> On Aug 24, 2023, at 07:22, Mark Thomas <ma...@apache.org> wrote:
>
> The proposed Apache Tomcat 11.0.0-M11 release is now available for
> voting.
>
> Apache Tomcat 11.0.0-M11 is a milestone release of the 11.0.x branch and has
> been made to provide users with early access to the new features in Apache
> Tomcat 11.0.x so that they may provide feedback. The notable changes compared
> to the previous milestone include:
>
> - Update the HTTP parameter handling to align with the changes in the
> Jakarta Servlet 6.1 API Javadoc for the ServletRequest methods used
> to obtain request parameters. Invalid parameters and/or exceeding
> parameter size and/or quantity limits now triggerm exceptions. As a
> consequence, the FailedRequestFilter has been removed.
>
> - If an application or library sets both a non-500 error code and the
> jakarta.servlet.error.exception</code> request attribute, use the
> provided error code during error page processing rather than assuming
> an error code of 500.
>
> - Fix for FORM authentication open redirect - CVE-2023-41080
>
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 11
> without changes. Java EE applications designed for Tomcat 9 and earlier may
> be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will
> automatically convert them to Jakarta EE and copy them to the webapps
> directory. Applications using deprecated APIs may require further changes.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M11/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1451
>
> The tag is:
> https://github.com/apache/tomcat/tree/11.0.0-M11
> ae109f6248e00a1952f706d6941ff930ad4466e1
>
>
> The proposed 11.0.0-M11 release is:
> [ ] -1 Broken - do not release
> [X] +1 Alpha - go ahead and release as 11.0.0-M11
Tests pass on macOS(intel).
Han
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org