(tomcat) branch main updated: Update Tomcat Native to 2.0.9.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 92bf837d43 Update Tomcat Native to 2.0.9.
92bf837d43 is described below
commit 92bf837d434a58875d0e721725bbe9e2ba37c892
Author: Mark Thomas
AuthorDate: Thu May 29 20:13:49 2025 +0100
Update Tomcat Native to 2.0.9.
---
build.properties.default | 8
webapps/docs/changelog.xml | 3 +++
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index 94260f419b..91338092a5 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -156,14 +156,14 @@
jdt.loc.1=https://archive.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ec
jdt.loc.2=https://download.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
# - Tomcat native library -
-tomcat-native.version=2.0.8
-tomcat-native-openssl.version=3.0.14
+tomcat-native.version=2.0.9
+tomcat-native-openssl.version=3.5.0
tomcat-native.src.checksum.enabled=true
tomcat-native.src.checksum.algorithm=SHA-512
-tomcat-native.src.checksum.value=fd45533b9c34b008717d18ed49334c7286b93c849c487c1c42746f2998cc4a6ff0362e536a8b5124c6539847a92a9f7631c7638a21cd5d22134fe1a9bb0f0702
+tomcat-native.src.checksum.value=c8eb81de1cf7316174c36038c2133b013fd18ba11df09c41edb927ff33fef46863ef706b6193487ecde1eed7055d4c47fa23fc29d5a8d53f0c4b6d69b0ce9b33
tomcat-native.win.checksum.enabled=true
tomcat-native.win.checksum.algorithm=SHA-512
-tomcat-native.win.checksum.value=a4a8816668f14a7461711e25cb9277534981936c9e6f8b00ae55084cb265dc1d89ad07fa508ae2e1f7832236dafafbdd9d76a313c87f34e00ecfdfe75776638a
+tomcat-native.win.checksum.value=8e8a580425671025913259659b61c497354d682735481663730e800c8f8b4d16d3322d9c75037146f901af22341a903fa9700d18d8d2cd874745a18563cde0d5
tomcat-native.home=${base.path}/tomcat-native-${tomcat-native.version}
tomcat-native.tar.gz=${tomcat-native.home}/tomcat-native.tar.gz
tomcat-native.loc.1=${base-tomcat.loc.1}/tomcat-connectors/native/${tomcat-native.version}/source/tomcat-native-${tomcat-native.version}-src.tar.gz
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index be5dbd5c8d..be31ca4155 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -269,6 +269,9 @@
Update Derby to 10.17.1.0. (markt)
+
+Update Tomcat Native to 2.0.9. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Update Tomcat Native to 2.0.9.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new d2feec047b Update Tomcat Native to 2.0.9.
d2feec047b is described below
commit d2feec047b0b8f91d16ce353d64a1fe9ef3a2fc4
Author: Mark Thomas
AuthorDate: Thu May 29 20:13:49 2025 +0100
Update Tomcat Native to 2.0.9.
---
build.properties.default | 8
webapps/docs/changelog.xml | 3 +++
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index 252d4711b8..b8b0a2a80f 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -178,14 +178,14 @@
jdt.loc.1=https://archive.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ec
jdt.loc.2=https://download.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
# - Tomcat native library -
-tomcat-native.version=2.0.8
-tomcat-native-openssl.version=3.0.14
+tomcat-native.version=2.0.9
+tomcat-native-openssl.version=3.5.0
tomcat-native.src.checksum.enabled=true
tomcat-native.src.checksum.algorithm=SHA-512
-tomcat-native.src.checksum.value=fd45533b9c34b008717d18ed49334c7286b93c849c487c1c42746f2998cc4a6ff0362e536a8b5124c6539847a92a9f7631c7638a21cd5d22134fe1a9bb0f0702
+tomcat-native.src.checksum.value=c8eb81de1cf7316174c36038c2133b013fd18ba11df09c41edb927ff33fef46863ef706b6193487ecde1eed7055d4c47fa23fc29d5a8d53f0c4b6d69b0ce9b33
tomcat-native.win.checksum.enabled=true
tomcat-native.win.checksum.algorithm=SHA-512
-tomcat-native.win.checksum.value=a4a8816668f14a7461711e25cb9277534981936c9e6f8b00ae55084cb265dc1d89ad07fa508ae2e1f7832236dafafbdd9d76a313c87f34e00ecfdfe75776638a
+tomcat-native.win.checksum.value=8e8a580425671025913259659b61c497354d682735481663730e800c8f8b4d16d3322d9c75037146f901af22341a903fa9700d18d8d2cd874745a18563cde0d5
tomcat-native.home=${base.path}/tomcat-native-${tomcat-native.version}
tomcat-native.tar.gz=${tomcat-native.home}/tomcat-native.tar.gz
tomcat-native.loc.1=${base-tomcat.loc.1}/tomcat-connectors/native/${tomcat-native.version}/source/tomcat-native-${tomcat-native.version}-src.tar.gz
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d8ebfe1ffc..76cfd6117e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -156,6 +156,9 @@
Add thread name to webappClassLoader.stackTraceRequestThread message.
Patch provided by Felix Zhang. (schultz)
+
+Update Tomcat Native to 2.0.9. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Update Tomcat Native to 2.0.9.
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/11.0.x by this push:
new a6f429c622 Update Tomcat Native to 2.0.9.
a6f429c622 is described below
commit a6f429c6224e50c198dffde0bb9e300a162a58d6
Author: Mark Thomas
AuthorDate: Thu May 29 20:13:49 2025 +0100
Update Tomcat Native to 2.0.9.
---
build.properties.default | 8
webapps/docs/changelog.xml | 3 +++
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/build.properties.default b/build.properties.default
index 15646b9316..7dafb56f2b 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -157,14 +157,14 @@
jdt.loc.1=https://archive.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ec
jdt.loc.2=https://download.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
# - Tomcat native library -
-tomcat-native.version=2.0.8
-tomcat-native-openssl.version=3.0.14
+tomcat-native.version=2.0.9
+tomcat-native-openssl.version=3.5.0
tomcat-native.src.checksum.enabled=true
tomcat-native.src.checksum.algorithm=SHA-512
-tomcat-native.src.checksum.value=fd45533b9c34b008717d18ed49334c7286b93c849c487c1c42746f2998cc4a6ff0362e536a8b5124c6539847a92a9f7631c7638a21cd5d22134fe1a9bb0f0702
+tomcat-native.src.checksum.value=c8eb81de1cf7316174c36038c2133b013fd18ba11df09c41edb927ff33fef46863ef706b6193487ecde1eed7055d4c47fa23fc29d5a8d53f0c4b6d69b0ce9b33
tomcat-native.win.checksum.enabled=true
tomcat-native.win.checksum.algorithm=SHA-512
-tomcat-native.win.checksum.value=a4a8816668f14a7461711e25cb9277534981936c9e6f8b00ae55084cb265dc1d89ad07fa508ae2e1f7832236dafafbdd9d76a313c87f34e00ecfdfe75776638a
+tomcat-native.win.checksum.value=8e8a580425671025913259659b61c497354d682735481663730e800c8f8b4d16d3322d9c75037146f901af22341a903fa9700d18d8d2cd874745a18563cde0d5
tomcat-native.home=${base.path}/tomcat-native-${tomcat-native.version}
tomcat-native.tar.gz=${tomcat-native.home}/tomcat-native.tar.gz
tomcat-native.loc.1=${base-tomcat.loc.1}/tomcat-connectors/native/${tomcat-native.version}/source/tomcat-native-${tomcat-native.version}-src.tar.gz
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index a7f818aca7..ba9ce658c8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -160,6 +160,9 @@
Add thread name to webappClassLoader.stackTraceRequestThread message.
Patch provided by Felix Zhang. (schultz)
+
+Update Tomcat Native to 2.0.9. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69700] Thread pool stops working when memory resources are exceed and new thread is needed
https://bz.apache.org/bugzilla/show_bug.cgi?id=69700 --- Comment #2 from Pavel Jareš --- I can agree that once OutOfMemory happens, the JDK is not in a good shape. But it should lead to a crash of the application. In this case, it just disables the Tomcat and process it still up. It is like a zombie. I would assume the application is stopped or in recovery. It is also difficult from an automation point of view. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69700] Thread pool stops working when memory resources are exceed and new thread is needed
https://bz.apache.org/bugzilla/show_bug.cgi?id=69700 Mark Thomas changed: What|Removed |Added Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #1 from Mark Thomas --- Once an OOME occurs, the JVM may not be in a consistent state and cannot be considered stable. Therefore is no point Tomcat trying to handle the OOME. If the environment can't handle the the configured maximum threads, you need to reduce the maximum threads. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: VisualVM hanging when connecting to Tomcat
Chuck,
On 5/28/25 9:21 PM, Chuck Caldarale wrote:
On 2025 May 28, at 09:40, Christopher Schultz
wrote:
Looking to answer a question on the users' ML ("rewrite.config hot update"), I tried to
connect VisualVM to Tomcat, but it hangs when connecting. The status bar says "Opening (pid X)
Tomcat ..." and eventually I need to kill the VisualVM process.
Has anyone experienced anything like this?
This is on aarm64 MacOS with a freshly-downloaded copy of VisualVM. It's
running on Java 24, which came bundled with it.
No problems with VisualVM 2.2 on my M1 MacBook Pro using the Temurin-23.0.2+7
JVM. I downloaded the VisualVM package from visualvm.github.io, which claims to
be the only place to get it now. It did not come bundled with any JVM version -
I find it odd that yours did.
Yeah, I got mine at the same place and assumed it contained a JVM
because of (a) the file size and (b) the presence of all the native
libraries in the bundle. But it only has custom native libraries, no
actual JVM. So it was picking my local Java 24 JVM for its own environment.
Could this be some kind of inter-process access rights issue? I
don’t recall having to enable anything when I first installed
version 2.1.10 a couple of months ago, but I didn’t take any notes,
so...
Yeah, I've never had this problem before. Both processes are running as
the same user. Tomcat isn't a "service" or anything weird like that...
just ran using "catalina.sh start" from CLI without any funny business.
I'll see what else I can find.
-chris
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat Native 2.0.9
On 28/05/2025 19:59, Christopher Schultz wrote: Mark, On 5/23/25 1:23 PM, Mark Thomas wrote: The key differences of version 2.0.9 compared to 2.0.8 are: - Update Windows build to use Visual Studio 2022 - The windows binaries in this release have been built with OpenSSL 3.5.0 and APR 1.7.6 The 2.0.x branch is primarily intended for use with Tomcat 10.1.x onwards but can be used with earlier versions as long as the APR/ native connector is not used. The proposed release artifacts can be found at [1], and the build was done using tag [2]. The pdb files are a lot larger than previously. I'm not sure if this is a bug or an expected consequence of the change in build process. The Apache Tomcat Native 2.0.9 release is [ ] Stable, go ahead and release [ ] Broken because of ... Not a vote, yet, but... The Java code doesn't build. I think probably nobody actually cares. I'd agree. There are two problems: 1. The compiler versions are set to Java 11 but @Serial (added in becf9d640858419f25f12558c964afb5a96ad369) doesn't exist until Java 14. 2. We are using StringBuilder.isEmpty (added in becf9d640858419f25f12558c964afb5a96ad369) which doesn't exist until Java 15. The build doesn't work in spite of the actual version of Java used for the build due to the values of compile.release and/or build.java.version. Setting them to "15" allows the Java build to succeed. We need to up that to Java 21 since that is what 12.0.x builds with. The README shows how to run the (Java) tests but there are no actual tests to run. :/ I'll remove that part. Thanks for the review. Mark -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat Native 2.0.9
On 23/05/2025 18:23, Mark Thomas wrote: The key differences of version 2.0.9 compared to 2.0.8 are: - Update Windows build to use Visual Studio 2022 - The windows binaries in this release have been built with OpenSSL 3.5.0 and APR 1.7.6 The 2.0.x branch is primarily intended for use with Tomcat 10.1.x onwards but can be used with earlier versions as long as the APR/native connector is not used. The proposed release artifacts can be found at [1], and the build was done using tag [2]. The pdb files are a lot larger than previously. I'm not sure if this is a bug or an expected consequence of the change in build process. The Apache Tomcat Native 2.0.9 release is [X] Stable, go ahead and release [ ] Broken because of ... Tests pass with Windows binary and Tomcat 12.0.x unit tests. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1925955 - in /tomcat/site/trunk: docs/security-10.html docs/security-11.html docs/security-9.html xdocs/security-10.xml xdocs/security-11.xml xdocs/security-9.xml
Author: markt Date: Thu May 29 19:02:19 2025 New Revision: 1925955 URL: http://svn.apache.org/viewvc?rev=1925955&view=rev Log: Publish CVE-2025-46701 Modified: tomcat/site/trunk/docs/security-10.html tomcat/site/trunk/docs/security-11.html tomcat/site/trunk/docs/security-9.html tomcat/site/trunk/xdocs/security-10.xml tomcat/site/trunk/xdocs/security-11.xml tomcat/site/trunk/xdocs/security-9.xml Modified: tomcat/site/trunk/docs/security-10.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-10.html?rev=1925955&r1=1925954&r2=1925955&view=diff == --- tomcat/site/trunk/docs/security-10.html (original) +++ tomcat/site/trunk/docs/security-10.html Thu May 29 19:02:19 2025 @@ -42,7 +42,25 @@ Table of Contents -Fixed in Apache Tomcat 10.1.40Fixed in Apache Tomcat 10.1.35Fixed in Apache Tomcat 10.1.34Fixed in Apache Tomcat 10.1.33Fixed in Apache Tomcat 10.1.31Fixed in Apache Tomcat 10.1.25Fixed in Apache Tomcat 10.1.19Fixed in Apache Tomcat 10.1.16Fixed in Apache Tomcat 10.1.14Fixed in Apache Tomcat 10.1.13Fixed in Apache Tomcat 10.1.9Fixed in Ap ache Tomcat 10.1.8Fixed in Apache Tomcat 10.1.6Fixed in Apache Tomcat 10.1.5Fixed in Apache Tomcat 10.1.2Fixed in Apache Tomcat 10.1.1Fixed in Apache Tomcat 10.0.27Fixed in Apache Tomcat 10.0.23Fixed in Apache Tomcat 10.1.0-M17Fixed in Apache Tomcat 10.0.21Fixed in Apache Tomcat 10.1.0-M15Fixed in Apache Tomcat 10.0.20Fixed in Apache Tomcat 10.1.0-M14Fixed in Apache Tomcat 10.0.16Fixed in Apache Tomcat 10.1.0-M10Fixed in Apache Tomcat 10.0.12Fixed in Apache Tomcat 10.1.0-M6Fixed in Apache Tomcat 10.0.7Fixed in Apache Tomcat 10.0.6Fixed in Apache Tomcat 10.0.5Fixed in Apache Tomcat 10.0.4Fixed in Apache Tomcat 10.0.2Fixed in Apache Tomcat 10.0.0-M10Fixed in Apache Tomcat 10.0.0-M8Fixed in Apache Tomcat 10.0.0 -M7Fixed in Apache Tomcat 10.0.0-M6Fixed in Apache Tomcat 10.0.0-M5Not a vulnerability in Tomcat +Fixed in Apache Tomcat 10.1.41Fixed in Apache Tomcat 10.1.40Fixed in Apache Tomcat 10.1.35Fixed in Apache Tomcat 10.1.34Fixed in Apache Tomcat 10.1.33Fixed in Apache Tomcat 10.1.31Fixed in Apache Tomcat 10.1.25Fixed in Apache Tomcat 10.1.19Fixed in Apache Tomcat 10.1.16Fixed in Apache Tomcat 10.1.14Fixed in Apache Tomcat 10.1.13Fixed in Apache Tomcat 10.1.9Fixed in Apache Tomcat 10.1.8Fixed in Apache Tomcat 10.1.6Fixed in Apache Tomcat 10.1.5Fixed in Apache Tomcat 10.1.2Fixed in Apache Tomcat 10.1.1Fixed in Apache Tomcat 10.0.27Fixed in Apache Tomcat 10.0.23Fixed in Apache Tomcat 10.1.0-M17Fixed in Apache Tomcat 10.0.21Fixed in Apache Tomcat 10.1.0-M15Fixed in Apache Tomcat 10.0.20Fixed in Apache Tomcat 10.1.0-M14Fixed in Apache Tomcat 10.0.16Fixed in Apache Tomcat 10.1.0-M10Fixed in Apache Tomcat 10.0.12Fixed in Apache Tomcat 10.1.0-M6Fixed in Apache Tomcat 10.0.7Fixed in Apache Tomcat 10.0.6Fixed in Apache Tomcat 10.0.5Fixed in Apache Tomcat 10.0.4Fixed in Apache Tomcat 10.0.2Fixed in Apache Tomcat 10.0.0-M10Fixed in Apache Tomcat 10.0.0-M8< /a>Fixed in Apache Tomcat 10.0.0-M7Fixed in Apache Tomcat 10.0.0-M6Fixed in Apache Tomcat 10.0.0-M5Not a vulnerability in Tomcat + 2025-05-12 Fixed in Apache Tomcat 10.1.41 + +Low: CGI security constraint bypass + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46701"; rel="nofollow">CVE-2025-46701 + +When running on a case insensitive file system with security constraints + configured for the pathInfo component of a URL that mapped + to the CGI servlet, it was possible to bypass those security constraints + with a specially crafted URL. + +This was fixed with commits + https://github.com/apache/tomcat/commit/2c6800111e7d8d8d5403c07978ea9bff3db5a5a5";>2c680011 and + https://github.com/apache/tomcat/commit/238d2aa54b99f91d467e2237d2244c64e558";>238d2aa5. + +The issue was made public on 29 May 2025. + +Affects: 10.1.0-M1 to 10.1.40 + 2025-04-08 Fixed in Apache Tomcat 10.1.40 Low: Rewrite rule bypass http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31651"; rel="nofollow">CVE-2025-31651 Modified: tomcat/site/trunk/docs/security-11.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-11.html?rev=1925955&r1=1925954&r2=1925955&view=diff == --- tomcat/site/trunk/docs/security-11.html (original) +++ tomcat/site/trunk/docs/security-11.html Thu May 29 19:02:19 2025 @@ -36,7 +36,25 @@ Table of Contents -Fixed in Apache Tomcat 11.0.6Fixed in Apache Tomcat 11.0.3Fixed in Apache Tomcat 11.0.2Fixed in Apache Tomcat 11.0.1Fixed in Apache Tomcat 11.0.0Fixed in Apache Tomcat 11.0.0-M21Fixed in Apache Tomcat 11.0.0-M17Fixed in Apache Tomcat 11.0.0-M12Fixed in Apache Tomcat 11.0.0-M11Fixed in Apache Tomcat 11.0.0-M6Fixed in Apache Tomc
[SECURITY] CVE-2025-46701 Apache Tomcat - CGI security constraint bypass
CVE-2025-46701 Apache Tomcat - CGI security constraint bypass Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.6 Apache Tomcat 10.1.0-M1 to 10.1.40 Apache Tomcat 9.0.0.M1 to 9.0.104 Description: When running on a case insensitive file system with security constraints configured for the pathInfo component of a URL that mapped to the CGI servlet, it was possible to bypass those security constraints with a specially crafted URL. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 11.0.7 or later - Upgrade to Apache Tomcat 10.1.41 or later - Upgrade to Apache Tomcat 9.0.105 or later Credit: The vulnerability was identified by Greg K (https://github.com/gregk4sec) History: 2025-05-29 Original advisory References: [1] https://tomcat.apache.org/security-11.html [2] https://tomcat.apache.org/security-10.html [3] https://tomcat.apache.org/security-9.html - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69699] Rewrite redirection forget SessionID path parameter
https://bz.apache.org/bugzilla/show_bug.cgi?id=69699
Mark Thomas changed:
What|Removed |Added
OS||All
--- Comment #1 from Mark Thomas ---
That is expected, documented behaviour:
"The URL presented to the rewrite valve is the same URL used for request
mapping...". i.e. all path parameters are removed.
We might want to consider a variable exposing the URL session ID so the user
can do something like
RewriteCond %{URL_SESSION_ID} !=""
Although I'll note no-one has actually asked for this functionality on the
users list.
I don't think we should be automatically adding it.
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1925949 - in /tomcat/site/trunk/docs/native-doc: index.html miscellaneous/changelog.html miscellaneous/tls-renegotiation.html news/2022.html news/2023.html news/2024.html news/2025.html
Author: markt Date: Thu May 29 17:35:52 2025 New Revision: 1925949 URL: http://svn.apache.org/viewvc?rev=1925949&view=rev Log: Update docs for Tomcat Native 2.0.9 release Added: tomcat/site/trunk/docs/native-doc/news/2025.html Modified: tomcat/site/trunk/docs/native-doc/index.html tomcat/site/trunk/docs/native-doc/miscellaneous/changelog.html tomcat/site/trunk/docs/native-doc/miscellaneous/tls-renegotiation.html tomcat/site/trunk/docs/native-doc/news/2022.html tomcat/site/trunk/docs/native-doc/news/2023.html tomcat/site/trunk/docs/native-doc/news/2024.html Modified: tomcat/site/trunk/docs/native-doc/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/native-doc/index.html?rev=1925949&r1=1925948&r2=1925949&view=diff == --- tomcat/site/trunk/docs/native-doc/index.html (original) +++ tomcat/site/trunk/docs/native-doc/index.html Thu May 29 17:35:52 2025 @@ -10,10 +10,10 @@ Headlines -24 July 2024 - TC-Native-2.0.8 +29 May 2025 - TC-Native-2.0.9 released The Apache Tomcat team is proud to announce the immediate availability of -Tomcat Native 2.0.8 Stable. +Tomcat Native 2.0.9 Stable. The sources and the binaries for selected platforms are available from the Download page. @@ -139,5 +139,5 @@ list of changes. -Copyright © 2008-2024, The Apache Software Foundation +Copyright © 2008-2025, The Apache Software Foundation \ No newline at end of file Modified: tomcat/site/trunk/docs/native-doc/miscellaneous/changelog.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/native-doc/miscellaneous/changelog.html?rev=1925949&r1=1925948&r2=1925949&view=diff == --- tomcat/site/trunk/docs/native-doc/miscellaneous/changelog.html (original) +++ tomcat/site/trunk/docs/native-doc/miscellaneous/changelog.html Thu May 29 17:35:52 2025 @@ -4,6 +4,18 @@ This is the Changelog for Apache Tomcat Native 2.0.x. The Tomcat Native 2.0.x branch started from the 1.2.33 tag. +Changes in 2.0.9 + + + Update the Windows build environment to use Visual Studio 2022. (markt) + + + Update the recommended minimum version of OpenSSL to 3.5.0. (markt) + + + Update the recommended minimum version of APR to 1.7.6. (markt) + + Changes in 2.0.8 @@ -187,5 +199,5 @@ Please see the 1.1.x changelog. -Copyright © 2008-2024, The Apache Software Foundation - +Copyright © 2008-2025, The Apache Software Foundation + \ No newline at end of file Modified: tomcat/site/trunk/docs/native-doc/miscellaneous/tls-renegotiation.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/native-doc/miscellaneous/tls-renegotiation.html?rev=1925949&r1=1925948&r2=1925949&view=diff == --- tomcat/site/trunk/docs/native-doc/miscellaneous/tls-renegotiation.html (original) +++ tomcat/site/trunk/docs/native-doc/miscellaneous/tls-renegotiation.html Thu May 29 17:35:52 2025 @@ -18,5 +18,5 @@ SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION is set. -Copyright © 2008-2024, The Apache Software Foundation +Copyright © 2008-2025, The Apache Software Foundation \ No newline at end of file Modified: tomcat/site/trunk/docs/native-doc/news/2022.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/native-doc/news/2022.html?rev=1925949&r1=1925948&r2=1925949&view=diff == --- tomcat/site/trunk/docs/native-doc/news/2022.html (original) +++ tomcat/site/trunk/docs/native-doc/news/2022.html Thu May 29 17:35:52 2025 @@ -1,5 +1,5 @@ -The Apache Tomcat Native Library 2.0 - News - 2022 News and Statushttps://tomcat.apache.org/";>http://www.apache.org/"; target="_blank">The Apache Tomcat Native Library 2.0 - NewsLinksDocs HomeMiscellaneous DocumentationChangelogTLS renegotiationNews2024202320222022 News and Status2022 News & Status +The Apache Tomcat Native Library 2.0 - News - 2022 News and Statushttps://tomcat.apache.org/";>http://www.apache.org/"; target="_blank">The Apache Tomcat Native Library 2.0 - NewsLinksDocs HomeMiscellaneous DocumentationChangelogTLS renegotiationNews20252024202320222022 News and Status2022 News & Status 11 November 2022 - TC-Native-2.0.2 released The Apache Tomcat team is proud to announce the immediate @@ -13,5 +13,5 @@ -Copyright © 2008-2024, The Apache Software Foundation +Copyright © 2008-2025, The Apache Software Foundation \ No newline at end of file Modified: tomcat/site/trunk/docs/native-doc/news/2023.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/native-doc/news/2023.html?rev=1925949&r1=1925948&r2=1925949&view=diff ==
svn commit: r1925950 - in /tomcat/site/trunk: docs/download-native.html docs/index.html docs/oldnews-2024.html xdocs/download-native.xml xdocs/index.xml xdocs/oldnews-2024.xml
Author: markt Date: Thu May 29 17:41:02 2025 New Revision: 1925950 URL: http://svn.apache.org/viewvc?rev=1925950&view=rev Log: Update site for release of Tomcat Native 2.0.9 Modified: tomcat/site/trunk/docs/download-native.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/oldnews-2024.html tomcat/site/trunk/xdocs/download-native.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/oldnews-2024.xml Modified: tomcat/site/trunk/docs/download-native.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-native.html?rev=1925950&r1=1925949&r2=1925950&view=diff == --- tomcat/site/trunk/docs/download-native.html (original) +++ tomcat/site/trunk/docs/download-native.html Thu May 29 17:41:02 2025 @@ -10,8 +10,8 @@ archive download site. Quick Navigation -[define v]2.0.8[end] -[define vo]3.0.14[end] +[define v]2.0.9[end] +[define vo]3.5.0[end] [define w]1.3.1[end] [define wo]3.0.14[end] https://downloads.apache.org/tomcat/tomcat-connectors/KEYS";>KEYS | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1925950&r1=1925949&r2=1925950&view=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Thu May 29 17:41:02 2025 @@ -34,6 +34,20 @@ wiki page. Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation. +2024-05-29 Tomcat Native 2.0.9 Released + +The Apache Tomcat Project is proud to announce the release of version 2.0.9 of +Tomcat Native. The notable changes compared to 2.0.8 include: + + +Update the Windows build environment to use Visual Studio 2022. +The windows binaries in this release have been built with OpenSSL +3.5.0 and APR 1.7.6 + + +https://tomcat.apache.org/download-native.cgi";>Download | +Change log for 2.0.9 + 2025-05-13 Tomcat 11.0.7 Released The Apache Tomcat Project is proud to announce the release of version 11.0.7 @@ -155,22 +169,6 @@ This version fixes a number of bugs foun https://tomcat.apache.org/download-connectors.cgi";>Download | ChangeLog for 1.2.50 -2024-07-24 Tomcat Native 2.0.8 Released - -The Apache Tomcat Project is proud to announce the release of version 2.0.8 of -Tomcat Native. The notable changes compared to 2.0.7 include: - - -Fix a crash on Windows when SSLContext.setCACertificate() is invoked with a -null value for caCertificateFile and a non-null value for -caCertificatePath -The windows binaries in this release have been built with OpenSSL -3.0.14 - - -https://tomcat.apache.org/download-native.cgi";>Download | -Change log for 2.0.8 - 2024-07-24 Tomcat Native 1.3.1 Released The Apache Tomcat Project is proud to announce the release of version 1.3.1 of Modified: tomcat/site/trunk/docs/oldnews-2024.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/oldnews-2024.html?rev=1925950&r1=1925949&r2=1925950&view=diff == --- tomcat/site/trunk/docs/oldnews-2024.html (original) +++ tomcat/site/trunk/docs/oldnews-2024.html Thu May 29 17:41:02 2025 @@ -540,6 +540,22 @@ Full details of these changes, and all t https://tomcat.apache.org/download-11.cgi";>Download +2024-07-24 Tomcat Native 2.0.8 Released + +The Apache Tomcat Project is proud to announce the release of version 2.0.8 of +Tomcat Native. The notable changes compared to 2.0.7 include: + + +Fix a crash on Windows when SSLContext.setCACertificate() is invoked with a +null value for caCertificateFile and a non-null value for +caCertificatePath +The windows binaries in this release have been built with OpenSSL +3.0.14 + + +https://tomcat.apache.org/download-native.cgi";>Download | +Change log for 2.0.8 + 2024-07-12 Tomcat 10.1.26 Released The Apache Tomcat Project is proud to announce the release of version 10.1.26 Modified: tomcat/site/trunk/xdocs/download-native.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/download-native.xml?rev=1925950&r1=1925949&r2=1925950&view=diff == --- tomcat/site/trunk/xdocs/download-native.xml (original) +++ tomcat/site/trunk/xdocs/download-native.xml Thu May 29 17:41:02 2025 @@ -22,8 +22,8 @@ Define variables to hold the current version numbers. Documentation for ezt.py: https://code.google.com/p/ezt/wiki/Syntax --> -[define v]2.0.8[end] -[define vo]3.0.14[end] +[define v]2.0.9[end] +[define vo]3.5.0[end] [define w]1.3.1[end] [define wo]3.0.14[end] https://downloads.apache.org/tomcat/tomcat-connectors/KEYS";>KEYS | Modified: tomcat/site/trunk/xdocs/index.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs
(tomcat-native) branch main updated: Align Java build version with Tomcat 12.0.x
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 88bb6f8cc Align Java build version with Tomcat 12.0.x 88bb6f8cc is described below commit 88bb6f8cc1861ec846c0af84e6b0c298eb4c345d Author: Mark Thomas AuthorDate: Thu May 29 17:48:39 2025 +0100 Align Java build version with Tomcat 12.0.x --- build.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build.xml b/build.xml index ce1f16c48..3e7a247c0 100644 --- a/build.xml +++ b/build.xml @@ -61,8 +61,8 @@ - - + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat-native) branch main updated: Remove instructions for running tests that don't exist
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 17827f1e3 Remove instructions for running tests that don't exist 17827f1e3 is described below commit 17827f1e3b0ceee1be66b40a05ee7db15167e6b5 Author: Mark Thomas AuthorDate: Thu May 29 17:49:24 2025 +0100 Remove instructions for running tests that don't exist --- README.txt | 11 --- 1 file changed, 11 deletions(-) diff --git a/README.txt b/README.txt index 619c191a6..0564b5e03 100644 --- a/README.txt +++ b/README.txt @@ -39,17 +39,6 @@ To build the Java API. Note that Java 11 is required to build the Java API. To build the native part see native/BUILDING. -Running the tests -- - -First run "ant download" to retrieve junit. It will be placed -in the directory given by "base.path". The path can be changed -by adjusting "base.path" in the file build.properties.default -or overwrite it in a new file build.properties. - -Now run "ant test". - - Cryptographic Software Notice - - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat Native 2.0.9
The following votes were cast: Binding: +1: rjung, remm, markt Non-binding: Tested successfully on Windows: Federico Bustamante The vote therefore passes. Thanks to everyone who contributed to this release. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r77245 - /dev/tomcat/tomcat-connectors/native/2.0.9/ /release/tomcat/tomcat-11/v11.0.5/ /release/tomcat/tomcat-11/v11.0.6/ /release/tomcat/tomcat-connectors/native/2.0.9/ /release/tomcat/t
Author: markt Date: Thu May 29 16:56:56 2025 New Revision: 77245 Log: Release Tomcat Native 2.0.9 Added: release/tomcat/tomcat-connectors/native/2.0.9/ - copied from r77244, dev/tomcat/tomcat-connectors/native/2.0.9/ Removed: dev/tomcat/tomcat-connectors/native/2.0.9/ release/tomcat/tomcat-11/v11.0.5/ release/tomcat/tomcat-11/v11.0.6/ Modified: release/tomcat/tomcat-connectors/native/README.html Modified: release/tomcat/tomcat-connectors/native/README.html == --- release/tomcat/tomcat-connectors/native/README.html (original) +++ release/tomcat/tomcat-connectors/native/README.html Thu May 29 16:56:56 2025 @@ -2,5 +2,5 @@ The latest releases are: 1.3.1 -2.0.8 +2.0.9 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69700] New: Thread pool stops working when memory resources are exceed and new thread is needed
https://bz.apache.org/bugzilla/show_bug.cgi?id=69700 Bug ID: 69700 Summary: Thread pool stops working when memory resources are exceed and new thread is needed Product: Tomcat 10 Version: 10.1.40 Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: pavel.ja...@broadcom.com Target Milestone: -- Testing environment: - Spring Boot 3.4.5 - Embedded Tomcat 10.1.40 - OS: z/OS 3.1 This bug is related to a system with low resources (memory, see MEMLIMIT=100M), and could appear in any system. The problem is in ThreadPoolExecutor. The default configuration is to have a minimum of 20 threads and a maximum of 200. When a new thread is required, it is created on demand. When there is not enough available memory to create a new thread, the OutOfMemoryError error is thrown. The issue is that this error is not handled properly. The error is handled by org.apache.tomcat.util.ExceptionUtils#handleThrowable and always re-thrown as an implementation of VirtualMachineError. It leads to stopping the thread pool, and Tomcat itself stops accepting new requests. ``` Exception in thread "https-jsse-nio-0.0.0.0-10660-Poller" java.lang.OutOfMemoryError: Failed to create a thread: retVal -1073741830, errno 132 (0x84), errno2 0xc112001e .at java.base/java.lang.Thread.startImpl(Native Method) .at java.base/java.lang.Thread.start(Thread.java:1041) .at org.apache.tomcat.util.threads.ThreadPoolExecutor.addWorker(ThreadPoolExecutor.java:983) .at org.apache.tomcat.util.threads.ThreadPoolExecutor.executeInternal(ThreadPoolExecutor.java:1449) .at org.apache.tomcat.util.threads.ThreadPoolExecutor.execute(ThreadPoolExecutor.java:1376) .at org.apache.tomcat.util.net.AbstractEndpoint.processSocket(AbstractEndpoint.java:1264) .at org.apache.tomcat.util.net.NioEndpoint$Poller.processKey(NioEndpoint.java:82 .at org.apache.tomcat.util.net.NioEndpoint$Poller.run(NioEndpoint.java:793) .at java.base/java.lang.Thread.run(Thread.java:857) ``` The expected behaviour in this case is to reject (skip) the new request and wait till any thread in the pool is ready to process it. It should not stop the whole system. Probably a good approach could be once a new thread is not created, Tomcat starts blocking creating new till another is one is recycled (to avoid infinite loop, etc.) The known workarround is to set the initial number of threads to the maximum. In this case, all threads are created on the start-up, and no other thread is needed at runtime, ie.: ``` -Dserver.tomcat.threads.min-spare=200 -Dserver.tomcat.threads.max=200 ``` Test case: - Prerequisites: a system with limited memory, threads.minSpare < threads.max 1. Start the Tomcat 2. Prepare a big load in memory - For example, start downloading a huge file and stop receiving data on the client side 3. Once memory is exceeded (in our testing, buffer bytes are fulfilled the memory), make any request to Tomcat - Note: In case there are still available threads in the pool, it is necessary to make more requests than available threads (also possible to start opening requests till Tomcat fails) 4. Tomcat pool asks for a new worker (starting a new thread) 5. OS reject creating a new thread and JDK throws `java.lang.OutOfMemoryError` 6. Any other request is not accepted, even if all previous connections are closed If an attacker has access to a big resource that can exceed the memory on the system, there is a possibility of making a DOS. Just opening new requests is enough to stop the server. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
