rel="stylesheet" type="text/css" href="../css/animate.css">
<link rel="stylesheet" type="text/css" href="../fonts/font-awesome-4.1.0/css/font-awesome.min.css">
<link rel="stylesheet" type="text/css" href="../fonts/eleganticons/et-icons.css">
<link rel="stylesheet" type="text/css" href="../css/jqtree.css">
<link rel="stylesheet" type="text/css" href="../css/idea.css">
<link rel="stylesheet" type="text/css" href="../css/cardio.css">
<script type="text/javascript">
<!-- Matomo -->
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
/* We explicitly disable cookie tracking to avoid privacy issues */
_paq.push(['disableCookies']);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function () {
var u = "//matomo.privacy.apache.org/";
_paq.push(['setTrackerUrl', u + 'matomo.php']);
_paq.push(['setSiteId', '5']);
var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
g.async = true;
g.src = u + 'matomo.js';
s.parentNode.insertBefore(g, s);
})();
<!-- End Matomo Code -->
</script>
</head>
<body>
<div class="preloader">
<img src="../img/loader.gif" alt="Preloader image">
</div>
<nav class="navbar">
<div class="container">
<div class="row"> <div class="col-md-12">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/" title="Apache TomEE">
<span>
<img
src="../img/apache_tomee-logo.svg"
onerror="this.src='../img/apache_tomee-logo.jpg'"
height="50"
>
</span>
</a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav navbar-right main-nav">
<li><a href="../docs.html">Documentation</a></li>
<li><a href="../community/index.html">Community</a></li>
<li><a href="../security/security.html">Security</a></li>
<li><a class="btn btn-accent accent-orange no-shadow" href="../download.html">Downloads</a></li>
</ul>
</div>
<!-- /.navbar-collapse -->
</div></div>
</div>
<!-- /.container-fluid -->
</nav>
<div id="main-block" class="container main-block">
<div class="row title">
<div class="col-md-12">
<div class='page-header'>
<h1>Apache TomEE 8.0.13 Release Notes</h1>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div id="preamble">
<div class="sectionbody">
<div class="paragraph">
<p>Apache TomEE 8.0.13 has been released. It is a maintenance release with some bug fixes and dependencies upgrades.</p>
</div>
<div class="paragraph">
<p>Thank you to everyone who contributed to this release, including all of our users and the people who submitted bug reports, contributed code or documentation enhancements.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_dependency_upgrade">Dependency upgrade</h2>
<div class="sectionbody">
<div class="ulist compact">
<ul>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-3985">TOMEE-3985</a> BatchEE 1.0.2</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4057">TOMEE-4057</a> CXF 3.4.8</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-3800">TOMEE-3800</a> DBCP 2.9.0</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4059">TOMEE-4059</a> EclipseLink 2.7.11</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4063">TOMEE-4063</a> Geronimo Transaction Manager 3.1.5</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4019">TOMEE-4019</a> HSQLDB 2.7.0</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-3986">TOMEE-3986</a> Hibernate Integration 5.6.9.Final</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4042">TOMEE-4042</a> Jackson 2.13.4</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4067">TOMEE-4067</a> Jackson 2.14.0-rc1</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4020">TOMEE-4020</a> Jakarta Faces 2.3.18</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4026">TOMEE-4026</a> Johnzon 1.2.19</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4030">TOMEE-4030</a> Log4J2 2.18.0</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-3998">TOMEE-3998</a> MyFaces 2.3.10</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4044">TOMEE-4044</a> Snakeyaml 1.32</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4054">TOMEE-4054</a> Snakeyaml 1.33</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4002">TOMEE-4002</a> Tomcat 9.0.64</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4051">TOMEE-4051</a> Tomcat 9.0.65</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4060">TOMEE-4060</a> Tomcat 9.0.67</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4087">TOMEE-4087</a> Tomcat 9.0.68</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4018">TOMEE-4018</a> bcprov-jdk15on 1.70</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4085">TOMEE-4085</a> commons-cli 1.5.0</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_new_feature">New Feature</h2>
<div class="sectionbody">
<div class="ulist compact">
<ul>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-3928">TOMEE-3928</a> Example for properties provider</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_bug">Bug</h2>
<div class="sectionbody">
<div class="ulist compact">
<ul>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4021">TOMEE-4021</a> Unexpected ehcache 3.8.1 in tomee/lib</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-3850">TOMEE-3850</a> HTTP(S) connections are not reused</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4014">TOMEE-4014</a> Unable to see TomEE version in Tomcat home page with Java 17</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-3979">TOMEE-3979</a> service.bat issue when using JRE_HOME on Windows</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4041">TOMEE-4041</a> 4 CVE Vulnerabilities in snakeyaml-1.30.jar </p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4001">TOMEE-4001</a> CVE-2022-34305 displaying user provided data without filtering, exposing a XSS vulnerability</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_improvement">Improvement</h2>
<div class="sectionbody">
<div class="ulist compact">
<ul>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-3878">TOMEE-3878</a> Backport 'No interface view EJB proxies broken on JDK16+' [TOMEE-3877] to TomEE 8.x</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_task">Task</h2>
<div class="sectionbody">
<div class="ulist compact">
<ul>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4064">TOMEE-4064</a> OpenJPA 3.2.2 (examples), EclipseLink 2.7.11 (examples), Derby 10.14.2.0</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4022">TOMEE-4022</a> Move to Apache Rat</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4056">TOMEE-4056</a> Log4J2 2.19.0</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4058">TOMEE-4058</a> Update Krazo, DeltaSpike and Hibernate</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-3914">TOMEE-3914</a> Spring 3 Dependencies in TomEE Root POM</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4088">TOMEE-4088</a> Add workaround for CVE-2022-41853 (hsqldb)</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_documentation">Documentation</h2>
<div class="sectionbody">
<div class="ulist compact">
<ul>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4023">TOMEE-4023</a> Comparison pages with wrong specs per profiles</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-3981">TOMEE-3981</a> update javadoc to reflect updates on Jakarta EE</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_fixed_common_vulnerabilities_and_exposures_cves">Fixed Common Vulnerabilities and Exposures (CVEs)</h2>
<div class="sectionbody">
<div class="ulist compact">
<ul>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4041">TOMEE-4041</a> 4 CVE Vulnerabilities in snakeyaml-1.30.jar</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4001">TOMEE-4001</a> CVE-2022-34305 displaying user provided data without filtering, exposing a XSS vulnerability</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4088">TOMEE-4088</a> Add workaround for CVE-2022-41853 (hsqldb)</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_additional_information">Additional Information</h2>
<div class="sectionbody">
<div class="paragraph">
<p><strong>Please note:</strong></p>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
(1) CVE-2022-42003 (jackson-databind): Users are only affected, if <code>UNWRAP_SINGLE_VALUE_ARRAYS</code> is enabled. Mitigation is included in 2.14.0-rc1. As per list discussion we are fine shipping an RC version.
</td>
</tr>
</table>
</div>
<div class="admonitionblock important">
<table>
<tr>
<td class="icon">
<i class="fa icon-important" title="Important"></i>
</td>
<td class="content">
(2) CVE-2022-41853 (hsqldb): As v2.7.1 wasn&#8217;t available at voting time, TomEE sets "hsqldb.method_class_names" to an invalid value to mitigate the vulnerability. Users can override the property as needed.
</td>
</tr>
</table>
</div>
</div>
</div>
</div>
</div>
</div>
<div style="margin-bottom: 30px;"></div>
<footer>
<div class="container">
<div class="row">
<div class="col-sm-6 text-center-mobile">
<h3 class="white">Be simple. Be certified. Be Tomcat.</h3>
<h5 class="light regular light-white">"A good application in a good server"</h5>
<ul class="social-footer">
<li><a href="https://www.facebook.com/ApacheTomEE/"><i class="fa fa-facebook"></i></a></li>
<li><a href="https://twitter.com/apachetomee"><i class="fa fa-twitter"></i></a></li>
</ul>
<h5 class="light regular light-white">
<a href="../privacy-policy.html" class="white">Privacy Policy</a>
</h5>
</div>
<div class="col-sm-6 text-center-mobile">
<div class="row opening-hours">
<div class="col-sm-3 text-center-mobile">
<h5><a href="../latest/docs/" class="white">Documentation</a></h5>
<ul class="list-unstyled">
<li><a href="../latest/docs/admin/configuration/index.html" class="regular light-white">How to configure</a></li>
<li><a href="../latest/docs/admin/file-layout.html" class="regular light-white">Dir. Structure</a></li>
<li><a href="../latest/docs/developer/testing/index.html" class="regular light-white">Testing</a></li>
<li><a href="../latest/docs/admin/cluster/index.html" class="regular light-white">Clustering</a></li>
</ul>
</div>
<div class="col-sm-3 text-center-mobile">
<h5><a href="../latest/examples/" class="white">Examples</a></h5>
<ul class="list-unstyled">
<li><a href="../latest/examples/simple-cdi-interceptor.html" class="regular light-white">CDI Interceptor</a></li>
<li><a href="../latest/examples/rest-cdi.html" class="regular light-white">REST with CDI</a></li>
<li><a href="../latest/examples/ejb-examples.html" class="regular light-white">EJB</a></li>
<li><a href="../latest/examples/jsf-managedBean-and-ejb.html" class="regular light-white">JSF</a></li>
</ul>
</div>
<div class="col-sm-3 text-center-mobile">
<h5><a href="../community/index.html" class="white">Community</a></h5>
<ul class="list-unstyled">
<li><a href="../community/contributors.html" class="regular light-white">Contributors</a></li>
<li><a href="../community/social.html" class="regular light-white">Social</a></li>
<li><a href="../community/sources.html" class="regular light-white">Sources</a></li>
</ul>
</div>
<div class="col-sm-3 text-center-mobile">
<h5><a href="../security/index.html" class="white">Security</a></h5>
<ul class="list-unstyled">
<li><a href="https://apache.org/security" target="_blank" class="regular light-white">Apache Security</a></li>
<li><a href="https://apache.org/security/projects.html" target="_blank" class="regular light-white">Security Projects</a></li>
<li><a href="https://cve.mitre.org" target="_blank" class="regular light-white">CVE</a></li>
</ul>
</div>
</div>
</div>
</div>
<div class="row bottom-footer text-center-mobile">
<div class="col-sm-12 light-white">
<p>Copyright &copy; 1999-2022 The Apache Software Foundation, Licensed under the Apache License, Version 2.0. Apache TomEE, TomEE, Apache, the Apache feather logo, and the Apache TomEE project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</p>
</div>
</div>
</div>
</footer>
<!-- Holder for mobile navigation -->
<div class="mobile-nav">
<ul>
<li><a hef="../latest/docs/admin/index.html">Administrators</a>
<li><a hef="../latest/docs/developer/index.html">Developers</a>
<li><a hef="../latest/docs/advanced/index.html">Advanced</a>
<li><a hef="../community/index.html">Community</a>
</ul>
<a href="#" class="close-link"><i class="arrow_up"></i></a>
</div>
<!-- Scripts -->
<script src="../js/jquery-1.11.1.min.js"></script>
<script src="../js/owl.carousel.min.js"></script>
<script src="../js/bootstrap.min.js"></script>
<script src="../js/wow.min.js"></script>
<script src="../js/typewriter.js"></script>
<script src="../js/jquery.onepagenav.js"></script>
<script src="../js/tree.jquery.js"></script>
<script src="../js/highlight.pack.js"></script>
<script src="../js/main.js"></script>
</body>
</html>