> On Mar 31, 2022, at 12:13 PM, Christopher Schultz
> wrote:
>
> Mark,
>
> On 3/29/22 19:40, Mark Thomas wrote:
>> I worry that putting much more than a simple link on the which version page
>> could cause confusion. Something like:
>> "For users wanting a Java EE / Jakarta EE container that s
On Thu, Mar 31, 2022 at 11:14 PM Christopher Schultz
wrote:
>
> Mark,
>
> Thanks for RMing. I hope I didn't break your 8.5.78 git tag. I was 2.5
> hours later than you, and didn't realize you had already rolled the release.
It looks fine: https://github.com/apache/tomcat/tree/8.5.78
Rémy
> Mark
Mark,
Thanks for RMing. I hope I didn't break your 8.5.78 git tag. I was 2.5
hours later than you, and didn't realize you had already rolled the release.
Mark, there are two signature files missing from the release artifacts,
detailed below. Can you check on those?
On 3/31/22 12:54, Mark Th
чт, 31 мар. 2022 г. в 19:50, :
>
> Author: markt
> Date: Thu Mar 31 16:50:19 2022
> New Revision: 53489
>
> Log:
> Upload 8.5.78 for voting
>
> Added:
> dev/tomcat/tomcat-8/v8.5.78/
> dev/tomcat/tomcat-8/v8.5.78/KEYS
> dev/tomcat/tomcat-8/v8.5.78/README.html
> dev/tomcat/tomcat-8/v8
Am 31.03.22 um 18:54 schrieb Mark Thomas:
The proposed Apache Tomcat 8.5.78 release is now available for voting.
The notable changes compared to 8.5.77 are:
- Update the packaged version of the Tomcat Native Library to 1.2.32 to
pick up Windows binaries built with OpenSSL 1.1.1n.
- Improve
Mark,
On 3/29/22 19:40, Mark Thomas wrote:
I worry that putting much more than a simple link on the which version
page could cause confusion. Something like:
"For users wanting a Java EE / Jakarta EE container that supports
additional specifications like XXX see Apache TomEE."
+1
My prefer
On Thu, Mar 31, 2022 at 10:56 AM Rémy Maucherat wrote:
>
> The proposed 9.0.62 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.62 (stable)
>
>
On Thu, Mar 31, 2022 at 9:55 AM Mark Thomas wrote:
> The proposed Apache Tomcat 8.5.78 release is now available for voting.
>
> The notable changes compared to 8.5.77 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
> pick up Windows binaries built with OpenSSL
On Thu, Mar 31, 2022 at 7:56 AM Rémy Maucherat wrote:
> The proposed Apache Tomcat 9.0.62 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
>pick up Windows binaries built with OpenS
Am 31.03.22 um 17:20 schrieb Mark Thomas:
The proposed Apache Tomcat 10.0.20 release is now available for
voting.
Apache Tomcat 10.0.x implements Jakarta EE 9 and, as such, the primary
package for all the specification APIs has changed from javax.* to
jakarta.*
Applications that run on Tomca
On Thu, Mar 31, 2022 at 10:57 AM Rémy Maucherat wrote:
> The proposed Apache Tomcat 9.0.62 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
>pick up Windows binaries built with Open
On Thu, Mar 31, 2022 at 6:55 PM Mark Thomas wrote:
>
> The proposed Apache Tomcat 8.5.78 release is now available for voting.
>
> The notable changes compared to 8.5.77 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
> pick up Windows binaries built with OpenSS
> [X] Stable - go ahead and release as 8.5.78 (stable)
On Thu, Mar 31, 2022 at 12:56 PM Mark Thomas wrote:
> On 31/03/2022 17:54, Mark Thomas wrote:
>
> > The proposed 8.5.78 release is:
> > [ ] Broken - do not release
> > [X] Stable - go ahead and release as 8.5.78 (stable)
>
> Tests pass with
On 31/03/2022 17:54, Mark Thomas wrote:
The proposed 8.5.78 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 8.5.78 (stable)
Tests pass with Linux, Windows and MacOS
Mark
-
To unsubscribe, e-mail:
The proposed Apache Tomcat 8.5.78 release is now available for voting.
The notable changes compared to 8.5.77 are:
- Update the packaged version of the Tomcat Native Library to 1.2.32 to
pick up Windows binaries built with OpenSSL 1.1.1n.
- Improve logging of unknown HTTP/2 settings frames.
Author: markt
Date: Thu Mar 31 16:50:19 2022
New Revision: 53489
Log:
Upload 8.5.78 for voting
Added:
dev/tomcat/tomcat-8/v8.5.78/
dev/tomcat/tomcat-8/v8.5.78/KEYS
dev/tomcat/tomcat-8/v8.5.78/README.html
dev/tomcat/tomcat-8/v8.5.78/RELEASE-NOTES
dev/tomcat/tomcat-8/v8.5.78/bin
Added: dev/tomcat/tomcat-8/v8.5.78/src/apache-tomcat-8.5.78-src.tar.gz.asc
==
--- dev/tomcat/tomcat-8/v8.5.78/src/apache-tomcat-8.5.78-src.tar.gz.asc (added)
+++ dev/tomcat/tomcat-8/v8.5.78/src/apache-tomcat-8.5.78-src.tar.
On 31/03/2022 15:56, Rémy Maucherat wrote:
The proposed 9.0.62 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 9.0.62 (stable)
Unit tests pass on Linux, Windows and MacOS
Mark
-
To unsubscribe, e
Am 31.03.22 um 16:56 schrieb Rémy Maucherat:
The proposed Apache Tomcat 9.0.62 release is now available for voting.
The notable changes compared to 9.0.60 are:
- Update the packaged version of the Tomcat Native Library to 1.2.32 to
pick up Windows binaries built with OpenSSL 1.1.1n.
- Imp
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to tag 8.5.78
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit f732d3aa5ca55eb07cb73d9ec2b585330f80f00b
Author: Mark Thomas
AuthorDate: Thu Mar 31 17:03:51 2022 +0100
Tag 8.5.78
---
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to tag 8.5.78
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
at f732d3a (commit)
This tag includes the following new commits:
new f732d3a Tag 8.5.78
The 1 revisions listed abov
> [X] Stable - go ahead and release as 9.0.62 (stable)
Ray
On Thu, Mar 31, 2022 at 11:23 AM Rémy Maucherat wrote:
> On Thu, Mar 31, 2022 at 4:56 PM Rémy Maucherat wrote:
> >
> > The proposed Apache Tomcat 9.0.62 release is now available for voting.
> >
> > The notable changes compared to 9.0.6
> [X] Alpha - go ahead and release as 10.1.0-M14 (alpha)
Ray
On Thu, Mar 31, 2022 at 11:13 AM
wrote:
> Thank you Mark. I know it's not a Tomcat vulnerability, but if the
> Hardening mitigates the other, then that had me wondering was all.
>
> Thanks for the position clarification.
>
> Dream * E
> [X] Stable - go ahead and release as 10.0.20 (stable)
Ray
On Thu, Mar 31, 2022 at 11:23 AM Rémy Maucherat wrote:
> On Thu, Mar 31, 2022 at 5:20 PM Mark Thomas wrote:
> >
> > The proposed Apache Tomcat 10.0.20 release is now available for
> > voting.
> >
> > Apache Tomcat 10.0.x implements Ja
On Thu, Mar 31, 2022 at 4:56 PM Rémy Maucherat wrote:
>
> The proposed Apache Tomcat 9.0.62 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
>pick up Windows binaries built with Open
On Thu, Mar 31, 2022 at 5:20 PM Mark Thomas wrote:
>
> The proposed Apache Tomcat 10.0.20 release is now available for
> voting.
>
> Apache Tomcat 10.0.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to jakarta.*
>
> Application
On 31/03/2022 16:20, Mark Thomas wrote:
The proposed 10.0.20 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 10.0.20 (stable)
Unit tests pass on Linux, Windows and MacOS
-
To unsubscribe, e-mail:
The proposed Apache Tomcat 10.0.20 release is now available for
voting.
Apache Tomcat 10.0.x implements Jakarta EE 9 and, as such, the primary
package for all the specification APIs has changed from javax.* to jakarta.*
Applications that run on Tomcat 9 will not run on Tomcat 10 without
changes
On Thu, Mar 31, 2022 at 4:58 PM wrote:
>
> Rémy,
>
> Will the Spring Framework Zero Day result in moving to release 9.0.62,
> surpassing 9.0.61 currently in vote?
Same as for 10.1, the most likely is that the 9.0.61 is cancelled.
Rémy
> Thanks,
>
> Dream * Excel * Explore * Inspire
> Jon McAle
Thank you Mark. I know it's not a Tomcat vulnerability, but if the Hardening
mitigates the other, then that had me wondering was all.
Thanks for the position clarification.
Dream * Excel * Explore * Inspire
Jon McAlexander
Infrastructure Engineer
Asst Vice President
He/His
Middleware Product En
On 31/03/2022 16:05, jonmcalexan...@wellsfargo.com.INVALID wrote:
Sorry, just read the thread in tomcat.developers. I don't know about doing in
parallel. IT may be best to just supersede to 10.0.20 and 9.0.62 instead of
rolling .19 and .61. Less confusion.
No problem. I think there is general
On 31/03/2022 15:56, jonmcalexan...@wellsfargo.com.INVALID wrote:
Noting the Hardening of the class loader, is this going to require this to be a
security release of the newest Tomcat releases (forthcoming), or will they
still just be standard releases?
That change does not address a security
Sorry, just read the thread in tomcat.developers. I don't know about doing in
parallel. IT may be best to just supersede to 10.0.20 and 9.0.62 instead of
rolling .19 and .61. Less confusion.
Dream * Excel * Explore * Inspire
Jon McAlexander
Infrastructure Engineer
Asst Vice President
He/His
Mid
Rémy,
Will the Spring Framework Zero Day result in moving to release 9.0.62,
surpassing 9.0.61 currently in vote?
Thanks,
Dream * Excel * Explore * Inspire
Jon McAlexander
Infrastructure Engineer
Asst Vice President
He/His
Middleware Product Engineering
Enterprise CIO | EAS | Middleware | Infr
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new 63f0daa Increment version for next development c
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new d711718 Increment version for next development cycle
Noting the Hardening of the class loader, is this going to require this to be a
security release of the newest Tomcat releases (forthcoming), or will they
still just be standard releases?
Thanks,
Dream * Excel * Explore * Inspire
Jon McAlexander
Infrastructure Engineer
Asst Vice President
He/Hi
The proposed Apache Tomcat 9.0.62 release is now available for voting.
The notable changes compared to 9.0.60 are:
- Update the packaged version of the Tomcat Native Library to 1.2.32 to
pick up Windows binaries built with OpenSSL 1.1.1n.
- Improve logging of unknown HTTP/2 settings frames. P
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new ea56344 Update repeatable build timestamp (current
Author: markt
Date: Thu Mar 31 14:50:17 2022
New Revision: 53484
Log:
Upload 10.0.20 for voting
Added:
dev/tomcat/tomcat-10/v10.0.20/
dev/tomcat/tomcat-10/v10.0.20/KEYS
dev/tomcat/tomcat-10/v10.0.20/README.html
dev/tomcat/tomcat-10/v10.0.20/RELEASE-NOTES
dev/tomcat/tomcat-10/v
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 4683c7e Next is 9.0.63
4683c7e is described below
Author: remm
Date: Thu Mar 31 14:40:53 2022
New Revision: 53483
Log:
Upload 9.0.62 for voting
Added:
dev/tomcat/tomcat-9/v9.0.62/
dev/tomcat/tomcat-9/v9.0.62/KEYS
dev/tomcat/tomcat-9/v9.0.62/README.html
dev/tomcat/tomcat-9/v9.0.62/RELEASE-NOTES
dev/tomcat/tomcat-9/v9.0.62/bin/
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to tag 9.0.62
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 85113741042dcce9e9792bdbc3d498172bc31291
Author: remm
AuthorDate: Thu Mar 31 16:32:15 2022 +0200
Tag 9.0.62
---
build.p
This is an automated email from the ASF dual-hosted git repository.
remm pushed a change to tag 9.0.62
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
at 8511374 (commit)
This tag includes the following new commits:
new 8511374 Tag 9.0.62
The 1 revisions listed above
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to tag 10.0.20
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 2a46c651529a9d237b4d6beb1ef846922d949342
Author: Mark Thomas
AuthorDate: Thu Mar 31 15:21:35 2022 +0100
Tag 10.0.20
--
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to tag 10.0.20
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
at 2a46c65 (commit)
This tag includes the following new commits:
new 2a46c65 Tag 10.0.20
The 1 revisions listed ab
чт, 31 мар. 2022 г. в 16:38, :
>
> This is an automated email from the ASF dual-hosted git repository.
>
> remm pushed a commit to branch 9.0.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
>
> The following commit(s) were added to refs/heads/9.0.x by this push:
> new ccbd0f
On Thu, Mar 31, 2022 at 3:58 PM Mark Thomas wrote:
>
> The proposed Apache Tomcat 10.1.0-M14 release is now available for
> voting.
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed
чт, 31 мар. 2022 г. в 16:56, :
>
> Author: markt
> Date: Thu Mar 31 13:56:26 2022
> New Revision: 53481
>
> Log:
> Upload 10.1.0-M14 for voting
>
> Added:
> dev/tomcat/tomcat-10/v10.1.0-M14/
> dev/tomcat/tomcat-10/v10.1.0-M14/KEYS
> dev/tomcat/tomcat-10/v10.1.0-M14/README.html
> dev
On 31/03/2022 14:57, Mark Thomas wrote:
The proposed 10.1.0-M14 release is:
[ ] Broken - do not release
[X] Alpha - go ahead and release as 10.1.0-M14 (alpha)
Tests pass on Linux, Windows and MacOS
Mark
-
To unsubscribe, e-m
The proposed Apache Tomcat 10.1.0-M14 release is now available for
voting.
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
wil
Author: markt
Date: Thu Mar 31 13:56:26 2022
New Revision: 53481
Log:
Upload 10.1.0-M14 for voting
Added:
dev/tomcat/tomcat-10/v10.1.0-M14/
dev/tomcat/tomcat-10/v10.1.0-M14/KEYS
dev/tomcat/tomcat-10/v10.1.0-M14/README.html
dev/tomcat/tomcat-10/v10.1.0-M14/RELEASE-NOTES
dev/tom
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new ccbd0fd Update repeatable build timestamp (currentl
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.0.x by this push:
new a7a040e Update repeatable build timestamp (curre
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to tag 10.1.0-M14
in repository https://gitbox.apache.org/repos/asf/tomcat.git.
at 02e84c8 (commit)
This tag includes the following new commits:
new 02e84c8 Tag 10.1.0-M14
The 1 revisions lis
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to tag 10.1.0-M14
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 02e84c839def0228475fad85d0b19abc2f70b03f
Author: Mark Thomas
AuthorDate: Thu Mar 31 14:24:11 2022 +0100
Tag 10.1.0-
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new a29499c Update repeatable build timestamp (currently
Ping.
On the topic of hardening, how far back do we want to do with this?
Mark
On 30/03/2022 12:41, bugzi...@apache.org wrote:
https://bz.apache.org/bugzilla/show_bug.cgi?id=65736
--- Comment #11 from Mark Thomas ---
I've implemented this alternative approach for 10.1.x. It isn't as generic
On 31/03/2022 12:25, Rémy Maucherat wrote:
On Thu, Mar 31, 2022 at 1:16 PM Mark Thomas wrote:
On 31/03/2022 11:48, Rémy Maucherat wrote:
On Thu, Mar 31, 2022 at 11:52 AM Mark Thomas wrote:
Hi all,
My recent hardening fix to the class loader [1] provides mitigation for
a current Spring
On 31/03/2022 12:33, Konstantin Kolinko wrote:
чт, 31 мар. 2022 г. в 12:52, Mark Thomas :
Hi all,
My recent hardening fix to the class loader [1] provides mitigation for
a current Spring vulnerability [2].
While this is a Spring vulnerability, it may be the case for some users
that updating T
On Wed, Mar 30, 2022 at 4:22 AM Rémy Maucherat wrote:
> The proposed Apache Tomcat 9.0.61 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Fix a potential thread-safety issue that could cause HTTP/1.1 request
>processing to pause, and potentially time
чт, 31 мар. 2022 г. в 12:52, Mark Thomas :
>
> Hi all,
>
> My recent hardening fix to the class loader [1] provides mitigation for
> a current Spring vulnerability [2].
>
> While this is a Spring vulnerability, it may be the case for some users
> that updating Tomcat is an easier mitigation path th
On Thu, Mar 31, 2022 at 1:16 PM Mark Thomas wrote:
>
> On 31/03/2022 11:48, Rémy Maucherat wrote:
> > On Thu, Mar 31, 2022 at 11:52 AM Mark Thomas wrote:
> >>
> >> Hi all,
> >>
> >> My recent hardening fix to the class loader [1] provides mitigation for
> >> a current Spring vulnerability [2].
>
On 31/03/2022 11:48, Rémy Maucherat wrote:
On Thu, Mar 31, 2022 at 11:52 AM Mark Thomas wrote:
Hi all,
My recent hardening fix to the class loader [1] provides mitigation for
a current Spring vulnerability [2].
While this is a Spring vulnerability, it may be the case for some users
that upda
On Thu, Mar 31, 2022 at 11:52 AM Mark Thomas wrote:
>
> Hi all,
>
> My recent hardening fix to the class loader [1] provides mitigation for
> a current Spring vulnerability [2].
>
> While this is a Spring vulnerability, it may be the case for some users
> that updating Tomcat is an easier mitigati
On 30/03/2022 09:21, Rémy Maucherat wrote:
The proposed 9.0.61 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 9.0.61 (stable)
tests pass on Linux, Windows and MacOS.
Mark
-
To unsubscribe, e-mai
Hi all,
My recent hardening fix to the class loader [1] provides mitigation for
a current Spring vulnerability [2].
While this is a Spring vulnerability, it may be the case for some users
that updating Tomcat is an easier mitigation path that updating Spring.
What are the community thoughts
On 30/03/2022 00:49, Mark Thomas wrote:
The proposed 10.0.19 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 10.0.19 (stable)
Unit tests pass on Linux, Windows and MacOS.
Mark
-
To unsubscribe, e
On 30/03/2022 00:06, Mark Thomas wrote:
The proposed 10.1.0-M13 release is:
[ ] Broken - do not release
[X] Alpha - go ahead and release as 10.1.0-M13 (alpha)
Unit tests pass on Linux, Windows and MacOS.
Mark
-
To unsubscrib
On Wed, Mar 30, 2022 at 1:50 AM Mark Thomas wrote:
>
> The proposed Apache Tomcat 10.0.19 release is now available for
> voting.
>
> Apache Tomcat 10.0.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to jakarta.*
>
> Application
On Wed, Mar 30, 2022 at 1:06 AM Mark Thomas wrote:
>
> The proposed Apache Tomcat 10.1.0-M13 release is now available for
> voting.
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed
71 matches
Mail list logo
