[tomcat] branch main updated: Include .editorconfig in text files that need consistent line endings
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 11de0ba Include .editorconfig in text files that need consistent line endings 11de0ba is described below commit 11de0bae6933b083bd11ce488a76020683b041fe Author: Mark Thomas AuthorDate: Thu Jan 20 09:30:36 2022 + Include .editorconfig in text files that need consistent line endings --- build.xml | 1 + 1 file changed, 1 insertion(+) diff --git a/build.xml b/build.xml index c5164a5..30baa94 100644 --- a/build.xml +++ b/build.xml @@ -281,6 +281,7 @@ + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated (11de0ba -> c0ffa1f)
This is an automated email from the ASF dual-hosted git repository. remm pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 11de0ba Include .editorconfig in text files that need consistent line endings add c0ffa1f Default to Java 11 for the example No new revisions were added by this update. Summary of changes: modules/stuffed/Dockerfile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated (c0ffa1f -> 97ce57a)
This is an automated email from the ASF dual-hosted git repository. remm pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git. from c0ffa1f Default to Java 11 for the example add 97ce57a Clarify that webapps stay the same No new revisions were added by this update. Summary of changes: webapps/docs/graal.xml | 8 1 file changed, 8 insertions(+) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Clarify that webapps stay the same
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.0.x by this push: new 91517d5 Clarify that webapps stay the same 91517d5 is described below commit 91517d5fce15803d0d49797f84eaeb12e06f641c Author: remm AuthorDate: Thu Jan 20 11:19:17 2022 +0100 Clarify that webapps stay the same It was never stated that webapps could be trimmed down, and this is indeed not possible so be explicit about it following user questions. --- webapps/docs/graal.xml | 8 1 file changed, 8 insertions(+) diff --git a/webapps/docs/graal.xml b/webapps/docs/graal.xml index c0c804e..385db17 100644 --- a/webapps/docs/graal.xml +++ b/webapps/docs/graal.xml @@ -149,6 +149,14 @@ mvn package information on this process. + +Even though all classes that are used have to be complied AOT into the +native image, webapps must still be left unchanged, and continue including +all needed classes and JARs in the WEB-INF folder. Although +these classes will not actually be run or loaded, access to them is +required. + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Clarify that webapps stay the same
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 7916ab7 Clarify that webapps stay the same 7916ab7 is described below commit 7916ab752d09be085153b63e356332d725081d39 Author: remm AuthorDate: Thu Jan 20 11:19:17 2022 +0100 Clarify that webapps stay the same It was never stated that webapps could be trimmed down, and this is indeed not possible so be explicit about it following user questions. --- webapps/docs/graal.xml | 8 1 file changed, 8 insertions(+) diff --git a/webapps/docs/graal.xml b/webapps/docs/graal.xml index 3b4959c..7b776e2 100644 --- a/webapps/docs/graal.xml +++ b/webapps/docs/graal.xml @@ -149,6 +149,14 @@ mvn package information on this process. + +Even though all classes that are used have to be complied AOT into the +native image, webapps must still be left unchanged, and continue including +all needed classes and JARs in the WEB-INF folder. Although +these classes will not actually be run or loaded, access to them is +required. + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE][RESULT] Release Apache Tomcat 10.1.0-M10
The following votes were cast: Binding: +1: remm, isapir, csutherl, markt No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark On 15/01/2022 12:49, Mark Thomas wrote: The proposed Apache Tomcat 10.1.0-M10 release is now available for voting. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. The notable changes compared to 10.1.0-M8 are: - Add recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled. - Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize. - Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/rsponse For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.0-M10/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1352 The tag is: https://github.com/apache/tomcat/tree/10.1.0-M10 dc3639dd7123301ced18dbf4ddf2dca93704870d The proposed 10.1.0-M10 release is: [ ] Broken - do not release [ ] Alpha - go ahead and release as 10.1.0-M10 (alpha) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r52166 - /dev/tomcat/tomcat-10/v10.1.0-M10/ /release/tomcat/tomcat-10/v10.1.0-M10/
Author: markt Date: Thu Jan 20 10:46:37 2022 New Revision: 52166 Log: Release Apache Tomcat 10.1.0-M10 Added: release/tomcat/tomcat-10/v10.1.0-M10/ - copied from r52165, dev/tomcat/tomcat-10/v10.1.0-M10/ Removed: dev/tomcat/tomcat-10/v10.1.0-M10/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Add release date for 10.1.0-M10
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 720af73 Add release date for 10.1.0-M10 720af73 is described below commit 720af73e970a225e68005455a0191cbea53e667a Author: Mark Thomas AuthorDate: Thu Jan 20 10:52:27 2022 + Add release date for 10.1.0-M10 --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index bc6a037..6a43a35 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -106,7 +106,7 @@ --> - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.0.16
The following votes were cast: Binding: +1: isapir, remm, markt No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark On 15/01/2022 14:10, Mark Thomas wrote: The proposed Apache Tomcat 10.0.16 release is now available for voting. Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary package for all the specification APIs has changed from javax.* to jakarta.* Applications that run on Tomcat 9 will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory The notable changes compared to 10.0.14 are: - Add recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled. - Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize. - Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/rsponse Along with lots of other bug fixes and improvements. For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-10.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.16/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1353 The tag is: https://github.com/apache/tomcat/tree/10.0.16 69c88c4a4ca9c5ec1f700c74cda4f3aa75708301 The proposed 10.0.16 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 10.0.16 (stable) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE][RESULT] Release Apache Tomcat 10.0.16
Resending with the updated subject line The following votes were cast: Binding: +1: isapir, remm, markt No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark On 15/01/2022 14:10, Mark Thomas wrote: The proposed Apache Tomcat 10.0.16 release is now available for voting. Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary package for all the specification APIs has changed from javax.* to jakarta.* Applications that run on Tomcat 9 will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory The notable changes compared to 10.0.14 are: - Add recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled. - Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize. - Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/rsponse Along with lots of other bug fixes and improvements. For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-10.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.16/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1353 The tag is: https://github.com/apache/tomcat/tree/10.0.16 69c88c4a4ca9c5ec1f700c74cda4f3aa75708301 The proposed 10.0.16 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 10.0.16 (stable) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r52167 - /dev/tomcat/tomcat-10/v10.0.16/ /release/tomcat/tomcat-10/v10.0.16/
Author: markt Date: Thu Jan 20 10:56:14 2022 New Revision: 52167 Log: Release Apache Tomcat 10.0.16 Added: release/tomcat/tomcat-10/v10.0.16/ - copied from r52166, dev/tomcat/tomcat-10/v10.0.16/ Removed: dev/tomcat/tomcat-10/v10.0.16/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.0.x updated: Add release date for 10.0.16
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.0.x by this push: new f7c720d Add release date for 10.0.16 f7c720d is described below commit f7c720d6a1938e9ee2994bc80e583051aa6879a2 Author: Mark Thomas AuthorDate: Thu Jan 20 10:57:24 2022 + Add release date for 10.0.16 --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 727de38..af0c32f 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -106,7 +106,7 @@ --> - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Reproducible builds update
On 19/01/2022 16:56, Rémy Maucherat wrote: On Wed, Jan 19, 2022 at 5:52 PM Emmanuel Bourg wrote: Fortunately a non-reproducible javadoc isn't really important, what matters the most is to have reproducible executable packages. That seems like a reasonable statement ! Ack. I'll look at the Javadoc issue in slower time. I'm currently looking at reproducibility cross-platform. There seem to be differences in ordering for entries in archives. I need to figure out what the root cause is before I decide whether cross-platform reproducibility is worth pursuing further or not. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.58
On Sat, Jan 15, 2022 at 3:50 PM Rémy Maucherat wrote: > > The proposed Apache Tomcat 9.0.58 release is now available for voting. > > The notable changes compared to 9.0.56 are: > > - Add recycling check in the input and output stream isReady to try to >give a more informative ISE when the facade has been recycled. > > - Implement support for HTTP/1.1 upgrade when the request includes a >body. The maximum permitted size of the body is controlled by >maxSavePostSize. > > - Improve handling of various cases where one request/response >processing thread attempts to manage the asynchronous IO for a >different request/response. > > Along with lots of other bug fixes and improvements. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.58/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1354 > The tag is: > https://github.com/apache/tomcat/tree/9.0.58 > bd9afafc1ec568f8160ed3679a776b26d8a29b99 > > The proposed 9.0.58 release is: > [ ] Broken - do not release > [ ] Stable - go ahead and release as 9.0.58 (stable) Still looking for one binding vote. Thanks, Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] markt-asf commented on pull request #463: Add support for additional user attributes to TomcatPrincipal
markt-asf commented on pull request #463: URL: https://github.com/apache/tomcat/pull/463#issuecomment-1017381686 If we limit the back-port to Tomcat 9+, we are on Java 8 and can use default methods to maintain compatibility. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.58
On 15/01/2022 14:50, Rémy Maucherat wrote: The proposed 9.0.58 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 9.0.58 (stable) Sorry, ran the tests first thing this morning and forgot to vote. All good. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] cklein05 commented on pull request #463: Add support for additional user attributes to TomcatPrincipal
cklein05 commented on pull request #463: URL: https://github.com/apache/tomcat/pull/463#issuecomment-1017395345 > If we limit the back-port to Tomcat 9+, we are on Java 8 and can use default methods to maintain compatibility. I guess, that's the way to go. Shall I implement these in my branch already? However, I will commit all changes only after we've agreed on all open questions. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.0-M10
On 15/01/2022 13:49, Mark Thomas wrote: [X] Alpha - go ahead and release as 10.1.0-M10 (alpha) Tested on fedora34 with openjdk version "11.0.13 -- Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE][RESULT] Release Apache Tomcat 8.5.75
The following votes were cast: Binding: +1: isapir, remm, schultz No other votes were cast. Therefore, the vote passes. Thanks to everyone who contributed to this release and testing it. `1 -chris On 1/18/22 17:26, Christopher Schultz wrote: The proposed Apache Tomcat 8.5.75 release is now available for voting. The one notable change compared to 8.5.74 (which was not released due to this bug) is: - Correct a regression in the fix for BZ 65785 that broke HTTP/2 server push. The notable changes compared to 8.5.73 are: - Provide protection against a known OS bug that causes the acceptor to report an incoming connection more than once. - Fix several potential JVM crashes when using the APR connector. - Implement a workaround for a JVM bug that can trigger a file descriptor leak when using multi-part upload and the application does not explicitly close an input stream for an uploaded file that was cached on disk. - Fix exceptions when the security manager is enabled and the first request received after starting is an HTTP request to a TLS enabled NIO2 connector. - Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize. - Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response. Along with lots of other bug fixes and improvements. For full details, see the changelog: https://ci.apache.org/projects/tomcat/tomcat-8.5.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.75/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1355 The tag is: https://github.com/apache/tomcat/tree/8.5.75/ Commit b5c9c3a25a17f777989408973013f5312acdb8e2 The proposed 8.5.75 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 8.5.75 (stable) -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r52168 - /dev/tomcat/tomcat-8/v8.5.75/ /release/tomcat/tomcat-8/v8.5.75/
Author: schultz Date: Thu Jan 20 12:59:02 2022 New Revision: 52168 Log: Promote release candidate to release Added: release/tomcat/tomcat-8/v8.5.75/ - copied from r52167, dev/tomcat/tomcat-8/v8.5.75/ Removed: dev/tomcat/tomcat-8/v8.5.75/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.58
On Sat, Jan 15, 2022 at 9:51 AM Rémy Maucherat wrote: > The proposed Apache Tomcat 9.0.58 release is now available for voting. > > The notable changes compared to 9.0.56 are: > > - Add recycling check in the input and output stream isReady to try to >give a more informative ISE when the facade has been recycled. > > - Implement support for HTTP/1.1 upgrade when the request includes a >body. The maximum permitted size of the body is controlled by >maxSavePostSize. > > - Improve handling of various cases where one request/response >processing thread attempts to manage the asynchronous IO for a >different request/response. > > Along with lots of other bug fixes and improvements. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.58/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1354 > The tag is: > https://github.com/apache/tomcat/tree/9.0.58 > bd9afafc1ec568f8160ed3679a776b26d8a29b99 > > The proposed 9.0.58 release is: > [ ] Broken - do not release > [x] Stable - go ahead and release as 9.0.58 (stable) > +1 > Rémy > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
svn commit: r1897251 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-8.5-doc/ docs/tomcat-8.5-doc/annotationapi/ docs/tomcat-8.5-doc/annotationapi/javax/annotation/ docs/tomcat-8.5-doc/annotationapi/jav
Author: schultz Date: Thu Jan 20 13:32:41 2022 New Revision: 1897251 URL: http://svn.apache.org/viewvc?rev=1897251&view=rev Log: Update web site to announce Release 8.5.75 and include documentation. [This commit notification would consist of 76 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 8.5.75 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.75. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers technologies. Apache Tomcat 8.5.75 is a bugfix and feature release. (Note that Tomcat 8.5.74 was not released.) The notable changes compared to 8.5.73 include: - JmxRemoteLifecycleListener has been removed. - Provide protection against a known OS bug that causes the acceptor to report an incoming connection more than once. - Fix several potential JVM crashes when using the APR connector. - Implement a workaround for a JVM bug that can trigger a file descriptor leak when using multi-part upload and the application does not explicitly close an input stream for an uploaded file that was cached on disk. - Fix exceptions when the security manager is enabled and the first request received after starting is an HTTP request to a TLS enabled NIO2 connector. - Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize. - Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response. Along with lots of other bug fixes and improvements. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-8.5-doc/changelog.html Downloads: http://tomcat.apache.org/download-80.cgi Migration guides from Apache Tomcat 7.x and 8.0.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 9.0.58
The following votes were cast: Binding: +1: isapir, remm, markt, csutherl No other votes were cast. Therefore, the vote passes. Thanks to everyone who contributed to this release and testing it. Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r52170 - /dev/tomcat/tomcat-9/v9.0.58/ /release/tomcat/tomcat-9/v9.0.58/
Author: remm Date: Thu Jan 20 13:53:28 2022 New Revision: 52170 Log: Apache Tomcat 9.0.58 Added: release/tomcat/tomcat-9/v9.0.58/ - copied from r52169, dev/tomcat/tomcat-9/v9.0.58/ Removed: dev/tomcat/tomcat-9/v9.0.58/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65802] Invalid header name should be rejected in the HTTP server response
https://bz.apache.org/bugzilla/show_bug.cgi?id=65802 --- Comment #7 from Nils R --- To add to that point, I found out another reason to push this issue forward. The HTTP/2.0 RFC (https://datatracker.ietf.org/doc/html/rfc7540#section-10.3) says in the "Intermediary Encapsulation Attack" section : > The HTTP/2 header field encoding allows the expression of names that > are not valid field names in the Internet Message Syntax used by > HTTP/1.1. Requests or responses containing invalid header field > names MUST be treated as malformed (Section 8.1.2.6). An > intermediary therefore cannot translate an HTTP/2 request or response > containing an invalid field name into an HTTP/1.1 message. So it seems, that there is a security consideration to reject such header names. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Update release date.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new 8f34559 Update release date. 8f34559 is described below commit 8f3455965feec482daad73577f68891cf16b4430 Author: Christopher Schultz AuthorDate: Thu Jan 20 09:12:39 2022 -0500 Update release date. --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index c3f6819..f172232 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -106,7 +106,7 @@ --> - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r52171 - /release/tomcat/tomcat-8/v8.5.73/
Author: schultz Date: Thu Jan 20 14:14:37 2022 New Revision: 52171 Log: Drop old release artifacts. Removed: release/tomcat/tomcat-8/v8.5.73/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1897253 - in /tomcat/site/trunk/docs/tomcat-9.0-doc: ./ annotationapi/ annotationapi/javax/annotation/ annotationapi/javax/annotation/security/ annotationapi/javax/annotation/sql/ api/ ap
Author: remm Date: Thu Jan 20 14:19:15 2022 New Revision: 1897253 URL: http://svn.apache.org/viewvc?rev=1897253&view=rev Log: Update docs for 9.0.58 [This commit notification would consist of 80 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1897255 - in /tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache: catalina/mbeans/ coyote/http11/upgrade/ tomcat/util/buf/ tomcat/util/security/
Author: remm
Date: Thu Jan 20 14:31:04 2022
New Revision: 1897255
URL: http://svn.apache.org/viewvc?rev=1897255&view=rev
Log:
Update docs for 9.0.58 (part 2)
Added:
tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/coyote/http11/upgrade/UpgradeApplicationBufferHandler.html
tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/tomcat/util/buf/ByteChunk.BufferOverflowException.html
tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/tomcat/util/security/PrivilegedSetAccessControlContext.html
Removed:
tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.RmiClientLocalhostSocketFactory.html
tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.RmiServerBindSocketFactory.html
tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.SslRmiServerBindSocketFactory.html
tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/catalina/mbeans/JmxRemoteLifecycleListener.html
Added:
tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/coyote/http11/upgrade/UpgradeApplicationBufferHandler.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/coyote/http11/upgrade/UpgradeApplicationBufferHandler.html?rev=1897255&view=auto
==
---
tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/coyote/http11/upgrade/UpgradeApplicationBufferHandler.html
(added)
+++
tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache/coyote/http11/upgrade/UpgradeApplicationBufferHandler.html
Thu Jan 20 14:31:04 2022
@@ -0,0 +1,332 @@
+http://www.w3.org/TR/html4/loose.dtd";>
+
+
+
+
+
+UpgradeApplicationBufferHandler (Apache Tomcat 9.0.58 API
Documentation)
+
+
+
+
+
+var methods = {"i0":10,"i1":10,"i2":10};
+var tabs = {65535:["t0","All Methods"],2:["t2","Instance
Methods"],8:["t4","Concrete Methods"]};
+var altColor = "altColor";
+var rowColor = "rowColor";
+var tableTab = "tableTab";
+var activeTableTab = "activeTableTab";
+
+
+JavaScript is disabled on your browser.
+
+
+
+
+
+Skip navigation links
+
+
+
+
+Overview
+Package
+Class
+Tree
+Deprecated
+Index
+Help
+
+Apache Tomcat 9.0.58
+
+
+
+Prev Class
+Next Class
+
+
+Frames
+No Frames
+
+
+All Classes
+
+
+
+
+
+
+
+Summary:
+Nested |
+Field |
+Constr |
+Method
+
+
+Detail:
+Field |
+Constr |
+Method
+
+
+
+
+
+
+
+
+org.apache.coyote.http11.upgrade
+Class
UpgradeApplicationBufferHandler
+
+
+
+https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true";
title="class or interface in java.lang">java.lang.Object
+
+
+org.apache.coyote.http11.upgrade.UpgradeApplicationBufferHandler
+
+
+
+
+
+
+
+All Implemented Interfaces:
+ApplicationBufferHandler
+
+
+
+public class UpgradeApplicationBufferHandler
+extends https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true";
title="class or interface in java.lang">Object
+implements ApplicationBufferHandler
+Trivial implementation of ApplicationBufferHandler to
support saving
+ of HTTP request bodies during an HTTP/1.1 upgrade.
+
+
+
+
+
+
+
+
+
+
+
+Field Summary
+
+
+
+
+Fields inherited from interface org.apache.tomcat.util.net.ApplicationBufferHandler
+EMPTY,
EMPTY_BUFFER
+
+
+
+
+
+
+
+
+Constructor Summary
+
+Constructors
+
+Constructor and Description
+
+
+UpgradeApplicationBufferHandler()
+
+
+
+
+
+
+
+
+
+Method Summary
+
+All Methods Instance Methods Concrete Methods
+
+Modifier and Type
+Method and Description
+
+
+void
+expand(int size)
+
+
+https://docs.oracle.com/javase/8/docs/api/java/nio/ByteBuffer.html?is-external=true";
title="class or interface in java.nio">ByteBuffer
+getByteBuffer()
+
+
+void
+setByteBuffer(https://docs.oracle.com/javase/8/docs/api/java/nio/ByteBuffer.html?is-external=true";
title="class or interface in
java.nio">ByteBuffer byteBuffer)
+
+
+
+
+
+
+Methods inherited from class java.lang.https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true";
title="class or interface in java.lang">Object
+https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone--";
title="class or interface in java.lang">clone, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals-java.lang.Object-";
title="class or interface in java.lang">equals, https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize--";
title="class or interface in j
svn commit: r1897256 - in /tomcat/site/trunk: docs/ xdocs/
Author: remm Date: Thu Jan 20 14:36:40 2022 New Revision: 1897256 URL: http://svn.apache.org/viewvc?rev=1897256&view=rev Log: Update docs for 9.0.58 (part 3) Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf tomcat/site/trunk/docs/download-90.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/migration-9.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/docs/whichversion.html tomcat/site/trunk/xdocs/doap_Tomcat.rdf tomcat/site/trunk/xdocs/download-90.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/migration-9.xml tomcat/site/trunk/xdocs/oldnews.xml tomcat/site/trunk/xdocs/whichversion.xml Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/doap_Tomcat.rdf?rev=1897256&r1=1897255&r2=1897256&view=diff == --- tomcat/site/trunk/docs/doap_Tomcat.rdf (original) +++ tomcat/site/trunk/docs/doap_Tomcat.rdf Thu Jan 20 14:36:40 2022 @@ -67,8 +67,8 @@ Latest Stable 9.0.x Release -2021-12-08 -9.0.56 +2022-01-20 +9.0.58 Modified: tomcat/site/trunk/docs/download-90.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-90.html?rev=1897256&r1=1897255&r2=1897256&view=diff == --- tomcat/site/trunk/docs/download-90.html (original) +++ tomcat/site/trunk/docs/download-90.html Thu Jan 20 14:36:40 2022 @@ -10,7 +10,7 @@ Quick Navigation -[define v]9.0.56[end] +[define v]9.0.58[end] https://downloads.apache.org/tomcat/tomcat-9/KEYS";>KEYS | [v] | Browse | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1897256&r1=1897255&r2=1897256&view=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Thu Jan 20 14:36:40 2022 @@ -34,6 +34,30 @@ wiki page. Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation. +2022-01-20 Tomcat 9.0.58 Released + +The Apache Tomcat Project is proud to announce the release of version 9.0.58 +of Apache Tomcat. This release implements specifications that are part of the +Java EE 8 platform. The notable changes compared to 9.0.56 include: + +Add recycling check in the input and output stream isReady to try to +give a more informative ISE when the facade has been recycled. +Implement support for HTTP/1.1 upgrade when the request includes a +body. The maximum permitted size of the body is controlled by +maxSavePostSize. +Improve handling of various cases where one request/response +processing thread attempts to manage the asynchronous IO for a +different request/response. + + +Full details of these changes, and all the other changes, are available in the +Tomcat 9 +changelog. + + + +https://tomcat.apache.org/download-90.cgi";>Download + 2022-01-17 Tomcat 8.5.75 Released The Apache Tomcat Project is proud to announce the release of version 8.5.75 @@ -65,30 +89,6 @@ changelog. https://tomcat.apache.org/download-80.cgi";>Download -2021-12-08 Tomcat 9.0.56 Released - -The Apache Tomcat Project is proud to announce the release of version 9.0.56 -of Apache Tomcat. This release implements specifications that are part of the -Java EE 8 platform. The notable changes compared to 9.0.55 include: - -Provide protection against a known OS bug that causes the acceptor to report -an incoming connection more than once. -Implement a workaround for a JVM bug that can trigger a file descriptor leak -when using multi-part upload and the application does not explicitly close -an input stream for an uploaded file that was cached on disk. -Fix exceptions when the security manager is enabled and the first request -received after starting is an HTTP request to a TLS enabled NIO2 -connector. - - -Full details of these changes, and all the other changes, are available in the -Tomcat 9 -changelog. - - - -https://tomcat.apache.org/download-90.cgi";>Download - 2021-12-08 Tomcat 10.0.14 Released The Apache Tomcat Project is proud to announce the release of version 10.0.14 Modified: tomcat/site/trunk/docs/migration-9.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-9.html?rev=1897256&r1=1897255&r2=1897256&view=diff == --- tomcat/site/trunk/docs/migration-9.html (original) +++ tomcat/site/trunk/docs/migration-9.html Thu Jan 20 14:36:40 2022 @@ -439,7 +439,8 @@ of Apache Tomcat. 9.0.52 9.0.53 9.0.54 -9.0.55 +9.0.55 +9.0.56 , new version: 9.0.0-M1 @@ -502,7 +503,8 @@ of Apa
[tomcat] branch 9.0.x updated: Update with release date
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new cc34038 Update with release date cc34038 is described below commit cc3403892726bf7bf655fc475f3baa8380be6b01 Author: remm AuthorDate: Thu Jan 20 15:38:49 2022 +0100 Update with release date Note that the date is now the date on which the release vote is closed, so it's 01/20 rather than 01/15. --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 109bb9c..acea652 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -116,7 +116,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 9.0.58 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.58. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.58 is a bugfix and feature release. The notable changes compared to 9.0.56 include: - Add recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled. - Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize. - Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response. Along with lots of other bug fixes and improvements. Please refer to the change log for the complete list of changes: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html Downloads: https://tomcat.apache.org/download-90.cgi Migration guides from Apache Tomcat 7.x and 8.x: https://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Remove unnecessary references to compile.source and compile.target
Am 13.01.2022 um 17:36 schrieb ma...@apache.org:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 0188b6d Remove unnecessary references to compile.source and
compile.target
0188b6d is described below
commit 0188b6d8f326aa83dabeeefe18d70a5b92fbbace
Author: Mark Thomas
AuthorDate: Thu Jan 13 16:36:32 2022 +
Remove unnecessary references to compile.source and compile.target
Since we are using release, that overrides source and target.
---
build.xml | 31 +--
1 file changed, 9 insertions(+), 22 deletions(-)
diff --git a/build.xml b/build.xml
index dbacea4..9dc3217 100644
--- a/build.xml
+++ b/build.xml
...
@@ -983,8 +977,8 @@
-
-
+
+
...
File res/bnd/build-defaults.bnd contains:
X-Compile-Source-JDK: ${compile.source}
X-Compile-Target-JDK: ${compile.target}
which leads to
[bnd] 2 WARNINGS
[bnd] No translation found for macro: compile.target
[bnd] No translation found for macro: compile.source
when bnd runs.
I have not tried, whether it suffices to use compile.release, or whether
compile.release also has to be added to the version.filters in build.xml.
Observed for 10.0.16, but probably the same in the current HEADS for
multiple branches.
Best regards,
Rainer
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65820] New: HTTP Basic Authentication no longer supported
https://bz.apache.org/bugzilla/show_bug.cgi?id=65820 Bug ID: 65820 Summary: HTTP Basic Authentication no longer supported Product: Tomcat 9 Version: unspecified Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Manager Assignee: dev@tomcat.apache.org Reporter: joao.paulo.mart...@gmail.com Target Milestone: - Hello, good afternoon, Main browsers no longer support "HTTP Basic Authentication" for security reasons. Currently we are forced to use old deprecated Internet Explorer to be able to use Tomcat Manager web application to check, stop, start, reload, deploy applications into tomcat. I urge for a new feature, a new method of authentication, a simple custom web form authentication page with some filters might do the trick. Best regards, Have a nice day. João Paulo -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65820] HTTP Basic Authentication no longer supported
https://bz.apache.org/bugzilla/show_bug.cgi?id=65820 joao.paulo.mart...@gmail.com changed: What|Removed |Added OS||All --- Comment #1 from joao.paulo.mart...@gmail.com --- Notice that behavior of app is not great, it gives out a generic "401 Unauthorized" with plain old instructions on how to add credentials to xml file, not giving any clue on the real issue being browser lack of support for method of authentication. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [tomcat] branch main updated: Update (currently unused) reproducible build timestamp
Am 15.01.2022 um 12:56 schrieb ma...@apache.org:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new c5fda80 Update (currently unused) reproducible build timestamp
c5fda80 is described below
commit c5fda809d2344d76aab21e5902fff797fd19880c
Author: Mark Thomas
AuthorDate: Sat Jan 15 11:56:27 2022 +
Update (currently unused) reproducible build timestamp
---
build.properties.default | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index 35aeb76..e1003ea 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -38,8 +38,8 @@ version.suffix=-M10-dev
# - Reproducible builds -
# Uncomment and set to current time for reproducible builds
# Note: The value is in seconds (unlike milliseconds used by
System.currentTimeMillis()).
-#2022-01-12T06:00:00Z
-#ant.tstamp.now=1642003200
+#2022-01-15T12:00:00Z
+#ant.tstamp.now=1642248000
It seems build.xml uses ant.tstamp.now.iso, so the two lines should be
#ant.tstamp.now.iso=2022-01-15T12:00:00Z
#ant.tstamp.now=1642248000
or just the iso line and dropping the last one. Without the addition of
"ant.tstamp.now.iso=" and iuncommenting, I get a build warning:
build-tomcat-jdbc:
[echo] Building Tomcat JDBC pool libraries
[tstamp] magic property ant.tstamp.now.iso ignored as
'${ant.tstamp.now.iso}' is not in valid ISO pattern
[tstamp] magic property ant.tstamp.now.iso ignored as
'${ant.tstamp.now.iso}' is not in valid ISO pattern
The warning is OK, but it indocates, that the "iso" property is actually
the one, that should be prepared to be easily usable.
Observed for TC 10.0, probably the same in other branches.
Thanks and regards,
Rainer
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65820] HTTP Basic Authentication no longer supported
https://bz.apache.org/bugzilla/show_bug.cgi?id=65820 --- Comment #2 from joao.paulo.mart...@gmail.com --- Or even simpler, taking into account the Valve that suppose to limit access to local only (to confirm if is effective) simples remove authentication and assume that localhost is a safe zone. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1897258 - in /tomcat/site/trunk: ./ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationapi/jak
Author: markt Date: Thu Jan 20 16:22:45 2022 New Revision: 1897258 URL: http://svn.apache.org/viewvc?rev=1897258&view=rev Log: Update docs for 10.1.0-M10 release [This commit notification would consist of 84 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1897259 - in /tomcat/site/trunk: docs/download-10.html docs/index.html docs/migration-10.1.html docs/oldnews.html docs/whichversion.html xdocs/download-10.xml xdocs/index.xml xdocs/migrat
Author: markt Date: Thu Jan 20 16:31:40 2022 New Revision: 1897259 URL: http://svn.apache.org/viewvc?rev=1897259&view=rev Log: Update site for 10.1.0-M10 release Modified: tomcat/site/trunk/docs/download-10.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/migration-10.1.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/docs/whichversion.html tomcat/site/trunk/xdocs/download-10.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/migration-10.1.xml tomcat/site/trunk/xdocs/oldnews.xml tomcat/site/trunk/xdocs/whichversion.xml Modified: tomcat/site/trunk/docs/download-10.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-10.html?rev=1897259&r1=1897258&r2=1897259&view=diff == --- tomcat/site/trunk/docs/download-10.html (original) +++ tomcat/site/trunk/docs/download-10.html Thu Jan 20 16:31:40 2022 @@ -20,7 +20,7 @@ Quick Navigation [define v]10.0.14[end] -[define w]10.1.0-M8[end] +[define w]10.1.0-M10[end] https://downloads.apache.org/tomcat/tomcat-10/KEYS";>KEYS | [v] | [w] (alpha) | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1897259&r1=1897258&r2=1897259&view=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Thu Jan 20 16:31:40 2022 @@ -89,11 +89,11 @@ changelog. https://tomcat.apache.org/download-80.cgi";>Download -2021-12-08 Tomcat 10.0.14 Released +2022-01-20 Tomcat 10.1.0-M10 (alpha) Released -The Apache Tomcat Project is proud to announce the release of version 10.0.14 -of Apache Tomcat. This release implements specifications that are part of the -Jakarta EE 9 platform. +The Apache Tomcat Project is proud to announce the release of version 10.1.0-M10 +of Apache Tomcat. This release is a milestone release and is targeted at Jakarta +EE 10. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and @@ -104,29 +104,28 @@ migration tool for Jakarta EE tool w https://tomcat.apache.org/download-migration.cgi";>download for off-line use. The notable changes in this release are: -Provide protection against a known OS bug that causes the acceptor to report -an incoming connection more than once. -Implement a workaround for a JVM bug that can trigger a file descriptor leak -when using multi-part upload and the application does not explicitly close -an input stream for an uploaded file that was cached on disk. -Fix exceptions when the security manager is enabled and the first request -received after starting is an HTTP request to a TLS enabled NIO2 -connector. +Add a recycling check in the input and output stream isReady to try to give +a more informative ISE when the facade has been recycled. +Implement support for HTTP/1.1 upgrade when the request includes a body. The +maximum permitted size of the body is controlled by maxSavePostSize. +Improve handling of various cases where one request/response processing +thread attempts to manage the asynchronous IO for a different +request/response Full details of these changes, and all the other changes, are available in the -Tomcat 10 -changelog. +Tomcat 10.1 +(alpha) changelog. https://tomcat.apache.org/download-10.cgi";>Download -2021-12-08 Tomcat 10.1.0-M8 (alpha) Released +2021-12-08 Tomcat 10.0.14 Released -The Apache Tomcat Project is proud to announce the release of version 10.1.0-M8 -of Apache Tomcat. This release is a milestone release and is targeted at Jakarta -EE 10. +The Apache Tomcat Project is proud to announce the release of version 10.0.14 +of Apache Tomcat. This release implements specifications that are part of the +Jakarta EE 9 platform. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and @@ -137,18 +136,19 @@ migration tool for Jakarta EE tool w https://tomcat.apache.org/download-migration.cgi";>download for off-line use. The notable changes in this release are: -Limit cookie support to RFC 6265 to align with recent updates to the Servlet -specification. -Update the WebSocket API packaging to remove the copy of the client API from -the server API and replace it with a dependency on the client API. This -aligns Tomcat with changes in the WebSocket 2.1 specification. Provide protection against a known OS bug that causes the acceptor to report -an incoming connection more than once. +an incoming connection more than once. +Implement a workaro
[ANN] Apache Tomcat 10.1.0-M10 (alpha) available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M10 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specifications. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use. Apache Tomcat 10.1.0-M10 is a milestone release of the 10.1.x branch and has been made to provide users with early access to the new features in Apache Tomcat 10.1.x so that they may provide feedback. The notable changes compared to 10.1.0-M8 include: - Add recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled. - Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize. - Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-10.1-doc/changelog.html Downloads: http://tomcat.apache.org/download-10.cgi Migration guides from Apache Tomcat 7.0.x, 8.5.x and 9.0.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r52173 - /release/tomcat/tomcat-10/v10.1.0-M8/
Author: markt Date: Thu Jan 20 17:06:34 2022 New Revision: 52173 Log: Drop 10.1.0-M8 from mirror network Removed: release/tomcat/tomcat-10/v10.1.0-M8/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1897262 - in /tomcat/site/trunk: ./ docs/tomcat-10.0-doc/ docs/tomcat-10.0-doc/annotationapi/ docs/tomcat-10.0-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.0-doc/annotationapi/jak
Author: markt Date: Thu Jan 20 17:32:14 2022 New Revision: 1897262 URL: http://svn.apache.org/viewvc?rev=1897262&view=rev Log: Update docs for 10.0.16 release! [This commit notification would consist of 83 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65820] HTTP Basic Authentication no longer supported
https://bz.apache.org/bugzilla/show_bug.cgi?id=65820 Christopher Schultz changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #3 from Christopher Schultz --- What? HTTP Basic Athentication works on the 4 browsers I currently have access to. Scratch that, the browser on my mobile phone also supports it. All of them are their most recent versions, still supported by their vendors. Which browser are YOU using? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1897266 - in /tomcat/site/trunk: docs/ xdocs/
Author: markt Date: Thu Jan 20 18:31:40 2022 New Revision: 1897266 URL: http://svn.apache.org/viewvc?rev=1897266&view=rev Log: Update site for 10.0.16 release Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf tomcat/site/trunk/docs/download-10.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/migration-10.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/docs/whichversion.html tomcat/site/trunk/xdocs/doap_Tomcat.rdf tomcat/site/trunk/xdocs/download-10.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/migration-10.xml tomcat/site/trunk/xdocs/oldnews.xml tomcat/site/trunk/xdocs/whichversion.xml Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/doap_Tomcat.rdf?rev=1897266&r1=1897265&r2=1897266&view=diff == --- tomcat/site/trunk/docs/doap_Tomcat.rdf (original) +++ tomcat/site/trunk/docs/doap_Tomcat.rdf Thu Jan 20 18:31:40 2022 @@ -60,8 +60,8 @@ Latest Stable 10.0.x Release -2021-12-08 -10.0.14 +2022-01-20 +10.0.16 Modified: tomcat/site/trunk/docs/download-10.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-10.html?rev=1897266&r1=1897265&r2=1897266&view=diff == --- tomcat/site/trunk/docs/download-10.html (original) +++ tomcat/site/trunk/docs/download-10.html Thu Jan 20 18:31:40 2022 @@ -19,7 +19,7 @@ Quick Navigation -[define v]10.0.14[end] +[define v]10.0.16[end] [define w]10.1.0-M10[end] https://downloads.apache.org/tomcat/tomcat-10/KEYS";>KEYS | [v] | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1897266&r1=1897265&r2=1897266&view=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Thu Jan 20 18:31:40 2022 @@ -34,6 +34,38 @@ wiki page. Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation. +2022-01-20 Tomcat 10.0.16 Released + +The Apache Tomcat Project is proud to announce the release of version 10.0.16 +of Apache Tomcat. This release implements specifications that are part of the +Jakarta EE 9 platform. +Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 +without changes. Java EE based applications designed for Tomcat 9 and earlier +may be placed in the $CATALINA_BASE/webapps-javaee directory and +Tomcat will automatically convert them to Jakarta EE and copy them to the +webapps directory. This conversion is performed using the +https://github.com/apache/tomcat-jakartaee-migration";>Apache Tomcat +migration tool for Jakarta EE tool which is also available as a separate +https://tomcat.apache.org/download-migration.cgi";>download for off-line use. +The notable changes in this release are: + +Add a recycling check in the input and output stream isReady to try to give +a more informative ISE when the facade has been recycled. +Implement support for HTTP/1.1 upgrade when the request includes a body. The +maximum permitted size of the body is controlled by maxSavePostSize. +Improve handling of various cases where one request/response processing +thread attempts to manage the asynchronous IO for a different +request/response + + +Full details of these changes, and all the other changes, are available in the +Tomcat 10 +changelog. + + + +https://tomcat.apache.org/download-10.cgi";>Download + 2022-01-20 Tomcat 9.0.58 Released The Apache Tomcat Project is proud to announce the release of version 9.0.58 @@ -119,39 +151,6 @@ Full details of these changes, and all t -https://tomcat.apache.org/download-10.cgi";>Download - -2021-12-08 Tomcat 10.0.14 Released - -The Apache Tomcat Project is proud to announce the release of version 10.0.14 -of Apache Tomcat. This release implements specifications that are part of the -Jakarta EE 9 platform. -Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 -without changes. Java EE based applications designed for Tomcat 9 and earlier -may be placed in the $CATALINA_BASE/webapps-javaee directory and -Tomcat will automatically convert them to Jakarta EE and copy them to the -webapps directory. This conversion is performed using the -https://github.com/apache/tomcat-jakartaee-migration";>Apache Tomcat -migration tool for Jakarta EE tool which is also available as a separate -https://tomcat.apache.org/download-migration.cgi";>download for off-line use. -The notable changes in this release are: - -Provide protection against a known OS bug that causes the acceptor to report -an incoming connection more than once. -Implement a workaro
[ANN] Apache Tomcat 10.0.16 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.16. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specifications. The notable changes compared to 10.0.14 include: - Add recycling check in the input and output stream isReady to try to give a more informative ISE when the facade has been recycled. - Implement support for HTTP/1.1 upgrade when the request includes a body. The maximum permitted size of the body is controlled by maxSavePostSize. - Improve handling of various cases where one request/response processing thread attempts to manage the asynchronous IO for a different request/response Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-10.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-10.cgi Migration guides from Apache Tomcat 7.0.x, 8.5.x and 9.0.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r52175 - /release/tomcat/tomcat-10/v10.0.14/
Author: markt Date: Thu Jan 20 18:38:24 2022 New Revision: 52175 Log: Drop 10.0.14 from mirror network Removed: release/tomcat/tomcat-10/v10.0.14/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r52176 - /release/tomcat/tomcat-9/v9.0.56/
Author: markt Date: Thu Jan 20 18:38:50 2022 New Revision: 52176 Log: Drop 9.0.56 from mirror network Removed: release/tomcat/tomcat-9/v9.0.56/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65820] HTTP Basic Authentication no longer supported
https://bz.apache.org/bugzilla/show_bug.cgi?id=65820 joao.paulo.mart...@gmail.com changed: What|Removed |Added Status|NEEDINFO|NEW --- Comment #4 from joao.paulo.mart...@gmail.com --- Thank you for your input. I have edge 97.0.1072.62 (official build 64 bits) and chrome 97.0.4692.99 (Oficial build 32 bits). I suspect it may be my mistake, forgot I using company laptop, company group policies enforcement. My workaround with IE probably works cause there might not be such policies available or something. Even so it is considered an unsecure approach using http basic authentication, might worth a change. Best regards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Reproducible builds update
On 20/01/2022 11:02, Mark Thomas wrote: On 19/01/2022 16:56, Rémy Maucherat wrote: On Wed, Jan 19, 2022 at 5:52 PM Emmanuel Bourg wrote: Fortunately a non-reproducible javadoc isn't really important, what matters the most is to have reproducible executable packages. That seems like a reasonable statement ! Ack. I'll look at the Javadoc issue in slower time. I'm currently looking at reproducibility cross-platform. There seem to be differences in ordering for entries in archives. I need to figure out what the root cause is before I decide whether cross-platform reproducibility is worth pursuing further or not. I think I have figured this out. It is to do with ordering. Ant's zip task orders files by name and then places them in the archive, adjusting the file separator as required. The issue is that on Linux you have: webapp/WEB-INF webapp2/WEB-INF whereas on Windows you have webapp2\WEB-INF webapp\WEB-INF Because in ASCII: '/' is 0x2F '0'-'9' is 0x30 to 0x39 'A'-'Z' is 0x41 to 0x5A '\' is 0x5C 'a'-'z' is 0x61 to 0x7A The different file separator between platforms causes the file order to change. I have been working on fixing this here: https://github.com/markt-asf/tomcat/commits/reproducible The biggest change is the removal of the applet example - but since that doesn't work on any mainstream browser these days I think that is OK. I want to run a few more tests on this but, assuming they all pass, I'll probably apply these changes tomorrow. They will likely be reorganised when I do. I haven't looked beyond the src.zip archive yet. I imagine there might be similar issues elsewhere. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65820] HTTP Basic Authentication no longer supported
https://bz.apache.org/bugzilla/show_bug.cgi?id=65820 --- Comment #5 from Christopher Schultz --- (In reply to joao.paulo.martins from comment #4) > Even so it is considered an unsecure approach using http basic > authentication, might worth a change. [*] citation needed HTTP Basic Authentication is perfectly secure as long as you are using HTTPS. In fact, it's almost *exactly* as secure as FORM-based authentication, since the credentials are being sent across the wire in plain text in either case (without HTTPS). The only downside is that there is no way to expire the session on the server-side because most clients will cache those credentials until you terminate them (and most people leave their browsers running for days or weeks at a time). It's certainly possible to switch-over to FORM-based authentication. If it's important to you, are you interested in preparing a pull-request/patch for that capability? Remember that it also needs to continue to work for non-human clients (such as CLI-based uses of the Manager) and must have properly internationalization. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65820] HTTP Basic Authentication no longer supported
https://bz.apache.org/bugzilla/show_bug.cgi?id=65820 joao.paulo.mart...@gmail.com changed: What|Removed |Added Status|NEW |NEEDINFO --- Comment #6 from joao.paulo.mart...@gmail.com --- Thank for the challenge, I might consider it. Some adicional considerations, if I am not mistaken, tomcat HTTPS is not configured/forced by default, out of the box only HTTP is working. So most instances of tomcat are most likely only using plain HTTP access (most I've seen at least). But that is less relevant (if not mistaken) tomcat manager is limiting acesse to loopback IP range (127.*.*.*) so connection not really supposed to reach the network. If it is changed to be used over the network, even with HTTP/SSL the password is sent repeatedly, for each request that would create a larger attack window. At the time of writing, http basic authentication is generally not considered a secure authentication method, and it gives the feel of a dated technology. I believe we should understand it and use the best match for the specific security requirements, I think having by default the authentication mechanism disabled in tomcat manager would not be simpler and more cost effective. Would that be acceptable? -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 65828] New: [10.0.16] The gpg sign file is missing for the tar file
https://bz.apache.org/bugzilla/show_bug.cgi?id=65828 Bug ID: 65828 Summary: [10.0.16] The gpg sign file is missing for the tar file Product: Tomcat 10 Version: unspecified Hardware: PC OS: Linux Status: NEW Severity: normal Priority: P2 Component: Packaging Assignee: dev@tomcat.apache.org Reporter: syst...@mdc-berlin.de Target Milestone: -- Created attachment 38171 --> https://bz.apache.org/bugzilla/attachment.cgi?id=38171&action=edit Conent of the download archive. The gpg signature of the release are missing. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
