9.1.1/release-notes.html (294 lines of code) (raw):
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Apache TomEE</title>
<meta name="description"
content="Apache TomEE is a lightweight, yet powerful, JavaEE Application server with feature rich tooling." />
<meta name="keywords" content="tomee,asf,apache,javaee,jee,shade,embedded,test,junit,applicationcomposer,maven,arquillian" />
<meta name="author" content="Luka Cvetinovic for Codrops" />
<link rel="icon" href="../favicon.ico">
<link rel="icon" type="image/png" href="../favicon.png">
<meta name="msapplication-TileColor" content="#80287a">
<meta name="theme-color" content="#80287a">
<link rel="stylesheet" type="text/css" href="../css/normalize.css">
<link rel="stylesheet" type="text/css" href="../css/bootstrap.css">
<link rel="stylesheet" type="text/css" href="../css/owl.css">
<link rel="stylesheet" type="text/css" href="../css/animate.css">
<link rel="stylesheet" type="text/css" href="../fonts/font-awesome-4.1.0/css/font-awesome.min.css">
<link rel="stylesheet" type="text/css" href="../fonts/eleganticons/et-icons.css">
<link rel="stylesheet" type="text/css" href="../css/jqtree.css">
<link rel="stylesheet" type="text/css" href="../css/idea.css">
<link rel="stylesheet" type="text/css" href="../css/cardio.css">
<script type="text/javascript">
<!-- Matomo -->
var _paq = window._paq = window._paq || [];
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
/* We explicitly disable cookie tracking to avoid privacy issues */
_paq.push(['disableCookies']);
_paq.push(['trackPageView']);
_paq.push(['enableLinkTracking']);
(function () {
var u = "//analytics.apache.org/";
_paq.push(['setTrackerUrl', u + 'matomo.php']);
_paq.push(['setSiteId', '5']);
var d = document, g = d.createElement('script'), s = d.getElementsByTagName('script')[0];
g.async = true;
g.src = u + 'matomo.js';
s.parentNode.insertBefore(g, s);
})();
<!-- End Matomo Code -->
</script>
</head>
<body>
<div class="preloader">
<img src="../img/loader.gif" alt="Preloader image">
</div>
<nav class="navbar">
<div class="container">
<div class="row"> <div class="col-md-12">
<!-- Brand and toggle get grouped for better mobile display -->
<div class="navbar-header">
<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#bs-example-navbar-collapse-1">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="navbar-brand" href="/" title="Apache TomEE">
<span>
<img
src="../img/apache_tomee-logo.svg"
onerror="this.src='../img/apache_tomee-logo.jpg'"
height="50"
>
</span>
</a>
</div>
<!-- Collect the nav links, forms, and other content for toggling -->
<div class="collapse navbar-collapse" id="bs-example-navbar-collapse-1">
<ul class="nav navbar-nav navbar-right main-nav">
<li><a href="../docs.html">Documentation</a></li>
<li><a href="../community/index.html">Community</a></li>
<li><a href="../security/security.html">Security</a></li>
<li><a class="btn btn-accent accent-orange no-shadow" href="../download.html">Downloads</a></li>
</ul>
</div>
<!-- /.navbar-collapse -->
</div></div>
</div>
<!-- /.container-fluid -->
</nav>
<div id="main-block" class="container main-block">
<div class="row title">
<div class="col-md-12">
<div class='page-header'>
<h1>Apache TomEE 9.1.1 Release Notes</h1>
</div>
</div>
</div>
<div class="row">
<div class="col-md-12">
<div id="preamble">
<div class="sectionbody">
<div class="paragraph">
<p>Apache TomEE 9.1.1 has been released.</p>
</div>
<div class="paragraph">
<p>It is a maintenance release with some bug fixes and dependencies upgrades.
The most notable change is dropping our own cxf-shade in favour of CXF 4.0.</p>
</div>
<div class="paragraph">
<p>It fixes the latest Tomcat vulnerabilities by back porting and patching Tomcat inside the TomEE build.
This release still passes the EE9.1 TCK as well as the MicroProfile 5.0 TCK.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_dependency_upgrade">Dependency upgrade</h2>
<div class="sectionbody">
<div class="ulist compact">
<ul>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4246">TOMEE-4246</a> ActiveMQ 5.18.2</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4230">TOMEE-4230</a> Backport fix for CVE-2023-34981</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4239">TOMEE-4239</a> Backport fix for CVE-2023-41080</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4235">TOMEE-4235</a> Bouncy Castle 1.75</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4243">TOMEE-4243</a> Bouncy Castle 1.76</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4139">TOMEE-4139</a> CXF 4.0.3 (jakarta namespace)</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4247">TOMEE-4247</a> Hibernate 6.1.7</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4227">TOMEE-4227</a> Jackson 2.15.2</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4228">TOMEE-4228</a> Johnzon 1.2.21</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4248">TOMEE-4248</a> Mojarra 3.0.5</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4254">TOMEE-4254</a> Port fix for CVE-2023-42795</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4255">TOMEE-4255</a> Port fix for CVE-2023-44487</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4256">TOMEE-4256</a> Port fix for CVE-2023-45648</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4249">TOMEE-4249</a> SnakeYAML 2.2</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4250">TOMEE-4250</a> WSS4J 3.0.1</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4232">TOMEE-4232</a> bcprov-jdk15to18-1.74.jar</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4251">TOMEE-4251</a> xmlsec 3.0.2</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_bug">Bug</h2>
<div class="sectionbody">
<div class="ulist compact">
<ul>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4222">TOMEE-4222</a> @LoginToContinue JSR-375 (JavaEE Security API) causes IllegalArgumentException</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4225">TOMEE-4225</a> Remove commons-net from TomEE distribution</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4226">TOMEE-4226</a> DataSource definition fails when @DataSourceDefinition doesn’t define url property</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_improvement">Improvement</h2>
<div class="sectionbody">
<div class="ulist compact">
<ul>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4031">TOMEE-4031</a> Improve TomEE Jmx Mbean Support for Parameter Names</p>
</li>
</ul>
</div>
</div>
</div>
<div class="sect1">
<h2 id="_fixed_common_vulnerabilities_and_exposures_cves">Fixed Common Vulnerabilities and Exposures (CVEs)</h2>
<div class="sectionbody">
<div class="ulist compact">
<ul>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4230">TOMEE-4230</a> Backport fix for CVE-2023-34981</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4254">TOMEE-4254</a> Port fix for CVE-2023-42795</p>
</li>
<li>
<p><a href="https://issues.apache.org/jira/browse/TOMEE-4227">TOMEE-4227</a> Jackson 2.15.2</p>
</li>
</ul>
</div>
</div>
</div>
</div>
</div>
</div>
<div style="margin-bottom: 30px;"></div>
<footer>
<div class="container">
<div class="row">
<div class="col-sm-6 text-center-mobile">
<h3 class="white">Be simple. Be certified. Be Tomcat.</h3>
<h5 class="light regular light-white">"A good application in a good server"</h5>
<ul class="social-footer">
<li><a href="https://www.facebook.com/ApacheTomEE/"><i class="fa fa-facebook"></i></a></li>
<li><a href="https://twitter.com/apachetomee"><i class="fa fa-twitter"></i></a></li>
</ul>
<h5 class="light regular light-white">
<a href="../privacy-policy.html" class="white">Privacy Policy</a>
</h5>
</div>
<div class="col-sm-6 text-center-mobile">
<div class="row opening-hours">
<div class="col-sm-3 text-center-mobile">
<h5><a href="../latest/docs/" class="white">Documentation</a></h5>
<ul class="list-unstyled">
<li><a href="../latest/docs/admin/configuration/index.html" class="regular light-white">How to configure</a></li>
<li><a href="../latest/docs/admin/file-layout.html" class="regular light-white">Dir. Structure</a></li>
<li><a href="../latest/docs/developer/testing/index.html" class="regular light-white">Testing</a></li>
<li><a href="../latest/docs/admin/cluster/index.html" class="regular light-white">Clustering</a></li>
</ul>
</div>
<div class="col-sm-3 text-center-mobile">
<h5><a href="../latest/examples/" class="white">Examples</a></h5>
<ul class="list-unstyled">
<li><a href="../latest/examples/simple-cdi-interceptor.html" class="regular light-white">CDI Interceptor</a></li>
<li><a href="../latest/examples/rest-cdi.html" class="regular light-white">REST with CDI</a></li>
<li><a href="../latest/examples/ejb-examples.html" class="regular light-white">EJB</a></li>
<li><a href="../latest/examples/jsf-managedBean-and-ejb.html" class="regular light-white">JSF</a></li>
</ul>
</div>
<div class="col-sm-3 text-center-mobile">
<h5><a href="../community/index.html" class="white">Community</a></h5>
<ul class="list-unstyled">
<li><a href="../community/contributors.html" class="regular light-white">Contributors</a></li>
<li><a href="../community/social.html" class="regular light-white">Social</a></li>
<li><a href="../community/sources.html" class="regular light-white">Sources</a></li>
</ul>
</div>
<div class="col-sm-3 text-center-mobile">
<h5><a href="../security/index.html" class="white">Security</a></h5>
<ul class="list-unstyled">
<li><a href="https://apache.org/security" target="_blank" class="regular light-white">Apache Security</a></li>
<li><a href="https://apache.org/security/projects.html" target="_blank" class="regular light-white">Security Projects</a></li>
<li><a href="https://cve.mitre.org" target="_blank" class="regular light-white">CVE</a></li>
</ul>
</div>
</div>
</div>
</div>
<div class="row bottom-footer text-center-mobile">
<div class="col-sm-12 light-white">
<p>Copyright © 1999-2025 The Apache Software Foundation, Licensed under the Apache License, Version 2.0. Apache TomEE, TomEE, Apache, the Apache feather logo, and the Apache TomEE project logo are trademarks of The Apache Software Foundation. All other marks mentioned may be trademarks or registered trademarks of their respective owners.</p>
</div>
</div>
</div>
</footer>
<!-- Holder for mobile navigation -->
<div class="mobile-nav">
<ul>
<li><a hef="../latest/docs/admin/index.html">Administrators</a>
<li><a hef="../latest/docs/developer/index.html">Developers</a>
<li><a hef="../latest/docs/advanced/index.html">Advanced</a>
<li><a hef="../community/index.html">Community</a>
</ul>
<a href="#" class="close-link"><i class="arrow_up"></i></a>
</div>
<!-- Scripts -->
<script src="../js/jquery-1.11.1.min.js"></script>
<script src="../js/owl.carousel.min.js"></script>
<script src="../js/bootstrap.min.js"></script>
<script src="../js/wow.min.js"></script>
<script src="../js/typewriter.js"></script>
<script src="../js/jquery.onepagenav.js"></script>
<script src="../js/tree.jquery.js"></script>
<script src="../js/highlight.pack.js"></script>
<script src="../js/main.js"></script>
</body>
</html>