Re: [VOTE] Release Apache Tomcat 9.0.107
Rémy, On 7/2/25 3:20 AM, Rémy Maucherat wrote: The proposed Apache Tomcat 9.0.107 release is now available for voting. The notable changes compared to 9.0.106 are: - Increase the default for maxPartCount from 10 to 50. Update the documentation to provide more details on the memory requirements to support multi-part uploads while avoiding a denial of service risk. - Various improvements to HTTP/2 - Fix JMX value for keepAliveCount on the endpoint. Also add the value of useVirtualThreads in JMX. For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.107/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1552 The tag is: https://github.com/apache/tomcat/tree/9.0.107 43d5ad023d2eee2ca162eded597a23afa0b92296 The proposed 9.0.107 release is: [ ] -1, Broken - do not release [ ] +1, Stable - go ahead and release as 9.0.107 +1 for stable release The release is 100% reproducible on MacOS aarch64 and all the unit tests pass. I do have a large number of "skipped" tests, which I'm curious about: [concat] Testsuites with skipped tests: [concat] TEST-org.apache.catalina.core.TestAprLifecycleListener.APR.txt [concat] TEST-org.apache.catalina.manager.TestManagerWebappSsl.APR.txt [concat] TEST-org.apache.catalina.valves.rewrite.TestResolverSSL.APR.txt [concat] TEST-org.apache.coyote.http2.TestLargeUpload.APR.txt [concat] TEST-org.apache.el.parser.TestAstIdentifier.APR.txt [concat] TEST-org.apache.el.parser.TestAstIdentifier.NIO.txt [concat] TEST-org.apache.el.parser.TestAstIdentifier.NIO2.txt [concat] TEST-org.apache.el.parser.TestELParserPerformance.APR.txt [concat] TEST-org.apache.el.parser.TestELParserPerformance.NIO.txt [concat] TEST-org.apache.el.parser.TestELParserPerformance.NIO2.txt [concat] TEST-org.apache.jasper.compiler.TestNonstandardTagPerformance.APR.txt [concat] TEST-org.apache.jasper.compiler.TestNonstandardTagPerformance.NIO.txt [concat] TEST-org.apache.jasper.compiler.TestNonstandardTagPerformance.NIO2.txt [concat] TEST-org.apache.tomcat.util.buf.TestMessageBytesPerformance.APR.txt [concat] TEST-org.apache.tomcat.util.buf.TestMessageBytesPerformance.NIO.txt [concat] TEST-org.apache.tomcat.util.buf.TestMessageBytesPerformance.NIO2.txt [concat] TEST-org.apache.tomcat.util.net.TestClientCert.APR.txt [concat] TEST-org.apache.tomcat.util.net.TestClientCertTls13.APR.txt [concat] TEST-org.apache.tomcat.util.net.TestSSLHostConfigCompat.APR.txt [concat] TEST-org.apache.tomcat.util.net.TestSSLHostConfigIntegration.APR.txt [concat] TEST-org.apache.tomcat.util.net.TestSsl.APR.txt [concat] TEST-org.apache.tomcat.util.net.openssl.TestOpenSSLConf.APR.txt [concat] TEST-org.apache.tomcat.util.scan.TestStandardJarScanner.APR.txt [concat] TEST-org.apache.tomcat.util.scan.TestStandardJarScanner.NIO.txt [concat] TEST-org.apache.tomcat.util.scan.TestStandardJarScanner.NIO2.txt [concat] TEST-org.apache.tomcat.websocket.TestWebSocketFrameClientSSL.APR.txt [concat] TEST-org.apache.tomcat.websocket.TestWsWebSocketContainerSSL.APR.txt * Environment * Java (build):openjdk version "24.0.1" 2025-04-15 OpenJDK Runtime Environment Temurin-24.0.1+9 (build 24.0.1+9) OpenJDK 64-Bit Server VM Temurin-24.0.1+9 (build 24.0.1+9, mixed mode, sharing) * Java (test): openjdk version "24.0.1" 2025-04-15 OpenJDK Runtime Environment Temurin-24.0.1+9 (build 24.0.1+9) OpenJDK 64-Bit Server VM Temurin-24.0.1+9 (build 24.0.1+9, mixed mode, sharing) * Ant: Apache Ant(TM) version 1.10.15 compiled on August 25 2024 * OS: Darwin 24.5.0 arm64 * cc: Apple clang version 17.0.0 (clang-1700.0.13.5) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.5.0 8 Apr 2025 (Library: OpenSSL 3.5.0 8 Apr 2025) * APR: 1.7.6 * * Valid SHA-512 signature for apache-tomcat-9.0.107.zip * Valid GPG signature for apache-tomcat-9.0.107.zip * Valid SHA-512 signature for apache-tomcat-9.0.107.tar.gz * Valid GPG signature for apache-tomcat-9.0.107.tar.gz * Valid SHA-512 signature for apache-tomcat-9.0.107.exe * Valid GPG signature for apache-tomcat-9.0.107.exe * Valid Windows Digital Signature for apache-tomcat-9.0.107.exe * Valid SHA512 signature for apache-tomcat-9.0.107-src.zip * Valid GPG signature for apache-tomcat-9.0.107-src.zip * Valid SHA512 signature for apache-tomcat-9.0.107-src.tar.gz * Valid GPG signature for apache-tomcat-9.0.107-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * Tomcat builds cleanly * tcnative builds cleanly * Junit Tests: PASSED - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@to
Re: [VOTE] Release Apache Tomcat 9.0.107
On Wed, Jul 2, 2025 at 10:31 AM Rémy Maucherat wrote: > The proposed Apache Tomcat 9.0.107 release is now available for voting. > > The notable changes compared to 9.0.106 are: > > - Increase the default for maxPartCount from 10 to 50. Update the >documentation to provide more details on the memory requirements >to support multi-part uploads while avoiding a denial of service >risk. > > - Various improvements to HTTP/2 > > - Fix JMX value for keepAliveCount on the endpoint. Also add the >value of useVirtualThreads in JMX. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.107/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1552 > > The tag is: > https://github.com/apache/tomcat/tree/9.0.107 > 43d5ad023d2eee2ca162eded597a23afa0b92296 > > The proposed 9.0.107 release is: > [ ] -1, Broken - do not release > [X] +1, Stable - go ahead and release as 9.0.107 > > Rémy > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > Build is reproducible and tests pass on Fedora 41 with Java 24, tcnative-1.3.0, apr-1.7.4, openssl-3.2.4.
Re: [VOTE] Release Apache Tomcat 10.1.43
All, On 7/1/25 5:45 PM, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.43 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.42 are: - Increase the default for maxPartCount from 10 to 50. Update the documentation to provide more details on the memory requirements to support multi-part uploads while avoiding a denial of service risk. - Improvements to http/2 support, including data-frame padding, request statistics, and suppression of warnings when client certificate verification has been configured in certain environments. - Fix a regression in the fix for CVE-2025-49125 that prevented access to PreResources and PostResources when mounted below the web application root with a path that was terminated with a file separator. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.43/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1551 The tag is: https://github.com/apache/tomcat/tree/10.1.43 https://github.com/apache/tomcat/commit/ e6c2a4b773a2bf03f94a31ed8fc30df1a735217e Please reply with a +1 for release or +0/-0/-1 with an explanation. +1 for stable release Unit tests all pass on MacOS aarch64. Details: * Environment * Java (build):openjdk version "24.0.1" 2025-04-15 OpenJDK Runtime Environment Temurin-24.0.1+9 (build 24.0.1+9) OpenJDK 64-Bit Server VM Temurin-24.0.1+9 (build 24.0.1+9, mixed mode, sharing) * Java (test): openjdk version "24.0.1" 2025-04-15 OpenJDK Runtime Environment Temurin-24.0.1+9 (build 24.0.1+9) OpenJDK 64-Bit Server VM Temurin-24.0.1+9 (build 24.0.1+9, mixed mode, sharing) * Ant: Apache Ant(TM) version 1.10.15 compiled on August 25 2024 * OS: Darwin 24.5.0 arm64 * cc: Apple clang version 17.0.0 (clang-1700.0.13.5) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.5.0 8 Apr 2025 (Library: OpenSSL 3.5.0 8 Apr 2025) * APR: 1.7.6 * * Valid SHA-512 signature for apache-tomcat-10.1.43.zip * Valid GPG signature for apache-tomcat-10.1.43.zip * Valid SHA-512 signature for apache-tomcat-10.1.43.tar.gz * Valid GPG signature for apache-tomcat-10.1.43.tar.gz * Valid SHA-512 signature for apache-tomcat-10.1.43.exe * Valid GPG signature for apache-tomcat-10.1.43.exe * Valid Windows Digital Signature for apache-tomcat-10.1.43.exe * Valid SHA512 signature for apache-tomcat-10.1.43-src.zip * Valid GPG signature for apache-tomcat-10.1.43-src.zip * Valid SHA512 signature for apache-tomcat-10.1.43-src.tar.gz * Valid GPG signature for apache-tomcat-10.1.43-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * Tomcat builds cleanly * tcnative builds cleanly * Junit Tests: PASSED - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 69710] FileCountLimitExceededException is thrown in version 11.0.8
https://bz.apache.org/bugzilla/show_bug.cgi?id=69710 --- Comment #34 from Chen Jp --- (In reply to Mark Thomas from comment #32) > Those changes would need to happen in Commons FileUpload. > > Changing the meaning of maxPartHeaderSize isn't an option as it would break > backwards compatibility but adding a new option to limit the total header > size is a possibility. Suggest introduce partHeaderTotalSizeMax and partHeaderTotalCoutMax, apply to all header information for all parts in a single upload file request. see commons-fileupload PR https://github.com/apache/commons-fileupload/pull/425 -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: Update base-line for 12.0.0-M1 to 11.0.9
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 53483f7d80 Update base-line for 12.0.0-M1 to 11.0.9 53483f7d80 is described below commit 53483f7d80bcae6697b4b12505ff3f200222d41a Author: Mark Thomas AuthorDate: Wed Jul 2 12:32:14 2025 +0100 Update base-line for 12.0.0-M1 to 11.0.9 --- webapps/docs/changelog.xml | 88 +- 1 file changed, 1 insertion(+), 87 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index e23bf7826e..c40b183d38 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -109,7 +109,7 @@ This release contains all of the changes up to and including those in -Apache Tomcat 11.0.8 plus the additional changes listed below. (markt) +Apache Tomcat 11.0.9 plus the additional changes listed below. (markt) The minimum Java version has been updated to Java 21. (markt) @@ -166,31 +166,6 @@ path. (markt) - -Ensure application configured welcome files override the defaults when -configuring an embedded web application programmatically. (markt) - - -Allow the default servlet to set the content length when the content -length is known, no content has been written and a Writer -is being used. (markt) - - -69717: Correct a regression in the fix for CVE-2025-49125 -that prevented access to PreResources and PostResources when mounted -below the web application root with a path that was terminated with a -file separator. (remm/markt) - - -69731: Fix an issue that meant that the value of -maxParameterCount applied was smaller than intended for -multipart uploads with non-file parts when the parts were processed -before query string parameters. (markt) - - -Align size tracking for multipart requests with FileUpload's use of -long. (schultz) - @@ -209,35 +184,6 @@ Remove NIO2 connector. (remm) - -69710: Increase the default for maxPartCount -from 10 to 50. Update the documentation to -provide more details on the memory requirements to support multi-part -uploads while avoiding a denial of service risk. (markt) - - -69713: Correctly handle an HTTP/2 data frame that includes -padding when the headers include a content-length. (remm/markt) - - -Correctly collect statistics for HTTP/2 requests and avoid counting one -request multiple times. Based on pull request 868 by -qingdaoheze. (markt) - - -Fix JMX value for keepAliveCount on the endpoint. Also add -the value of useVirtualThreads in JMX. (remm) - - -69728: Remove incorrect warning when HTTP/2 is used with -optional certificate verification and improve the warnings when a web -application tries to use CLIENT-CERT with either HTTP/2 or a JSSE -implementation of TLS 1.3. (markt) - - -When setting the initial HTTP/2 connection limit, apply those limits -earlier. (markt) - @@ -263,14 +209,6 @@ jakarta.el.ELResolver.StandaloneIdentifierMarker. (markt) - -Remove IMPL_OBJ_START from EL grammar for -IDENTIFIER. (markt) - - -Remove the INSTANCEOF and FUNCTIONSUFFIX -definitions from the EL grammar as both are unused. (markt) - @@ -306,15 +244,6 @@ - -Documentation. Provide more explicit guidance regarding the security -considerations for enabling write access to the web application via -WebDAV, HTTP PUT requests or similar. (markt) - - -Documentation. Add a section on reverse proxies to the security -considerations page. (markt) - @@ -323,21 +252,6 @@ Update Derby to 10.17.1.0. (markt) - -Update to the Eclipse JDT compiler 4.36. (markt) - - -Update UnboundID to 7.0.3. (markt) - - -Update Checkstyle to 10.25.1. (markt) - - -Improvements to French translations. (remm) - - -Improvements to Japanese translations provided by tak7iji. (markt) - - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 11.0.x updated: Increment version for next development cycle
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 11.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/11.0.x by this push: new 0ab43b937f Increment version for next development cycle 0ab43b937f is described below commit 0ab43b937ffb6adc5eba2ee4647ab852c1444e82 Author: Mark Thomas AuthorDate: Wed Jul 2 12:34:19 2025 +0100 Increment version for next development cycle --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index 217a0080a1..5abc1944d5 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=11 version.minor=0 -version.build=9 +version.build=10 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index 877197fbd7..8267c6e9b2 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=11.0.9 +maven.asf.release.deploy.version=11.0.10 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 3402a7c235..1a4bcfa5f4 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.9
On 01/07/2025 22:42, Mark Thomas wrote: The proposed 11.0.9 release is: [ ] -1 Broken - do not release [X] +1 Stable - go ahead and release as 11.0.9 Test pass on Windows (Tomcat Native 2.0.9), Linux (Tomcat Native built with OpenSSL 3.0.13) and MacOS (Tomcat Native built with OpenSSL 3.5.0) Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.9
On Tue, Jul 1, 2025 at 11:43 PM Mark Thomas wrote: > > The proposed Apache Tomcat 11.0.9 release is now available for voting. > > The notable changes compared to 11.0.8 include: > > - Increase the default for maxPartCount from 10 to 50. Update the >documentation to provide more details on the memory requirements >to support multi-part uploads while avoiding a denial of service >risk. > > - Various improvements to HTTP/2 > > - Fix JMX value for keepAliveCount on the endpoint. Also add the >value of useVirtualThreads in JMX. > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. Applications using deprecated APIs may require > further changes. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.9/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1550 > > The tag is: > https://github.com/apache/tomcat/tree/11.0.9 > 2640cdf945fd8b715cec93e6c7840970a13634a0 > > The proposed 11.0.9 release is: > [ ] -1 Broken - do not release > [X] +1 Stable - go ahead and release as 11.0.9 Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.43
On Tue, Jul 1, 2025 at 11:46 PM Christopher Schultz wrote: > > The proposed Apache Tomcat 10.1.43 release is now available for > voting. > > All committers and PMC members are kindly requested to provide a vote if > possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are > binding. We welcome non-committer votes or comments on release builds. > > The notable changes compared to 10.1.42 are: > > - Increase the default for maxPartCount from 10 to 50. Update the >documentation to provide more details on the memory requirements >to support multi-part uploads while avoiding a denial of service risk. > > - Improvements to http/2 support, including data-frame padding, >request statistics, and suppression of warnings when client >certificate verification has been configured in certain environments. > > - Fix a regression in the fix for CVE-2025-49125 that prevented access >to PreResources and PostResources when mounted below the web >application root with a path that was terminated with a file >separator. > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.43/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1551 > > The tag is: > https://github.com/apache/tomcat/tree/10.1.43 > https://github.com/apache/tomcat/commit/e6c2a4b773a2bf03f94a31ed8fc30df1a735217e > > Please reply with a +1 for release or +0/-0/-1 with an explanation. +1, I could reproduce the build and I haven't found any issue. Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Next is 9.0.108
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 530fbddea7 Next is 9.0.108 530fbddea7 is described below commit 530fbddea7ff0e448f63360657b02caf899ecc86 Author: remm AuthorDate: Wed Jul 2 11:21:57 2025 +0200 Next is 9.0.108 --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index 99bf84880c..b8b37807a6 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=9 version.minor=0 -version.build=107 +version.build=108 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index 6b5a5e73ab..993760302c 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=9.0.107 +maven.asf.release.deploy.version=9.0.108 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 1dd6fe8d5a..9dd9aa269c 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.107
On 02/07/2025 08:20, Rémy Maucherat wrote: The proposed 9.0.107 release is: [ ] -1, Broken - do not release [X] +1, Stable - go ahead and release as 9.0.107 Test pass on Windows (Tomcat Native 2.0.9), Linux (Tomcat Native built with OpenSSL 3.0.13) and MacOS (Tomcat Native built with OpenSSL 3.5.0) Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.43
On 01/07/2025 22:45, Christopher Schultz wrote: Please reply with a +1 for release or +0/-0/-1 with an explanation. +1 Test pass on Windows (Tomcat Native 2.0.9), Linux (Tomcat Native built with OpenSSL 3.0.13) and MacOS (Tomcat Native built with OpenSSL 3.5.0) Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.107
On Wed, Jul 2, 2025 at 3:22 AM Rémy Maucherat wrote: > The proposed Apache Tomcat 9.0.107 release is now available for voting. > > The notable changes compared to 9.0.106 are: > > - Increase the default for maxPartCount from 10 to 50. Update the >documentation to provide more details on the memory requirements >to support multi-part uploads while avoiding a denial of service >risk. > > - Various improvements to HTTP/2 > > - Fix JMX value for keepAliveCount on the endpoint. Also add the >value of useVirtualThreads in JMX. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.107/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1552 > > The tag is: > https://github.com/apache/tomcat/tree/9.0.107 > 43d5ad023d2eee2ca162eded597a23afa0b92296 > > The proposed 9.0.107 release is: > [ ] -1, Broken - do not release > [x] +1, Stable - go ahead and release as 9.0.107 > LGTM > > Rémy > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: [VOTE] Release Apache Tomcat 11.0.9
On Wed, Jul 2, 2025 at 12:50 AM Mark Thomas wrote: > The proposed Apache Tomcat 11.0.9 release is now available for voting. > > The notable changes compared to 11.0.8 include: > > - Increase the default for maxPartCount from 10 to 50. Update the >documentation to provide more details on the memory requirements >to support multi-part uploads while avoiding a denial of service >risk. > > - Various improvements to HTTP/2 > > - Fix JMX value for keepAliveCount on the endpoint. Also add the >value of useVirtualThreads in JMX. > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. Applications using deprecated APIs may require > further changes. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.9/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1550 > > The tag is: > https://github.com/apache/tomcat/tree/11.0.9 > 2640cdf945fd8b715cec93e6c7840970a13634a0 > > The proposed 11.0.9 release is: > [ ] -1 Broken - do not release > [X] +1 Stable - go ahead and release as 11.0.9 > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > Build is reproducible and tests pass on Fedora 41 with Java 24, tcnative-2.0.8, apr-1.7.4, openssl-3.2.4.
svn commit: r77898 - in /dev/tomcat/tomcat-9/v9.0.107: ./ bin/ bin/embed/ src/
Author: remm Date: Wed Jul 2 07:17:02 2025 New Revision: 77898 Log: Upload 9.0.107 for voting Added: dev/tomcat/tomcat-9/v9.0.107/ dev/tomcat/tomcat-9/v9.0.107/KEYS dev/tomcat/tomcat-9/v9.0.107/README.html dev/tomcat/tomcat-9/v9.0.107/RELEASE-NOTES dev/tomcat/tomcat-9/v9.0.107/bin/ dev/tomcat/tomcat-9/v9.0.107/bin/README.html dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-deployer.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-deployer.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-deployer.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-deployer.zip (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-deployer.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-deployer.zip.sha512 dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-fulldocs.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-fulldocs.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-fulldocs.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-windows-x64.zip (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-windows-x64.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-windows-x64.zip.sha512 dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-windows-x86.zip (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-windows-x86.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107-windows-x86.zip.sha512 dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107.exe (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107.exe.asc (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107.exe.sha512 dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107.zip (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.107/bin/apache-tomcat-9.0.107.zip.sha512 dev/tomcat/tomcat-9/v9.0.107/bin/embed/ dev/tomcat/tomcat-9/v9.0.107/bin/embed/apache-tomcat-9.0.107-embed.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.107/bin/embed/apache-tomcat-9.0.107-embed.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.107/bin/embed/apache-tomcat-9.0.107-embed.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.107/bin/embed/apache-tomcat-9.0.107-embed.zip (with props) dev/tomcat/tomcat-9/v9.0.107/bin/embed/apache-tomcat-9.0.107-embed.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.107/bin/embed/apache-tomcat-9.0.107-embed.zip.sha512 dev/tomcat/tomcat-9/v9.0.107/src/ dev/tomcat/tomcat-9/v9.0.107/src/apache-tomcat-9.0.107-src.tar.gz (with props) dev/tomcat/tomcat-9/v9.0.107/src/apache-tomcat-9.0.107-src.tar.gz.asc (with props) dev/tomcat/tomcat-9/v9.0.107/src/apache-tomcat-9.0.107-src.tar.gz.sha512 dev/tomcat/tomcat-9/v9.0.107/src/apache-tomcat-9.0.107-src.zip (with props) dev/tomcat/tomcat-9/v9.0.107/src/apache-tomcat-9.0.107-src.zip.asc (with props) dev/tomcat/tomcat-9/v9.0.107/src/apache-tomcat-9.0.107-src.zip.sha512 Added: dev/tomcat/tomcat-9/v9.0.107/KEYS == --- dev/tomcat/tomcat-9/v9.0.107/KEYS (added) +++ dev/tomcat/tomcat-9/v9.0.107/KEYS Wed Jul 2 07:17:02 2025 @@ -0,0 +1,237 @@ +This file contains the PGP&GPG keys of various Apache developers. +Please don't use them for email unless you have to. Their main +purpose is code signing. + +Apache users: pgp < KEYS +Apache developers: +(pgpk -ll && pgpk -xa ) >> this file. + or +(gpg --fingerprint --list-sigs + && gpg --armor --export ) >> this file. + +Apache developers: please ensure that your key is also available via the +PGP keyservers (such as pgpkeys.mit.edu). + + +pub 1024D/33C60243 2004-09-12 + Key fingerprint = DCFD 35E0 BF8C A734 4752 DE8B 6FB2 1E89 33C6 0243 +uid Mark E D Thomas +uid Mark E D Thomas +uid Mark E D Thomas +sub 2048g/0BECE548 2004-09-12 + +pub 4096R/2F6059E7 2009-09-18 + Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 +uid Mark E D Thomas +sub 4096R/5E763BEC 2009-09-18 + +-BEGIN PGP PUBLIC KEY BLOCK- +Version: GnuPG v1.4.9 (MingW32) + +mQGiBEFEjegRBADocGttfROvtLGrTOW3xRqZHmFWybmEaI6jmnRdN/1gGXmb3wQL +rHsS3fLFIIOYLPph0Kov9q4qNq36LekShIvjMBDFoj2/wRxaUtFq81asaRZg8Mcw +4kVeIoe8OIOuWmvYhU8SH2jJNUnVVrpTPAa6QWquTmseNi6UJMjLxuL7DwCg//9u +k2yj0vk6e4WSO6Fe5+EkQDED/AjQsy0kj9T
(tomcat) 01/01: Tag 9.0.107
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to tag 9.0.107 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 43d5ad023d2eee2ca162eded597a23afa0b92296 Author: remm AuthorDate: Wed Jul 2 09:12:09 2025 +0200 Tag 9.0.107 --- build.properties.release | 54 +++ res/install-win/Uninstall.exe.sig| Bin 0 -> 8274 bytes res/install-win/tomcat-installer.exe.sig | Bin 0 -> 8275 bytes res/maven/mvn.properties.release | 27 webapps/docs/changelog.xml | 2 +- 5 files changed, 82 insertions(+), 1 deletion(-) diff --git a/build.properties.release b/build.properties.release new file mode 100644 index 00..c9fbdb67b9 --- /dev/null +++ b/build.properties.release @@ -0,0 +1,54 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Any unwanted settings may be over-ridden in a build.properties file located +# in the same directory as this file. + +# Set the version-dev to "" (empty string) as this is not a development release. +version.dev= + +# Ensure consistent timestamps for reproducible builds. +ant.tstamp.now.iso=2025-07-02T07:01:03Z + +# Enable insertion of detached signatures into the Windows installer. +do.codesigning=true + +# Re-use the same GPG executable. +gpg.exec=/usr/bin/gpg + +# Reproducible builds require the use of the build tools defined below. The +# vendors (where appropriate) and versions must match exactly for a reproducible +# build since this data is embedded in various files, particularly JAR file +# manifests, as part of the build process. +# +# Apache Ant: Apache Ant(TM) version 1.10.15 compiled on August 25 2024 +# +# Java Name: OpenJDK 64-Bit Server VM +# Java Vendor: Eclipse Adoptium +# Java Version:24.0.1+9 + +# The following is provided for information only. Builds will be repeatable +# whether or not the build environment is consistent with this information. +# +# OS: amd64 Linux 6.15.4-200.fc42.x86_64 +# File encoding: UTF-8 +# +# Release Manager: remm +release-java-version=24.0.1+9 +release-ant-version=1.10.15 diff --git a/res/install-win/Uninstall.exe.sig b/res/install-win/Uninstall.exe.sig new file mode 100644 index 00..9d985b9921 Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ diff --git a/res/install-win/tomcat-installer.exe.sig b/res/install-win/tomcat-installer.exe.sig new file mode 100644 index 00..c7dc4ee748 Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release new file mode 100644 index 00..84d6cb15f0 --- /dev/null +++ b/res/maven/mvn.properties.release @@ -0,0 +1,27 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Remove "-dev" from the version since this is not a development release. +maven.asf.release.deploy.version=9.0.107 + +# Re-use the same GPG executable. +gpg.exec=/usr/bin/gpg + +# Set the user name
(tomcat) tag 9.0.107 created (now 43d5ad023d)
This is an automated email from the ASF dual-hosted git repository. remm pushed a change to tag 9.0.107 in repository https://gitbox.apache.org/repos/asf/tomcat.git at 43d5ad023d (commit) This tag includes the following new commits: new 43d5ad023d Tag 9.0.107 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat 9.0.107
The proposed Apache Tomcat 9.0.107 release is now available for voting. The notable changes compared to 9.0.106 are: - Increase the default for maxPartCount from 10 to 50. Update the documentation to provide more details on the memory requirements to support multi-part uploads while avoiding a denial of service risk. - Various improvements to HTTP/2 - Fix JMX value for keepAliveCount on the endpoint. Also add the value of useVirtualThreads in JMX. For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.107/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1552 The tag is: https://github.com/apache/tomcat/tree/9.0.107 43d5ad023d2eee2ca162eded597a23afa0b92296 The proposed 9.0.107 release is: [ ] -1, Broken - do not release [ ] +1, Stable - go ahead and release as 9.0.107 Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-9.0.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/37/builds/1446 Blamelist: Mark Thomas , remm Build Text: build successful Status Detected: restored build Build Source Stamp: [branch 9.0.x] 530fbddea7ff0e448f63360657b02caf899ecc86 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 shell_6: 0 compile: 1 shell_7: 0 shell_8: 0 shell_9: 0 shell_10: 0 Rsync docs to nightlies.apache.org: 0 shell_11: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_12: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.43
On Wed, Jul 2, 2025 at 12:55 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > The proposed Apache Tomcat 10.1.43 release is now available for > voting. > > All committers and PMC members are kindly requested to provide a vote if > possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are > binding. We welcome non-committer votes or comments on release builds. > > The notable changes compared to 10.1.42 are: > > - Increase the default for maxPartCount from 10 to 50. Update the >documentation to provide more details on the memory requirements >to support multi-part uploads while avoiding a denial of service risk. > > - Improvements to http/2 support, including data-frame padding, >request statistics, and suppression of warnings when client >certificate verification has been configured in certain environments. > > - Fix a regression in the fix for CVE-2025-49125 that prevented access >to PreResources and PostResources when mounted below the web >application root with a path that was terminated with a file >separator. > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.43/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1551 > > The tag is: > https://github.com/apache/tomcat/tree/10.1.43 > > https://github.com/apache/tomcat/commit/e6c2a4b773a2bf03f94a31ed8fc30df1a735217e > > Please reply with a +1 for release or +0/-0/-1 with an explanation. > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > +1 Build is reproducible and tests pass on Fedora 41 with Java 24, tcnative-2.0.8, apr-1.7.4, openssl-3.2.4.
