The proposed Apache Tomcat 10.1.13 release is now available for
voting.
The notable changes compared to 10.1.12 are:
- If an application or library sets both a non-500 error code and the
jakarta.servlet.error.exception</code> request attribute, use the
provided error code during error page processing rather than assuming
an error code of 500.
- Fix for FORM authentication open redirect - CVE-2023-41080
For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
will automatically convert them to Jakarta EE and copy them to the
webapps directory.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.13/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1452
The tag is:
https://github.com/apache/tomcat/tree/10.1.13
71dddc8a1b8fe1175a14e6dd98bb8af56c9ad75d
The proposed 10.1.13 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.13
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
