The proposed Apache Tomcat 11.0.0-M11 release is now available for
voting.
Apache Tomcat 11.0.0-M11 is a milestone release of the 11.0.x branch and
has been made to provide users with early access to the new features in
Apache Tomcat 11.0.x so that they may provide feedback. The notable
changes compared to the previous milestone include:
- Update the HTTP parameter handling to align with the changes in the
Jakarta Servlet 6.1 API Javadoc for the ServletRequest methods used
to obtain request parameters. Invalid parameters and/or exceeding
parameter size and/or quantity limits now triggerm exceptions. As a
consequence, the FailedRequestFilter has been removed.
- If an application or library sets both a non-500 error code and the
jakarta.servlet.error.exception</code> request attribute, use the
provided error code during error page processing rather than assuming
an error code of 500.
- Fix for FORM authentication open redirect - CVE-2023-41080
For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html
Applications that run on Tomcat 9 and earlier will not run on Tomcat 11
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
will automatically convert them to Jakarta EE and copy them to the
webapps directory. Applications using deprecated APIs may require
further changes.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M11/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1451
The tag is:
https://github.com/apache/tomcat/tree/11.0.0-M11
ae109f6248e00a1952f706d6941ff930ad4466e1
The proposed 11.0.0-M11 release is:
[ ] -1 Broken - do not release
[ ] +1 Alpha - go ahead and release as 11.0.0-M11
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
