Possible component upgrades report - Wildfly Core
by thofman@redhat.com
Generated at 16:49:21 SGT 2019-11-17
Searched in following repositories:
* Central: https://repo1.maven.org/maven2/
* JBossPublic: https://repository.jboss.org/nexus/content/repositories/public/
Possible upgrades:
com.googlecode.javaewah:JavaEWAH:1.1.6 -> 1.1.7 (Central)
com.jcraft:jsch:0.1.54 -> 0.1.55 (Central)
com.jcraft:jzlib:1.1.1 -> 1.1.3 (Central)
io.undertow:undertow-core:2.0.27.Final -> 2.0.28.Final (Central)
org.apache.httpcomponents:httpclient:4.5.4 -> 4.5.10 (Central)
org.apache.httpcomponents:httpcore:4.4.5 -> 4.4.12 (Central)
org.eclipse.jgit:org.eclipse.jgit:5.0.2.201807311906-r -> 5.0.3.201809091024-r (Central)
org.jboss:jboss-vfs:3.2.14.Final -> 3.2.15.Final (Central)
org.jboss.modules:jboss-modules:1.9.1.Final -> 1.9.2.Final (Central)
org.jboss.slf4j:slf4j-jboss-logmanager:1.0.3.GA -> 1.0.4.GA (Central)
org.slf4j:jcl-over-slf4j:1.7.22.jbossorg-1 -> 1.7.29 (Central)
11 items
5 years
Possible component upgrades report - Wildfly
by thofman@redhat.com
Generated at 01:48:15 SGT 2019-11-17
Searched in following repositories:
* Central: https://repo1.maven.org/maven2/
* JBossPublic: https://repository.jboss.org/nexus/content/repositories/public/
Possible upgrades:
com.google.code.gson:gson:2.8.2 -> 2.8.6 (Central)
com.squareup.okhttp3:okhttp:3.9.0 -> 3.9.1 (Central)
com.sun.faces:jsf-impl:2.3.9.SP04 -> 2.3.9.SP05 (JBossPublic)
com.sun.istack:istack-commons-runtime:3.0.7 -> 3.0.10 (Central)
com.sun.xml.bind.external:relaxng-datatype:2.3.1 -> 2.3.2 (Central)
com.sun.xml.fastinfoset:FastInfoset:1.2.13 -> 1.2.17 (Central)
io.netty:netty-all:4.1.42.Final -> 4.1.43.Final (Central)
io.opentracing.contrib:opentracing-interceptors:0.0.4 -> 0.0.5 (Central)
io.opentracing.contrib:opentracing-tracerresolver:0.1.5 -> 0.1.8 (Central)
io.reactivex.rxjava2:rxjava:2.2.2 -> 2.2.14 (Central)
io.smallrye:smallrye-config:1.3.6 -> 1.3.11 (Central)
io.smallrye:smallrye-opentracing:1.3.0 -> 1.3.2 (Central)
io.undertow.js:undertow-js:1.0.2.Final -> 1.0.3.Final (Central)
joda-time:joda-time:2.9.7 -> 2.9.9 (Central)
net.bytebuddy:byte-buddy:1.9.11 -> 1.9.16 (Central)
org.apache.activemq:activemq-artemis-native:1.0.0 -> 1.0.1 (Central)
org.apache.avro:avro:1.7.6 -> 1.7.7 (Central)
org.apache.cxf:cxf-core:3.3.3 -> 3.3.4 (Central)
org.apache.james:apache-mime4j:0.6 -> 0.6.1 (Central)
org.apache.myfaces.core:myfaces-api:2.3.1 -> 2.3.5 (Central)
org.apache.openjpa:openjpa-kernel:2.4.2 -> 2.4.3 (Central)
org.cryptacular:cryptacular:1.2.0 -> 1.2.3 (Central)
org.eclipse.microprofile.rest.client:microprofile-rest-client-api:1.3.2 -> 1.3.4 (Central)
org.eclipse.persistence:eclipselink:2.7.3 -> 2.7.5 (Central)
org.glassfish.jaxb:codemodel:2.3.1 -> 2.3.2-1 (Central)
org.jasypt:jasypt:1.9.2 -> 1.9.3 (Central)
org.jboss:jboss-ejb-client:4.0.23.Final -> 4.0.26.Final (Central)
org.jboss.activemq.artemis.integration:artemis-wildfly-integration:1.0.2 -> 1.0.2-wildfly-1 (JBossPublic)
org.jboss.arquillian.container:arquillian-container-test-spi:1.4.0.Final -> 1.4.1.Final (Central)
org.jboss.resteasy:jose-jwt:3.9.0.Final -> 3.9.1.Final (Central)
org.jboss.security:jbossxacml:2.0.8.Final -> 2.0.9.Final (JBossPublic)
org.jboss.spec.javax.faces:jboss-jsf-api_2.3_spec:3.0.0.Final -> 3.0.0.SP1 (Central)
org.jgroups:jgroups:4.1.6.Final -> 4.1.8.Final (Central)
org.opensaml:opensaml-core:3.3.0 -> 3.3.1 (Central)
org.reactivestreams:reactive-streams:1.0.2 -> 1.0.3 (Central)
xalan:serializer:2.7.1.jbossorg-4 -> 2.7.2 (Central)
36 items
5 years
WildFly 18.0.1 is released
by Brian Stansberry
We've released WildFly 18.0.1.Final! Get it at
https://wildfly.org/downloads/.
Here's what's in it:
Release Notes - WildFly - Version 18.0.1.Final
** Component Upgrade
* [WFLY-12621] - Upgrade Hibernate ORM from 5.3.12 to 5.3.13
* [WFLY-12691] - Upgrade WildFly Core to 10.0.2.Final (Resolves
CVE-2019-9515 and CVE-2019-14838)
* [WFLY-12714] - [18.0.x] Upgrade Hibernate Validator to 6.0.18
(Resolves CVE-2019-10219)
* [WFLY-12717] - Upgrade beanutils from 1.93 to 1.94 (Resolves
CVE-2019-10086)
* [WFLY-12719] - [18.0.x] Upgrade JSF based on Mojarra 2.3.9.SP04
* [WFLY-12721] - [18.0.x] Upgrade commons-codec from 1.11 to 1.13
* [WFLY-12726] - [18.0.x] Update jackson-databind to 2.9.10.1 (Resolves
CVE-2019-16942 / CVE-2019-16943)
* [WFLY-12727] - Upgrade Netty to 4.1.42 (Resolves CVE-2019-16869)
* [WFLY-12767] - Upgrade jberet-core from 1.3.4.Final to 1.3.5.Final
* [WFLY-12784] - Upgrade WildFly Core 10.0.3.Final
* [WFLY-12788] - [18.0.x] Upgrade RESTEasy to 3.9.1.Final
** Bug
* [WFLY-12692] - [18.0.x] Exception with web.xml url-pattern
* [WFLY-12729] - [18.0.x] Session passivation event can deadlock if it
attempts write operations on a session
** Task
* [WFLY-12746] - Bump clustering testsuite surefire execution timeout
to 5400
Thanks, everyone, for your support of WildFly!
Best regards,
--
Brian Stansberry
Manager, Senior Principal Software Engineer
Red Hat
5 years
JDK 14 - Early Access build 22 is available
by Rory O'Donnell
Hi David & Richard,
*OpenJDK builds - JDK 14 *- Early Access build 22 is available at
http://jdk.java.net/14/
These early-access, open-source builds are provided under the GNU
General Public License, version 2, with the Classpath Exception
<http://openjdk.java.net/legal/gplv2+ce.html>.
* Release notes
o https://jdk.java.net/14/release-notes
* JEPs targeted to JDK 14, so far:
* JEP 345: NUMA-Aware Memory Allocation for G1
<http://openjdk.java.net/jeps/345> was Targeted to JDK 14.
* JEP 349: JFR Event Streaming
<http://openjdk.java.net/jeps/349> was Integrated.
* JEP 361: Switch Expressions (Standard)
<http://openjdk.java.net/jeps/361> was Targeted to JDK 14.
* JEP 363: Remove the Concurrent Mark Sweep (CMS) Garbage
Collector <http://openjdk.java.net/jeps/363> was Targeted to JDK 14.
* JEP 364: ZGC on macOS <http://openjdk.java.net/jeps/364> was
Targeted to JDK 14.
* JEP 365: ZGC on Windows <http://openjdk.java.net/jeps/365> moved
to Candidate.
* JEP 366: Deprecate the ParallelScavenge + SerialOld GC
Combination <http://openjdk.java.net/jeps/366> was Proposed to
target JDK 14.
* JEP 367: Remove the Pack200 Tools and API
<http://openjdk.java.net/jeps/367> was Targeted to JDK 14.
* JEP 368: Text Blocks (Second Preview)
<http://openjdk.java.net/jeps/368> moved to Candidate.
* Changes in this build
<http://hg.openjdk.java.net/jdk/jdk/log?rev=reverse%28%22jdk-14%2B21%22%3A...>
*jpackage EA -* Build 14-jpackage+1-67 (2019/11/4)
* This is an early access build of JEP 343: Packaging Tool
<https://openjdk.java.net/jeps/343>, aimed at testing a prototype
implementation of jpackage, which is a new tool for packaging
self-contained Java applications along with a Java Runtime Environment.
* These early-access builds are provided under the GNU General Public
License, version 2, with the Classpath Exception
<http://openjdk.java.net/legal/gplv2+ce.html>
* Build 14 is now available http://jdk.java.net/jpackage/
* Please send feedback via e-mail to core-libs-dev(a)openjdk.java.net
<mailto:core-libs-dev@openjdk.java.net>
--
Rgds, Rory O'Donnell
Quality Engineering Manager
Oracle EMEA, Dublin, Ireland
5 years
Fixes for WildFly 18.0.1.Final
by Brian Stansberry
Hi everyone,
If any or the component leads for the components in the WFLY and WFCORE
JIRA projects[1] have ready-to-go fixes that they want to see in a WildFly
18.0.1 that aren't already merged, please reply with details, preferably
including a JIRA link.
Recently for each WildFly major we've been doing a micro release in the
first few weeks to a month or so after the major release. We released
WildFly 18 in early October so now I'd like to do an 18.0.1 next week.
Over the last month as critical bug fixes have come into master I've made
an effort to ping the relevant component leads to see if the fix is also a
good fit for 18.0.1. From that we've got a pretty good payload[2], enough
to justify the release. But if there are things I've missed I'd like to
hear from the leads.
Some guidelines:
* We want things that are very SAFE. The point of a micro is to fix
problems so we don't want to introduce problems.
* We want things already in master or that can be ready by late Monday.
* Generally we only want things that resolve problems of Critical or
Blocker JIRA priority. (Other fixes that come in via a component upgrade to
fix the Critical/Blocker are ok.)
* If we upgraded a component and that upgrade fixes a CVE that was in the
old version, that's ok, even if it wasn't Critical/Blocker priority. So
long as the upgrade is SAFE.
[1]
https://issues.jboss.org/projects/WFLY?selectedItem=com.atlassian.jira.ji...
and
https://issues.jboss.org/projects/WFCORE?selectedItem=com.atlassian.jira....
[2] https://issues.jboss.org/projects/WFLY/versions/12343077 and
https://issues.jboss.org/projects/WFCORE/versions/12343078
Best regards,
Brian
5 years
Possible component upgrades report - Wildfly Core
by thofman@redhat.com
Generated at 16:49:22 SGT 2019-11-10
Searched in following repositories:
* Central: https://repo1.maven.org/maven2/
* JBossPublic: https://repository.jboss.org/nexus/content/repositories/public/
Possible upgrades:
com.jcraft:jsch:0.1.54 -> 0.1.55 (Central)
com.jcraft:jzlib:1.1.1 -> 1.1.3 (Central)
org.apache.httpcomponents:httpclient:4.5.4 -> 4.5.10 (Central)
org.apache.httpcomponents:httpcore:4.4.5 -> 4.4.12 (Central)
org.eclipse.jgit:org.eclipse.jgit:5.0.2.201807311906-r -> 5.0.3.201809091024-r (Central)
org.jboss.modules:jboss-modules:1.9.1.Final -> 1.9.2.Final (Central)
org.jboss.slf4j:slf4j-jboss-logmanager:1.0.3.GA -> 1.0.4.GA (Central)
org.slf4j:jcl-over-slf4j:1.7.22.jbossorg-1 -> 1.7.29 (Central)
8 items
5 years
Possible component upgrades report - Wildfly
by thofman@redhat.com
Generated at 01:48:23 SGT 2019-11-10
Searched in following repositories:
* Central: https://repo1.maven.org/maven2/
* JBossPublic: https://repository.jboss.org/nexus/content/repositories/public/
Possible upgrades:
com.google.code.gson:gson:2.8.2 -> 2.8.6 (Central)
com.squareup.okhttp3:okhttp:3.9.0 -> 3.9.1 (Central)
com.sun.istack:istack-commons-runtime:3.0.7 -> 3.0.10 (Central)
com.sun.xml.bind.external:relaxng-datatype:2.3.1 -> 2.3.2 (Central)
com.sun.xml.fastinfoset:FastInfoset:1.2.13 -> 1.2.17 (Central)
io.netty:netty-all:4.1.42.Final -> 4.1.43.Final (Central)
io.opentracing.contrib:opentracing-interceptors:0.0.4 -> 0.0.5 (Central)
io.opentracing.contrib:opentracing-tracerresolver:0.1.5 -> 0.1.8 (Central)
io.reactivex.rxjava2:rxjava:2.2.2 -> 2.2.14 (Central)
io.smallrye:smallrye-config:1.3.6 -> 1.3.11 (Central)
io.smallrye:smallrye-opentracing:1.3.0 -> 1.3.2 (Central)
io.undertow.js:undertow-js:1.0.2.Final -> 1.0.3.Final (Central)
joda-time:joda-time:2.9.7 -> 2.9.9 (Central)
net.bytebuddy:byte-buddy:1.9.11 -> 1.9.16 (Central)
org.apache.activemq:activemq-artemis-native:1.0.0 -> 1.0.1 (Central)
org.apache.avro:avro:1.7.6 -> 1.7.7 (Central)
org.apache.cxf:cxf-core:3.3.3 -> 3.3.4 (Central)
org.apache.james:apache-mime4j:0.6 -> 0.6.1 (Central)
org.apache.myfaces.core:myfaces-api:2.3.1 -> 2.3.5 (Central)
org.apache.openjpa:openjpa-kernel:2.4.2 -> 2.4.3 (Central)
org.cryptacular:cryptacular:1.2.0 -> 1.2.3 (Central)
org.eclipse.microprofile.rest.client:microprofile-rest-client-api:1.3.2 -> 1.3.4 (Central)
org.eclipse.persistence:eclipselink:2.7.3 -> 2.7.5 (Central)
org.glassfish.jaxb:codemodel:2.3.1 -> 2.3.2-1 (Central)
org.hibernate:hibernate-core:5.3.13.Final -> 5.3.14.Final (Central)
org.jasypt:jasypt:1.9.2 -> 1.9.3 (Central)
org.jboss:jboss-ejb-client:4.0.23.Final -> 4.0.25.Final (Central)
org.jboss.activemq.artemis.integration:artemis-wildfly-integration:1.0.2 -> 1.0.2-wildfly-1 (JBossPublic)
org.jboss.arquillian.container:arquillian-container-test-spi:1.4.0.Final -> 1.4.1.Final (Central)
org.jboss.ironjacamar:ironjacamar-common-api:1.4.18.Final -> 1.4.19.Final (Central)
org.jboss.security:jbossxacml:2.0.8.Final -> 2.0.9.Final (JBossPublic)
org.jgroups:jgroups:4.1.6.Final -> 4.1.7.Final (Central)
org.opensaml:opensaml-core:3.3.0 -> 3.3.1 (Central)
org.reactivestreams:reactive-streams:1.0.2 -> 1.0.3 (Central)
xalan:serializer:2.7.1.jbossorg-4 -> 2.7.2 (Central)
35 items
5 years
