dev  

Messages by Date

• 2026/05/12 How to approach security fixes Mark Thomas
• 2026/05/12 (tomcat) branch main updated: Update StoreRegistry to dynamically load clustering classes (#1005) dsoumis
• 2026/05/12 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/12 Jakarta EE release cadence Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-43512 Apache Tomcat - Digest authenticator will authenticate any unknown user Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-43515 Apache Tomcat - Security constraints not correctly applied Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-43513 Apache Tomcat - LockOutRealm treats user names as case-sensitive Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-43514 Apache Tomcat - AJP secret compared in non-constant time Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-41284 Apache Tomcat - Unbounded read in WebDAV LOCK and PROPFIND handling Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-41293 Apache Tomcat - HTTP/2 request headers not validated Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-42498 Apache Tomcat - WebSocket authentication header exposure Mark Thomas
• 2026/05/12 svn commit: r1934143 - in tomcat/site/trunk: docs xdocs markt
• 2026/05/12 Buildbot success in on tomcat-11.0.x buildbot
• 2026/05/12 [PR] Add explicit read-only permissions to CI workflows [tomcat] via GitHub
• 2026/05/12 Buildbot failure in on tomcat-12.0.x buildbot
• 2026/05/12 svn commit: r1934139 - in tomcat/site/trunk: docs xdocs/stylesheets markt
• 2026/05/12 svn commit: r1934136 - tomcat/site/trunk/docs markt
• 2026/05/12 (tomcat) branch 9.0.x updated: Fix merge error in comment markt
• 2026/05/12 (tomcat) branch 10.1.x updated: Fix merge error in comment markt
• 2026/05/12 (tomcat) branch 10.1.x updated: Additional context path validation on deployment markt
• 2026/05/12 (tomcat) branch 9.0.x updated: Additional context path validation on deployment markt
• 2026/05/12 (tomcat) branch 11.0.x updated: Additional context path validation on deployment markt
• 2026/05/12 (tomcat) branch main updated: Additional context path validation on deployment markt
• 2026/05/12 Buildbot failure in on tomcat-11.0.x buildbot
• 2026/05/11 [Bug 70038] Cookie.clone() is shallow but reference implementation is deep bugzilla
• 2026/05/11 (tomcat) branch 10.1.x updated: Fix BZ 70038 - Cookie.clone() should also clone internal attribute map markt
• 2026/05/11 (tomcat) branch 11.0.x updated: Fix BZ 70038 - Cookie.clone() should also clone internal attribute map markt
• 2026/05/11 (tomcat) branch main updated: Fix BZ 70038 - Cookie.clone() should also clone internal attribute map markt
• 2026/05/11 [Bug 70038] Cookie.clone() is shallow but reference implementation is deep bugzilla
• 2026/05/11 [Bug 70038] New: Cookie.clone() is shallow but reference implementation is deep bugzilla
• 2026/05/11 (tomcat) branch 9.0.x updated: Add release date remm
• 2026/05/11 svn commit: r1934125 - in tomcat/site/trunk: . docs docs/tomcat-10.1-doc docs/tomcat-10.1-doc/annotationapi docs/tomcat-10.1-doc/annotationapi/jakarta/annotation docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/security docs/tomcat-10.1-doc/annota... schultz
• 2026/05/11 [ANN] Apache Tomcat 10.1.55 Available Christopher Schultz
• 2026/05/11 (tomcat) branch 10.1.x updated: Add release date schultz
• 2026/05/11 svn commit: r84470 - release/tomcat/tomcat-10/v10.1.54 schultz
• 2026/05/11 svn commit: r84469 - dev/tomcat/tomcat-10/v10.1.55 release/tomcat/tomcat-10/v10.1.55 schultz
• 2026/05/11 (tomcat) 03/03: @SupressWarnings not required if classes have Javadoc remm
• 2026/05/11 (tomcat) 02/03: Add Javadoc indicating that these classes are stubs remm
• 2026/05/11 (tomcat) branch 10.1.x updated (27ed96937c -> 4e6141951d) remm
• 2026/05/11 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/11 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/11 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/11 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/11 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/11 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/11 Re: (tomcat) 03/03: Add more tests and minor fixes for FilterValve, ProxyErrorReportValve and SemaphoreValve Rainer Jung
• 2026/05/11 Re: (tomcat) 03/03: Add more tests and minor fixes for FilterValve, ProxyErrorReportValve and SemaphoreValve Dimitris Soumis
• 2026/05/11 [VOTE] [RESULT]Release Apache Tomcat 10.1.55 Christopher Schultz
• 2026/05/11 (tomcat) branch 11.0.x updated: @SupressWarnings not required if classes have Javadoc markt
• 2026/05/11 (tomcat) branch main updated: @SupressWarnings not required if classes have Javadoc markt
• 2026/05/11 (tomcat) branch 11.0.x updated: Add Javadoc indicating that these classes are stubs remm
• 2026/05/11 (tomcat) branch main updated: Add Javadoc indicating that these classes are stubs remm
• 2026/05/11 Re: (tomcat) branch 11.0.x updated: Fix Jakarta EE APIs javadoc issues Mark Thomas
• 2026/05/10 [ANN] Apache Tomcat 9.0.118 available Rémy Maucherat
• 2026/05/10 (tomcat-jakartaee-migration) branch dependabot/maven/org.apache-apache-38 deleted (was 8be4bf4) github-bot
• 2026/05/10 (tomcat-jakartaee-migration) branch main updated: Bump org.apache:apache from 37 to 38 remm
• 2026/05/10 Re: [PR] Bump org.apache:apache from 37 to 38 [tomcat-jakartaee-migration] via GitHub
• 2026/05/10 (tomcat-jakartaee-migration) branch dependabot/maven/org.apache-apache-38 created (now 8be4bf4) github-bot
• 2026/05/10 [PR] Bump org.apache:apache from 37 to 38 [tomcat-jakartaee-migration] via GitHub
• 2026/05/10 svn commit: r1934065 - in tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache: catalina/authenticator tomcat/util/security remm
• 2026/05/10 svn commit: r1934064 - in tomcat/site/trunk/docs/tomcat-9.0-doc: . annotationapi annotationapi/javax/annotation annotationapi/javax/annotation/security annotationapi/javax/annotation/sql api api/org/apache/catalina api/org/apache/catalina/ant api/org/a... remm
• 2026/05/10 svn commit: r1934063 - in tomcat/site/trunk: . docs xdocs remm
• 2026/05/10 svn commit: r84433 - dev/tomcat/tomcat-9/v9.0.118 release/tomcat/tomcat-9/v9.0.118 remm
• 2026/05/10 [VOTE][RESULT] Release Apache Tomcat 9.0.118 Rémy Maucherat
• 2026/05/09 [Bug 57485] mod_jk passed the incomplete chunked transferred request body to tomcat bugzilla
• 2026/05/09 (tomcat) branch 11.0.x updated: Add release dates for 11.0.21, 11.0.22. kkolinko
• 2026/05/09 (tomcat) branch main updated: Update Javadoc checkstyle with current figures remm
• 2026/05/09 (tomcat) branch 9.0.x updated: Javadoc fixes and improvements remm
• 2026/05/09 (tomcat) branch 10.1.x updated: Javadoc fixes and improvements remm
• 2026/05/09 (tomcat) branch 11.0.x updated: Javadoc fixes and improvements remm
• 2026/05/09 (tomcat) branch main updated: Javadoc fixes and improvements remm
• 2026/05/08 Re: [VOTE] Release Apache Tomcat 10.1.55 Rainer Jung
• 2026/05/08 (tomcat) branch 9.0.x updated: Prevent accidental directory traversal markt
• 2026/05/08 (tomcat) branch 10.1.x updated: Prevent accidental directory traversal markt
• 2026/05/08 (tomcat) branch 11.0.x updated: Prevent accidental directory traversal markt
• 2026/05/08 (tomcat) branch main updated: Final review of manager upload protections markt
• 2026/05/08 Re: (tomcat) branch main updated: Prevent accidental directory traversal Coty Sutherland
• 2026/05/08 Re: (tomcat) branch main updated: Prevent accidental directory traversal Mark Thomas
• 2026/05/08 Re: (tomcat) branch main updated: Prevent accidental directory traversal Coty Sutherland
• 2026/05/08 Re: (tomcat) branch main updated: Prevent accidental directory traversal Coty Sutherland
• 2026/05/08 (tomcat) branch main updated: Update versioned path check after CoPilot review markt
• 2026/05/08 Re: (tomcat) branch main updated: Prevent accidental directory traversal Mark Thomas
• 2026/05/08 (tomcat) branch main updated: Prevent accidental directory traversal markt
• 2026/05/08 (tomcat) branch 10.1.x updated: Prevent duplicate cluster unavailability log message csutherl
• 2026/05/08 (tomcat) branch 9.0.x updated: Prevent duplicate cluster unavailability log message csutherl
• 2026/05/08 (tomcat) branch main updated: Prevent duplicate cluster unavailability log message csutherl
• 2026/05/08 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Coty Sutherland
• 2026/05/08 (tomcat) branch 11.0.x updated: Avoid potential NPEs. Identified by Coverity. markt
• 2026/05/08 (tomcat) branch 9.0.x updated: Avoid potential NPEs. Identified by Coverity. markt
• 2026/05/08 [PR] Fix StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/08 (tomcat) branch 10.1.x updated: Avoid potential NPEs. Identified by Coverity. markt
• 2026/05/08 (tomcat) branch main updated: Avoid potential NPEs. Identified by Coverity. markt
• 2026/05/08 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Rich Bowen
• 2026/05/08 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Mark Thomas
• 2026/05/08 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Mark Thomas
• 2026/05/08 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Mark Thomas
• 2026/05/08 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Jonathan Gallimore
• 2026/05/07 Re: (tomcat) branch main updated: Enhance version.sh and version.bat output to display APR, OpenSSL, and third-party library versions (#919) Coty Sutherland
• 2026/05/07 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Fatima Qaisar
• 2026/05/07 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Mark Thomas
• 2026/05/07 (tomcat) branch 9.0.x updated (0f869d035e -> dccaf44b29) markt
• 2026/05/07 (tomcat) 02/02: Remove unnecessary warning suppression after Javadoc updates markt
• 2026/05/07 (tomcat) 01/02: Work around an Eclipse bug markt
• 2026/05/07 (tomcat) branch 10.1.x updated (d26c89b413 -> 2549ba1f5a) markt
• 2026/05/07 (tomcat) 01/02: Work around an Eclipse bug markt
• 2026/05/07 (tomcat) 02/02: Remove unnecessary warning suppression after Javadoc updates markt
• 2026/05/07 (tomcat) 01/02: Work around an Eclipse bug markt
• 2026/05/07 (tomcat) 02/02: Remove unnecessary warning suppression after Javadoc updates markt
• 2026/05/07 (tomcat) branch 11.0.x updated (4c2aa34d3a -> 098bf2b610) markt
• 2026/05/07 (tomcat) branch main updated: Remove unnecessary warning suppression after Javadoc updates markt
• 2026/05/07 (tomcat) branch main updated: Work around an Eclipse bug markt
• 2026/05/07 Re: (tomcat) branch main updated: Javadoc fixes and improvements Rémy Maucherat
• 2026/05/07 (tomcat) branch main updated: Remove incorrect throw statements markt
• 2026/05/07 Re: (tomcat) branch main updated: Javadoc fixes and improvements Mark Thomas
• 2026/05/07 (tomcat) branch main updated: Remove extra space markt
• 2026/05/07 (tomcat) branch 10.1.x updated: Drop useless javadoc on override remm
• 2026/05/07 (tomcat) branch 11.0.x updated: Drop useless javadoc on override remm
• 2026/05/07 (tomcat) branch 9.0.x updated: Drop useless javadoc on override remm
• 2026/05/07 (tomcat) branch main updated: Drop useless javadoc on override remm
• 2026/05/07 Re: (tomcat) branch main updated: Javadoc fixes and improvements Rémy Maucherat
• 2026/05/07 (tomcat-maven-plugin) branch trunk updated: Fixes remm
• 2026/05/07 Re: (tomcat) branch main updated: Javadoc fixes and improvements Mark Thomas
• 2026/05/07 (tomcat) branch 10.1.x updated: Reduce duplication markt
• 2026/05/07 (tomcat) branch 11.0.x updated: Reduce duplication markt
• 2026/05/07 (tomcat-maven-plugin) branch trunk updated: Javadoc warning fixes remm
• 2026/05/07 (tomcat) branch main updated: Work-around bug in Checkstyle parser markt
• 2026/05/07 (tomcat) branch main updated: Reduce duplication markt
• 2026/05/07 (tomcat) branch 11.0.x updated: Fix formatting remm
• 2026/05/07 (tomcat) branch main updated: Fix formatting remm
• 2026/05/07 (tomcat) branch 9.0.x updated: Fix Jakarta references remm
• 2026/05/06 Buildbot success in on tomcat-12.0.x buildbot
• 2026/05/06 Buildbot success in on tomcat-11.0.x buildbot
• 2026/05/06 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? 박종하
• 2026/05/06 Buildbot failure in on tomcat-12.0.x buildbot
• 2026/05/06 Buildbot failure in on tomcat-11.0.x buildbot
• 2026/05/06 (tomcat) branch 9.0.x updated: Fix typo... csutherl
• 2026/05/06 (tomcat) branch main updated: Fix typo... csutherl
• 2026/05/06 (tomcat) branch 10.1.x updated: Fix typo... csutherl
• 2026/05/06 (tomcat) branch 11.0.x updated: Fix typo... csutherl
• 2026/05/06 (tomcat) branch 10.1.x updated: Lower the log level to debug when OpenSSL initialization fails to avoid nasty stack traces and gracefully fail when natives aren't present csutherl
• 2026/05/06 (tomcat) branch main updated: Lower the log level to debug when OpenSSL initialization fails to avoid nasty stack traces and gracefully fail when natives aren't present csutherl
• 2026/05/06 (tomcat) branch 11.0.x updated: Lower the log level to debug when OpenSSL initialization fails to avoid nasty stack traces and gracefully fail when natives aren't present csutherl
• 2026/05/06 (tomcat) branch 9.0.x updated: Lower the log level to debug when OpenSSL initialization fails to avoid nasty stack traces and gracefully fail when natives aren't present csutherl
• 2026/05/06 Re: [VOTE] Release Apache Tomcat 10.1.55 Christopher Schultz
• 2026/05/06 Buildbot failure in on tomcat-9.0.x buildbot
• 2026/05/06 Buildbot failure in on tomcat-10.1.x buildbot
• 2026/05/06 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Mark Thomas
• 2026/05/06 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Rich Bowen
• 2026/05/06 Re: [VOTE] Release Apache Tomcat 10.1.55 Rémy Maucherat
• 2026/05/06 Re: [VOTE] Release Apache Tomcat 10.1.55 Mark Thomas
• 2026/05/06 Re: [PR] 9.0.x of PR#1002: Add access-log pattern: %% [tomcat] via GitHub
• 2026/05/06 Re: [PR] 9.0.x of PR#1002: Add access-log pattern: %% [tomcat] via GitHub
• 2026/05/06 (tomcat) branch 9.0.x updated: Add support for '%%' to represent a literal '%' in the access log markt
• 2026/05/06 (tomcat) branch 10.1.x updated: Add support for '%%' to represent a literal '%' in the access log markt
• 2026/05/06 Re: [PR] 11.0.x of PR#1002: Add access-log pattern: %% [tomcat] via GitHub
• 2026/05/06 Re: [PR] 11.0.x of PR#1002: Add access-log pattern: %% [tomcat] via GitHub
• 2026/05/06 (tomcat) branch 11.0.x updated: Add support for '%%' to represent a literal '%' in the access log markt
• 2026/05/06 Re: [PR] Add access-log pattern: %%, align %{xxx}D with %{xxx}T [tomcat] via GitHub
• 2026/05/06 Re: [PR] Add access-log pattern: %%, align %{xxx}D with %{xxx}T [tomcat] via GitHub
• 2026/05/06 (tomcat) branch main updated: Add support for '%%' to represent a literal '%' in the access log markt
• 2026/05/06 Re: [PR] Add access-log pattern: %%, align %{xxx}D with %{xxx}T [tomcat] via GitHub
• 2026/05/06 Re: [PR] Add access-log pattern: %%, align %{xxx}D with %{xxx}T [tomcat] via GitHub
• 2026/05/06 Re: [PR] Add access-log pattern: %%, align %{xxx}D with %{xxx}T [tomcat] via GitHub
• 2026/05/06 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Mark Thomas
• 2026/05/05 (tomcat-maven-plugin) branch dependabot/maven/tomcatVersion-11.0.22 deleted (was 4df69c9) github-bot
• 2026/05/05 Re: [PR] Bump tomcatVersion from 9.0.117 to 11.0.22 [tomcat-maven-plugin] via GitHub
• 2026/05/05 Re: [PR] Bump tomcatVersion from 9.0.117 to 11.0.22 [tomcat-maven-plugin] via GitHub
• 2026/05/05 Re: [PR] Bump tomcatVersion from 9.0.117 to 11.0.22 [tomcat-maven-plugin] via GitHub
• 2026/05/05 (tomcat-maven-plugin) branch dependabot/maven/tomcatVersion-11.0.22 created (now 4df69c9) github-bot
• 2026/05/05 [PR] Bump tomcatVersion from 9.0.117 to 11.0.22 [tomcat-maven-plugin] via GitHub
• 2026/05/05 Hackathon at Community Over Code Glasgow — is Tomcat interested? rbowen
• 2026/05/05 Re: [VOTE] Release Apache Tomcat 10.1.55 Christopher Schultz
• 2026/05/05 Re: [VOTE] Release Apache Tomcat 9.0.118 Christopher Schultz
• 2026/05/05 Re: [VOTE] Release Apache Tomcat 10.1.55 Mark Thomas
• 2026/05/05 Buildbot success in on tomcat-10.1.x buildbot
• 2026/05/05 [ANN] Apache Tomcat 11.0.22 Available Mark Thomas
• 2026/05/05 svn commit: r84336 - release/tomcat/tomcat-11/v11.0.21 markt
• 2026/05/05 svn commit: r1933848 - in tomcat/site/trunk/docs/tomcat-11.0-doc: . annotationapi annotationapi/jakarta/annotation annotationapi/jakarta/annotation/security annotationapi/jakarta/annotation/sql api api/org/apache/catalina api/org/apache/catalina/ant ap... markt
• 2026/05/05 svn commit: r1933849 - in tomcat/site/trunk: . docs xdocs markt
• 2026/05/05 (tomcat) branch 10.1.x updated: Increment version numbers for next release schultz
• 2026/05/05 [VOTE] Release Apache Tomcat 10.1.55 Christopher Schultz
• 2026/05/05 May Release of 10.1.x Christopher Schultz
• 2026/05/05 svn commit: r84324 - in dev/tomcat/tomcat-10/v10.1.55: . bin bin/embed src schultz
• 2026/05/05 (tomcat) tag 10.1.55 created (now c709667267) schultz
• 2026/05/05 (tomcat) 01/01: Tag 10.1.55 schultz
• 2026/05/05 Buildbot success in on tomcat-9.0.x buildbot
• 2026/05/05 svn commit: r84318 - dev/tomcat/tomcat-11/v11.0.22 release/tomcat/tomcat-11/v11.0.22 markt
• 2026/05/05 [VOTE][RESULT] Release Apache Tomcat 11.0.22 Mark Thomas
• 2026/05/05 Re: [VOTE] Release Apache Tomcat 9.0.118 Mark Thomas
• 2026/05/05 Re: [VOTE] Release Apache Tomcat 11.0.22 Mark Thomas
• 2026/05/05 (tomcat) branch 9.0.x updated (0c3339a1e1 -> 8d98953433) markt
• 2026/05/05 (tomcat) branch 10.1.x updated: Fix reproducible source builds markt
• 2026/05/05 (tomcat) branch 11.0.x updated: Fix reproducible source builds markt
• 2026/05/05 (tomcat) branch main updated: Fix reproducible source builds markt
• 2026/05/05 Re: (tomcat) branch main updated: Enhance version.sh and version.bat output to display APR, OpenSSL, and third-party library versions (#919) Rainer Jung
• 2026/05/04 Re: [VOTE] Release Apache Tomcat 9.0.118 Rainer Jung
• 2026/05/04 Re: [VOTE] Release Apache Tomcat 11.0.22 Rainer Jung
• 2026/05/04 Re: (tomcat) branch main updated: Enhance version.sh and version.bat output to display APR, OpenSSL, and third-party library versions (#919) Rémy Maucherat
• 2026/05/04 Re: (tomcat) branch main updated: Enhance version.sh and version.bat output to display APR, OpenSSL, and third-party library versions (#919) Coty Sutherland
• 2026/05/04 Re: (tomcat) branch main updated: Enhance version.sh and version.bat output to display APR, OpenSSL, and third-party library versions (#919) Rainer Jung

• Earlier messages
• Later messages