On Thu, Mar 31, 2022 at 11:14 PM Christopher Schultz <ch...@christopherschultz.net> wrote: > > Mark, > > Thanks for RMing. I hope I didn't break your 8.5.78 git tag. I was 2.5 > hours later than you, and didn't realize you had already rolled the release.
It looks fine: https://github.com/apache/tomcat/tree/8.5.78 Rémy > Mark, there are two signature files missing from the release artifacts, > detailed below. Can you check on those? > > On 3/31/22 12:54, Mark Thomas wrote: > > The proposed Apache Tomcat 8.5.78 release is now available for voting. > > > > The notable changes compared to 8.5.77 are: > > > > - Update the packaged version of the Tomcat Native Library to 1.2.32 to > > pick up Windows binaries built with OpenSSL 1.1.1n. > > > > - Improve logging of unknown HTTP/2 settings frames. Pull request by > > Thomas Hoffmann. > > > > - Add additional warnings if incompatible TLS configurations are used > > such as HTTP/2 with CLIENT-CERT authentication > > > > - Harden the class loader to provide a mitigation for CVE-2022-22965 > > a Spring Framework vulnerability > > > > Along with lots of other bug fixes and improvements. > > > > This is the third release of Tomcat 8.5 that has been built with Java 11 > > (in Java 7 mode) instead of Java 7. Please report any strangeness you > > may observe especially if you are running Tomcat 8.5 in an environment > > using Java < 11. We don't expect any issues, but understand that we > > cannot test all possible environmental configurations. > > > > For full details, see the changelog: > > https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html > > > > It can be obtained from: > > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.78/ > > The Maven staging repo is: > > https://repository.apache.org/content/repositories/orgapachetomcat-1370 > > The tag is: > > https://github.com/apache/tomcat/tree/8.5.78 > > f732d3aa5ca55eb07cb73d9ec2b585330f80f00b > > > > The proposed 8.5.78 release is: > > [ ] Broken - do not release > > [X] Stable - go ahead and release as 8.5.78 (stable) > > Works on a vanilla servlet-based web application in a testing environment. > > Unit tests pass on Debian Linux and MacOS Big Sur. > > Note: the files apache-tomcat-8.5.78.zip.asc and > apache-tomcat-8.5.78.tar.gz.asc were expected but missing. > > Details: > * Environment > * Java (build): openjdk version "1.8.0_292" OpenJDK Runtime > Environment (build 1.8.0_292-8u292-b10-0+deb9u1-b10) OpenJDK 64-Bit > Server VM (build 25.292-b10, mixed mode) > * Java (test): openjdk version "1.8.0_292" OpenJDK Runtime > Environment (build 1.8.0_292-8u292-b10-0+deb9u1-b10) OpenJDK 64-Bit > Server VM (build 25.292-b10, mixed mode) > * OS: Linux 4.19.0-18-amd64 x86_64 > * cc: cc (Debian 8.3.0-6) 8.3.0 > * make: GNU Make 4.2.1 > * OpenSSL: OpenSSL 1.1.1 11 Sep 2018 > * APR: 1.6.5 > * > * Valid SHA-512 signature for apache-tomcat-8.5.78.zip > * !! Invalid GPG signature for apache-tomcat-8.5.78.zip > * Valid SHA-512 signature for apache-tomcat-8.5.78.tar.gz > * !! Invalid GPG signature for apache-tomcat-8.5.78.tar.gz > * Valid SHA-512 signature for apache-tomcat-8.5.78.exe > * Valid GPG signature for apache-tomcat-8.5.78.exe > * Valid Windows Digital Signature for apache-tomcat-8.5.78.exe > * Valid SHA512 signature for apache-tomcat-8.5.78-src.zip > * Valid GPG signature for apache-tomcat-8.5.78-src.zip > * Valid SHA512 signature for apache-tomcat-8.5.78-src.tar.gz > * Valid GPG signature for apache-tomcat-8.5.78-src.tar.gz > * > * Binary Zip and tarball: Same > * Source Zip and tarball: Same > * > * Building dependencies returned: 0 > * tcnative builds cleanly > * Tomcat builds cleanly > * Junit Tests: PASSED > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
