Am 31.03.22 um 16:56 schrieb Rémy Maucherat:
The proposed Apache Tomcat 9.0.62 release is now available for voting.The notable changes compared to 9.0.60 are: - Update the packaged version of the Tomcat Native Library to 1.2.32 to pick up Windows binaries built with OpenSSL 1.1.1n. - Improve logging of unknown HTTP/2 settings frames. Pull request by Thomas Hoffmann. - Add additional warnings if incompatible TLS configurations are used such as HTTP/2 with CLIENT-CERT authentication - Harden the class loader to provide a mitigation for CVE-2022-22965 a Spring Framework vulnerability Along with lots of other bug fixes and improvements. For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1368 The tag is: https://github.com/apache/tomcat/tree/9.0.62 85113741042dcce9e9792bdbc3d498172bc31291 The proposed 9.0.62 release is: [ ] Broken - do not release [x] Stable - go ahead and release as 9.0.62 (stable)
Unit tests run with Java 11 and Java 8 on Linux Felix
Rémy --------------------------------------------------------------------- To unsubscribe, e-mail:dev-unsubscr...@tomcat.apache.org For additional commands, e-mail:dev-h...@tomcat.apache.org
OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature
