Am 30.03.26 um 18:21 schrieb Mark Thomas:
The proposed Apache Tomcat 11.0.21 release is now available for voting.
The notable changes compared to 11.0.20 include:
- Fix a bug in the non-blocking flushing code for NIO+TLS that meant
that a response may not have been fully written until the connection
was closed. Pull request 966 provided by Phil Clay.
- Improved HTTP/2 error handling
- Better error handling for the EncryptInterceptor
For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html
Applications that run on Tomcat 9 and earlier will not run on Tomcat 11
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
will automatically convert them to Jakarta EE and copy them to the
webapps directory. Applications using deprecated APIs may require
further changes.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.21/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1586
The tag is:
https://github.com/apache/tomcat/tree/11.0.21
1d6b501b493c11ee6fdebae911c67ca214e28c82
The proposed 11.0.21 release is:
[ ] -1 Broken - do not release
[X] +1 Stable - go ahead and release as 11.0.21
+1 to release.
Reproducibility of the build checked (including the Windows installer)
using "ant verify-release" on Linux Mint 22.3. OK after setting LANG.
Original Windows installer signature verified with osslsigncode 2.10.
Unit tests ran on platforms
- RHEL 7, 8, 9 and 10 and SLES 12 and 15
using
- recent patch versions of JDK 17, 21, 25, 26 and 27 (EA)
from
- Eclipse Adoptium, Azul Zulu, Amazon Coretto, Oracle, RedHat and from
OpenJDK for 27
where available.
Also tested with
- tcnative 1.3.7, 2.0.14 and panama
- tcnative including post-release memory leak patches
based on
- OpenSSL 3.0.19, 3.5.5, 3.6.1 and 4.0.0-beta1 (for tcnative 2 and panama)
- OpenSSL containing one post-release patch for 3.5 and 3.6.
Test observations:
- only JDK 27 on RHEL has not yet fully finished
- IMHO nothing critical
- TestOcspEnabled no longer fails when using panama,
- TestOcspSoftFailTryLater frequent failures fixed
Remaining only 3 failure instances, sporadic, all jsse JDK 17 NIO2:
- Zulu 17 SLES 15
- Zulu 17 RHEL 8
- Coretto 17 RHEL 8
Testcase: test[JSSE with OpenSSL trust false: softFail false, clientOk
true] took 0.2... sec
Caused an ERROR
Error writing to server
java.io.IOException: Error writing to server
at
java.base/sun.net.www.protocol.http.HttpURLConnection.writeRequests(HttpURLConnection.java:776)
...
at
java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:308)
at
org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:709)
at
org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:660)
- TestOcspEnabled very sporadically (2 times) failed when using
tcnative and JDK25+, this time only on RHEL 10 with NIO and
tcnative-1.3.7 and OpenSSL 3.0
Testcase: test[JSSE with OpenSSL trust false: clientOk false, serverOk
false, verifyClient DEFAULT, verifyServer false] took 6.562 sec
FAILED
Handshake failed when not expected to do so.
junit.framework.AssertionFailedError: Handshake failed when not expected
to do so.
at
org.apache.tomcat.util.net.ocsp.TestOcspEnabled.test(TestOcspEnabled.java:117)
- in addition
- very few crashes with tcnative (11 in 744 runs)
- two crashes with JSSE (in 107 runs,
org.apache.catalina.startup.TestTomcatStandalone)
- very few failures with jsse (5 in 107 runs)
- very few non-crash-failures with tcnative (1 in 744 runs)
Thanks for RM!
Best regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
