dev  

Messages by Thread

• (tomcat) branch main updated (598231503b -> 5a2f297dc5) markt
  • (tomcat) 02/02: Fix TLS group configuration with OpenSSL + Native markt
  • (tomcat) 01/02: Improve formatting of version in error message. markt
• (tomcat) branch 9.0.x updated: Avoid possible NPEs remm
• (tomcat) branch 10.1.x updated (4b03fe1343 -> 0d7bd68e64) remm
  • (tomcat) 01/02: Fix questionable name remm
  • (tomcat) 02/02: Avoid possible NPEs remm
• (tomcat) branch 11.0.x updated: Avoid possible NPEs remm
  • (tomcat) branch 11.0.x updated: Avoid possible NPEs remm
• (tomcat) branch main updated: Avoid possible NPEs remm
  • (tomcat) branch main updated: Avoid possible NPEs remm
• (tomcat) branch 9.0.x updated: Fix questionable name remm
• (tomcat) branch 11.0.x updated: Fix questionable name remm
• (tomcat) branch main updated: Fix questionable name remm
• (tomcat) branch 9.0.x updated: Fix OpenSSL init markt
• (tomcat) branch 10.1.x updated: Fix OpenSSL init markt
• (tomcat) branch 11.0.x updated: Fix OpenSSL init markt
• (tomcat) branch main updated: Fix OpenSSL init markt
• (tomcat) branch 10.1.x updated (b716f5665c -> 307d0d5162) markt
  • (tomcat) 01/02: Deprecate unused code markt
  • (tomcat) 02/02: Fix inconsistent getters and setters markt
• (tomcat) branch main updated: Fix inconsistent getters and setters markt
• (tomcat) branch 9.0.x updated: Fix inconsistent getters and setters markt
• (tomcat) branch 11.0.x updated: Fix inconsistent getters and setters markt
• (tomcat) branch 10.1.x updated: Avoid possible NPE remm
  • (tomcat) branch 10.1.x updated: Avoid possible NPE remm
  • (tomcat) branch 10.1.x updated: Avoid possible NPE remm
• (tomcat) branch 9.0.x updated: Avoid possible NPE remm
  • (tomcat) branch 9.0.x updated: Avoid possible NPE remm
  • (tomcat) branch 9.0.x updated: Avoid possible NPE remm
• (tomcat) branch 11.0.x updated: Avoid possible NPE remm
  • (tomcat) branch 11.0.x updated: Avoid possible NPE remm
  • (tomcat) branch 11.0.x updated: Avoid possible NPE remm
• (tomcat) branch main updated: Avoid possible NPE remm
  • (tomcat) branch main updated: Avoid possible NPE remm
  • (tomcat) branch main updated: Avoid possible NPE remm
• (tomcat) branch 9.0.x updated: Add null checks for consistency remm
• (tomcat) branch 10.1.x updated: Add null checks for consistency remm
• (tomcat) branch 11.0.x updated: Add null checks for consistency remm
• (tomcat) branch main updated: Add null checks for consistency remm
• (tomcat-native) branch main updated: Use absolute paths markt
• (tomcat-native) branch main updated: Need sudo to install packages markt
• (tomcat-native) branch main updated: Add required package markt
• (tomcat-native) branch main updated: Update path markt
• (tomcat-native) branch main updated: Again, Linux not Windows markt
• (tomcat-native) branch main updated: And the other instances markt
• (tomcat-native) branch main updated: This is Linux, not Windows markt
• (tomcat-native) branch main updated: Fix typo markt
• (tomcat-native) branch main updated: First attempt at a manual build markt
• (tomcat-native) branch main updated: Fix indent markt
• (tomcat-jakartaee-migration) branch main updated: Add AGENTS.md and SECURITY.md to support AI security scans markt
• (tomcat-connectors) branch main updated: Add AGENTS.md and SECURITY.md to support AI security scans markt
• (tomcat-native) branch main updated (44d6c5522 -> 198a9b87f) markt
  • (tomcat-native) 02/02: Add minimal permissions markt
  • (tomcat-native) 01/02: Add AGENTS.md and SECURITY.md to support AI security scans markt
• (tomcat-native) branch main updated: Add CodeQL workflow markt
• (tomcat) branch 9.0.x updated: Add AGENTS.md + SECURITY.md linking the project's security model schultz
• (tomcat) branch 10.1.x updated: Add AGENTS.md + SECURITY.md linking the project's security model schultz
• (tomcat) branch 11.0.x updated: Add AGENTS.md + SECURITY.md linking the project's security model schultz
• (tomcat) branch main updated: Add AGENTS.md + SECURITY.md linking the project's security model schultz
• [PR] Add AGENTS.md + SECURITY.md linking the project's security model [tomcat] via GitHub
  • Re: [PR] Add AGENTS.md + SECURITY.md linking the project's security model [tomcat] via GitHub
• (tomcat-native) branch main updated: Additional Visual Studio 2026 / 18 updates markt
• (tomcat-tck) branch main updated: EL TCK SNAPSHOTS are now avaiable from Maven Central markt
• (tomcat-native) branch main updated: Remove debug steps from workflow and fix issue markt
• (tomcat-native) branch main updated: Update Visual Studio path to version 18 markt
• (tomcat-native) branch main updated: Fix directory navigation commands in makefile.yml markt
• (tomcat-native) branch main updated: Add debugging for Visual Studio directory errors markt
• (tomcat) branch main updated: Remove unused code markt
• (tomcat) branch 9.0.x updated: Deprecate unused code markt
• (tomcat) branch 11.0.x updated: Deprecate unused code markt
• (tomcat) branch main updated: Deprecate unused code markt
• (tomcat-native) branch main updated: Remove unused SNI support markt
  • Re: (tomcat-native) branch main updated: Remove unused SNI support Christopher Schultz
• (tomcat) branch main updated: Remove unnecessary code. markt
• (tomcat) branch 9.0.x updated: Fix a CodeQL warning markt
• (tomcat) branch 10.1.x updated: Fix a CodeQL warning markt
• (tomcat) branch 11.0.x updated: Fix a CodeQL warning markt
• (tomcat) branch main updated: Fix a CodeQL warning markt
• [Bug 70040] New: Tomcat 10.1.55 startup failure for ClearSee Application was caused by incompatibility with jakartaee-migration-1.0.10-shaded.jar. bugzilla
• (tomcat) branch main updated: Change CodeQL queries from security-extended to security-and-quality markt
• (tomcat) branch main updated: Add security-extended queries to CodeQL workflow markt
• (tomcat) branch main updated: Add workflow_dispatch trigger to CodeQL workflow markt
• Tomcat Security Day - October 15 - Glasgow Mark Thomas
• (tomcat) branch 9.0.x updated: Remove duplicate markt
• (tomcat) branch 10.1.x updated: Fix duplicate markt
• (tomcat) branch 9.0.x updated: Explicit read-only permissions markt
  • (tomcat) branch 9.0.x updated: Explicit read-only permissions markt
• (tomcat) branch 10.1.x updated: Explicit read-only permissions markt
  • (tomcat) branch 10.1.x updated: Explicit read-only permissions markt
• (tomcat) branch 11.0.x updated: Explicit read-only permissions markt
• (tomcat) branch main updated: Add explicit read-only permissions to CI workflows markt
• (tomcat) branch main updated: Warn for insecure PEM file encryption markt
  • Re: (tomcat) branch main updated: Warn for insecure PEM file encryption Christopher Schultz
  • Re: (tomcat) branch main updated: Warn for insecure PEM file encryption Mark Thomas
• (tomcat) branch main updated: Clean-up CodeQL configuration markt
• (tomcat) branch main updated: Update CodeQL config to ignore test paths markt
• (tomcat) branch main updated: Attempt to fix CodeQL config markt
• (tomcat) branch main updated: Create custom CodeQL configuration markt
• (tomcat) branch 11.0.x updated: More explicit message and log at error rather than warning markt
• (tomcat) branch 9.0.x updated: More explicit message and log at error rather than warning markt
• (tomcat) branch 10.1.x updated: More explicit message and log at error rather than warning markt
• (tomcat) branch main updated (7ff10fab8e -> 08bdec1243) markt
  • (tomcat) 01/02: Use byte rather than int for byte values. markt
  • (tomcat) 02/02: More explicit message and log at error rather than warning markt
• (tomcat) branch 9.0.x updated: Add unit tests for PQC features dsoumis
• (tomcat) branch 10.1.x updated: Add unit tests for PQC features dsoumis
• (tomcat) branch 11.0.x updated: Add unit tests for PQC features dsoumis
• (tomcat) branch main updated: Add unit tests for PQC features dsoumis
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Mark Thomas
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Dimitris Soumis
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Dimitris Soumis
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Mark Thomas
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Mark Thomas
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Rémy Maucherat
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Dimitris Soumis
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Mark Thomas
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Mark Thomas
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Dimitris Soumis
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Mark Thomas
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Rémy Maucherat
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Christopher Schultz
  • Re: (tomcat) branch main updated: Add unit tests for PQC features Rainer Jung
• (tomcat) branch 11.0.x updated: Fix potential thread safety issue markt
• (tomcat) branch 9.0.x updated: Fix potential thread safety issue markt
• (tomcat) branch 10.1.x updated: Fix potential thread safety issue markt
• (tomcat) branch main updated: Fix potential thread safety issue markt
• (tomcat) branch 10.1.x updated: Fix IDE warnings markt
• (tomcat) branch main updated: Fix IDE warnings markt
• (tomcat) branch 9.0.x updated: Fix IDE warnings markt
• (tomcat) branch 11.0.x updated: Fix IDE warnings markt
• (tomcat-maven-plugin) branch dependabot/maven/org.apache-apache-38 deleted (was a52663a) github-bot
• (tomcat-maven-plugin) branch trunk updated (51e95bf -> 1789434) remm
  • (tomcat-maven-plugin) 01/01: Merge pull request #124 from apache/dependabot/maven/org.apache-apache-38 remm
• (tomcat-maven-plugin) branch dependabot/maven/org.apache-apache-38 created (now a52663a) github-bot
• [PR] Bump org.apache:apache from 37 to 38 [tomcat-maven-plugin] via GitHub
  • Re: [PR] Bump org.apache:apache from 37 to 38 [tomcat-maven-plugin] via GitHub
• (tomcat) branch 9.0.x updated: Update StoreRegistry to dynamically load clustering classes (#1005) dsoumis
• (tomcat) branch 10.1.x updated: Update StoreRegistry to dynamically load clustering classes (#1005) dsoumis
• (tomcat) branch 11.0.x updated: Update StoreRegistry to dynamically load clustering classes (#1005) dsoumis
• How to approach security fixes Mark Thomas
  • Re: How to approach security fixes Rémy Maucherat
  • Re: How to approach security fixes Mark Thomas
  • Re: How to approach security fixes Mark Thomas
  • Re: How to approach security fixes Rémy Maucherat
  • Re: How to approach security fixes Mark Thomas
  • Re: How to approach security fixes Mark Thomas
  • Re: How to approach security fixes Christopher Schultz
  • Re: How to approach security fixes Mark Thomas
  • Re: How to approach security fixes Christopher Schultz
• (tomcat) branch main updated: Update StoreRegistry to dynamically load clustering classes (#1005) dsoumis
• Jakarta EE release cadence Mark Thomas
  • Re: Jakarta EE release cadence Rémy Maucherat
  • Re: Jakarta EE release cadence Coty Sutherland
  • Re: Jakarta EE release cadence Christopher Schultz
• [SECURITY] CVE-2026-43512 Apache Tomcat - Digest authenticator will authenticate any unknown user Mark Thomas
• [SECURITY] CVE-2026-43515 Apache Tomcat - Security constraints not correctly applied Mark Thomas
• [SECURITY] CVE-2026-43513 Apache Tomcat - LockOutRealm treats user names as case-sensitive Mark Thomas
• [SECURITY] CVE-2026-43514 Apache Tomcat - AJP secret compared in non-constant time Mark Thomas
• [SECURITY] CVE-2026-41284 Apache Tomcat - Unbounded read in WebDAV LOCK and PROPFIND handling Mark Thomas
• [SECURITY] CVE-2026-41293 Apache Tomcat - HTTP/2 request headers not validated Mark Thomas
• [SECURITY] CVE-2026-42498 Apache Tomcat - WebSocket authentication header exposure Mark Thomas
• svn commit: r1934143 - in tomcat/site/trunk: docs xdocs markt
• [PR] Add explicit read-only permissions to CI workflows [tomcat] via GitHub
  • Re: [PR] Add explicit read-only permissions to CI workflows [tomcat] via GitHub
  • Re: [PR] Add explicit read-only permissions to CI workflows [tomcat] via GitHub
  • Re: [PR] Add explicit read-only permissions to CI workflows [tomcat] via GitHub
• svn commit: r1934139 - in tomcat/site/trunk: docs xdocs/stylesheets markt
• svn commit: r1934136 - tomcat/site/trunk/docs markt
• (tomcat) branch 9.0.x updated: Fix merge error in comment markt
• (tomcat) branch 10.1.x updated: Fix merge error in comment markt
• (tomcat) branch 10.1.x updated: Additional context path validation on deployment markt
• (tomcat) branch 9.0.x updated: Additional context path validation on deployment markt
• (tomcat) branch 11.0.x updated: Additional context path validation on deployment markt
• (tomcat) branch main updated: Additional context path validation on deployment markt
• (tomcat) branch 10.1.x updated: Fix BZ 70038 - Cookie.clone() should also clone internal attribute map markt
• (tomcat) branch 11.0.x updated: Fix BZ 70038 - Cookie.clone() should also clone internal attribute map markt
• (tomcat) branch main updated: Fix BZ 70038 - Cookie.clone() should also clone internal attribute map markt
• [Bug 70038] New: Cookie.clone() is shallow but reference implementation is deep bugzilla
  • [Bug 70038] Cookie.clone() is shallow but reference implementation is deep bugzilla
  • [Bug 70038] Cookie.clone() is shallow but reference implementation is deep bugzilla
• (tomcat) branch 9.0.x updated: Add release date remm
• svn commit: r1934125 - in tomcat/site/trunk: . docs docs/tomcat-10.1-doc docs/tomcat-10.1-doc/annotationapi docs/tomcat-10.1-doc/annotationapi/jakarta/annotation docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/security docs/tomcat-10.1-doc/annota... schultz
• [ANN] Apache Tomcat 10.1.55 Available Christopher Schultz
• (tomcat) branch 10.1.x updated: Add release date schultz
• svn commit: r84470 - release/tomcat/tomcat-10/v10.1.54 schultz
• svn commit: r84469 - dev/tomcat/tomcat-10/v10.1.55 release/tomcat/tomcat-10/v10.1.55 schultz
• (tomcat) branch 10.1.x updated (27ed96937c -> 4e6141951d) remm
  • (tomcat) 02/03: Add Javadoc indicating that these classes are stubs remm
  • (tomcat) 03/03: @SupressWarnings not required if classes have Javadoc remm
• (tomcat) branch 11.0.x updated: @SupressWarnings not required if classes have Javadoc markt
• (tomcat) branch main updated: @SupressWarnings not required if classes have Javadoc markt
• (tomcat) branch 11.0.x updated: Add Javadoc indicating that these classes are stubs remm
• (tomcat) branch main updated: Add Javadoc indicating that these classes are stubs remm
• Re: (tomcat) branch 11.0.x updated: Fix Jakarta EE APIs javadoc issues Mark Thomas
• [ANN] Apache Tomcat 9.0.118 available Rémy Maucherat
• (tomcat-jakartaee-migration) branch dependabot/maven/org.apache-apache-38 deleted (was 8be4bf4) github-bot
• (tomcat-jakartaee-migration) branch main updated: Bump org.apache:apache from 37 to 38 remm
• (tomcat-jakartaee-migration) branch dependabot/maven/org.apache-apache-38 created (now 8be4bf4) github-bot
• [PR] Bump org.apache:apache from 37 to 38 [tomcat-jakartaee-migration] via GitHub

• Earlier messages
• Later messages