Am 18.03.26 um 18:18 schrieb Christopher Schultz:
The proposed Apache Tomcat 10.1.53 release is now available for
voting.
All committers and PMC members are kindly requested to provide a vote if
possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are
binding. We welcome non-committer votes or comments on release builds.
The notable changes compared to 10.1.52 are:
- Relax HTTP/2 header validation and respond to invalid requests with
a stream reset or a 400 response as appropriate rather then with a
connection reset.
- Fix bug 69964: Respect the configured cipher order, which was no
longer respected following the addition of TLS 1.3 specific cipher
configuration. TLS 1.3 ciphers will always be first in the list.
- Update Tomcat Native to 2.0.14 and increase the recommended version to
2.0.14
For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
will automatically convert them to Jakarta EE and copy them to the
webapps directory.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.53/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1585
The tag is:
https://github.com/apache/tomcat/tree/10.1.53
https://github.com/apache/tomcat/commit/
f3d5786aa1bd6c2a78d666afc89b2a4570f66593
Please reply with a +1 for release or +0/-0/-1 with an explanation.
+1 to release.
Reproducibility of the build checked (including the Windows installer)
using "ant verify-release" on Linux Mint 22.3. OK after setting LANG.
Original Windows installer signature verified with osslsigncode 2.10.
Unit tests ran on platforms
- RHEL 7, 8, 9 and 10 and SLES 12 and 15
using
- recent patch versions of JDK 11, 17, 21, 25, 26 (only OpenJDK GA) and
27 (EA)
from
- Eclipse Adoptium, Azul Zulu, Amazon Coretto, Oracle, RedHat and
OpenJDK (for 26 and 27)
where available.
Also tested with
- tcnative 1.3.7, 2.0.14 and panama
- tcnative including post-release memory leak patches
based on
- OpenSSL 3.0.19, 3.5.5, 3.6.1 and 4.0.0-alpha1 (for tcnative 2 and panama)
- OpenSSL containing one post-release patch for 3.5 and 3.6.
Not all test runs are done yet, but by far most of them. Only some
JDK25, 26 and 27 on RHEL still need to run.
Test observations:
- IMHO none critical
- TestOcspSoftFailTryLater often fails with jsse
(any JDK version)
- For TC 11 it was only for NIO2 and either
java.net.SocketException: Broken pipe or
java.net.SocketException: Connection reset by peer
- TestOcspEnabled sometimes fails when using panama
- TestOcspEnabled sometimes fails when using tcnative and JDK21+
(no crash case)
- in addition very few sporadic failures and or crashes
(9 without crash, 11 with crash; total 947 test runs until now)
Thanks for RM!
Best regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
