On Mon, Mar 16, 2026 at 6:48 PM Mark Thomas <[email protected]> wrote: > > The proposed Apache Tomcat 11.0.20 release is now available for voting. > > The notable changes compared to 11.0.18 include: > > - Relax HTTP/2 header validation and respond to invalid requests with > a stream reset or a 400 response as appropriate rather then with a > connection reset. > > - Fix bug 69964: Respect the configured cipher order, which was no > longer respected following the addition of TLS 1.3 specific cipher > configuration. TLS 1.3 ciphers will always be first in the list. > > - Update Tomcat Native to 2.0.14 and increase the recommended version to > 2.0.14 > > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. Applications using deprecated APIs may require > further changes. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.20/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1584 > > The tag is: > https://github.com/apache/tomcat/tree/11.0.20 > 1c65de6f27a3bac481514e56e3637785b65a4f2c > > The proposed 11.0.20 release is: > [ ] -1 Broken - do not release > [X] +1 Stable - go ahead and release as 11.0.20
Reproduced fine, no issues spotted. Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
