Skip to main content


Date: 2021-06-24, 11:00 (EDT)


  • Ivar Grimstad (Eclipse Foundation) -

  • David Blevins (Tomitribe) -

  • Dmitry Kornilov (Oracle - Present

  • Kenji Kazumura (Fujitsu) - Present

  • Kevin Sutter (IBM) - Present

  • Scott Stark (Red Hat) -

  • Steve Millidge (Payara) -

Invited Guests

  • Maria Teresa Delgado - Present (new face of the EMO)

  • Wayne Beaton - Present

  • Ed Bratt - Present

Not a quorum again this week. Wayne is ready to just post to our PMC list and have the discussion there first.

[Wayne] Vulnerability Policy

  • No specific presentation. Wayne just wanted to discuss the vulnerability policy (or lack thereof).

  • Wayne needs some action and practices in place to help address the vulnerabilities.

Ä* EE4J and Jakarta EE are a prime location for these vulnerabilities.

  • How can we (EE4J PMC and projects) help with this monitoring and reviewing of these vulnerabilities.

  • Action: Wayne will take this to the mailing list.

  • One idea discussed was the use of private “security” mailing lists for EE4J and each of the EE4J projects. Instead of leaving these mailing lists open for posting (encourages spam), maybe use a web form or the like for submitting potential issues.

[Wayne] IP scanning

  • Wayne introduced some new tooling that hopefully will get put in place in 2022

  • This will help with the IP scanning of the source code

  • If any potential issues are found, then the IP team will get notified first. If any follow-up is required, the IP team will contact the project team.

  • If all of this pans out, this should greatly simplify the IP scanning process.

Back to the top