On Thu, Mar 31, 2022 at 6:55 PM Mark Thomas <ma...@apache.org> wrote: > > The proposed Apache Tomcat 8.5.78 release is now available for voting. > > The notable changes compared to 8.5.77 are: > > - Update the packaged version of the Tomcat Native Library to 1.2.32 to > pick up Windows binaries built with OpenSSL 1.1.1n. > > - Improve logging of unknown HTTP/2 settings frames. Pull request by > Thomas Hoffmann. > > - Add additional warnings if incompatible TLS configurations are used > such as HTTP/2 with CLIENT-CERT authentication > > - Harden the class loader to provide a mitigation for CVE-2022-22965 > a Spring Framework vulnerability > > Along with lots of other bug fixes and improvements. > > This is the third release of Tomcat 8.5 that has been built with Java 11 > (in Java 7 mode) instead of Java 7. Please report any strangeness you > may observe especially if you are running Tomcat 8.5 in an environment > using Java < 11. We don't expect any issues, but understand that we > cannot test all possible environmental configurations. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.78/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1370 > The tag is: > https://github.com/apache/tomcat/tree/8.5.78 > f732d3aa5ca55eb07cb73d9ec2b585330f80f00b > > The proposed 8.5.78 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.78 (stable)
Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
