Am 27.09.2017 um 20:43 schrieb Mark Thomas:
The proposed Apache Tomcat 9.0.1 release is now available for voting.
The major changes compared to the 9.0.0.M27 release are:
- Fix CVE-2017-12617
- Servlet 4.0 implementation is complete
- Add the ability to reconfigure TLS connectors at runtime without
stopping the connector
- Stricter validation of the Host header
Along with lots of other bug fixes and improvements.
For full details, see the changelog:
http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.1/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1156/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_1/
The proposed 9.0.1 release is:
[ ] Broken - do not release
[ ] Alpha - go ahead and release as 9.0.1
[X] Beta - go ahead and release as 9.0.1
[ ] Stable - go ahead and release as 9.0.1
+1 to release as alpha.
Details
=======
- SHA1 and MD5 OK
- signatures OK
- key in KEYS file
- gz and zip for src and bin consistent
- src consistent with svn tag
- except bin shell scripts are not executable in src tarball
(not critical)
- builds fine
- build result looks consistent with binaries
- no checkstyle complaints
- no Javadoc warnings
- JMX MBean Comparison with 9.0.0: no change
- Unit tests: No failures
Build and tests were done using Java 1.8.0_144. OS was Solaris 10 Sparc,
tcnative was 1.2.14 based on APR 1.6.2 and OpenSSL 1.0.2l plus patches.
Thanks for RM and regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
