Rainer,
On 5/17/23 09:19, Rainer Jung wrote:
Am 09.05.23 um 19:38 schrieb Christopher Schultz:
The proposed Apache Tomcat 8.5.89 release is now available for voting.
The notable changes compared to 8.5.88 are:
- Many improvements to the JSON access log valve.
- Deprecate support for the HTTP Connector settings rejectIllegalHeader
and allowHostHeaderMismatch and reject HTTP headers without names.
- Add a RateLimitFilter which can be used to mitigate DoS and Brute
Force attacks.
Along with lots of other bug fixes and improvements.
For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.89/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1436
The tag is:
https://github.com/apache/tomcat/tree/8.5.89/
da91bd19ef2cb34a96e4ad04749dfc97c941db87
The proposed 8.5.89 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 8.5.88 (stable)
+1 to release.
Tested on RHEL 6, 7 and 8, SLES 11, 12 and 15, Solaris 10 and 11 with a
variety of JVM versions (1.7.0, 1.8.0, 11, 17, 20, 21) and vendors
(Adoptium, Azul Zulu, Oracle, RedHat). Also tested with tcnative 1.2.36
and 2.0.3 using OpenSSL 1.1.1t, 3.0.8 and 3.1.0.
The new RateLimitFilter fails its test, but there was a post-8.5.89
commit that changes the test. Haven't checked, whether that fixed it.
Thanks for RM,
Of course. Thanks for the vote ;)
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
