The following votes were cast:
Binding:
+1: markt, remm, schultz, dsoumis, csutherl, ebourg, rjung
No other votes were cast. The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
-
To unsubscri
91278e6794 Fix BZ 69635 - add support to ImportHandler for resolving
inner classes
91278e6794 is described below
commit 91278e6794b073af33574aade2d82386722685d4
Author: Mark Thomas
AuthorDate: Fri Apr 4 17:17:39 2025 +0100
Fix BZ 69635 - add support to ImportHandler for resolving inner classes
On 04/04/2025 14:11, Rémy Maucherat wrote:
The proposed 9.0.104 release is:
[ ] -1, Broken - do not release
[X] +1, Stable - go ahead and release as 9.0.104
Windows installer has valid signature.
Build is fully cross-platform (Linux / Windows) reproducible.
Tests pass on Windows, Linux and M
On 03/04/2025 19:34, Christopher Schultz wrote:
Mark,
On 4/3/25 1:38 PM, Mark Thomas wrote:
On 01/04/2025 19:56, Rémy Maucherat wrote:
The proposed 9.0.103 release is:
[ ] -1, Broken - do not release
[X] +1, Stable - go ahead and release as 9.0.103
+1
Build is cross-platform reproducible
On 01/04/2025 19:56, Rémy Maucherat wrote:
The proposed 9.0.103 release is:
[ ] -1, Broken - do not release
[X] +1, Stable - go ahead and release as 9.0.103
+1
Build is cross-platform reproducible (Windows).
Test pass on Linux, Windows and MacOS (M1).
I did observe some test failures due to
On 01/04/2025 19:42, Christopher Schultz wrote:
The proposed Apache Tomcat 10.1.40 release is now available for
voting.
+1
Build is cross-platform reproducible (Windows).
Test pass on Linux, Windows and MacOS (M1).
I did observe some test failures due to the known issue in the
AccessLogValv
On 01/04/2025 17:06, Mark Thomas wrote:
The proposed 11.0.6 release is:
[ ] -1 Broken - do not release
[X] +1 Stable - go ahead and release as 11.0.6
Tests pass for NIO and NIO2 on Windows, Linux and MacOS M1.
Build is cross-platform (Windows, Linux, MacOS) repeatable.
Mark
On 01/04/2025 09:31, Emmanuel Bourg wrote:
On 01/04/2025 10:06, Mark Thomas wrote:
Did you figure out the file handler issue with Jsign 7.1?
The issue was with 7.0 - we were seeing the "Unsupported file" error
with Ant.
I don't recall any issues with 7.1. I'm currently
On 31/03/2025 22:39, Emmanuel Bourg wrote:
Hi Mark,
On 31/03/2025 16:51, Mark Thomas wrote:
I have a couple of tasks to get done (update JSign, update i18n
strings) and then I should be ready to tag 11.0.6. I am currently
hoping to be able to do that tomorrow.
Did you figure out the file
/heads/main by this push:
new 8a5e5475f1 Restore final keywords
8a5e5475f1 is described below
commit 8a5e5475f1ead35589dc8c5e359b9395838112b7
Author: Mark Thomas
AuthorDate: Mon Mar 31 17:27:02 2025 +0100
Restore final keywords
Removing final broke the signature tests for the
Hi all,
I have a couple of tasks to get done (update JSign, update i18n strings)
and then I should be ready to tag 11.0.6. I am currently hoping to be
able to do that tomorrow.
Mark
-
To unsubscribe, e-mail: dev-unsubscr...
/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 4c47edde5e Update JDT to 4.35 / 3.41
4c47edde5e is described below
commit 4c47edde5e8e406a4ea1a7999f08c25e651f59d0
Author: Mark Thomas
AuthorDate: Fri Mar 28 11:46:36 2025 +
Update JDT to 4.35
On 21/03/2025 14:11, Christopher Schultz wrote:
All,
I'm looking at adding file-based allow/deny for the RemoteCIDR(Filter|
Valve) and I can see that there is a bunch of duplicate code between the
two classes.
Is there any reason not to re-use methods such as RemoteCIDR(Filter|
Valve).fillF
On 20/03/2025 11:24, Rémy Maucherat wrote:
On Thu, Mar 20, 2025 at 12:11 PM Mark Thomas wrote:
On 20/03/2025 10:09, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos
On 20/03/2025 10:09, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 3ae844b
On 20/03/2025 10:22, Mark Thomas wrote:
On 19/03/2025 09:51, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs
On 19/03/2025 09:51, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new e5de08a
On 17/03/2025 12:08, Rémy Maucherat wrote:
Hi,
Would it be ok to use records and pattern variables (which replace the
instanceof then cast code) in Tomcat ?
+1
I think they would improve the code overall, esp records. Although it
would make the branches a bit more different, this is "boilerp
On 12/03/2025 13:18, Rémy Maucherat wrote:
On Wed, Mar 12, 2025 at 1:23 PM Mark Thomas wrote:
All,
I have been working through the some specification compliance questions
raised by some research into HTTP conformance [1].
That paper's focus is security but I don't see any securit
All,
I have been working through the some specification compliance questions
raised by some research into HTTP conformance [1].
That paper's focus is security but I don't see any security concerns for
Tomcat. I do see a number of false positive results and I have raised
issues for those.
O
On 11/03/2025 15:28, Mark Thomas wrote:
I'm testing with the real signing service.
I have found an issue. The timestamp of the Uninstaller isn't reset
after the signature is inserted so that breaks repeatable builds. I
should be able to fix that fairly quickly.
OK. I think w
On 11/03/2025 13:41, Rainer Jung wrote:
Am 11.03.25 um 14:31 schrieb Emmanuel Bourg:
On 11/03/2025 13:09, Mark Thomas wrote:
It is JSign again.
If I switch back to JSign 6.0 the build starts working. Based on what
we have seen previously, it looks JSign is retaining a reference to
the
On 11/03/2025 11:24, Mark Thomas wrote:
File Uninstall.exe
line fails claiming it can' t open ".\Uninstall.exe"
but that file is created a few steps earlier and is present when I check
the file system.
Still looking...
It is JSign again.
If I switch back to JSign 6.0 t
On 11/03/2025 09:24, Mark Thomas wrote:
On 10/03/2025 11:18, Rainer Jung wrote:
I implemented this and tested it on Linux with custom makensis and on
Windows with native makensis.exe. I could not test the codesigning
part on Windows, because I did not have the right detached signatures
and
On 10/03/2025 11:18, Rainer Jung wrote:
I implemented this and tested it on Linux with custom makensis and on
Windows with native makensis.exe. I could not test the codesigning part
on Windows, because I did not have the right detached signatures and
using a wrong one seems to prevent NSIS from
CVE-2025-24813 Potential RCE and/or information disclosure and/or
information corruption with partial PUT
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.2
Apache Tomcat 10.1.0-M1 to 10.1.34
Apache Tomcat 9.0.0.M1 to 9.0.98
Descrip
The following votes were cast:
Binding:
+1: dsoumis, rjung, remm, schultz, markt
No other votes were cast. The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
-
To unsubscribe, e-mail: dev-uns
On 05/03/2025 12:22, Dimitris Soumis wrote:
Build is 100% reproducible with nsis.tool=makensis. I am getting an error
though if the nsis.tool=wine as it doesn't contain the latest build.xml
files with the fixes.
Just to note with the latest fixes you won't see that error but the
build still
On 03/03/2025 19:52, Rémy Maucherat wrote:
The proposed 9.0.102 release is:
[ ] -1, Broken - do not release
[X] +1, Stable - go ahead and release as 9.0.102
Build is cross platform (MacOS/Linux/Windows) reproducible.
Tests pass on:
- Linux (OpenSSL 3.0.13 from Ubuntu 24.04)
- Windows (OpenSSL
On 04/03/2025 19:13, Christopher Schultz wrote:
The proposed Apache Tomcat 10.1.39 release is now available for
voting.
+1
Build is cross platform (OSX/Linux/Windows) reproducible.
Tests pass on:
- Linux (OpenSSL 3.0.13 from Ubuntu 24.04)
- Windows (OpenSSL 3.0.14 - Native 2.0.8 binaries)
- M
On 28/02/2025 17:06, Mark Thomas wrote:
The proposed 11.0.5 release is:
[ ] -1 Broken - do not release
[ ] +1 Stable - go ahead and release as 11.0.5
Build is cross platform (Linux/Windows) reproducible.
Tests pass on:
- Linux (OpenSSL 3.0.13 from Ubuntu 24.04)
- Windows (OpenSSL 3.0.14
On 04/03/2025 09:34, Rainer Jung wrote:
Hi all,
this is only a first rough idea:
- previously we signed the exe files for the Windows installer and
uninstaller by first generating a temporary installer. Then running that
(on Windows or with wine) so that it writes our the uninstaller. Then
s
On 03/03/2025 23:43, Christopher Schultz wrote:
On 3/3/25 7:45 AM, Rémy Maucherat wrote:
Ok. I would like it more if using my platform makensis was possible.
+1
Is this the kind of thing we could somehow move upstream? I seem to
recall that the build option we needed to use was just enab
On 03/03/2025 16:08, Rainer Jung wrote:
Am 03.03.25 um 16:54 schrieb Mark Thomas:
So, I think we have a different set of options now:
a) Keep the existing makensis approach and remove Wine support
b) Revert the change to using callbacks to sign the uninstaller and
installer. Keep the
On 03/03/2025 15:38, Rémy Maucherat wrote:
On Mon, Mar 3, 2025 at 1:45 PM Rémy Maucherat wrote:
On Mon, Mar 3, 2025 at 1:27 PM Mark Thomas wrote:
On 03/03/2025 10:54, Mark Thomas wrote:
I do like the makensis approach as it is a lot simpler. Wine on Mac has
proven tricky to get working
On 03/03/2025 10:54, Mark Thomas wrote:
I don't recall if I tested with wine after the changes were complete. I
do recall installing and uninstalling wine multiple times. I'll retest now.
So clearly I didn't test this with Wine. There is no way the current
build.xml file
On 03/03/2025 09:45, Rémy Maucherat wrote:
On Sun, Mar 2, 2025 at 10:20 PM Rainer Jung wrote:
Hmm, I never tried with wine but at least I checked, that the ant
download for Windows contains a binary named "ant", not just "ant.exe".
I don't recall if I tested with wine after the changes we
On 03/03/2025 10:03, Rémy Maucherat wrote:
On Mon, Mar 3, 2025 at 10:30 AM Mark Thomas wrote:
On 28/02/2025 22:41, r...@apache.org wrote:
// If the ETag the client gave does not match the entity
// etag, then the entire entity is returned.
-if
On 28/02/2025 22:41, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 7f0df68
Thanks all for the feedback. I'm going to send this to the users list
shortly.
Mark
On 17/02/2025 08:35, Mark Thomas wrote:
Updated version after Chris's comments below. Any more comments or are
we happy to publish this?
Mark
Subject: The future of Tomcat 9
Tomcat 9 is the
On 20/02/2025 15:23, Mark Thomas wrote:
I'm making progress with the updates for Tomcat 11. Should have
something to commit soon.
That took longer than expected but I think that work is complete.
In most cases users shouldn't see anything. If Tomcat does encounter a
scenario it
On 20/02/2025 13:52, Rémy Maucherat wrote:
On Thu, Feb 20, 2025 at 2:42 PM Mark Thomas wrote:
On 20/02/2025 13:36, Rémy Maucherat wrote:
On Thu, Feb 20, 2025 at 1:06 PM Mark Thomas wrote:
All,
The recent releases have improved things for users of embedded Tomcat
but there are still some
On 20/02/2025 13:36, Rémy Maucherat wrote:
On Thu, Feb 20, 2025 at 1:06 PM Mark Thomas wrote:
All,
The recent releases have improved things for users of embedded Tomcat
but there are still some issues. I am seeing reports via $work related
to Spring Boot.
The problem is on Windows and Mac
All,
The recent releases have improved things for users of embedded Tomcat
but there are still some issues. I am seeing reports via $work related
to Spring Boot.
The problem is on Windows and Mac. The file systems are case insensitive
and DirResourceSet instances are read/write by default so
All,
A case sensitivity test was added to DirResourceSet as part of the fix
for CVE-2024-50379. It is also used to check whether the JVM setting
described in CVE-2024-56337 is required.
The current case sensitivity check is imperfect. Things are complicated by:
- Windows introducing per direc
The following votes were cast:
Binding:
+1: markt, schultz, remm
Non-binding:
+1: dsoumis
No other votes were cast. The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
-
To unsubscribe, e-mai
Updated version after Chris's comments below. Any more comments or are
we happy to publish this?
Mark
Subject: The future of Tomcat 9
Tomcat 9 is the last major Tomcat version supporting Java EE. Therefore,
the Tomcat community intends to provide support for Tomcat 9 beyond the
10 years for
the repo that mean it is mostly
just a copy and paste task.
I'll look at this now.
Mark
Best regards,
Rainer
Am 17.02.23 um 17:39 schrieb Mark Thomas:
They have. I have a new set ready to commit. Just running the tests to
make sure I didn't miss any.
Mark
On 17/02/2023 16:
ll be provided for 9.1.x end of support.
On 13/02/2025 15:34, Mark Thomas wrote:
I haven't seen any further discussion so I am going to draft an
announcement for review that I'll post this list.
Mark
On 04/02/2025 21:14, Christopher Schultz wrote:
Mark,
On 2/3/25 11:00 AM, Ma
On 13/02/2025 12:40, Rémy Maucherat wrote:
The proposed 9.0.100 release is:
[ ] -1, Broken - do not release
[X] +1, Stable - go ahead and release as 9.0.100
Build is cross platform (Linux/Windows) reproducible.
Tests pass on:
- Linux (OpenSSL 3.0.13 from Ubuntu 24.04)
- Windows (OpenSSL 3.0.1
I haven't seen any further discussion so I am going to draft an
announcement for review that I'll post this list.
Mark
On 04/02/2025 21:14, Christopher Schultz wrote:
Mark,
On 2/3/25 11:00 AM, Mark Thomas wrote:
Responding to all the threads here...
On 03/02/2025 13:40, C
On 13/02/2025 13:24, Christopher Schultz wrote:
Please reply with a +1 for release or +0/-0/-1 with an explanation.
+1
Build is cross platform (OSX/Linux) reproducible.
Tests pass on:
- Linux (OpenSSL 3.0.13 from Ubuntu 24.04)
- Windows (OpenSSL 3.0.14 - Native 2.0.8 binaries)
- MacOS (Intel
On 13/02/2025 11:16, Mark Thomas wrote:
The proposed 11.0.4 release is:
[ ] -1 Broken - do not release
[X] +1 Stable - go ahead and release as 11.0.4
Build is cross platform (Linux/Windows) reproducible.
Tests pass on:
- Linux (OpenSSL 3.0.13 from Ubuntu 24.04)
- Windows (OpenSSL 3.0.14
On 12/02/2025 12:57, Christopher Schultz wrote:
Mark,
On 2/12/25 5:07 AM, Mark Thomas wrote:
All,
Given the regression described in [1], we seem to be heading towards
consensus that a release sooner than the March release round is needed.
What are the views on timing for that tag? How much
All,
Given the regression described in [1], we seem to be heading towards
consensus that a release sooner than the March release round is needed.
What are the views on timing for that tag? How much longer do we want to
wait for any other regressions? Is today too soon?
I'm thinking a tag at
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.3.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications.
On 10/02/2025 13:55, Christopher Schultz wrote:
Assuming we agree that the official releases of Tomcat should have
documentation in English, then I have a further proposal:
+1
- Add "locale" attribute to the tasks in the build with
an explicit locale
+1
For release-managers, I will
The following votes were cast:
Binding:
+1: isapir, markt, remm, rjung, schultz
Non-Binding:
+1: dsoumis
The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
-
To unsubscribe, e-mail: dev-unsu
On 04/02/2025 20:29, Rémy Maucherat wrote:
The proposed 9.0.99 release is:
[ ] -1, Broken - do not release
[X] +1, Stable - go ahead and release as 9.0.99
Build is cross platform (Linux/Windows) reproducible.
Tests pass on:
- Linux (OpenSSL 3.0.13 from Ubuntu 24.04)
- Windows (OpenSSL 3.0.14
On 04/02/2025 22:10, Christopher Schultz wrote:
Please reply with a +1 for release or +0/-0/-1 with an explanation.
+1
Build is cross platform (OSX/Linux/Windows) reproducible.
Tests pass on:
- Linux (OpenSSL 3.0.13 from Ubuntu 24.04)
- Windows (OpenSSL 3.0.14 - Native 2.0.8 binaries)
- MacO
On 04/02/2025 18:35, Mark Thomas wrote:
The proposed 11.0.3 release is:
[ ] -1 Broken - do not release
[X] +1 Stable - go ahead and release as 11.0.3
Build is cross platform (Linux/Windows) reproducible.
Tests pass on:
- Linux (OpenSSL 3.0.13 from Ubuntu 24.04)
- Windows (OpenSSL 3.0.14
On 05/02/2025 03:09, Chuck Caldarale wrote:
Didn’t Mark limit test JVMs to 256m in a recent commit:
diff --git a/build.xml b/build.xml
index f47b137d1c..bdb0b0cf7a 100644
--- a/build.xml
+++ b/build.xml
@@ -2043,7 +2043,8 @@
errorproperty="test.result.error"
failureprope
fb6184445ea00fb8fde4f2de997ee77e39440ffa
Author: Mark Thomas
AuthorDate: Tue Feb 4 18:12:01 2025 +
Revert "Update JSign to 7.0"
This reverts commit 64a6ba781269fab74b25181d569d15dd023c0486.
What is the issue with the release ? (I suppose our signing no longer
works, but obviously I haven't tested)
S
The proposed Apache Tomcat 11.0.3 release is now available for voting.
The notable changes compared to 11.0.2 include:
- Allow readOnly attribute configuration on the Resources element and
allow configuration of the readOnly attribute value of the main
resources. The attribute value will als
Responding to all the threads here...
On 03/02/2025 13:40, Christopher Schultz wrote:
3. What minimum version of Java do we want to support? Stick with Java
8? Increase the minimum version in line with availability of free
supported JREs (e.g. from Temurin)? Something else?
There are some
On 30/01/2025 16:04, Rémy Maucherat wrote:
On Thu, Jan 30, 2025 at 4:35 PM Mark Thomas wrote:
On 30/01/2025 11:20, Rémy Maucherat wrote:
On Thu, Jan 30, 2025 at 12:10 PM Mark Thomas wrote:
On 30/01/2025 10:32, Rémy Maucherat wrote:
Yes, there's an off by one issue, still don't
On 30/01/2025 11:20, Rémy Maucherat wrote:
On Thu, Jan 30, 2025 at 12:10 PM Mark Thomas wrote:
On 30/01/2025 10:32, Rémy Maucherat wrote:
Yes, there's an off by one issue, still don't understand what's
causing it (anything that gets into the available = 0 situations in
availab
On 30/01/2025 10:32, Rémy Maucherat wrote:
Yes, there's an off by one issue, still don't understand what's
causing it (anything that gets into the available = 0 situations in
available() will break). My local code replaces the CRLF trick with
proper byte skipping and does not have the issue. I'll
On 30/01/2025 09:36, Rémy Maucherat wrote:
On Thu, Jan 30, 2025 at 12:26 AM wrote:
Build status: BUILD FAILED: failed compile (failure)
Worker used: bb_worker2_ubuntu
URL: https://ci2.apache.org/#builders/112/builds/1490
Blamelist: remm
Build Text: failed compile (failure)
Status Detected: ne
On 29/01/2025 12:50, Rémy Maucherat wrote:
On Wed, Jan 29, 2025 at 1:14 PM Mark Thomas wrote:
On 29/01/2025 09:56, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf
On 29/01/2025 09:56, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new e1cde6f
As a result of a user request, I am looking at Tomcat's handling of %2f
(encoded '/') and %5c (encoded '\').
I have already added a new attribute (encodedReverseSolidusHandling) to
the Connector to align options for %5c handling with options for %2f
handling.
I am now looking at the RequestD
The Apache Tomcat team announces the immediate availability of Apache
Tomcat Migration Tool for Jakarta EE 1.0.9
Apache Tomcat Migration Tool for Jakarta EE is an open source software
tool for migrating binary web applications (WAR files) and other binary
artifacts from Java EE 8 to Jakarta EE 9.
The following votes were cast:
Binding:
+1: markt, remm, isapir
No other votes were cast. The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
On 08/01/2025 10:32, Mark Thomas wrote:
The proposed Apache Tomcat migration tool for Jakarta EE 1.0.9 is now
Ping.
On 14/01/2025 08:15, Mark Thomas wrote:
There have only been two binding +1 votes for this release so far. If at
least one other PMC member could find the time to review the release
that would be great.
Mark
On 08/01/2025 10:32, Mark Thomas wrote:
The proposed Apache Tomcat
e0da738a9a Improve EL Identifier tests
e0da738a9a is described below
commit e0da738a9afbfd85d407bb0b7759f85a5ba087b2
Author: Mark Thomas
AuthorDate: Fri Jan 17 17:40:52 2025 +
Improve EL Identifier tests
Test valid and non-valid characters.
Tests can only run on versions of
On 17/01/2025 14:34, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 5b003
427732ef8e Automate protection for CVE-2024-56337
427732ef8e is described below
commit 427732ef8ee7f707a32734a13a926a2d070b8ba9
Author: Mark Thomas
AuthorDate: Thu Jan 16 16:37:06 2025 +
Automate protection for CVE-2024-56337
If there is a potentially vulnerable web application
On 14/01/2025 07:40, Mark Thomas wrote:
On 13/01/2025 20:00, Mark Thomas wrote:
On 13/01/2025 19:57, Rémy Maucherat wrote:
Found these also from the full testsuite:
https://nightlies.apache.org/tomcat/tomcat-12.0.x/logs/317/TEST-
jakarta.servlet.http.TestHttpServletDoHeadValidWrite0
There have only been two binding +1 votes for this release so far. If at
least one other PMC member could find the time to review the release
that would be great.
Mark
On 08/01/2025 10:32, Mark Thomas wrote:
The proposed Apache Tomcat migration tool for Jakarta EE 1.0.9 is now
available for
On 13/01/2025 20:00, Mark Thomas wrote:
On 13/01/2025 19:57, Rémy Maucherat wrote:
Found these also from the full testsuite:
https://nightlies.apache.org/tomcat/tomcat-12.0.x/logs/317/TEST-
jakarta.servlet.http.TestHttpServletDoHeadValidWrite0.NIO.txt
I'm not seeing any of those lo
On 13/01/2025 19:57, Rémy Maucherat wrote:
On Mon, Jan 13, 2025 at 8:53 PM Rémy Maucherat wrote:
On Mon, Jan 13, 2025 at 8:39 PM Mark Thomas wrote:
On 13/01/2025 08:10, Rémy Maucherat wrote:
On Thu, Jan 9, 2025 at 4:31 PM Mark Thomas wrote:
On 09/01/2025 14:53, Rémy Maucherat wrote
On 09/01/2025 15:29, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 80ae858
On 13/01/2025 08:10, Rémy Maucherat wrote:
On Thu, Jan 9, 2025 at 4:31 PM Mark Thomas wrote:
On 09/01/2025 14:53, Rémy Maucherat wrote:
On Thu, Jan 9, 2025 at 3:17 PM Mark Thomas wrote:
My current plan is to create InputBuffer with bb set to a zero length
ByteBuffer and have recycle
essed
ddf6477c1f is described below
commit ddf6477c1f0354ada82535f757f0c83c17ec25bd
Author: Mark Thomas
AuthorDate: Fri Jan 10 10:54:31 2025 +
Clear reference to stream in HPack decoder once headers are
processed
---
java/org/apache/coyote/http2/HpackDecoder.java | 5 +
java/org/a
On 09/01/2025 14:53, Rémy Maucherat wrote:
On Thu, Jan 9, 2025 at 3:17 PM Mark Thomas wrote:
My current plan is to create InputBuffer with bb set to a zero length
ByteBuffer and have recycle (re)set it to a zero length ByteBuffer. That
avoids the NPEs, avoids retaining references
1f4175d65c Refactor so the buffered data is used directly rather than
copied
1f4175d65c is described below
commit 1f4175d65cd7bb44af7fa098e8160b084870865a
Author: Mark Thomas
AuthorDate: Thu Jan 9 14:01:18 2025 +
Refactor so the buffered data is used directly rather than copied
On 08/01/2025 10:32, Mark Thomas wrote:
The proposed 1.0.9 release is:
[ ] -1: Broken. Do not release because...
[X] +1: Acceptable. Go ahead and release.
Tested by packaging the Tomcat 9 examples was a WAR and deploying that
WAR to a Tomcat 12 (HEAD) instance using the 1.0.9 shaded JAR
The proposed Apache Tomcat migration tool for Jakarta EE 1.0.9 is now
available for voting.
The significant changes since 1.0.8 are:
- Fix issue that matchExcludesAgainstPathName didn't work for files.
Part of PR#60 provided by Semiao Marco.
- Added a new profile, SERVLET that only migrates t
On 07/01/2025 10:55, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 2bdb19a
CVE-2024-56337 Apache Tomcat - RCE via write-enabled default servlet -
CVE-2024-50379 mitigation was incomplete
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.1
Apache Tomcat 10.1.0-M1 to 10.1.33
Apache Tomcat 9.0.0.M1 to 9.0.97
D
CVE-2024-54677 Apache Tomcat - DoS in examples web application
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.1
Apache Tomcat 10.1.0-M1 to 10.1.33
Apache Tomcat 9.0.0.M1 to 9.0.97
Description:
Numerous examples in the examples web applic
CVE-2024-50379 Apache Tomcat - RCE via write-enabled default servlet
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.1
Apache Tomcat 10.1.0-M1 to 10.1.33
Apache Tomcat 9.0.0.M1 to 9.0.97
Description:
If the default servlet is write
Hi all,
Two test classes have been added for RFC 9110 section 13:
TestDefaultServletRfc9110Section13
TestDefaultServletRfc9110Section13Parameterized
The parameterized version is a subset of the non-parameterized. I have
confirmed via code coverage that the parameterized version is currently
a
On 11/12/2024 16:34, Rémy Maucherat wrote:
On Wed, Dec 11, 2024 at 4:28 PM Mark Thomas wrote:
On 11/12/2024 09:56, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf
On 11/12/2024 09:56, r...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 990f7e6
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.2.
Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Pages, Jakarta Expression Language, Jakarta
WebSocket, Jakarta Authentication and Jakarta Annotations specifications.
The following votes were cast:
Binding:
+1: markt, schultz, remm, rjung
Non-binding:
+1: dsoumis
The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
On 05/12/2024 16:50, Mark Thomas wrote:
The proposed Apache Tomcat 11.0.1 release is now available for
On 05/12/2024 20:13, Rémy Maucherat wrote:
The proposed 9.0.98 release is:
[ ] -1, Broken - do not release
[X] +1, Stable - go ahead and release as 9.0.98
+1 stable.
Build is cross platform (Linux/Windows) reproducible apart from the
Javadoc due to a known Javadoc bug.
Tests pass on:
- Li
On 05/12/2024 17:14, Christopher Schultz wrote:
Please reply with a +1 for release or +0/-0/-1 with an explanation.
+1 stable.
Build is cross platform (MacOS/Linux/Windows) reproducible.
Tests pass on:
- Linux (OpenSSL 3.0.13 from Ubuntu 24.04)
- Windows (OpenSSL 3.0.14 - Native 2.0.8 binari
1 - 100 of 5471 matches
Mail list logo
