> Hi,
>
> thanks for the update. Just got the push notification from GitHub.
>
> I have fixed the compile issues (sorry!) related to Quartz and opened a
> new PR:
https://github.com/apache/tomee/pull/743. This is now inline
> with the update conducted for 7.1.x and 7.0.x.
>
> Gruss
> Richard
>
> Am Mittwoch, den 23.12.2020, 13:26 +0100 schrieb Jean-Louis Monteiro:
> > Thanks Richard,
> >
> > I first merged the PR, but had to revert the version because of some
> > compilation issues. I don't think it's hard to fix, but I'll have to
> > look
> > later
> > --
> > Jean-Louis Monteiro
> >
http://twitter.com/jlouismonteiro> >
http://www.tomitribe.com> >
> >
> > On Mon, Dec 21, 2020 at 8:39 AM Zowalla, Richard <
> >
[hidden email]> wrote:
> >
> > > I created a related PR
https://github.com/apache/tomee/pull/742> > >
> > > Gruss
> > > Richard
> > >
> > > Am Montag, den 21.12.2020, 00:18 +0000 schrieb Bruce Heavey:
> > > > I don’t really feel comfortable making contributions yet sorry -
> > > > better to leave that to the experts!
> > > >
> > > > But I’m happy to raise the JIRA ticket, I've created TOMEE 2947
> > > > for
> > > > this, cheers!
> > > >
https://issues.apache.org/jira/browse/TOMEE-2947> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Jean-Louis Monteiro <
[hidden email]>
> > > > Sent: Friday, 18 December 2020 6:11 PM
> > > > To:
[hidden email]
> > > > Subject: Re: TomEE 8.0.5 tomcat/quartz-openejb-shade dependency
> > > > versions
> > > >
> > > > Hi Bruce,
> > > >
> > > > Glad the upgrade went well.
> > > >
> > > > 1/ I checked the pom file of the 8.0.5
> > > >
https://github.com/apache/tomee/blob/tomee-8.0.5/pom.xml#L148> > > > Tomcat seems to be 9.0.39 in there so what you see in the logs is
> > > > fine.
> > > >
> > > > It probably got added after the release.
> > > >
> > >
>
https://github.com/apache/tomee/commit/eb2928435685d3e5fb184d0aa945efbfe06f26a4> > > > The day after the release actually.
> > > >
> > > > 2/ You are correct I think.
> > > > We should upgrade to 2.2.4
> > > >
> > > > Would you like to create the ticket and the PR?
> > > > It's fairly simple and would be awesome to have you fix it.
> > > >
> > > > If not, lemme know and I can do it.
> > > >
> > > > --
> > > > Jean-Louis Monteiro
> > > >
http://twitter.com/jlouismonteiro> > > >
http://www.tomitribe.com> > > >
> > > >
> > > > On Fri, Dec 18, 2020 at 6:17 AM Bruce Heavey <
[hidden email]>
> > > > wrote:
> > > >
> > > > > Hi,
> > > > >
> > > > >
> > > > >
> > > > > We've recently upgraded from TomEE 1.7.5 up to TomEE 8.0.5
> > > > > which
> > > > > has
> > > > > been a pretty smooth transition for us, but and I'm a bit
> > > > > puzzled
> > > > > by 2 things:
> > > > >
> > > > >
> > > > > 1. The list of changes in 8.0.5 (
> > > > >
https://github.com/apache/tomee/compare/tomee-8.0.5...master)
> > > > > indicates the version of Tomcat has bumped up to 9.0.40, but
> > > > > when
> > > > > my
> > > > > TomEE 8.0.5 starts up it looks like it's still using 9.0.39:
> > > > > "Server version name:
> > > > > Apache Tomcat (TomEE)/9.0.39 (8.0.5)".
> > > > >
> > > > > 2. Really happy to see CVE-2019-13990 addressed in
> > > > > TOMEE-
> > > > > 2672 (
> > > > >
https://issues.apache.org/jira/browse/TOMEE-2672). But TomEE
> > > > > 8.0.5
> > > > > still seems to be shipping the old jar file not the new one
> > > > > with
> > > > > the fix in it.
> > > > >
https://github.com/apache/tomee/blob/master/pom.xml should the
> > > > > version
> > > > > of quartz-openejb-shade have been bumped up to 2.2.4 when
> > > > > TOMEE-
> > > > > 2672
> > > > > was fixed? In our local build we're currently replacing the old
> > > > > jar
> > > > > file with the new jar file to address the issue.
> > > > >
> > > > >
> > > > >
> > > > > Thanks in advance,
> > > > >
> > > > > Bruce
> > > > >
> > > --
> > > Richard Zowalla, M.Sc.
> > > Research Associate, PhD Student | Medical Informatics
> > >
> > > Hochschule Heilbronn – University of Applied Sciences
> > > Max-Planck-Str. 39
> > > D-74081 Heilbronn
> > > phone: +49 7131 504 6791
> > > mail:
[hidden email]
> > > web:
https://www.mi.hs-heilbronn.de/> > >
> --
> Richard Zowalla, M.Sc.
> Research Associate, PhD Student | Medical Informatics
>
> Hochschule Heilbronn – University of Applied Sciences
> Max-Planck-Str. 39
> D-74081 Heilbronn
> phone: +49 7131 504 6791
> mail:
[hidden email]
> web:
https://www.mi.hs-heilbronn.de/>