Am 16.03.26 um 18:48 schrieb Mark Thomas:
The proposed Apache Tomcat 11.0.20 release is now available for voting.
The notable changes compared to 11.0.18 include:
- Relax HTTP/2 header validation and respond to invalid requests with
a stream reset or a 400 response as appropriate rather then with a
connection reset.
- Fix bug 69964: Respect the configured cipher order, which was no
longer respected following the addition of TLS 1.3 specific cipher
configuration. TLS 1.3 ciphers will always be first in the list.
- Update Tomcat Native to 2.0.14 and increase the recommended version to
2.0.14
For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html
Applications that run on Tomcat 9 and earlier will not run on Tomcat 11
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
will automatically convert them to Jakarta EE and copy them to the
webapps directory. Applications using deprecated APIs may require
further changes.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.20/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1584
The tag is:
https://github.com/apache/tomcat/tree/11.0.20
1c65de6f27a3bac481514e56e3637785b65a4f2c
The proposed 11.0.20 release is:
[ ] -1 Broken - do not release
[X] +1 Stable - go ahead and release as 11.0.20
+1 to release.
Reproducibility of the build checked (including the Windows installer)
using "ant verify-release" on Linux Mint 22.3. OK after setting LANG.
Original Windows installer signature verified with osslsigncode 2.10.
Unit tests ran on platforms
- RHEL 7, 8, 9 and 10 and SLES 12 and 15
using
- recent patch versions of JDK 17, 21, 25, 26 (only OpenJDK GA) and 27 (EA)
from
- Eclipse Adoptium, Azul Zulu, Amazon Coretto, Oracle, RedHat and
OpenJDK (for 26)
where available.
Also tested with
- tcnative 1.3.7, 2.0.14 and panama
- tcnative including post-release memory leak patches
based on
- OpenSSL 3.0.19, 3.5.5, 3.6.1 and 4.0.0-slpha1 (for tcnative 2 and panama)
- OpenSSL containing one post-release patch for 3.5 and 3.6.
Test observations:
- IMHO none critical
- TestOcspEnabled often fails on JDK25 and above when using panama,
sometimes (but by far not as often with JDK25 and tcnative)
- TestOcspEnabled often fails with jsse (any JDK version)
- I think only NIO2 and either
java.net.SocketException: Broken pipe or
java.net.SocketException: Connection reset by peer
- in addition very few sporadic failures and or crashes
(4 without crash, 6 with crash; total 934 test runs)
Thanks for RM!
Best regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
