Sorry, just read the thread in tomcat.developers. I don't know about doing in parallel. IT may be best to just supersede to 10.0.20 and 9.0.62 instead of rolling .19 and .61. Less confusion.
Dream * Excel * Explore * Inspire Jon McAlexander Infrastructure Engineer Asst Vice President He/His Middleware Product Engineering Enterprise CIO | EAS | Middleware | Infrastructure Solutions 8080 Cobblestone Rd | Urbandale, IA 50322 MAC: F4469-010 Tel 515-988-2508 | Cell 515-988-2508 jonmcalexan...@wellsfargo.com This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. > -----Original Message----- > From: jonmcalexan...@wellsfargo.com.INVALID > <jonmcalexan...@wellsfargo.com.INVALID> > Sent: Thursday, March 31, 2022 9:56 AM > To: dev@tomcat.apache.org > Subject: RE: [VOTE] Release Apache Tomcat 10.1.0-M14 > > Noting the Hardening of the class loader, is this going to require this to be > a > security release of the newest Tomcat releases (forthcoming), or will they > still just be standard releases? > > Thanks, > > Dream * Excel * Explore * Inspire > Jon McAlexander > Infrastructure Engineer > Asst Vice President > He/His > > Middleware Product Engineering > Enterprise CIO | EAS | Middleware | Infrastructure Solutions > > 8080 Cobblestone Rd | Urbandale, IA 50322 > MAC: F4469-010 > Tel 515-988-2508 | Cell 515-988-2508 > > jonmcalexan...@wellsfargo.com > This message may contain confidential and/or privileged information. If you > are not the addressee or authorized to receive this for the addressee, you > must not use, copy, disclose, or take any action based on this message or any > information herein. If you have received this message in error, please advise > the sender immediately by reply e-mail and delete this message. Thank you > for your cooperation. > > > > -----Original Message----- > > From: Mark Thomas <ma...@apache.org> > > Sent: Thursday, March 31, 2022 8:58 AM > > To: Tomcat Developers List <dev@tomcat.apache.org> > > Subject: [VOTE] Release Apache Tomcat 10.1.0-M14 > > > > The proposed Apache Tomcat 10.1.0-M14 release is now available for > voting. > > > > Applications that run on Tomcat 9 and earlier will not run on Tomcat > > 10 without changes. Java EE applications designed for Tomcat 9 and > > earlier may be placed in the $CATALINA_BASE/webapps-javaee directory > > and Tomcat will automatically convert them to Jakarta EE and copy them > > to the webapps directory. > > > > The notable changes compared to 10.1.0-M12 are: > > > > - Update the packaged version of the Tomcat Native Library to 1.2.32 to > > pick up Windows binaries built with OpenSSL 1.1.1n. > > > > - Improve logging of unknown HTTP/2 settings frames. Pull request by > > Thomas Hoffmann. > > > > - Update the JASPIC 2.0 API to Jakarta Authentication 3.0 (JASPIC was > > renamed for Jakarta EE 10) > > > > - Harden the class loader to provide a mitigation for CVE-2022-22965 > > a Spring Framework vulnerability > > > > For full details, see the change log: > > https://urldefense.com/v3/__https://nightlies.apache.org/tomcat/tomcat > > - > 10.1.x/docs/changelog.html__;!!F9svGWnIaVPGSwU!8mSg3B7bwW3JnbXXA > > HCr-s8j6bZCdu7KDUxw0l3wJQ8OI_ns3yIc_U-_KVbJQJhG49qpLRI$ > > > > It can be obtained from: > > https://urldefense.com/v3/__https://dist.apache.org/repos/dist/dev/tom > > c > > at/tomcat-10/v10.1.0- > > M14/__;!!F9svGWnIaVPGSwU!8mSg3B7bwW3JnbXXAHCr- > > s8j6bZCdu7KDUxw0l3wJQ8OI_ns3yIc_U-_KVbJQJhG6BHBJ-s$ > > > > The Maven staging repo is: > > https://urldefense.com/v3/__https://repository.apache.org/content/repo > > si > > tories/orgapachetomcat- > > 1367__;!!F9svGWnIaVPGSwU!8mSg3B7bwW3JnbXXAHCr- > > s8j6bZCdu7KDUxw0l3wJQ8OI_ns3yIc_U-_KVbJQJhG7SAVFwo$ > > > > The tag is: > > > https://urldefense.com/v3/__https://github.com/apache/tomcat/tree/10.1. > > 0-M14__;!!F9svGWnIaVPGSwU!8mSg3B7bwW3JnbXXAHCr- > > s8j6bZCdu7KDUxw0l3wJQ8OI_ns3yIc_U-_KVbJQJhGfLmoUPs$ > > 02e84c839def0228475fad85d0b19abc2f70b03f > > > > > > The proposed 10.1.0-M14 release is: > > [ ] Broken - do not release > > [ ] Alpha - go ahead and release as 10.1.0-M14 (alpha) > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For > > additional commands, e-mail: dev-h...@tomcat.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional > commands, e-mail: dev-h...@tomcat.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
