dev  

Messages by Date

• 2026/05/13 Re: How to approach security fixes Mark Thomas
• 2026/05/13 Re: (tomcat) branch main updated: Warn for insecure PEM file encryption Mark Thomas
• 2026/05/13 Re: Jakarta EE release cadence Christopher Schultz
• 2026/05/13 Re: How to approach security fixes Christopher Schultz
• 2026/05/13 Re: (tomcat) branch main updated: Warn for insecure PEM file encryption Christopher Schultz
• 2026/05/13 Re: How to approach security fixes Mark Thomas
• 2026/05/13 (tomcat) branch 9.0.x updated: Remove duplicate markt
• 2026/05/13 (tomcat) branch 10.1.x updated: Fix duplicate markt
• 2026/05/13 Re: [PR] Add explicit read-only permissions to CI workflows [tomcat] via GitHub
• 2026/05/13 (tomcat) branch 10.1.x updated: Explicit read-only permissions markt
• 2026/05/13 (tomcat) branch 9.0.x updated: Explicit read-only permissions markt
• 2026/05/13 (tomcat) branch 9.0.x updated: Explicit read-only permissions markt
• 2026/05/13 (tomcat) branch 10.1.x updated: Explicit read-only permissions markt
• 2026/05/13 (tomcat) branch 11.0.x updated: Explicit read-only permissions markt
• 2026/05/13 (tomcat) branch main updated: Add explicit read-only permissions to CI workflows markt
• 2026/05/13 Re: [PR] Add explicit read-only permissions to CI workflows [tomcat] via GitHub
• 2026/05/13 Re: [PR] Add explicit read-only permissions to CI workflows [tomcat] via GitHub
• 2026/05/13 (tomcat) branch main updated: Warn for insecure PEM file encryption markt
• 2026/05/13 (tomcat) branch main updated: Clean-up CodeQL configuration markt
• 2026/05/13 (tomcat) branch main updated: Update CodeQL config to ignore test paths markt
• 2026/05/13 (tomcat) branch main updated: Attempt to fix CodeQL config markt
• 2026/05/13 (tomcat) branch main updated: Create custom CodeQL configuration markt
• 2026/05/13 (tomcat) branch 11.0.x updated: More explicit message and log at error rather than warning markt
• 2026/05/13 (tomcat) branch 9.0.x updated: More explicit message and log at error rather than warning markt
• 2026/05/13 (tomcat) branch 10.1.x updated: More explicit message and log at error rather than warning markt
• 2026/05/13 (tomcat) 02/02: More explicit message and log at error rather than warning markt
• 2026/05/13 (tomcat) branch main updated (7ff10fab8e -> 08bdec1243) markt
• 2026/05/13 (tomcat) 01/02: Use byte rather than int for byte values. markt
• 2026/05/13 Re: How to approach security fixes Mark Thomas
• 2026/05/13 (tomcat) branch 9.0.x updated: Add unit tests for PQC features dsoumis
• 2026/05/13 Re: How to approach security fixes Rémy Maucherat
• 2026/05/13 (tomcat) branch 10.1.x updated: Add unit tests for PQC features dsoumis
• 2026/05/13 (tomcat) branch 11.0.x updated: Add unit tests for PQC features dsoumis
• 2026/05/13 (tomcat) branch main updated: Add unit tests for PQC features dsoumis
• 2026/05/13 Re: [PR] Add unit tests for PQC features [tomcat] via GitHub
• 2026/05/13 Re: How to approach security fixes Mark Thomas
• 2026/05/13 (tomcat) branch 11.0.x updated: Fix potential thread safety issue markt
• 2026/05/13 (tomcat) branch 9.0.x updated: Fix potential thread safety issue markt
• 2026/05/13 (tomcat) branch 10.1.x updated: Fix potential thread safety issue markt
• 2026/05/13 (tomcat) branch main updated: Fix potential thread safety issue markt
• 2026/05/13 (tomcat) branch 10.1.x updated: Fix IDE warnings markt
• 2026/05/13 (tomcat) branch main updated: Fix IDE warnings markt
• 2026/05/13 (tomcat) branch 9.0.x updated: Fix IDE warnings markt
• 2026/05/13 (tomcat) branch 11.0.x updated: Fix IDE warnings markt
• 2026/05/13 Re: How to approach security fixes Mark Thomas
• 2026/05/12 (tomcat-maven-plugin) branch dependabot/maven/org.apache-apache-38 deleted (was a52663a) github-bot
• 2026/05/12 (tomcat-maven-plugin) 01/01: Merge pull request #124 from apache/dependabot/maven/org.apache-apache-38 remm
• 2026/05/12 (tomcat-maven-plugin) branch trunk updated (51e95bf -> 1789434) remm
• 2026/05/12 Re: [PR] Bump org.apache:apache from 37 to 38 [tomcat-maven-plugin] via GitHub
• 2026/05/12 Re: Jakarta EE release cadence Coty Sutherland
• 2026/05/12 (tomcat-maven-plugin) branch dependabot/maven/org.apache-apache-38 created (now a52663a) github-bot
• 2026/05/12 [PR] Bump org.apache:apache from 37 to 38 [tomcat-maven-plugin] via GitHub
• 2026/05/12 Re: How to approach security fixes Rémy Maucherat
• 2026/05/12 Re: Jakarta EE release cadence Rémy Maucherat
• 2026/05/12 Buildbot success in on tomcat-12.0.x buildbot
• 2026/05/12 (tomcat) branch 9.0.x updated: Update StoreRegistry to dynamically load clustering classes (#1005) dsoumis
• 2026/05/12 (tomcat) branch 10.1.x updated: Update StoreRegistry to dynamically load clustering classes (#1005) dsoumis
• 2026/05/12 (tomcat) branch 11.0.x updated: Update StoreRegistry to dynamically load clustering classes (#1005) dsoumis
• 2026/05/12 How to approach security fixes Mark Thomas
• 2026/05/12 (tomcat) branch main updated: Update StoreRegistry to dynamically load clustering classes (#1005) dsoumis
• 2026/05/12 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/12 Jakarta EE release cadence Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-43512 Apache Tomcat - Digest authenticator will authenticate any unknown user Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-43515 Apache Tomcat - Security constraints not correctly applied Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-43513 Apache Tomcat - LockOutRealm treats user names as case-sensitive Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-43514 Apache Tomcat - AJP secret compared in non-constant time Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-41284 Apache Tomcat - Unbounded read in WebDAV LOCK and PROPFIND handling Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-41293 Apache Tomcat - HTTP/2 request headers not validated Mark Thomas
• 2026/05/12 [SECURITY] CVE-2026-42498 Apache Tomcat - WebSocket authentication header exposure Mark Thomas
• 2026/05/12 svn commit: r1934143 - in tomcat/site/trunk: docs xdocs markt
• 2026/05/12 Buildbot success in on tomcat-11.0.x buildbot
• 2026/05/12 [PR] Add explicit read-only permissions to CI workflows [tomcat] via GitHub
• 2026/05/12 Buildbot failure in on tomcat-12.0.x buildbot
• 2026/05/12 svn commit: r1934139 - in tomcat/site/trunk: docs xdocs/stylesheets markt
• 2026/05/12 svn commit: r1934136 - tomcat/site/trunk/docs markt
• 2026/05/12 (tomcat) branch 9.0.x updated: Fix merge error in comment markt
• 2026/05/12 (tomcat) branch 10.1.x updated: Fix merge error in comment markt
• 2026/05/12 (tomcat) branch 10.1.x updated: Additional context path validation on deployment markt
• 2026/05/12 (tomcat) branch 9.0.x updated: Additional context path validation on deployment markt
• 2026/05/12 (tomcat) branch 11.0.x updated: Additional context path validation on deployment markt
• 2026/05/12 (tomcat) branch main updated: Additional context path validation on deployment markt
• 2026/05/12 Buildbot failure in on tomcat-11.0.x buildbot
• 2026/05/11 [Bug 70038] Cookie.clone() is shallow but reference implementation is deep bugzilla
• 2026/05/11 (tomcat) branch 10.1.x updated: Fix BZ 70038 - Cookie.clone() should also clone internal attribute map markt
• 2026/05/11 (tomcat) branch 11.0.x updated: Fix BZ 70038 - Cookie.clone() should also clone internal attribute map markt
• 2026/05/11 (tomcat) branch main updated: Fix BZ 70038 - Cookie.clone() should also clone internal attribute map markt
• 2026/05/11 [Bug 70038] Cookie.clone() is shallow but reference implementation is deep bugzilla
• 2026/05/11 [Bug 70038] New: Cookie.clone() is shallow but reference implementation is deep bugzilla
• 2026/05/11 (tomcat) branch 9.0.x updated: Add release date remm
• 2026/05/11 svn commit: r1934125 - in tomcat/site/trunk: . docs docs/tomcat-10.1-doc docs/tomcat-10.1-doc/annotationapi docs/tomcat-10.1-doc/annotationapi/jakarta/annotation docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/security docs/tomcat-10.1-doc/annota... schultz
• 2026/05/11 [ANN] Apache Tomcat 10.1.55 Available Christopher Schultz
• 2026/05/11 (tomcat) branch 10.1.x updated: Add release date schultz
• 2026/05/11 svn commit: r84470 - release/tomcat/tomcat-10/v10.1.54 schultz
• 2026/05/11 svn commit: r84469 - dev/tomcat/tomcat-10/v10.1.55 release/tomcat/tomcat-10/v10.1.55 schultz
• 2026/05/11 (tomcat) 03/03: @SupressWarnings not required if classes have Javadoc remm
• 2026/05/11 (tomcat) 02/03: Add Javadoc indicating that these classes are stubs remm
• 2026/05/11 (tomcat) branch 10.1.x updated (27ed96937c -> 4e6141951d) remm
• 2026/05/11 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/11 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/11 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/11 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/11 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/11 Re: [PR] Update StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/11 Re: (tomcat) 03/03: Add more tests and minor fixes for FilterValve, ProxyErrorReportValve and SemaphoreValve Rainer Jung
• 2026/05/11 Re: (tomcat) 03/03: Add more tests and minor fixes for FilterValve, ProxyErrorReportValve and SemaphoreValve Dimitris Soumis
• 2026/05/11 [VOTE] [RESULT]Release Apache Tomcat 10.1.55 Christopher Schultz
• 2026/05/11 (tomcat) branch 11.0.x updated: @SupressWarnings not required if classes have Javadoc markt
• 2026/05/11 (tomcat) branch main updated: @SupressWarnings not required if classes have Javadoc markt
• 2026/05/11 (tomcat) branch 11.0.x updated: Add Javadoc indicating that these classes are stubs remm
• 2026/05/11 (tomcat) branch main updated: Add Javadoc indicating that these classes are stubs remm
• 2026/05/11 Re: (tomcat) branch 11.0.x updated: Fix Jakarta EE APIs javadoc issues Mark Thomas
• 2026/05/10 [ANN] Apache Tomcat 9.0.118 available Rémy Maucherat
• 2026/05/10 (tomcat-jakartaee-migration) branch dependabot/maven/org.apache-apache-38 deleted (was 8be4bf4) github-bot
• 2026/05/10 (tomcat-jakartaee-migration) branch main updated: Bump org.apache:apache from 37 to 38 remm
• 2026/05/10 Re: [PR] Bump org.apache:apache from 37 to 38 [tomcat-jakartaee-migration] via GitHub
• 2026/05/10 (tomcat-jakartaee-migration) branch dependabot/maven/org.apache-apache-38 created (now 8be4bf4) github-bot
• 2026/05/10 [PR] Bump org.apache:apache from 37 to 38 [tomcat-jakartaee-migration] via GitHub
• 2026/05/10 svn commit: r1934065 - in tomcat/site/trunk/docs/tomcat-9.0-doc/api/org/apache: catalina/authenticator tomcat/util/security remm
• 2026/05/10 svn commit: r1934064 - in tomcat/site/trunk/docs/tomcat-9.0-doc: . annotationapi annotationapi/javax/annotation annotationapi/javax/annotation/security annotationapi/javax/annotation/sql api api/org/apache/catalina api/org/apache/catalina/ant api/org/a... remm
• 2026/05/10 svn commit: r1934063 - in tomcat/site/trunk: . docs xdocs remm
• 2026/05/10 svn commit: r84433 - dev/tomcat/tomcat-9/v9.0.118 release/tomcat/tomcat-9/v9.0.118 remm
• 2026/05/10 [VOTE][RESULT] Release Apache Tomcat 9.0.118 Rémy Maucherat
• 2026/05/09 [Bug 57485] mod_jk passed the incomplete chunked transferred request body to tomcat bugzilla
• 2026/05/09 (tomcat) branch 11.0.x updated: Add release dates for 11.0.21, 11.0.22. kkolinko
• 2026/05/09 (tomcat) branch main updated: Update Javadoc checkstyle with current figures remm
• 2026/05/09 (tomcat) branch 9.0.x updated: Javadoc fixes and improvements remm
• 2026/05/09 (tomcat) branch 10.1.x updated: Javadoc fixes and improvements remm
• 2026/05/09 (tomcat) branch 11.0.x updated: Javadoc fixes and improvements remm
• 2026/05/09 (tomcat) branch main updated: Javadoc fixes and improvements remm
• 2026/05/08 Re: [VOTE] Release Apache Tomcat 10.1.55 Rainer Jung
• 2026/05/08 (tomcat) branch 9.0.x updated: Prevent accidental directory traversal markt
• 2026/05/08 (tomcat) branch 10.1.x updated: Prevent accidental directory traversal markt
• 2026/05/08 (tomcat) branch 11.0.x updated: Prevent accidental directory traversal markt
• 2026/05/08 (tomcat) branch main updated: Final review of manager upload protections markt
• 2026/05/08 Re: (tomcat) branch main updated: Prevent accidental directory traversal Coty Sutherland
• 2026/05/08 Re: (tomcat) branch main updated: Prevent accidental directory traversal Mark Thomas
• 2026/05/08 Re: (tomcat) branch main updated: Prevent accidental directory traversal Coty Sutherland
• 2026/05/08 Re: (tomcat) branch main updated: Prevent accidental directory traversal Coty Sutherland
• 2026/05/08 (tomcat) branch main updated: Update versioned path check after CoPilot review markt
• 2026/05/08 Re: (tomcat) branch main updated: Prevent accidental directory traversal Mark Thomas
• 2026/05/08 (tomcat) branch main updated: Prevent accidental directory traversal markt
• 2026/05/08 (tomcat) branch 10.1.x updated: Prevent duplicate cluster unavailability log message csutherl
• 2026/05/08 (tomcat) branch 9.0.x updated: Prevent duplicate cluster unavailability log message csutherl
• 2026/05/08 (tomcat) branch main updated: Prevent duplicate cluster unavailability log message csutherl
• 2026/05/08 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Coty Sutherland
• 2026/05/08 (tomcat) branch 11.0.x updated: Avoid potential NPEs. Identified by Coverity. markt
• 2026/05/08 (tomcat) branch 9.0.x updated: Avoid potential NPEs. Identified by Coverity. markt
• 2026/05/08 [PR] Fix StoreRegistry to dynamically load clustering classes [tomcat] via GitHub
• 2026/05/08 (tomcat) branch 10.1.x updated: Avoid potential NPEs. Identified by Coverity. markt
• 2026/05/08 (tomcat) branch main updated: Avoid potential NPEs. Identified by Coverity. markt
• 2026/05/08 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Rich Bowen
• 2026/05/08 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Mark Thomas
• 2026/05/08 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Mark Thomas
• 2026/05/08 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Mark Thomas
• 2026/05/08 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Jonathan Gallimore
• 2026/05/07 Re: (tomcat) branch main updated: Enhance version.sh and version.bat output to display APR, OpenSSL, and third-party library versions (#919) Coty Sutherland
• 2026/05/07 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Fatima Qaisar
• 2026/05/07 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? Mark Thomas
• 2026/05/07 (tomcat) branch 9.0.x updated (0f869d035e -> dccaf44b29) markt
• 2026/05/07 (tomcat) 02/02: Remove unnecessary warning suppression after Javadoc updates markt
• 2026/05/07 (tomcat) 01/02: Work around an Eclipse bug markt
• 2026/05/07 (tomcat) branch 10.1.x updated (d26c89b413 -> 2549ba1f5a) markt
• 2026/05/07 (tomcat) 01/02: Work around an Eclipse bug markt
• 2026/05/07 (tomcat) 02/02: Remove unnecessary warning suppression after Javadoc updates markt
• 2026/05/07 (tomcat) 01/02: Work around an Eclipse bug markt
• 2026/05/07 (tomcat) 02/02: Remove unnecessary warning suppression after Javadoc updates markt
• 2026/05/07 (tomcat) branch 11.0.x updated (4c2aa34d3a -> 098bf2b610) markt
• 2026/05/07 (tomcat) branch main updated: Remove unnecessary warning suppression after Javadoc updates markt
• 2026/05/07 (tomcat) branch main updated: Work around an Eclipse bug markt
• 2026/05/07 Re: (tomcat) branch main updated: Javadoc fixes and improvements Rémy Maucherat
• 2026/05/07 (tomcat) branch main updated: Remove incorrect throw statements markt
• 2026/05/07 Re: (tomcat) branch main updated: Javadoc fixes and improvements Mark Thomas
• 2026/05/07 (tomcat) branch main updated: Remove extra space markt
• 2026/05/07 (tomcat) branch 10.1.x updated: Drop useless javadoc on override remm
• 2026/05/07 (tomcat) branch 11.0.x updated: Drop useless javadoc on override remm
• 2026/05/07 (tomcat) branch 9.0.x updated: Drop useless javadoc on override remm
• 2026/05/07 (tomcat) branch main updated: Drop useless javadoc on override remm
• 2026/05/07 Re: (tomcat) branch main updated: Javadoc fixes and improvements Rémy Maucherat
• 2026/05/07 (tomcat-maven-plugin) branch trunk updated: Fixes remm
• 2026/05/07 Re: (tomcat) branch main updated: Javadoc fixes and improvements Mark Thomas
• 2026/05/07 (tomcat) branch 10.1.x updated: Reduce duplication markt
• 2026/05/07 (tomcat) branch 11.0.x updated: Reduce duplication markt
• 2026/05/07 (tomcat-maven-plugin) branch trunk updated: Javadoc warning fixes remm
• 2026/05/07 (tomcat) branch main updated: Work-around bug in Checkstyle parser markt
• 2026/05/07 (tomcat) branch main updated: Reduce duplication markt
• 2026/05/07 (tomcat) branch 11.0.x updated: Fix formatting remm
• 2026/05/07 (tomcat) branch main updated: Fix formatting remm
• 2026/05/07 (tomcat) branch 9.0.x updated: Fix Jakarta references remm
• 2026/05/06 Buildbot success in on tomcat-12.0.x buildbot
• 2026/05/06 Buildbot success in on tomcat-11.0.x buildbot
• 2026/05/06 Re: Hackathon at Community Over Code Glasgow — is Tomcat interested? 박종하
• 2026/05/06 Buildbot failure in on tomcat-12.0.x buildbot
• 2026/05/06 Buildbot failure in on tomcat-11.0.x buildbot
• 2026/05/06 (tomcat) branch 9.0.x updated: Fix typo... csutherl
• 2026/05/06 (tomcat) branch main updated: Fix typo... csutherl
• 2026/05/06 (tomcat) branch 10.1.x updated: Fix typo... csutherl
• 2026/05/06 (tomcat) branch 11.0.x updated: Fix typo... csutherl
• 2026/05/06 (tomcat) branch 10.1.x updated: Lower the log level to debug when OpenSSL initialization fails to avoid nasty stack traces and gracefully fail when natives aren't present csutherl
• 2026/05/06 (tomcat) branch main updated: Lower the log level to debug when OpenSSL initialization fails to avoid nasty stack traces and gracefully fail when natives aren't present csutherl
• 2026/05/06 (tomcat) branch 11.0.x updated: Lower the log level to debug when OpenSSL initialization fails to avoid nasty stack traces and gracefully fail when natives aren't present csutherl

• Earlier messages