Re: (tomcat) branch 10.1.x updated: Fix backport of BZ 66508 regression fix

On Thu, Jan 18, 2024 at 8:18 PM wrote: > > This is an automated email from the ASF dual-hosted git repository. > > markt pushed a commit to branch 10.1.x > in repository https://gitbox.apache.org/repos/asf/tomcat.git > > > The following commit(s) were added to refs/heads/10.1.x by this push: >

Re: (tomcat) branch 10.1.x updated: Fix backport of BZ 66508 regression fix

On 19/01/2024 09:22, Rémy Maucherat wrote: On Thu, Jan 18, 2024 at 8:18 PM wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to

svn commit: r1915320 - in /tomcat/site/trunk: docs/security-8.html docs/security-9.html xdocs/security-8.xml xdocs/security-9.xml

Author: markt Date: Fri Jan 19 10:17:00 2024 New Revision: 1915320 URL: http://svn.apache.org/viewvc?rev=1915320&view=rev Log: Add CVE-2024-21733 Modified: tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.html tomcat/site/trunk/xdocs/security-8.xml tomcat/s

[SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure

CVE-2023-46589 Apache Tomcat - Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0-M11 to 9.0.43 Apache Tomcat 8.5.7 to 8.5.63 Description: Incomplete POST requests triggered an error response that could contain data from a

Re: (tomcat) branch 10.1.x updated: Fix backport of BZ 66508 regression fix

On Fri, Jan 19, 2024 at 11:08 AM Mark Thomas wrote: > > > > On 19/01/2024 09:22, Rémy Maucherat wrote: > > On Thu, Jan 18, 2024 at 8:18 PM wrote: > >> > >> This is an automated email from the ASF dual-hosted git repository. > >> > >> markt pushed a commit to branch 10.1.x > >> in repository https

Re: (tomcat) branch 10.1.x updated: Fix backport of BZ 66508 regression fix

On 19/01/2024 10:24, Rémy Maucherat wrote: On Fri, Jan 19, 2024 at 11:08 AM Mark Thomas wrote: On 19/01/2024 09:22, Rémy Maucherat wrote: On Thu, Jan 18, 2024 at 8:18 PM wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.1.x in

Re: Jakarta EE 11 may be changing minimum Java version to 17

On 16/01/2024 11:44, Rémy Maucherat wrote: On Tue, Jan 16, 2024 at 11:59 AM Mark Thomas wrote: Hi all, I'm not sure what is going on as there has been one significant change in the announcement already but it looks to me as if the minimum Java version for Jakarta EE 11 is changing to Java 17

Re: Jakarta EE 11 may be changing minimum Java version to 17

Hi Mark, I understand your perspective about changing 21 to 17 so late. Open Liberty uses Tomcat's Expression Language and we would prefer to use a Java 17 binary. However, there are workarounds for us. As for the EL TCK issue, I'd be happy to take a look if you push up a branch. Thank you, Vo

Re: Jakarta EE 11 may be changing minimum Java version to 17

On 19/01/2024 14:20, Volodymyr Siedlecki wrote: Hi Mark, I understand your perspective about changing 21 to 17 so late. Open Liberty uses Tomcat's Expression Language and we would prefer to use a Java 17 binary. However, there are workarounds for us. Ack. I'll note that the EL code will comp

(tomcat) branch main updated: Simplify

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new c611752666 Simplify c611752666 is described below com

(tomcat) branch 10.1.x updated: Simplify

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new e569c20ae0 Simplify e569c20ae0 is described below

(tomcat) branch 9.0.x updated: Simplify

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 7e49d9cbd5 Simplify 7e49d9cbd5 is described below c

(tomcat) branch 8.5.x updated: Simplify

This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new b60a4599a1 Simplify b60a4599a1 is described below c

Re: [SECURITY] CVE-2024-21733 Apache Tomcat - Information Disclosure

Correcting the CVE reference in the text (the subject line is correct) Mark On 19/01/2024 10:17, Mark Thomas wrote: CVE-2023-21733 Apache Tomcat - Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0-M11 to 9.0.43 Apache To

Re: Jakarta EE 11 may be changing minimum Java version to 17

Hi, This is more compliance than function, unfortunately. Open Liberty plans to pass the TCK under both 17 and 21 (although only one is required). If the EL jar we use is Java 21 byte code, then we wouldn't be able to run the Jakarta EE 11 features on 17. If Tomcat could compile EL against 17, t

[PR] Update to use JakartaExpressionLanguage osgi.contract [tomcat]

pnicolucci opened a new pull request, #685: URL: https://github.com/apache/tomcat/pull/685 I opened: https://bz.apache.org/bugzilla/show_bug.cgi?id=66834 last year and upon looking at the latest M16 release of Expression Language 6.0 here: https://repo1.maven.org/maven2/org/apache/tomcat/to