Mark,
Thanks for RMing. I hope I didn't break your 8.5.78 git tag. I was 2.5
hours later than you, and didn't realize you had already rolled the release.
Mark, there are two signature files missing from the release artifacts,
detailed below. Can you check on those?
On 3/31/22 12:54, Mark Thomas wrote:
The proposed Apache Tomcat 8.5.78 release is now available for voting.
The notable changes compared to 8.5.77 are:
- Update the packaged version of the Tomcat Native Library to 1.2.32 to
pick up Windows binaries built with OpenSSL 1.1.1n.
- Improve logging of unknown HTTP/2 settings frames. Pull request by
Thomas Hoffmann.
- Add additional warnings if incompatible TLS configurations are used
such as HTTP/2 with CLIENT-CERT authentication
- Harden the class loader to provide a mitigation for CVE-2022-22965
a Spring Framework vulnerability
Along with lots of other bug fixes and improvements.
This is the third release of Tomcat 8.5 that has been built with Java 11
(in Java 7 mode) instead of Java 7. Please report any strangeness you
may observe especially if you are running Tomcat 8.5 in an environment
using Java < 11. We don't expect any issues, but understand that we
cannot test all possible environmental configurations.
For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.78/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1370
The tag is:
https://github.com/apache/tomcat/tree/8.5.78
f732d3aa5ca55eb07cb73d9ec2b585330f80f00b
The proposed 8.5.78 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 8.5.78 (stable)
Works on a vanilla servlet-based web application in a testing environment.
Unit tests pass on Debian Linux and MacOS Big Sur.
Note: the files apache-tomcat-8.5.78.zip.asc and
apache-tomcat-8.5.78.tar.gz.asc were expected but missing.
Details:
* Environment
* Java (build): openjdk version "1.8.0_292" OpenJDK Runtime
Environment (build 1.8.0_292-8u292-b10-0+deb9u1-b10) OpenJDK 64-Bit
Server VM (build 25.292-b10, mixed mode)
* Java (test): openjdk version "1.8.0_292" OpenJDK Runtime
Environment (build 1.8.0_292-8u292-b10-0+deb9u1-b10) OpenJDK 64-Bit
Server VM (build 25.292-b10, mixed mode)
* OS: Linux 4.19.0-18-amd64 x86_64
* cc: cc (Debian 8.3.0-6) 8.3.0
* make: GNU Make 4.2.1
* OpenSSL: OpenSSL 1.1.1 11 Sep 2018
* APR: 1.6.5
*
* Valid SHA-512 signature for apache-tomcat-8.5.78.zip
* !! Invalid GPG signature for apache-tomcat-8.5.78.zip
* Valid SHA-512 signature for apache-tomcat-8.5.78.tar.gz
* !! Invalid GPG signature for apache-tomcat-8.5.78.tar.gz
* Valid SHA-512 signature for apache-tomcat-8.5.78.exe
* Valid GPG signature for apache-tomcat-8.5.78.exe
* Valid Windows Digital Signature for apache-tomcat-8.5.78.exe
* Valid SHA512 signature for apache-tomcat-8.5.78-src.zip
* Valid GPG signature for apache-tomcat-8.5.78-src.zip
* Valid SHA512 signature for apache-tomcat-8.5.78-src.tar.gz
* Valid GPG signature for apache-tomcat-8.5.78-src.tar.gz
*
* Binary Zip and tarball: Same
* Source Zip and tarball: Same
*
* Building dependencies returned: 0
* tcnative builds cleanly
* Tomcat builds cleanly
* Junit Tests: PASSED
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
