dev  

Messages by Date

• 2025/09/21 [Bug 69826] New: The compression logic only checks for "gzip" and "br" encodings but misses other compression formats, potentially causing double compression. This wastes CPU resources and may increase response size due to compression overhead. bugzilla
• 2025/09/21 [Bug 69825] New: Potential ReDoS (Regular Expression Denial of Service) Location: setNoCompressionUserAgents(String noCompressionUserAgents) method Root Cause: The method directly compiles a user-provided string into a Pattern without any validation, sanitization bugzilla
• 2025/09/21 [Bug 69824] New: Potential ReDoS (Regular Expression Denial of Service) Location: setNoCompressionUserAgents(String noCompressionUserAgents) method Root Cause: The method directly compiles a user-provided string into a Pattern without any validation, sanitization bugzilla
• 2025/09/21 [Bug 69823] New: Potential ReDoS (Regular Expression Denial of Service) Location: setNoCompressionUserAgents(String noCompressionUserAgents) method Root Cause: The method directly compiles a user-provided string into a Pattern without any validation, sanitization bugzilla
• 2025/09/21 [Bug 69822] New: Log injection vulnerability in AbstractProcessorLight class allows attackers to manipulate application logs by injecting malicious content through unsanitized input in trace logging statements. bugzilla
• 2025/09/21 [Bug 69821] New: `AbstractProcessor` risks `NullPointerException` crashes due to race conditions with `volatile socketWrapper`. Fix with final local references and null checks. bugzilla
• 2025/09/19 (tomcat) branch 9.0.x updated: Stabilize TestSwallowAbortedUploads.testChunkedPUTLimit dsoumis
• 2025/09/19 (tomcat) branch 10.1.x updated: Stabilize TestSwallowAbortedUploads.testChunkedPUTLimit dsoumis
• 2025/09/19 (tomcat) branch main updated: Stabilize TestSwallowAbortedUploads.testChunkedPUTLimit dsoumis
• 2025/09/19 (tomcat) branch 11.0.x updated: Stabilize TestSwallowAbortedUploads.testChunkedPUTLimit dsoumis
• 2025/09/19 Re: [PR] Stabilize TestSwallowAbortedUploads.testChunkedPUTLimit [tomcat] via GitHub
• 2025/09/19 [Bug 69820] Trivial performance improvement to ParameterMap.<init> bugzilla
• 2025/09/19 (tomcat) branch 9.0.x updated: Fix back-port markt
• 2025/09/19 [Bug 69820] Trivial performance improvement to ParameterMap.<init> bugzilla
• 2025/09/19 (tomcat) branch 11.0.x updated: Further performance improvements for ParameterMap. (jengebr/markt) markt
• 2025/09/19 (tomcat) branch 9.0.x updated: Further performance improvements for ParameterMap. (jengebr/markt) markt
• 2025/09/19 (tomcat) branch 10.1.x updated: Further performance improvements for ParameterMap. (jengebr/markt) markt
• 2025/09/19 (tomcat) branch main updated: Further performance improvements for ParameterMap. (jengebr/markt) markt
• 2025/09/19 (tomcat) branch 10.1.x updated: Refactor RemoteCIDRFilter to use NetMaskSet markt
• 2025/09/19 [Bug 69820] Trivial performance improvement to ParameterMap.<init> bugzilla
• 2025/09/19 (tomcat) branch 9.0.x updated: Fix back-port markt
• 2025/09/19 (tomcat) branch 10.1.x updated: Fix back-port markt
• 2025/09/19 (tomcat) branch main updated: Refactor RemoteCIDRFilter to use NetMaskSet markt
• 2025/09/19 (tomcat) branch 11.0.x updated: Refactor RemoteCIDRFilter to use NetMaskSet markt
• 2025/09/19 (tomcat) branch 9.0.x updated: Refactor RemoteCIDRFilter to use NetMaskSet markt
• 2025/09/19 [PR] Stabilize TestSwallowAbortedUploads.testChunkedPUTLimit [tomcat] via GitHub
• 2025/09/19 (tomcat) branch 9.0.x updated: Improve code coverage of tests for RemoteCIDRFilter markt
• 2025/09/19 (tomcat) branch 10.1.x updated: Improve code coverage of tests for RemoteCIDRFilter markt
• 2025/09/19 (tomcat) branch 11.0.x updated: Improve code coverage of tests for RemoteCIDRFilter markt
• 2025/09/19 (tomcat) branch main updated: Improve code coverage of tests for RemoteCIDRFilter markt
• 2025/09/19 (tomcat) branch 9.0.x updated: Store request header names using original case rather than forcing to lc markt
• 2025/09/19 Re: [PR] Move lower casing of headers from parser to valve [tomcat] via GitHub
• 2025/09/19 Re: [PR] Move lower casing of headers from parser to valve [tomcat] via GitHub
• 2025/09/19 (tomcat) branch 11.0.x updated: Store request header names using original case rather than forcing to lc markt
• 2025/09/19 (tomcat) branch 10.1.x updated: Store request header names using original case rather than forcing to lc markt
• 2025/09/19 (tomcat) branch main updated: Store request header names using original case rather than forcing to lc markt
• 2025/09/19 [Bug 69820] New: Trivial performance improvement to ParameterMap.<init> bugzilla
• 2025/09/19 (tomcat) branch 9.0.x updated: Fix BZ 69814 Ensure HttpSession.isNew() returns false once client joins markt
• 2025/09/19 [Bug 69814] HttpSession.isNew() may return true on an existing session due to a race condition bugzilla
• 2025/09/19 (tomcat) branch 10.1.x updated: Fix BZ 69814 Ensure HttpSession.isNew() returns false once client joins markt
• 2025/09/19 (tomcat) branch 11.0.x updated: Fix BZ 69814 Ensure HttpSession.isNew() returns false once client joins markt
• 2025/09/19 (tomcat) branch main updated: Fix BZ 69814 Ensure HttpSession.isNew() returns false once client joins markt
• 2025/09/19 [Bug 69819] MPS Info Services bugzilla
• 2025/09/19 [Bug 69819] New: MPS Info Services bugzilla
• 2025/09/19 [Bug 69815] Feature request: support device bound session credentials (DBSC) bugzilla
• 2025/09/18 [Bug 69802] optional certificateVerification with TLS 1.3 gives a warning but it should work fine bugzilla
• 2025/09/18 [Bug 69815] Feature request: support device bound session credentials (DBSC) bugzilla
• 2025/09/18 [Bug 69815] Feature request: support device bound session credentials (DBSC) bugzilla
• 2025/09/18 [Bug 69802] optional certificateVerification with TLS 1.3 gives a warning but it should work fine bugzilla
• 2025/09/18 [Bug 69814] HttpSession.isNew() may return true on an existing session due to a race condition bugzilla
• 2025/09/18 [Bug 69815] Feature request: support device bound session credentials (DBSC) bugzilla
• 2025/09/18 Re: [PR] Move lower casing of headers from parser to valve [tomcat] via GitHub
• 2025/09/18 [Bug 69810] ClassNotFoundException: org.apache.tomcat.util.concurrent.KeyedReentrantReadWriteLock bugzilla
• 2025/09/18 (tomcat) branch 9.0.x updated: Avoid NPEs remm
• 2025/09/18 (tomcat) branch 10.1.x updated: Avoid NPEs remm
• 2025/09/18 (tomcat) branch 11.0.x updated: Avoid NPEs remm
• 2025/09/18 (tomcat) branch main updated: Avoid NPEs remm
• 2025/09/18 [Bug 69817] Add sub-millisecond precision capability to access log timestamps bugzilla
• 2025/09/18 [Bug 69817] Add sub-millisecond precision capability to access log timestamps bugzilla
• 2025/09/18 [Bug 69817] Add sub-millisecond precision capability to access log timestamps bugzilla
• 2025/09/18 [Bug 69817] New: Add sub-millisecond precision capability to access log timestamps bugzilla
• 2025/09/18 (tomcat) branch 10.1.x updated: Additional comments markt
• 2025/09/18 (tomcat) branch 9.0.x updated: Hide default constructor markt
• 2025/09/18 (tomcat) branch main updated: Hide default constructor markt
• 2025/09/18 (tomcat) branch 11.0.x updated: Hide default constructor markt
• 2025/09/18 (tomcat) branch 10.1.x updated: Hide default constructor markt
• 2025/09/18 (tomcat) branch 9.0.x updated: Additional comments markt
• 2025/09/18 (tomcat) branch 11.0.x updated: Additional comments markt
• 2025/09/18 (tomcat) branch main updated: Additional comments markt
• 2025/09/18 (tomcat) branch 11.0.x updated: Avoid changing Type toString remm
• 2025/09/18 (tomcat) branch main updated: Avoid changing Type toString remm
• 2025/09/18 (tomcat) branch 11.0.x updated: Fix key type remm
• 2025/09/18 (tomcat) branch main updated: Fix key type remm
• 2025/09/18 (tomcat) branch 11.0.x updated: Add ALv2 header markt
• 2025/09/18 (tomcat) branch 9.0.x updated: Add ALv2 header markt
• 2025/09/18 (tomcat) 02/02: Add ALv2 header markt
• 2025/09/18 (tomcat) branch 10.1.x updated: Add ALv2 header markt
• 2025/09/18 Re: [PR] Remove redundant conversion of applicationEventListenerList [tomcat] via GitHub
• 2025/09/18 (tomcat) 01/02: Add ALv2 header markt
• 2025/09/18 (tomcat) branch main updated (86cd12f326 -> 51365a6473) markt
• 2025/09/18 Re: [PR] Remove redundant conversion of applicationEventListenerList [tomcat] via GitHub
• 2025/09/18 [PR] Remove redundant conversion for applicationEventListenerList [tomcat] via GitHub
• 2025/09/17 Re: (tomcat) branch main updated: Switch to new ASF logo Mark Thomas
• 2025/09/17 Re: (tomcat) branch main updated: Switch to new ASF logo Christopher Schultz
• 2025/09/17 (tomcat) branch 11.0.x updated: Remove method allowing multiple certificates per contexts remm
• 2025/09/17 (tomcat) branch 10.1.x updated: Switch to new ASF logo markt
• 2025/09/17 (tomcat) branch main updated: Remove method allowing multiple certificates per contexts remm
• 2025/09/17 (tomcat) branch main updated: Drop method remm
• 2025/09/17 svn commit: r1928555 - in tomcat/site/trunk/docs: connectors-doc/images native-1.3-doc/images native-doc/images tomcat-10.0-doc/images tomcat-10.1-doc/images tomcat-11.0-doc/images tomcat-6.0-doc/images tomcat-7.0-doc/images tomcat-8.0-doc/images tomca... markt
• 2025/09/17 (tomcat-native) branch main updated: Update to new ASF logo markt
• 2025/09/17 (tomcat) branch 9.0.x updated: Fix license header dsoumis
• 2025/09/17 (tomcat) branch 9.0.x updated: Switch to new ASF logo markt
• 2025/09/17 (tomcat) branch 11.0.x updated: Switch to new ASF logo markt
• 2025/09/17 (tomcat) branch main updated: Fix license header dsoumis
• 2025/09/17 (tomcat) branch 11.0.x updated: Fix license header dsoumis
• 2025/09/17 (tomcat) branch 10.1.x updated: Fix license header dsoumis
• 2025/09/17 (tomcat) branch main updated: Switch to new ASF logo markt
• 2025/09/17 Re: (tomcat) branch main updated: Test Java scriplets in JSP Dimitris Soumis
• 2025/09/17 svn commit: r1928549 - in tomcat/site/trunk: docs/res/images xdocs xdocs/res/images markt
• 2025/09/17 svn commit: r1928548 - in tomcat/site/trunk: docs docs/res/images xdocs/res/images xdocs/stylesheets markt
• 2025/09/17 (tomcat) branch main updated: Fix typo in logging.xml dsoumis
• 2025/09/17 (tomcat) branch 11.0.x updated: Fix typo in logging.xml dsoumis
• 2025/09/17 Re: (tomcat) branch main updated: Test Java scriplets in JSP Mark Thomas
• 2025/09/17 Re: [PR] BZ 69781 - improve FileStore thread safety [tomcat] via GitHub
• 2025/09/17 Re: [PR] BZ 69781 - improve FileStore thread safety [tomcat] via GitHub
• 2025/09/17 Re: [PR] BZ 69781 - improve FileStore thread safety [tomcat] via GitHub
• 2025/09/17 (tomcat) branch 10.1.x updated: Test Java scriplets in JSP dsoumis
• 2025/09/17 (tomcat) branch 9.0.x updated: Test Java scriplets in JSP dsoumis
• 2025/09/17 (tomcat) branch 11.0.x updated: Test Java scriplets in JSP dsoumis
• 2025/09/17 (tomcat) branch main updated: Test Java scriplets in JSP dsoumis
• 2025/09/17 (tomcat) branch main updated: Remove unnecessary syncs. markt
• 2025/09/17 Re: Coverity scan Rémy Maucherat
• 2025/09/17 Coverity scan Mark Thomas
• 2025/09/17 (tomcat) branch 11.0.x updated: Update version number remm
• 2025/09/17 (tomcat) branch 11.0.x updated: Remove unnecessary syncs. markt
• 2025/09/17 (tomcat) branch 10.1.x updated: Remove unnecessary syncs. markt
• 2025/09/17 (tomcat) branch 9.0.x updated: Remove unnecessary syncs. markt
• 2025/09/17 (tomcat) branch 9.0.x updated: Map may be accessed concurrently so use ConcurrentMap markt
• 2025/09/17 (tomcat) branch main updated: Try new versions remm
• 2025/09/17 (tomcat) branch 9.0.x updated: Use Java 25 for Tomcat 9 remm
• 2025/09/17 (tomcat) branch 10.1.x updated: Update version number remm
• 2025/09/17 (tomcat) branch main updated: Forgot version numbers remm
• 2025/09/17 (tomcat) branch main updated: Map may be accessed concurrently so use ConcurrentMap markt
• 2025/09/17 (tomcat) branch 10.1.x updated: Map may be accessed concurrently so use ConcurrentMap markt
• 2025/09/17 (tomcat) branch 11.0.x updated: Map may be accessed concurrently so use ConcurrentMap markt
• 2025/09/16 Re: [PR] Fix invalid Eclipse setting key in formatting-asf-tomcat.xml [tomcat] via GitHub
• 2025/09/16 Re: [PR] Fix invalid Eclipse setting key in formatting-asf-tomcat.xml [tomcat] via GitHub
• 2025/09/16 (tomcat) branch 9.0.x updated: Trivial optimisation. Also fixes highly theoretical concurrency issue. markt
• 2025/09/16 (tomcat) branch 10.1.x updated: Trivial optimisation. Also fixes highly theoretical concurrency issue. markt
• 2025/09/16 (tomcat) branch 11.0.x updated: Trivial optimisation. Also fixes highly theoretical concurrency issue. markt
• 2025/09/16 (tomcat) branch main updated: Trivial optimisation. Also fixes highly theoretical concurrency issue. markt
• 2025/09/16 [PR] Fix invalid Eclipse setting key in formatting-asf-tomcat.xml [tomcat] via GitHub
• 2025/09/16 (tomcat) branch 11.0.x updated: Improve codestyle and inspection in Intellij IDE dsoumis
• 2025/09/16 (tomcat) branch 10.1.x updated: Improve codestyle and inspection in Intellij IDE dsoumis
• 2025/09/16 (tomcat) branch 9.0.x updated: Improve codestyle and inspection in Intellij IDE dsoumis
• 2025/09/16 (tomcat) branch main updated: Improve codestyle and inspection in Intellij IDE dsoumis
• 2025/09/16 (tomcat) branch 9.0.x updated: Be more explicit about the need for CORS protection for WebDAV markt
• 2025/09/16 (tomcat) branch 11.0.x updated: Be more explicit about the need for CORS protection for WebDAV markt
• 2025/09/16 (tomcat) branch 10.1.x updated: Be more explicit about the need for CORS protection for WebDAV markt
• 2025/09/16 (tomcat) branch main updated: Be more explicit about the need for CORS protection for WebDAV markt
• 2025/09/16 (tomcat) branch main updated: Remove terms that should have been removed with WebDAV fix filter markt
• 2025/09/16 (tomcat) branch 10.1.x updated: Fix IDE warnings markt
• 2025/09/16 (tomcat) branch 9.0.x updated: Fix IDE warnings markt
• 2025/09/16 (tomcat) branch 11.0.x updated: Fix IDE warnings markt
• 2025/09/16 (tomcat) branch main updated: Fix IDE warnings markt
• 2025/09/16 (tomcat) branch 9.0.x updated: No configuration change unless the channel is fully stopped. markt
• 2025/09/16 (tomcat) branch 10.1.x updated: No configuration change unless the channel is fully stopped. markt
• 2025/09/16 (tomcat) branch 11.0.x updated: No configuration change unless the channel is fully stopped. markt
• 2025/09/16 (tomcat) branch main updated: No configuration change unless the channel is fully stopped. markt
• 2025/09/16 (tomcat) branch 9.0.x updated: Test case for https://bz.apache.org/bugzilla/show_bug.cgi?id=64614 dsoumis
• 2025/09/16 (tomcat) branch 10.1.x updated: Test case for https://bz.apache.org/bugzilla/show_bug.cgi?id=64614 dsoumis
• 2025/09/16 (tomcat) branch 11.0.x updated: Test case for https://bz.apache.org/bugzilla/show_bug.cgi?id=64614 dsoumis
• 2025/09/16 (tomcat) branch main updated: Test case for https://bz.apache.org/bugzilla/show_bug.cgi?id=64614 dsoumis
• 2025/09/16 Re: [PR] Test case for https://bz.apache.org/bugzilla/show_bug.cgi?id=64614 [tomcat] via GitHub
• 2025/09/15 [Bug 69800] Enhancement: Support for configuring TLS named groups bugzilla
• 2025/09/15 [PR] Test case for https://bz.apache.org/bugzilla/show_bug.cgi?id=64614 [tomcat] via GitHub
• 2025/09/15 Buildbot success in on tomcat-11.0.x buildbot
• 2025/09/15 (tomcat) branch 9.0.x updated: Add another warning to the Store interface markt
• 2025/09/15 (tomcat) branch 10.1.x updated: Add another warning to the Store interface markt
• 2025/09/15 (tomcat) branch 11.0.x updated: Add another warning to the Store interface markt
• 2025/09/15 (tomcat) branch main updated: Add another warning to the Store interface markt
• 2025/09/15 (tomcat) branch 9.0.x updated: Add a warning to the Store interface markt
• 2025/09/15 (tomcat) branch 10.1.x updated: Add a warning to the Store interface markt
• 2025/09/15 (tomcat) branch 11.0.x updated: Add a warning to the Store interface markt
• 2025/09/15 (tomcat) branch main updated: Add a warning to the Store interface markt
• 2025/09/15 Re: [PR] Move lower casing of headers from parser to valve [tomcat] via GitHub
• 2025/09/15 Re: [PR] Move lower casing of headers from parser to valve [tomcat] via GitHub
• 2025/09/14 (tomcat-maven-plugin) branch trunk updated: Use more general language for the ASF logo schultz
• 2025/09/14 Re: [PR] Move lower casing of headers from parser to valve [tomcat] via GitHub
• 2025/09/13 [Bug 69815] New: Feature request: support device bound session credentials (DBSC) bugzilla
• 2025/09/13 Re: [PR] Move lower casing of headers from parser to valve [tomcat] via GitHub
• 2025/09/13 Re: [PR] Move lower casing of headers from parser to valve [tomcat] via GitHub
• 2025/09/12 Re: [PR] Move lower casing of headers from parser to valve [tomcat] via GitHub
• 2025/09/12 [Bug 69800] Enhancement: Support for configuring TLS named groups bugzilla
• 2025/09/12 [PR] Add support for CIDR notation in RemoteIpFilter(#632) [tomcat] via GitHub
• 2025/09/12 Buildbot failure in on tomcat-11.0.x buildbot
• 2025/09/12 Re: [PR] Add support for CIDR notation in `RemoteIpFilter` [tomcat] via GitHub
• 2025/09/12 Re: [PR] Add support for CIDR notation in `RemoteIpFilter` [tomcat] via GitHub
• 2025/09/12 Re: [PR] Add support for CIDR notation in `RemoteIpFilter` [tomcat] via GitHub
• 2025/09/12 svn commit: r1928371 - in tomcat/site/trunk: docs xdocs schultz
• 2025/09/12 svn commit: r1928370 - tomcat/site/trunk/docs/res/images schultz
• 2025/09/12 svn commit: r1928369 - in tomcat/site/trunk: docs xdocs schultz
• 2025/09/12 svn commit: r1928368 - in tomcat/site/trunk: . docs docs/tomcat-10.1-doc docs/tomcat-10.1-doc/annotationapi docs/tomcat-10.1-doc/annotationapi/jakarta/annotation docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/security docs/tomcat-10.1-doc/annota... schultz
• 2025/09/12 [ANN] Apache Tomcat 10.1.46 Available Christopher Schultz
• 2025/09/12 svn commit: r1928367 - tomcat/site/trunk/xdocs/res/images schultz
• 2025/09/12 Re: [VOTE][RESULT] Release Apache Tomcat 10.1.46 Christopher Schultz
• 2025/09/12 svn commit: r79281 - release/tomcat/tomcat-10/v10.1.44 schultz
• 2025/09/12 svn commit: r79279 - dev/tomcat/tomcat-10/v10.1.46 release/tomcat/tomcat-10/v10.1.46 schultz
• 2025/09/12 [VOTE][RESULT] Release Apache Tomcat 10.1.46 Christopher Schultz
• 2025/09/12 (tomcat) branch 10.1.x updated: Fix changelog typo rjung
• 2025/09/12 Re: Test class org.apache.coyote.http2.TestCancelledUpload unreliable for NIO2 Dimitris Soumis
• 2025/09/12 (tomcat) branch main updated: Hack around the certificate index for tomcat-native remm
• 2025/09/12 (tomcat) branch main updated: Also remove constants remm
• 2025/09/12 (tomcat) 01/02: Drop the unused certificate index from the FFM code remm
• 2025/09/12 (tomcat) 01/02: Drop the unused certificate index from the FFM code remm
• 2025/09/12 (tomcat) branch 9.0.x updated (d68dd8ab43 -> 22f628b7ee) remm
• 2025/09/12 (tomcat) 02/02: Also remove constants remm
• 2025/09/12 (tomcat) branch 10.1.x updated (4a464588ac -> cfe18b1349) remm
• 2025/09/12 (tomcat) 02/02: Also remove constants remm
• 2025/09/12 (tomcat) 01/02: Drop the unused certificate index from the FFM code remm

• Earlier messages
• Later messages