On Sat, Mar 1, 2025 at 8:29 AM Christopher Schultz < ch...@christopherschultz.net> wrote:
> The proposed Apache Tomcat 10.1.37 release is now available for > voting. > > All committers and PMC members are kindly requested to provide a vote if > possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are > binding. We welcome non-committer votes or comments on release builds. > > The notable changes compared to 10.1.36 are: > > - Improve the checks for exposure to and protection against > CVE-2024-56337 so that reflection is not used unless required. The > checks for whether the file system is case sensitive or not have been > removed. > > - Use Transfer-Encoding for compression rather than Content-Encoding if > the client submits a TE header containing gzip > > - Add makensis as an option for building the Installer for Windows on > non-Windows platforms. > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.37/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1535 > > The tag is: > https://github.com/apache/tomcat/tree/10.1.37 > > https://github.com/apache/tomcat/commit/e4338ee7a3e0f22d85f7cb2e04dacee752eaa619 > > Please reply with a +1 for release or +0/-0/-1 with an explanation. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > +1 Build is reproducible and all tests pass on Fedora 41 with Java 21, tcnative-2.0.8, apr-1.7.4, openssl-3.2.4. However, the RSA key (3262A061C42FC4C7BBB5C25C1CF0293FA53CA458) used to sign the release is still not present in the KEYS file.
