Mark,
Thanks for RM'ing again.
On 8/23/23 19:31, Mark Thomas wrote:
The proposed Apache Tomcat 8.5.93 release is now available for voting.
The notable changes compared to 8.5.92 are:
- If an application or library sets both a non-500 error code and the
jakarta.servlet.error.exception</code> request attribute, use the
provided error code during error page processing rather than assuming
an error code of 500.
- Fix for FORM authentication open redirect - CVE-2023-41080
Along with lots of other bug fixes and improvements.
For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.93/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1454
The tag is:
https://github.com/apache/tomcat/tree/8.5.93/
9d9aea65c435a38c737c1e600e6513f9d0980cf1
The proposed 8.5.93 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.93 (stable)
+1 for stable release
Works on an application in a development environment.
Details:
* Environment
* Java (build): openjdk version "1.8.0_372" OpenJDK Runtime
Environment (Temurin)(build 1.8.0_372-b07) OpenJDK 64-Bit Server VM
(Temurin)(build 25.372-b07, mixed mode)
* Java (test): openjdk version "1.8.0_372" OpenJDK Runtime
Environment (Temurin)(build 1.8.0_372-b07) OpenJDK 64-Bit Server VM
(Temurin)(build 25.372-b07, mixed mode)
* OS: Linux 5.10.0-25-amd64 x86_64
* cc: cc (Debian 10.2.1-6) 10.2.1 20210110
* make: GNU Make 4.3
* OpenSSL: OpenSSL 1.1.1 11 Sep 2018
* APR: 1.7.0
*
* Valid SHA-512 signature for apache-tomcat-8.5.93.zip
* Valid GPG signature for apache-tomcat-8.5.93.zip
* Valid SHA-512 signature for apache-tomcat-8.5.93.tar.gz
* Valid GPG signature for apache-tomcat-8.5.93.tar.gz
* Valid SHA-512 signature for apache-tomcat-8.5.93.exe
* Valid GPG signature for apache-tomcat-8.5.93.exe
* Valid Windows Digital Signature for apache-tomcat-8.5.93.exe
* Valid SHA512 signature for apache-tomcat-8.5.93-src.zip
* Valid GPG signature for apache-tomcat-8.5.93-src.zip
* Valid SHA512 signature for apache-tomcat-8.5.93-src.tar.gz
* Valid GPG signature for apache-tomcat-8.5.93-src.tar.gz
*
* Binary Zip and tarball: Same
* Source Zip and tarball: Same
*
* Building dependencies returned: 0
* tcnative builds cleanly
* Tomcat builds cleanly
* Junit Tests: PASSED
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
