On 21/01/2026 11:57, Rémy Maucherat wrote:
On Wed, Jan 21, 2026 at 1:58 AM Mark Thomas <[email protected]> wrote:The proposed Apache Tomcat 11.0.17 release is now available for voting. The notable changes compared to 11.0.15 include: - For configuration consistency between OpenSSL and JSSE TLS implementations, TLSv1.3 cipher suites included in the ciphers attribute of an SSLHostConfig are now always ignored (previously they would be ignored with OpenSSL implementations and used with JSSE implementations) and a warning is logged that the cipher suite has been ignored. - Expand OCSP support to JSSE based connections and expand OCSP configuration options - Update Commons Daemon to 1.5.1. - Update Tomcat Native to 2.0.12 and increase the minimum version to 2.0.12 / 1.3.4 For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. Applications using deprecated APIs may require further changes. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.17/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1577 The tag is: https://github.com/apache/tomcat/tree/11.0.17 c4ac38afc5edd64a71a000955fee47ee6f9c0e27 The proposed 11.0.17 release is: [ ] -1 Broken - do not release [X] +1 Stable - go ahead and release as 11.0.17
Thanks for voting.
Amazing you were able to find the NIO2 crash issue.
Tx. It was having a reproducer that made it possible. The OCSP work has proved its worth even if hardly anyone ever uses it :)
It looked a lot like a concurrency issue from the crash file but the challenge was it was always the termination code that failed. I spent a LONG time experimenting with OpenSSLContext before I thought to look at OpenSSLEngine.
Mark --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
