[tomcat] branch main updated: Update version numbers
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new f8dd1fe Update version numbers
f8dd1fe is described below
commit f8dd1fe742bc404578efe52a6c1b9ae5fbd058c3
Author: remm
AuthorDate: Thu Dec 9 10:10:48 2021 +0100
Update version numbers
---
modules/stuffed/Dockerfile | 4 ++--
modules/stuffed/pom.xml| 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/modules/stuffed/Dockerfile b/modules/stuffed/Dockerfile
index 715f542..acb6c89 100644
--- a/modules/stuffed/Dockerfile
+++ b/modules/stuffed/Dockerfile
@@ -43,13 +43,13 @@ RUN sh -c 'touch app.jar'
RUN mkdir -p /opt
# Optional: Add Jolokia agent for JMX monitoring and management
-# RUN mkdir /opt/jolokia && wget
https://repo.maven.apache.org/maven2/org/jolokia/jolokia-jvm/1.6.2/jolokia-jvm-1.6.2-agent.jar
-O /opt/jolokia/jolokia.jar
+# RUN mkdir /opt/jolokia && wget
https://repo.maven.apache.org/maven2/org/jolokia/jolokia-jvm/1.7.1/jolokia-jvm-1.7.1.jar
-O /opt/jolokia/jolokia.jar
# ARG jolokiaport=8778
# ENV
JAVA_OPTS="-javaagent:/opt/jolokia/jolokia.jar=host=*,port=$jolokiaport,protocol=https,authIgnoreCerts=true
${JAVA_OPTS}"
# EXPOSE $jolokiaport
# Optional: Add Prometheus agent for JMX monitoring
-# RUN mkdir /opt/prometheus && wget
https://repo.maven.apache.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.15.0/jmx_prometheus_javaagent-0.15.0.jar
-O /opt/prometheus/prometheus.jar && wget
https://raw.githubusercontent.com/prometheus/jmx_exporter/master/example_configs/tomcat.yml
-O conf/prometheus.yaml
+# RUN mkdir /opt/prometheus && wget
https://repo.maven.apache.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.16.1/jmx_prometheus_javaagent-0.16.1.jar
-O /opt/prometheus/prometheus.jar && wget
https://raw.githubusercontent.com/prometheus/jmx_exporter/master/example_configs/tomcat.yml
-O conf/prometheus.yaml
# ARG prometheusport=9404
# ENV
JAVA_OPTS="-javaagent:/opt/prometheus/prometheus.jar=$prometheusport:conf/prometheus.yaml
${JAVA_OPTS}"
# EXPOSE $prometheusport
diff --git a/modules/stuffed/pom.xml b/modules/stuffed/pom.xml
index cf247c0..128be6e 100644
--- a/modules/stuffed/pom.xml
+++ b/modules/stuffed/pom.xml
@@ -29,8 +29,8 @@
UTF-8
org.apache.catalina.startup.Tomcat
-10.0.7
-
+10.0.14
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Mention Panama there
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 004a45f Mention Panama there
004a45f is described below
commit 004a45f45c50f5cff765159c200e0ce339d0e972
Author: remm
AuthorDate: Thu Dec 9 10:28:48 2021 +0100
Mention Panama there
Having to use tomcat-native there can often be a big problem, so look
ahead.
---
modules/stuffed/Dockerfile | 4
1 file changed, 4 insertions(+)
diff --git a/modules/stuffed/Dockerfile b/modules/stuffed/Dockerfile
index acb6c89..22fc34d 100644
--- a/modules/stuffed/Dockerfile
+++ b/modules/stuffed/Dockerfile
@@ -15,6 +15,8 @@
# limitations under the License.
FROM openjdk:8-jre
+# FROM openjdk:11-jre
+# FROM openjdk:17-jdk
VOLUME /tmp
USER root
@@ -37,6 +39,8 @@ ENV JAVA_OPTS="-Dcatalina.base=.
-Djava.security.egd=file:/dev/urandom"
# Add JULI logging configuration
ENV JAVA_OPTS="${JAVA_OPTS}
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.util.logging.config.file=conf/logging.properties"
+# OpenSSL integration for Java 17
+#ENV JAVA_OPTS="${JAVA_OPTS} --enable-native-access=ALL-UNNAMED --add-modules
jdk.incubator.foreign"
RUN sh -c 'touch app.jar'
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Fix BZ 65714 - previous fix was incomplete.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new bb432a0 Fix BZ 65714 - previous fix was incomplete.
bb432a0 is described below
commit bb432a0fea83f424b013267ba7675c5d636a465a
Author: Mark Thomas
AuthorDate: Thu Dec 9 10:24:07 2021 +
Fix BZ 65714 - previous fix was incomplete.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714
---
java/org/apache/catalina/security/SecurityClassLoad.java | 3 +++
webapps/docs/changelog.xml | 4
2 files changed, 7 insertions(+)
diff --git a/java/org/apache/catalina/security/SecurityClassLoad.java
b/java/org/apache/catalina/security/SecurityClassLoad.java
index 62951ec..fdb915c 100644
--- a/java/org/apache/catalina/security/SecurityClassLoad.java
+++ b/java/org/apache/catalina/security/SecurityClassLoad.java
@@ -189,6 +189,9 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage + "util.net.DispatchType");
loader.loadClass(basePackage +
"util.net.NioEndpoint$NioSocketWrapper$NioOperationState");
loader.loadClass(basePackage +
"util.net.Nio2Endpoint$Nio2SocketWrapper$Nio2OperationState");
+loader.loadClass(basePackage + "util.net.SecureNio2Channel");
+loader.loadClass(basePackage + "util.net.SocketBufferHandler");
+loader.loadClass(basePackage + "util.net.SocketBufferHandler$1");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$BlockingMode");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionCheck");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionHandlerCall");
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e7ab2d7..061588c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -121,6 +121,10 @@
request includes a body. The maximum permitted size of the body is
controlled by maxSavePostSize. (markt)
+
+65714: The previous fix was incomplete. Fix additional
issues
+when first using an NIO2 TLS enabled connector. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Fix BZ 65714 - previous fix was incomplete.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 1c36e56 Fix BZ 65714 - previous fix was incomplete.
1c36e56 is described below
commit 1c36e565aec8b961878615b3bc7ceaee33245f16
Author: Mark Thomas
AuthorDate: Thu Dec 9 10:24:07 2021 +
Fix BZ 65714 - previous fix was incomplete.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714
---
java/org/apache/catalina/security/SecurityClassLoad.java | 3 +++
webapps/docs/changelog.xml | 4
2 files changed, 7 insertions(+)
diff --git a/java/org/apache/catalina/security/SecurityClassLoad.java
b/java/org/apache/catalina/security/SecurityClassLoad.java
index fe5dc61..a958e99 100644
--- a/java/org/apache/catalina/security/SecurityClassLoad.java
+++ b/java/org/apache/catalina/security/SecurityClassLoad.java
@@ -190,6 +190,9 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage +
"util.net.AprEndpoint$AprSocketWrapper$AprOperationState");
loader.loadClass(basePackage +
"util.net.NioEndpoint$NioSocketWrapper$NioOperationState");
loader.loadClass(basePackage +
"util.net.Nio2Endpoint$Nio2SocketWrapper$Nio2OperationState");
+loader.loadClass(basePackage + "util.net.SecureNio2Channel");
+loader.loadClass(basePackage + "util.net.SocketBufferHandler");
+loader.loadClass(basePackage + "util.net.SocketBufferHandler$1");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$BlockingMode");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionCheck");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionHandlerCall");
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 94a4b41..08073da 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -112,6 +112,10 @@
request includes a body. The maximum permitted size of the body is
controlled by maxSavePostSize. (markt)
+
+65714: The previous fix was incomplete. Fix additional
issues
+when first using an NIO2 TLS enabled connector. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Fix BZ 65714 - previous fix was incomplete.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new e631f44 Fix BZ 65714 - previous fix was incomplete.
e631f44 is described below
commit e631f4455781d3054aab59749ab7d5a2ca00b00c
Author: Mark Thomas
AuthorDate: Thu Dec 9 10:24:07 2021 +
Fix BZ 65714 - previous fix was incomplete.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714
---
java/org/apache/catalina/security/SecurityClassLoad.java | 3 +++
webapps/docs/changelog.xml | 4
2 files changed, 7 insertions(+)
diff --git a/java/org/apache/catalina/security/SecurityClassLoad.java
b/java/org/apache/catalina/security/SecurityClassLoad.java
index bf86414..452c2df 100644
--- a/java/org/apache/catalina/security/SecurityClassLoad.java
+++ b/java/org/apache/catalina/security/SecurityClassLoad.java
@@ -190,6 +190,9 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage +
"util.net.AprEndpoint$AprSocketWrapper$AprOperationState");
loader.loadClass(basePackage +
"util.net.NioEndpoint$NioSocketWrapper$NioOperationState");
loader.loadClass(basePackage +
"util.net.Nio2Endpoint$Nio2SocketWrapper$Nio2OperationState");
+loader.loadClass(basePackage + "util.net.SecureNio2Channel");
+loader.loadClass(basePackage + "util.net.SocketBufferHandler");
+loader.loadClass(basePackage + "util.net.SocketBufferHandler$1");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$BlockingMode");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionCheck");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionHandlerCall");
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 76786f5..ce0b5df 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -112,6 +112,10 @@
request includes a body. The maximum permitted size of the body is
controlled by maxSavePostSize. (markt)
+
+65714: The previous fix was incomplete. Fix additional
issues
+when first using an NIO2 TLS enabled connector. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Fix BZ 65714 - previous fix was incomplete.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 2a72503 Fix BZ 65714 - previous fix was incomplete.
2a72503 is described below
commit 2a725038c4b4f1df9393abdd1cd43a4370399e7c
Author: Mark Thomas
AuthorDate: Thu Dec 9 10:24:07 2021 +
Fix BZ 65714 - previous fix was incomplete.
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714
---
java/org/apache/catalina/security/SecurityClassLoad.java | 3 +++
1 file changed, 3 insertions(+)
diff --git a/java/org/apache/catalina/security/SecurityClassLoad.java
b/java/org/apache/catalina/security/SecurityClassLoad.java
index c2cb0fc..f6064b0 100644
--- a/java/org/apache/catalina/security/SecurityClassLoad.java
+++ b/java/org/apache/catalina/security/SecurityClassLoad.java
@@ -189,6 +189,9 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage +
"util.net.AprEndpoint$AprSocketWrapper$AprOperationState");
loader.loadClass(basePackage +
"util.net.NioEndpoint$NioSocketWrapper$NioOperationState");
loader.loadClass(basePackage +
"util.net.Nio2Endpoint$Nio2SocketWrapper$Nio2OperationState");
+loader.loadClass(basePackage + "util.net.SecureNio2Channel");
+loader.loadClass(basePackage + "util.net.SocketBufferHandler");
+loader.loadClass(basePackage + "util.net.SocketBufferHandler$1");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$BlockingMode");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionCheck");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionHandlerCall");
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Fix BZ 65714 - previous fix was incomplete.
On 09/12/2021 10:39, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new bb432a0 Fix BZ 65714 - previous fix was incomplete. bb432a0 is described below commit bb432a0fea83f424b013267ba7675c5d636a465a Author: Mark Thomas AuthorDate: Thu Dec 9 10:24:07 2021 + Fix BZ 65714 - previous fix was incomplete. https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 Something I don't yet understand is going on here. I am fairly sure this was working after the first fix. I test it today and it isn't. Fair enough. I pre-load a few more classes and that appears to fix it so I back-port the changes. Not sure why but I decided to retest after the back-ports and it is failing again. I'm investigating now. This is mainly an heads-up that further fixes are likely. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Fix BZ 65714 - previous fix was incomplete.
On Thu, Dec 9, 2021 at 11:54 AM Mark Thomas wrote: > > On 09/12/2021 10:39, ma...@apache.org wrote: > > This is an automated email from the ASF dual-hosted git repository. > > > > markt pushed a commit to branch main > > in repository https://gitbox.apache.org/repos/asf/tomcat.git > > > > > > The following commit(s) were added to refs/heads/main by this push: > > new bb432a0 Fix BZ 65714 - previous fix was incomplete. > > bb432a0 is described below > > > > commit bb432a0fea83f424b013267ba7675c5d636a465a > > Author: Mark Thomas > > AuthorDate: Thu Dec 9 10:24:07 2021 + > > > > Fix BZ 65714 - previous fix was incomplete. > > > > https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 > > Something I don't yet understand is going on here. > > I am fairly sure this was working after the first fix. > > I test it today and it isn't. Fair enough. I pre-load a few more classes > and that appears to fix it so I back-port the changes. > > Not sure why but I decided to retest after the back-ports and it is > failing again. > > I'm investigating now. This is mainly an heads-up that further fixes are > likely. Hmmm, weird indeed. I didn't try to look at it again. OTOH, we could just say "not supported" since there's an easy alternative and the security manager is going away. Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Revert "Fix BZ 65714 - previous fix was incomplete."
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new eb9852e Revert "Fix BZ 65714 - previous fix was incomplete."
eb9852e is described below
commit eb9852ea3c4b244d60ef41959d716a5c9ad1d23c
Author: Mark Thomas
AuthorDate: Thu Dec 9 13:56:11 2021 +
Revert "Fix BZ 65714 - previous fix was incomplete."
This reverts commit 1c36e565aec8b961878615b3bc7ceaee33245f16.
---
java/org/apache/catalina/security/SecurityClassLoad.java | 3 ---
webapps/docs/changelog.xml | 4
2 files changed, 7 deletions(-)
diff --git a/java/org/apache/catalina/security/SecurityClassLoad.java
b/java/org/apache/catalina/security/SecurityClassLoad.java
index a958e99..fe5dc61 100644
--- a/java/org/apache/catalina/security/SecurityClassLoad.java
+++ b/java/org/apache/catalina/security/SecurityClassLoad.java
@@ -190,9 +190,6 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage +
"util.net.AprEndpoint$AprSocketWrapper$AprOperationState");
loader.loadClass(basePackage +
"util.net.NioEndpoint$NioSocketWrapper$NioOperationState");
loader.loadClass(basePackage +
"util.net.Nio2Endpoint$Nio2SocketWrapper$Nio2OperationState");
-loader.loadClass(basePackage + "util.net.SecureNio2Channel");
-loader.loadClass(basePackage + "util.net.SocketBufferHandler");
-loader.loadClass(basePackage + "util.net.SocketBufferHandler$1");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$BlockingMode");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionCheck");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionHandlerCall");
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 08073da..94a4b41 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -112,10 +112,6 @@
request includes a body. The maximum permitted size of the body is
controlled by maxSavePostSize. (markt)
-
-65714: The previous fix was incomplete. Fix additional
issues
-when first using an NIO2 TLS enabled connector. (markt)
-
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Revert "Fix BZ 65714 - previous fix was incomplete."
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 9f0704c Revert "Fix BZ 65714 - previous fix was incomplete."
9f0704c is described below
commit 9f0704c9a6b290c4bd975e5230ad78af7cc9526d
Author: Mark Thomas
AuthorDate: Thu Dec 9 13:56:16 2021 +
Revert "Fix BZ 65714 - previous fix was incomplete."
This reverts commit e631f4455781d3054aab59749ab7d5a2ca00b00c.
---
java/org/apache/catalina/security/SecurityClassLoad.java | 3 ---
webapps/docs/changelog.xml | 4
2 files changed, 7 deletions(-)
diff --git a/java/org/apache/catalina/security/SecurityClassLoad.java
b/java/org/apache/catalina/security/SecurityClassLoad.java
index 452c2df..bf86414 100644
--- a/java/org/apache/catalina/security/SecurityClassLoad.java
+++ b/java/org/apache/catalina/security/SecurityClassLoad.java
@@ -190,9 +190,6 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage +
"util.net.AprEndpoint$AprSocketWrapper$AprOperationState");
loader.loadClass(basePackage +
"util.net.NioEndpoint$NioSocketWrapper$NioOperationState");
loader.loadClass(basePackage +
"util.net.Nio2Endpoint$Nio2SocketWrapper$Nio2OperationState");
-loader.loadClass(basePackage + "util.net.SecureNio2Channel");
-loader.loadClass(basePackage + "util.net.SocketBufferHandler");
-loader.loadClass(basePackage + "util.net.SocketBufferHandler$1");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$BlockingMode");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionCheck");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionHandlerCall");
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index ce0b5df..76786f5 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -112,10 +112,6 @@
request includes a body. The maximum permitted size of the body is
controlled by maxSavePostSize. (markt)
-
-65714: The previous fix was incomplete. Fix additional
issues
-when first using an NIO2 TLS enabled connector. (markt)
-
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Revert "Fix BZ 65714 - previous fix was incomplete."
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 9014d75 Revert "Fix BZ 65714 - previous fix was incomplete."
9014d75 is described below
commit 9014d75c9d1265ece592f53d4cb18a7634c6f405
Author: Mark Thomas
AuthorDate: Thu Dec 9 13:55:54 2021 +
Revert "Fix BZ 65714 - previous fix was incomplete."
This reverts commit bb432a0fea83f424b013267ba7675c5d636a465a.
---
java/org/apache/catalina/security/SecurityClassLoad.java | 3 ---
webapps/docs/changelog.xml | 4
2 files changed, 7 deletions(-)
diff --git a/java/org/apache/catalina/security/SecurityClassLoad.java
b/java/org/apache/catalina/security/SecurityClassLoad.java
index fdb915c..62951ec 100644
--- a/java/org/apache/catalina/security/SecurityClassLoad.java
+++ b/java/org/apache/catalina/security/SecurityClassLoad.java
@@ -189,9 +189,6 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage + "util.net.DispatchType");
loader.loadClass(basePackage +
"util.net.NioEndpoint$NioSocketWrapper$NioOperationState");
loader.loadClass(basePackage +
"util.net.Nio2Endpoint$Nio2SocketWrapper$Nio2OperationState");
-loader.loadClass(basePackage + "util.net.SecureNio2Channel");
-loader.loadClass(basePackage + "util.net.SocketBufferHandler");
-loader.loadClass(basePackage + "util.net.SocketBufferHandler$1");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$BlockingMode");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionCheck");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionHandlerCall");
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 061588c..e7ab2d7 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -121,10 +121,6 @@
request includes a body. The maximum permitted size of the body is
controlled by maxSavePostSize. (markt)
-
-65714: The previous fix was incomplete. Fix additional
issues
-when first using an NIO2 TLS enabled connector. (markt)
-
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Revert "Fix BZ 65714 - previous fix was incomplete."
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 558d8ee Revert "Fix BZ 65714 - previous fix was incomplete."
558d8ee is described below
commit 558d8eebeacd52dd5dd2e38a5899f1193370b7a7
Author: Mark Thomas
AuthorDate: Thu Dec 9 13:56:24 2021 +
Revert "Fix BZ 65714 - previous fix was incomplete."
This reverts commit 2a725038c4b4f1df9393abdd1cd43a4370399e7c.
---
java/org/apache/catalina/security/SecurityClassLoad.java | 3 ---
1 file changed, 3 deletions(-)
diff --git a/java/org/apache/catalina/security/SecurityClassLoad.java
b/java/org/apache/catalina/security/SecurityClassLoad.java
index f6064b0..c2cb0fc 100644
--- a/java/org/apache/catalina/security/SecurityClassLoad.java
+++ b/java/org/apache/catalina/security/SecurityClassLoad.java
@@ -189,9 +189,6 @@ public final class SecurityClassLoad {
loader.loadClass(basePackage +
"util.net.AprEndpoint$AprSocketWrapper$AprOperationState");
loader.loadClass(basePackage +
"util.net.NioEndpoint$NioSocketWrapper$NioOperationState");
loader.loadClass(basePackage +
"util.net.Nio2Endpoint$Nio2SocketWrapper$Nio2OperationState");
-loader.loadClass(basePackage + "util.net.SecureNio2Channel");
-loader.loadClass(basePackage + "util.net.SocketBufferHandler");
-loader.loadClass(basePackage + "util.net.SocketBufferHandler$1");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$BlockingMode");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionCheck");
loader.loadClass(basePackage +
"util.net.SocketWrapperBase$CompletionHandlerCall");
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Fix BZ 65714 - previous fix was incomplete.
On 09/12/2021 11:15, Rémy Maucherat wrote: On Thu, Dec 9, 2021 at 11:54 AM Mark Thomas wrote: On 09/12/2021 10:39, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new bb432a0 Fix BZ 65714 - previous fix was incomplete. bb432a0 is described below commit bb432a0fea83f424b013267ba7675c5d636a465a Author: Mark Thomas AuthorDate: Thu Dec 9 10:24:07 2021 + Fix BZ 65714 - previous fix was incomplete. https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 Something I don't yet understand is going on here. I am fairly sure this was working after the first fix. I test it today and it isn't. Fair enough. I pre-load a few more classes and that appears to fix it so I back-port the changes. Not sure why but I decided to retest after the back-ports and it is failing again. I'm investigating now. This is mainly an heads-up that further fixes are likely. Hmmm, weird indeed. I didn't try to look at it again. OTOH, we could just say "not supported" since there's an easy alternative and the security manager is going away. I've reverted today's commit as is clearly isn't correct. I'm still trying to figure out what happened earlier today and why I thought the previous fix was sufficient. I'm seeing quite a few errors on InnocuousThread instances. Those threads are designed not to have a security context. If NIO2 IO is using those, getting things working under a security manager will be much harder. I'm beginning to lean towards your "Use NIO" solution. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Fix BZ 65714 - previous fix was incomplete.
On 09/12/2021 14:04, Mark Thomas wrote: On 09/12/2021 11:15, Rémy Maucherat wrote: On Thu, Dec 9, 2021 at 11:54 AM Mark Thomas wrote: On 09/12/2021 10:39, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new bb432a0 Fix BZ 65714 - previous fix was incomplete. bb432a0 is described below commit bb432a0fea83f424b013267ba7675c5d636a465a Author: Mark Thomas AuthorDate: Thu Dec 9 10:24:07 2021 + Fix BZ 65714 - previous fix was incomplete. https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 Something I don't yet understand is going on here. I am fairly sure this was working after the first fix. I test it today and it isn't. Fair enough. I pre-load a few more classes and that appears to fix it so I back-port the changes. Not sure why but I decided to retest after the back-ports and it is failing again. I'm investigating now. This is mainly an heads-up that further fixes are likely. Hmmm, weird indeed. I didn't try to look at it again. OTOH, we could just say "not supported" since there's an easy alternative and the security manager is going away. I've reverted today's commit as is clearly isn't correct. I'm still trying to figure out what happened earlier today and why I thought the previous fix was sufficient. Got to the bottom of this at least. JDK differences. It appears to be differences in the Temurin JDK between MacOS and Linux. Everything is fine on MacOS which is what I was working on last week when I fixed this the first time. Mark I'm seeing quite a few errors on InnocuousThread instances. Those threads are designed not to have a security context. If NIO2 IO is using those, getting things working under a security manager will be much harder. I'm beginning to lean towards your "Use NIO" solution. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Fix BZ 65714 - previous fix was incomplete.
Mark, On 12/9/21 09:17, Mark Thomas wrote: On 09/12/2021 14:04, Mark Thomas wrote: On 09/12/2021 11:15, Rémy Maucherat wrote: On Thu, Dec 9, 2021 at 11:54 AM Mark Thomas wrote: On 09/12/2021 10:39, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new bb432a0 Fix BZ 65714 - previous fix was incomplete. bb432a0 is described below commit bb432a0fea83f424b013267ba7675c5d636a465a Author: Mark Thomas AuthorDate: Thu Dec 9 10:24:07 2021 + Fix BZ 65714 - previous fix was incomplete. https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 Something I don't yet understand is going on here. I am fairly sure this was working after the first fix. I test it today and it isn't. Fair enough. I pre-load a few more classes and that appears to fix it so I back-port the changes. Not sure why but I decided to retest after the back-ports and it is failing again. I'm investigating now. This is mainly an heads-up that further fixes are likely. Hmmm, weird indeed. I didn't try to look at it again. OTOH, we could just say "not supported" since there's an easy alternative and the security manager is going away. I've reverted today's commit as is clearly isn't correct. I'm still trying to figure out what happened earlier today and why I thought the previous fix was sufficient. Got to the bottom of this at least. JDK differences. It appears to be differences in the Temurin JDK between MacOS and Linux. Everything is fine on MacOS which is what I was working on last week when I fixed this the first time. Hmm. I wonder if this means we need to test (at least once or twice) on a variety of JDKs: - AdoptOpenJDK (just a packaging of OpenJDK?) - Amazon Coretto - Azul / Zulu - IBM (which does still exist, even if only for James Lampert) - OpenJDK - Oracle - SAP https://dzone.com/articles/an-overview-on-jdk-vendors I never thought these things would behave differently at their core. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65714] HTTPS connection error using NIO2 with security manager enabled
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 --- Comment #11 from Mark Thomas --- It appears that there is an OS component to this. This works on MacOS but not on Linux (same Java vendor and version). -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Fix BZ 65714 - previous fix was incomplete.
On 09/12/2021 14:27, Christopher Schultz wrote: On 12/9/21 09:17, Mark Thomas wrote: Got to the bottom of this at least. JDK differences. It appears to be differences in the Temurin JDK between MacOS and Linux. Everything is fine on MacOS which is what I was working on last week when I fixed this the first time. Hmm. I wonder if this means we need to test (at least once or twice) on a variety of JDKs: - AdoptOpenJDK (just a packaging of OpenJDK?) - Amazon Coretto - Azul / Zulu - IBM (which does still exist, even if only for James Lampert) - OpenJDK - Oracle - SAP https://dzone.com/articles/an-overview-on-jdk-vendors I never thought these things would behave differently at their core. I *think* it is OS differences rather than vendor differences as the NIO2 code in question is OS specific. I haven't tested it exhaustively, but at least Oracle (Java 7) and Temurin (Java 11) failed on Linux and worked on MacOS. It probably makes sense to do a review of which combinations we are regularly testing with across the various CI systems and contributors. On the original issue, I don't think we have any choice but to document that NIO2 + TLS + SecurityManager may not work. I tried adding a "allow everything to do everything" permission to the catalina.policy file but NIO2 + TLS + SecurityManager still failed. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65714] HTTPS connection error using NIO2 with security manager enabled
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 --- Comment #12 from Manoj --- We need NIO 2 issue to be fixed for both RHEL and Windows version Can we expedite this and release Tomcat 9.0.56 and 8.5.74 binaries for RHEL version As soon as possible ? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65714] HTTPS connection error using NIO2 with security manager enabled
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 Mark Thomas changed: What|Removed |Added Resolution|--- |WONTFIX Status|REOPENED|RESOLVED --- Comment #13 from Mark Thomas --- This can't be fixed in Tomcat. Even when the security policy has an entry that is "Allow everything to do everything" the NIO2 code still triggers security exceptions when running under a SecurityManager. You could try raising a bug with your JRE vendor but, give the deprecation of the SecurityManager, I suspect that fixing this will not be a priority. You have two options to solve this with Tomcat: - turn off the security manager - switch to NIO The security manager has been deprecated in Java 17 and will eventually be removed. Now might be a good time to start to think about migrating away from using the SecurityManager. There is very little between NIO and NIO2 in terms of performance. While individual benchmarks will demonstrate one is better than the other, the difference is typically small and in real world usage the different is smaller still. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65714] HTTPS connection error using NIO2 with security manager enabled
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 --- Comment #14 from Remy Maucherat --- Do you want to keep the previous patch just in case ? It seems like it did something on your platform, then. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65714] HTTPS connection error using NIO2 with security manager enabled
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 --- Comment #15 from Mark Thomas --- (In reply to Remy Maucherat from comment #14) > Do you want to keep the previous patch just in case ? It seems like it did > something on your platform, then. I don't think so. I think there was something wrong with my testing of that patch. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Document BZ 65714 as a known issue
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new ec74b01 Document BZ 65714 as a known issue ec74b01 is described below commit ec74b018451f8df0b81fa156db23f1fd97b9aec0 Author: Mark Thomas AuthorDate: Thu Dec 9 16:31:41 2021 + Document BZ 65714 as a known issue --- webapps/docs/security-manager-howto.xml | 13 + 1 file changed, 13 insertions(+) diff --git a/webapps/docs/security-manager-howto.xml b/webapps/docs/security-manager-howto.xml index 7082c09..8f8351b 100644 --- a/webapps/docs/security-manager-howto.xml +++ b/webapps/docs/security-manager-howto.xml @@ -65,6 +65,19 @@ + + + As of Java 17, the SecurityManager has been deprecated with the expectation + that it will be removed in a future Java version. Users currently using a + SecurityManager are recommended to start planning for its removal. + + There is a known issue (bug 65714) using NIO2 with TLS under a + SecurityManager. The recommendation for users affected by this issue is to + either move away from using a SecurityManager or switch from NIO2 to NIO. + + + + Permission classes are used to define what Permissions a class loaded - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Document BZ 65714 as a known issue
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.0.x by this push: new b00cc6a Document BZ 65714 as a known issue b00cc6a is described below commit b00cc6a6fd1323010db0e58c48a8e9f58a6f32a9 Author: Mark Thomas AuthorDate: Thu Dec 9 16:31:41 2021 + Document BZ 65714 as a known issue --- webapps/docs/security-manager-howto.xml | 13 + 1 file changed, 13 insertions(+) diff --git a/webapps/docs/security-manager-howto.xml b/webapps/docs/security-manager-howto.xml index 6a6d603..f0c0779 100644 --- a/webapps/docs/security-manager-howto.xml +++ b/webapps/docs/security-manager-howto.xml @@ -65,6 +65,19 @@ + + + As of Java 17, the SecurityManager has been deprecated with the expectation + that it will be removed in a future Java version. Users currently using a + SecurityManager are recommended to start planning for its removal. + + There is a known issue (bug 65714) using NIO2 with TLS under a + SecurityManager. The recommendation for users affected by this issue is to + either move away from using a SecurityManager or switch from NIO2 to NIO. + + + + Permission classes are used to define what Permissions a class loaded - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Document BZ 65714 as a known issue
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 9400421 Document BZ 65714 as a known issue 9400421 is described below commit 940042172f4059d074b55a9fed3eee575185e270 Author: Mark Thomas AuthorDate: Thu Dec 9 16:31:41 2021 + Document BZ 65714 as a known issue --- webapps/docs/security-manager-howto.xml | 13 + 1 file changed, 13 insertions(+) diff --git a/webapps/docs/security-manager-howto.xml b/webapps/docs/security-manager-howto.xml index 6a6d603..f0c0779 100644 --- a/webapps/docs/security-manager-howto.xml +++ b/webapps/docs/security-manager-howto.xml @@ -65,6 +65,19 @@ + + + As of Java 17, the SecurityManager has been deprecated with the expectation + that it will be removed in a future Java version. Users currently using a + SecurityManager are recommended to start planning for its removal. + + There is a known issue (bug 65714) using NIO2 with TLS under a + SecurityManager. The recommendation for users affected by this issue is to + either move away from using a SecurityManager or switch from NIO2 to NIO. + + + + Permission classes are used to define what Permissions a class loaded - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Document BZ 65714 as a known issue
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new d0cbf5e Document BZ 65714 as a known issue d0cbf5e is described below commit d0cbf5ebfc2f78d17dbdefbb4d9e510837abb39b Author: Mark Thomas AuthorDate: Thu Dec 9 16:31:41 2021 + Document BZ 65714 as a known issue --- webapps/docs/security-manager-howto.xml | 13 + 1 file changed, 13 insertions(+) diff --git a/webapps/docs/security-manager-howto.xml b/webapps/docs/security-manager-howto.xml index 6a6d603..f0c0779 100644 --- a/webapps/docs/security-manager-howto.xml +++ b/webapps/docs/security-manager-howto.xml @@ -65,6 +65,19 @@ + + + As of Java 17, the SecurityManager has been deprecated with the expectation + that it will be removed in a future Java version. Users currently using a + SecurityManager are recommended to start planning for its removal. + + There is a known issue (bug 65714) using NIO2 with TLS under a + SecurityManager. The recommendation for users affected by this issue is to + either move away from using a SecurityManager or switch from NIO2 to NIO. + + + + Permission classes are used to define what Permissions a class loaded - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65714] HTTPS connection error using NIO2 with security manager enabled
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 --- Comment #16 from Allan --- Hi, Why woould NIO2 and SecurityManager works with 8.5.69 and earlier 8.5.x versions and 9.0.50 and earlier 9.5.x versions using the same platform RHEL 7 or Windows and the same Java version? And when upgrade to 8.5.70/9.0.52 or later version on the same platform this wouldn't work? If this is not fixable on RHEL7 and Windows will there be a statement that NIO2 and Security Manager is not supported from later versions on these platforms? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65714] HTTPS connection error using NIO2 with security manager enabled
https://bz.apache.org/bugzilla/show_bug.cgi?id=65714 Mark Thomas changed: What|Removed |Added Resolution|WONTFIX |--- Status|RESOLVED|REOPENED --- Comment #17 from Mark Thomas --- Good question. The SecurityManager is so rarely used I had assumed you found this issue switching to NIO2 rather than upgrading between versions. Time for a binary search to find the commit where this started... Found it: https://github.com/apache/tomcat/commit/dae37f4421 That makes sense since it changes the ThreadPoolExecutor implementation. See also bug 65454 I don't know what the root cause is yet so I am re-opening this while I investigate further as there is a possibility that this is fixable. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
JDK 18: Rampdown Phase 1 & Early-Access builds 27
Mark, Thank you for being part of the OpenJDK Quality Outreach Program. As year-end 2021 approaches, I'd like to share some updates on JDK 18, which is scheduled for General Availability on March 22, 2022. JDK 18 has now entered Rampdown Phase One (RDP1) [1], which means that the main-line has been forked into a dedicated JDK 18 stabilization repository. At this point, the overall JDK 18 feature set is now frozen and no additional JEPs will be targeted to JDK 18. Only low-risk enhancements that add small bits of missing functionality or improve usability might still be considered. The next few weeks should be leveraged to try to identify and resolve as many issues as possible (i.e. before JDK 18 enters the Release Candidates phase). And as you can see below, JDK 18 EA Builds 26 & 27 include fixes for issues that were reported by you! So thank you for your help contributing to the overall quality of OpenJDK! [1] https://mail.openjdk.java.net/pipermail/jdk-dev/2021-December/006287.html ## JEP 400 - UTF-8 by Default All JEPs are now integrated, but we would like to draw your attention to JEP 400 especially if you are deploying on Windows as it might induce some incompatible behavior on that platform. JEP 400 [2] is changing the default charset to UTF-8. This aligns with the existing `newBufferedReader`/`Writer` methods of the `java.nio.file.Files` class where UTF-8 is the default when no explicit charset is set. By making UTF-8 the default charset, the JDK I/O APIs will now always work in the same, predictable manner, with no need to pay attention to the host and or user’s environment! Further, we encourage you to test your project(s) with the latest JDK 18 Early Access builds. We don't expect issues on macOS and Linux as their default encoding is already UTF-8. On Windows, especially for East Asian locales such as Chinese/Japanese/Korean, some incompatible behavior could be anticipated. If that’s the case, please consider a mitigation strategy [3]. [2] https://openjdk.java.net/jeps/400 [3] https://inside.java/2021/10/04/the-default-charset-jep400/ ## JDK 18 JDK 18 Early-Access builds 27 are now available [4], and are provided under the GNU General Public License v2, with the Classpath Exception. Make sure to check the Release Notes [5]. As usual, we encourage you to test your project(s) using those EA builds and provide us feedback. [4] https://jdk.java.net/18/ [5] https://jdk.java.net/18/release-notes ### JEPs integrated to JDK 18: - JEP 400: UTF-8 by Default - JEP 408: Simple Web Server - JEP 413: Code Snippets in Java API Documentation - JEP 416: Reimplement Core Reflection with Method Handles - JEP 417: Vector API (Third Incubator) - JEP 418: Internet-Address Resolution SPI - JEP 419: Foreign Function & Memory API (Second Incubator) - JEP 420: Pattern Matching for switch (Second Preview) - JEP 421: Deprecate Finalization for Removal ### Changes in recent builds that maybe of interest: Build 27: - JDK-8266435: WBMPImageReader.read() should not truncate the input stream [Reported by PDFBox] - JDK-8278078: Cannot reference super before supertype constructor has been called - JDK-8177819: DateTimeFormatterBuilder zone parsing should recognise DST - JDK-8277965: Enclosing instance optimization affects serialization - JDK-8275821: Optimize random number generators developed in JDK-8248862 using Math.unsignedMultiplyHigh() - JDK-8225181: KeyStore should have a getAttributes method - JDK-8275082: Update XML Security for Java to 2.3.0 - JDK-8278270: ServerSocket is not thread safe - JDK-8277863: Deprecate sun.misc.Unsafe methods that return offsets Build 26: - JDK-8277451: j.l.r.Field::set on static field with invalid argument type should throw IAE [Reported by Hibernate & ByteBuddy] - JDK-8258117: jar tool sets the time stamp of module-info.class entries to the current time [Reported by Apache Maven] - JDK-8268743: Require a better way for copying data between MemorySegments and on-heap arrays [Reported by Apache Lucene] - JDK-8277986: Typo in javadoc of java.util.zip.ZipEntry#setTime [Reported by Apache Ant] - JDK-8277861: Terminally deprecate Thread.stop - JDK-8276665: ObjectInputStream.GetField.get(name, object) should throw ClassNotFoundException - JDK-8271623: Omit enclosing instance fields from inner classes that don't use it - JDK-8231107: Allow store password to be null when saving a PKCS12 KeyStore - JDK-8193682: Infinite loop in ZipOutputStream.close() - JDK-8277459: Add `jwebserver` tool [see Topics of Interest] Build 25: - JDK-8259643: ZGC can return metaspace OOM prematurely - JDK-8277212: GC accidentally cleans valid megamorphic vtable inline caches - JDK-8276970: Default charset for PrintWriter that wraps PrintStream - JDK-8272773: Configurable card table card size - JDK-4337793: Mark non-serializable fields of java.security.cert.Certificate and CertPath Build 24: - JDK-8275056: Allow G1 heap regions up
