It has been about 6 months since the last release, the changelog is reasonably long so I think it is time for 6.0.44.
To top the above, RedHat recently published information on an undisclosed security vulnerability that is fixed in 6.0.x but isn't yet in a release[1]. It would be good to get 6.0.44 out with a fix for this even though the issue is far less severe than Red Hat's assessment.[2] So, there are a couple of patches in the 6.0.x status file that need votes (although neither looks like they are essential for 6.0.44). Votes and any additional patches welcome. I am aiming to tag 6.0.x in the next day or so. Mark [1] http://www.openwall.com/lists/oss-security/2015/04/10/1 [2] RedHat incorrectly described the issue as an unrestricted file upload flaw where "you can very easily eat up all server ram". The reality is all you can do with this flaw is keep a connection open and a thread allocated at the expense of having to stream data to the server. It only just qualified as a security issue because Tomcat never closes the connection. There are easier ways of triggering a DoS than this issue. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org