On Wed, Nov 5, 2025 at 10:05 PM Mark Thomas <[email protected]> wrote:
> The proposed Apache Tomcat 11.0.14 release is now available for voting. > > The notable changes compared to 11.0.13 include: > > - Fix SSL socket factory configuration in the JNDI realm. Based on a > pull request by Joshua Rogers. > > - Fix a memory leak when using a trust store with the OpenSSL provider. > Pull request by aogburn. > > - Avoid a NPE while unwrapping Servlet exception which would hide some > exception details. Patch submitted by Eric Blanquer. > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. Applications using deprecated APIs may require > further changes. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.14/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1568 > > The tag is: > https://github.com/apache/tomcat/tree/11.0.14 > fb4c518b886e07c9c101b8036eb857f4c7af2510 > > The proposed 11.0.14 release is: > [ ] -1 Broken - do not release > [ ] +1 Stable - go ahead and release as 11.0.14 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > I am getting an error when trying to verify the release. I haven't looked into it so I am posting it here in case something's missed and will come back to it later. trydownload: [get] Getting: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.14/src/apache-tomcat-11.0.14-src.zip.asc [get] To: /home/dsoumis/Downloads/apache-tomcat-11.0.14-src/output/verify/apache-tomcat-11.0.14-src.zip.asc [echo] Signature MATCH for bin/apache-tomcat-11.0.14-deployer.tar.gz [echo] Signature MATCH for bin/apache-tomcat-11.0.14-deployer.zip [echo] Signature MATCH for bin/apache-tomcat-11.0.14-fulldocs.tar.gz [echo] Signature MATCH for bin/apache-tomcat-11.0.14-windows-x64.zip [echo] Signature MATCH for bin/apache-tomcat-11.0.14-windows-x86.zip [echo] Signature MATCH for bin/apache-tomcat-11.0.14.exe [echo] Signature MATCH for bin/apache-tomcat-11.0.14.tar.gz [echo] Signature MATCH for bin/apache-tomcat-11.0.14.zip [echo] Signature MATCH for src/apache-tomcat-11.0.14-src.tar.gz [echo] Signature MATCH for src/apache-tomcat-11.0.14-src.zip [echo] [echo] Don't worry if there are a bunch of "WARNING: untrusted key" warnings below. [echo] It's just because the KEYS -> apache-keys import doesn't contain any ownertrust [echo] information. [exec] gpg: Note: Specified keyrings are ignored due to option "use-keyboxd" [exec] gpg: Signature made Wed 05 Nov 2025 09:19:56 PM EET [exec] gpg: using RSA key A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 [exec] gpg: Good signature from "Mark E D Thomas <[email protected]>" [unknown] [exec] gpg: WARNING: Using untrusted key! [echo] [echo] Valid signature for bin/apache-tomcat-11.0.14-deployer.tar.gz [exec] gpg: Note: Specified keyrings are ignored due to option "use-keyboxd" [exec] gpg: Signature made Wed 05 Nov 2025 09:19:53 PM EET [exec] gpg: using RSA key A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 [exec] gpg: Good signature from "Mark E D Thomas <[email protected]>" [unknown] [exec] gpg: WARNING: Using untrusted key! [echo] [echo] Valid signature for bin/apache-tomcat-11.0.14-deployer.zip [exec] gpg: Note: Specified keyrings are ignored due to option "use-keyboxd" [exec] gpg: Signature made Wed 05 Nov 2025 09:22:59 PM EET [exec] gpg: using RSA key A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 [exec] gpg: Good signature from "Mark E D Thomas <[email protected]>" [unknown] [exec] gpg: WARNING: Using untrusted key! [echo] [echo] Valid signature for bin/apache-tomcat-11.0.14-fulldocs.tar.gz [exec] gpg: Note: Specified keyrings are ignored due to option "use-keyboxd" [exec] gpg: Signature made Wed 05 Nov 2025 09:19:47 PM EET [exec] gpg: using RSA key A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 [exec] gpg: Good signature from "Mark E D Thomas <[email protected]>" [unknown] [exec] gpg: WARNING: Using untrusted key! [echo] [echo] Valid signature for bin/apache-tomcat-11.0.14-windows-x64.zip [exec] gpg: Note: Specified keyrings are ignored due to option "use-keyboxd" [exec] gpg: can't open '/home/dsoumis/Downloads/apache-tomcat-11.0.14-src/output/verify/apache-tomcat-11.0.14-windows-x86.zip.asc': No such file or directory [exec] gpg: verify signatures failed: No such file or directory [exec] Result: 2 [echo] [echo] [echo] [echo] [echo] ********************************************** [echo] ********************************************** [echo] Invalid signature for bin/apache-tomcat-11.0.14-windows-x86.zip [echo] ********************************************** [echo] ********************************************** [echo] [echo] [echo] [exec] gpg: Note: Specified keyrings are ignored due to option "use-keyboxd" [exec] gpg: Signature made Wed 05 Nov 2025 09:19:40 PM EET [exec] gpg: using RSA key A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 [exec] gpg: Good signature from "Mark E D Thomas <[email protected]>" [unknown] [exec] gpg: WARNING: Using untrusted key! [echo] [echo] Valid signature for bin/apache-tomcat-11.0.14.exe [exec] gpg: Note: Specified keyrings are ignored due to option "use-keyboxd" [exec] gpg: Signature made Wed 05 Nov 2025 09:19:52 PM EET [exec] gpg: using RSA key A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 [exec] gpg: Good signature from "Mark E D Thomas <[email protected]>" [unknown] [exec] gpg: WARNING: Using untrusted key! [echo] [echo] Valid signature for bin/apache-tomcat-11.0.14.tar.gz [exec] gpg: Note: Specified keyrings are ignored due to option "use-keyboxd" [exec] gpg: Signature made Wed 05 Nov 2025 09:19:44 PM EET [exec] gpg: using RSA key A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 [exec] gpg: Good signature from "Mark E D Thomas <[email protected]>" [unknown] [exec] gpg: WARNING: Using untrusted key! [echo] [echo] Valid signature for bin/apache-tomcat-11.0.14.zip [exec] gpg: Note: Specified keyrings are ignored due to option "use-keyboxd" [exec] gpg: Signature made Wed 05 Nov 2025 09:24:54 PM EET [exec] gpg: using RSA key A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 [exec] gpg: Good signature from "Mark E D Thomas <[email protected]>" [unknown] [exec] gpg: WARNING: Using untrusted key! [echo] [echo] Valid signature for src/apache-tomcat-11.0.14-src.tar.gz [exec] gpg: Note: Specified keyrings are ignored due to option "use-keyboxd" [exec] gpg: Signature made Wed 05 Nov 2025 09:24:16 PM EET [exec] gpg: using RSA key A9C5DF4D22E99998D9875A5110C01C5A2F6059E7 [exec] gpg: Good signature from "Mark E D Thomas <[email protected]>" [unknown] [exec] gpg: WARNING: Using untrusted key! [echo] [echo] Valid signature for src/apache-tomcat-11.0.14-src.zip BUILD FAILED /home/dsoumis/Downloads/apache-tomcat-11.0.14-src/build.xml:4565: One or more signatures failed.
