[jira] [Commented] (GUACAMOLE-1325) Apache Tomcat 10.0 Servlet API incompatibility

Mon, 12 Feb 2024 05:54:04 -0800 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17816611#comment-17816611
 ] 

Irmin Okic commented on GUACAMOLE-1325:
---------------------------------------

[~libor.svehlak] That was my plan in case the vulnerabilities get to a point 
where they can't be mitigated. Thanks for confirming that it works!

[~vnick] Would the following approach be acceptable:
* Since the Tomcat 9 is approaching EOL and assuming guacamole has a good 
enough feature set as it is now for the projects using it ... Designate the 
current version (or one soon to be released) as the last version supporting 
Tomcat 9, but allow backporting security fixes for vulnerabilities with a 
medium to critical severity. The main branch could then start accepting 
pull-requests like the one Libor has suggested and moving toward Tomcat 10 and 
by extension the supported Spring Boot versions. This is kind of the way a lot 
of other projects handle this situation.

There is then the topic of the frontend that [~mjumper] mentioned. For 
pull-requests it would also be advantageous to have that in a separate project. 
I guess there are many projects using only guacamole-common and may want to 
supply fixes and improvements for it, but can't take the load of properly 
maintaining the frontend. This would be the case for me. If I encounter 
something unimplemented/unfixed and really want it done I may invest the time 
and make a pull-request, but the frontend is completely unknown to me and it 
would mean additional work.

I understand that most of the work done on guacamole is volunteer work, but 
these topics are strategic, how things should be handled to improve project 
performance.

> Apache Tomcat 10.0 Servlet API incompatibility
> ----------------------------------------------
>
>                 Key: GUACAMOLE-1325
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1325
>             Project: Guacamole
>          Issue Type: Improvement
>          Components: guacamole, guacamole-common, guacamole-ext
>    Affects Versions: 1.3.0, 1.4.0
>            Reporter: Mathias
>            Priority: Minor
>
> Guacamole client 1.3.0 is not working with Apache Tomcat 10. Apache Tomcat 
> 10.0.x requires a new Servlet 5.0 API. The Java package has changed from 
> javax.servlet to jakarta.servlet.
> [Migrating from Tomcat 9.0 to 10.0|http://tomcat.apache.org/migration-10.html]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to