Re: [VOTE] Release Apache Tomcat 10.1.0-M14

[Mark Thomas]

On 31/03/2022 16:05, jonmcalexan...@wellsfargo.com.INVALID wrote:
Sorry, just read the thread in tomcat.developers. I don't know about doing in 
parallel. IT may be best to just supersede to 10.0.20 and 9.0.62 instead of 
rolling .19 and .61. Less confusion.

No problem. I think there is general agreement on the confusion point. 
For now, we are leaving the earlier release votes open just to give us 
options if (as unlikely that it is) something goes wrong with the later 
releases.

My current expectation is that, assuming the new votes pass, the older 
votes will be cancelled when the new votes have passed.

Mark


Dream * Excel * Explore * Inspire
Jon McAlexander
Infrastructure Engineer
Asst Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.


-----Original Message-----
From: jonmcalexan...@wellsfargo.com.INVALID
<jonmcalexan...@wellsfargo.com.INVALID>
Sent: Thursday, March 31, 2022 9:56 AM
To: dev@tomcat.apache.org
Subject: RE: [VOTE] Release Apache Tomcat 10.1.0-M14

Noting the Hardening of the class loader, is this going to require this to be a
security release of the newest Tomcat releases (forthcoming), or will they
still just be standard releases?

Thanks,

Dream * Excel * Explore * Inspire
Jon McAlexander
Infrastructure Engineer
Asst Vice President
He/His

Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508

jonmcalexan...@wellsfargo.com
This message may contain confidential and/or privileged information. If you
are not the addressee or authorized to receive this for the addressee, you
must not use, copy, disclose, or take any action based on this message or any
information herein. If you have received this message in error, please advise
the sender immediately by reply e-mail and delete this message. Thank you
for your cooperation.


-----Original Message-----
From: Mark Thomas <ma...@apache.org>
Sent: Thursday, March 31, 2022 8:58 AM
To: Tomcat Developers List <dev@tomcat.apache.org>
Subject: [VOTE] Release Apache Tomcat 10.1.0-M14

The proposed Apache Tomcat 10.1.0-M14 release is now available for
voting.

Applications that run on Tomcat 9 and earlier will not run on Tomcat
10 without changes. Java EE applications designed for Tomcat 9 and
earlier may be placed in the $CATALINA_BASE/webapps-javaee directory
and Tomcat will automatically convert them to Jakarta EE and copy them
to the webapps directory.

The notable changes compared to 10.1.0-M12 are:

- Update the packaged version of the Tomcat Native Library to 1.2.32 to
    pick up Windows binaries built with OpenSSL 1.1.1n.

- Improve logging of unknown HTTP/2 settings frames. Pull request by
    Thomas Hoffmann.

- Update the JASPIC 2.0 API to Jakarta Authentication 3.0 (JASPIC was
    renamed for Jakarta EE 10)

- Harden the class loader to provide a mitigation for CVE-2022-22965
    a Spring Framework vulnerability

For full details, see the change log:
https://urldefense.com/v3/__https://nightlies.apache.org/tomcat/tomcat
-
10.1.x/docs/changelog.html__;!!F9svGWnIaVPGSwU!8mSg3B7bwW3JnbXXA
HCr-s8j6bZCdu7KDUxw0l3wJQ8OI_ns3yIc_U-_KVbJQJhG49qpLRI$

It can be obtained from:
https://urldefense.com/v3/__https://dist.apache.org/repos/dist/dev/tom
c
at/tomcat-10/v10.1.0-
M14/__;!!F9svGWnIaVPGSwU!8mSg3B7bwW3JnbXXAHCr-
s8j6bZCdu7KDUxw0l3wJQ8OI_ns3yIc_U-_KVbJQJhG6BHBJ-s$

The Maven staging repo is:
https://urldefense.com/v3/__https://repository.apache.org/content/repo
si
tories/orgapachetomcat-
1367__;!!F9svGWnIaVPGSwU!8mSg3B7bwW3JnbXXAHCr-
s8j6bZCdu7KDUxw0l3wJQ8OI_ns3yIc_U-_KVbJQJhG7SAVFwo$

The tag is:

https://urldefense.com/v3/__https://github.com/apache/tomcat/tree/10.1.
0-M14__;!!F9svGWnIaVPGSwU!8mSg3B7bwW3JnbXXAHCr-
s8j6bZCdu7KDUxw0l3wJQ8OI_ns3yIc_U-_KVbJQJhGfLmoUPs$
02e84c839def0228475fad85d0b19abc2f70b03f


The proposed 10.1.0-M14 release is:
[ ] Broken - do not release
[ ] Alpha - go ahead and release as 10.1.0-M14 (alpha)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For
additional commands, e-mail: dev-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional
commands, e-mail: dev-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org