Re: [VOTE] Release Apache Tomcat 11.0.0
Mark, Thanks for RMing. On 10/3/24 13:58, Mark Thomas wrote: The proposed Apache Tomcat 11.0.0 release is now available for voting. The notable changes compared to 11.0.0-M26 include: - Multiple fixes and improvements for WebDAV - Improvements to the recently adding request/response recycling for HTTP/2 - Improve the stability of Tomcat Native during GC For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. Applications using deprecated APIs may require further changes. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1517 The tag is: https://github.com/apache/tomcat/tree/11.0.0 56e547d387ab49f688c93fe9ca082b1b5d94deed The proposed 11.0.0 release is: [ ] -1 Broken - do not release [ ] +1 Stable - go ahead and release as 11.0.0 +1 for stable(!!) release. Unit tests pass on MacOS x86-64. The build is 100% reproducible on this platform. Details: * Environment * Java (build):openjdk version "22.0.2" 2024-07-16 OpenJDK Runtime Environment Temurin-22.0.2+9 (build 22.0.2+9) OpenJDK 64-Bit Server VM Temurin-22.0.2+9 (build 22.0.2+9, mixed mode) * Java (test): openjdk version "22.0.2" 2024-07-16 OpenJDK Runtime Environment Temurin-22.0.2+9 (build 22.0.2+9) OpenJDK 64-Bit Server VM Temurin-22.0.2+9 (build 22.0.2+9, mixed mode) * Ant: Apache Ant(TM) version 1.10.15 compiled on August 25 2024 * OS: Darwin 23.6.0 x86_64 * cc: Apple clang version 12.0.5 (clang-1205.0.22.9) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.3.2 3 Sep 2024 (Library: OpenSSL 3.3.2 3 Sep 2024) * APR: 1.7.5 * * !! Invalid SHA-512 signature for apache-tomcat-11.0.0.zip * !! Invalid GPG signature for apache-tomcat-11.0.0.zip * Valid SHA-512 signature for apache-tomcat-11.0.0.tar.gz * Valid GPG signature for apache-tomcat-11.0.0.tar.gz * Valid SHA-512 signature for apache-tomcat-11.0.0.exe * Valid GPG signature for apache-tomcat-11.0.0.exe * Valid Windows Digital Signature for apache-tomcat-11.0.0.exe * Valid SHA512 signature for apache-tomcat-11.0.0-src.zip * Valid GPG signature for apache-tomcat-11.0.0-src.zip * Valid SHA512 signature for apache-tomcat-11.0.0-src.tar.gz * Valid GPG signature for apache-tomcat-11.0.0-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: PASSED - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Update version numbers for the next release.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new d021c33d6c Update version numbers for the next release. d021c33d6c is described below commit d021c33d6cb79aa7deca9067f370ecc8151df1cc Author: Christopher Schultz AuthorDate: Fri Oct 4 12:46:04 2024 -0400 Update version numbers for the next release. --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index b91df9a6a5..5422c489e3 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=10 version.minor=1 -version.build=31 +version.build=32 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index a3022b3ade..9fad235e61 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=10.1.31 +maven.asf.release.deploy.version=10.1.32 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 38b5f9cbd3..23e3431126 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat 10.1.31
The proposed Apache Tomcat 10.1.31 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.30 are: - Multiple fixes and improvements for WebDAV - Improvements to the recently adding request/response recycling for HTTP/2 - Improve the stability of Tomcat Native during GC For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.31/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1518 The tag is: https://github.com/apache/tomcat/tree/10.1.31 https://github.com/apache/tomcat/commit/b07cda9f3cc385f6f2d6c0701a050317979745dc Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r72067 - in /dev/tomcat/tomcat-10/v10.1.31: ./ bin/ bin/embed/ src/
Author: schultz Date: Thu Oct 3 19:13:08 2024 New Revision: 72067 Log: Upload v10.1.31 for voting. Added: dev/tomcat/tomcat-10/v10.1.31/ dev/tomcat/tomcat-10/v10.1.31/KEYS dev/tomcat/tomcat-10/v10.1.31/README.html dev/tomcat/tomcat-10/v10.1.31/RELEASE-NOTES dev/tomcat/tomcat-10/v10.1.31/bin/ dev/tomcat/tomcat-10/v10.1.31/bin/README.html dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-deployer.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-deployer.tar.gz.asc dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-deployer.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-deployer.zip (with props) dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-deployer.zip.asc dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-deployer.zip.sha512 dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-fulldocs.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-fulldocs.tar.gz.asc dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-fulldocs.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-windows-x64.zip (with props) dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-windows-x64.zip.asc dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-windows-x64.zip.sha512 dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-windows-x86.zip (with props) dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-windows-x86.zip.asc dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31-windows-x86.zip.sha512 dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31.exe (with props) dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31.exe.asc dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31.exe.sha512 dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31.tar.gz.asc dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31.zip (with props) dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31.zip.asc dev/tomcat/tomcat-10/v10.1.31/bin/apache-tomcat-10.1.31.zip.sha512 dev/tomcat/tomcat-10/v10.1.31/bin/embed/ dev/tomcat/tomcat-10/v10.1.31/bin/embed/apache-tomcat-10.1.31-embed.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.31/bin/embed/apache-tomcat-10.1.31-embed.tar.gz.asc dev/tomcat/tomcat-10/v10.1.31/bin/embed/apache-tomcat-10.1.31-embed.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.31/bin/embed/apache-tomcat-10.1.31-embed.zip (with props) dev/tomcat/tomcat-10/v10.1.31/bin/embed/apache-tomcat-10.1.31-embed.zip.asc dev/tomcat/tomcat-10/v10.1.31/bin/embed/apache-tomcat-10.1.31-embed.zip.sha512 dev/tomcat/tomcat-10/v10.1.31/src/ dev/tomcat/tomcat-10/v10.1.31/src/apache-tomcat-10.1.31-src.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.31/src/apache-tomcat-10.1.31-src.tar.gz.asc dev/tomcat/tomcat-10/v10.1.31/src/apache-tomcat-10.1.31-src.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.31/src/apache-tomcat-10.1.31-src.zip (with props) dev/tomcat/tomcat-10/v10.1.31/src/apache-tomcat-10.1.31-src.zip.asc dev/tomcat/tomcat-10/v10.1.31/src/apache-tomcat-10.1.31-src.zip.sha512 Added: dev/tomcat/tomcat-10/v10.1.31/KEYS == --- dev/tomcat/tomcat-10/v10.1.31/KEYS (added) +++ dev/tomcat/tomcat-10/v10.1.31/KEYS Thu Oct 3 19:13:08 2024 @@ -0,0 +1,562 @@ +This file contains the PGP&GPG keys of various Apache developers. +Please don't use them for email unless you have to. Their main +purpose is code signing. + +Apache users: pgp < KEYS +Apache developers: +(pgpk -ll && pgpk -xa ) >> this file. + or +(gpg --fingerprint --list-sigs + && gpg --armor --export ) >> this file. + +Apache developers: please ensure that your key is also available via the +PGP keyservers (such as pgpkeys.mit.edu). + + +pub 4096R/2F6059E7 2009-09-18 + Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 +uid Mark E D Thomas +sub 4096R/5E763BEC 2009-09-18 + +-BEGIN PGP PUBLIC KEY BLOCK- +Comment: GPGTools - http://gpgtools.org + +mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX +pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t +6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K +GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz +4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M +UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF +kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn +lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi +GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4
(tomcat) tag 10.1.31 created (now b07cda9f3c)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to tag 10.1.31 in repository https://gitbox.apache.org/repos/asf/tomcat.git at b07cda9f3c (commit) This tag includes the following new commits: new b07cda9f3c Tag 10.1.31 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/01: Tag 10.1.31
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to tag 10.1.31 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit b07cda9f3cc385f6f2d6c0701a050317979745dc Author: Christopher Schultz AuthorDate: Thu Oct 3 15:11:32 2024 -0400 Tag 10.1.31 --- build.properties.release | 54 +++ res/install-win/Uninstall.exe.sig| Bin 0 -> 10202 bytes res/install-win/tomcat-installer.exe.sig | Bin 0 -> 10202 bytes res/maven/mvn.properties.release | 27 webapps/docs/changelog.xml | 2 +- 5 files changed, 82 insertions(+), 1 deletion(-) diff --git a/build.properties.release b/build.properties.release new file mode 100644 index 00..df8e81a5bf --- /dev/null +++ b/build.properties.release @@ -0,0 +1,54 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Any unwanted settings may be over-ridden in a build.properties file located +# in the same directory as this file. + +# Set the version-dev to "" (empty string) as this is not a development release. +version.dev= + +# Ensure consistent timestamps for reproducible builds. +ant.tstamp.now.iso=2024-10-03T19:02:38Z + +# Enable insertion of detached signatures into the Windows installer. +do.codesigning=true + +# Re-use the same GPG executable. +gpg.exec=/usr/local/bin/gpg + +# Reproducible builds require the use of the build tools defined below. The +# vendors (where appropriate) and versions must match exactly for a reproducible +# build since this data is embedded in various files, particularly JAR file +# manifests, as part of the build process. +# +# Apache Ant: Apache Ant(TM) version 1.10.15 compiled on August 25 2024 +# +# Java Name: OpenJDK 64-Bit Server VM +# Java Vendor: Eclipse Adoptium +# Java Version:22.0.2+9 + +# The following is provided for information only. Builds will be repeatable +# whether or not the build environment is consistent with this information. +# +# OS: x86_64 Mac OS X 14.7 +# File encoding: UTF-8 +# +# Release Manager: schultz +release-java-version=22.0.2+9 +release-ant-version=1.10.15 diff --git a/res/install-win/Uninstall.exe.sig b/res/install-win/Uninstall.exe.sig new file mode 100644 index 00..4e501a57b8 Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ diff --git a/res/install-win/tomcat-installer.exe.sig b/res/install-win/tomcat-installer.exe.sig new file mode 100644 index 00..2a7fd77123 Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release new file mode 100644 index 00..32f2f1a711 --- /dev/null +++ b/res/maven/mvn.properties.release @@ -0,0 +1,27 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Remove "-dev" from the version since this is not a development release. +maven.asf.release.deploy.version=10.1.31
Re: (tomcat) branch main updated: BZ 69360: Inconsistent DELETE behavior between DefaultServlet and WebdavServlet
Michael, On 10/2/24 07:00, Michael Osipov wrote: > [...] > $ curl --negotiate -u : -X DELETE 'https://example.com/backend-dev/dav/log/sadfs' --verbose ...* Request completely sent off < HTTP/1.1 405 Method not allowed: DELETE < Date: Wed, 02 Oct 2024 10:59:10 GMT < Server: Apache < X-Frame-Options: SAMEORIGIN < Correlation-Id: Zv0nfp0p3XwFWtOGfc5vXRQ < Cache-Control: private < WWW-Authenticate: Negotiate oY... < Allow: OPTIONS, GET, POST, HEAD, DELETE, PUT, LOCK, UNLOCK, PROPPATCH, COPY, MOVE, PROPFIND Allowed methods: ... DELETE ... LOL Janky IMO. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: (tomcat) branch main updated: BZ 69360: Inconsistent DELETE behavior between DefaultServlet and WebdavServlet
All, On 10/2/24 06:21, Mark Thomas wrote: -1 veto This change is not compliant with RFC 9110. > > [...] Generally, SC_METHOD_NOT_ALLOWED is probably the right status code as the most likely failure mode is a lack of permissions. I just wonder if there are circumstances where we would want to return SC_INTERNAL_SERVER_ERROR and how we would determine if that were the case. I think METHOD_NOT_ALLOWED is inappropriate. The method is only "not allowed" if the whole of the WebDAV share is read-only. Anything else should be some other kind of response IMO. On Windows, file-in-use will block a DELETE, even if the permissions are okay for that file. DELETE may succeed if you try again when the file is not in use. I'm sure other examples exist. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Plans for 11.0.x
Mark, On 10/1/24 08:22, Mark Thomas wrote: I am just finishing off some HTTP/2 clean-up then I plan to do the usual check of dependencies, translations and SpotBugs before I tag the October releases. I expect to be tagging some time tomorrow. Did you want to wait until the 9th for a release? Otherwise, I'm prepared to roll 10.1 as well. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Coyote Request getRequestId()
Igal and Mark, On 9/24/24 13:55, Igal Sapir wrote: Mark, On Mon, Sep 23, 2024 at 12:25 AM Mark Thomas wrote: On 23/09/2024 04:28, Igal Sapir wrote: Hello, The current implementation of getRequestId() is optimized for speed and generates IDs that are unique to a running instance of Tomcat. But most server configurations nowadays require uniqueness across the whole system, and currently we do not offer that as: 1. Request IDs are only unique to a running Tomcat instance 2. Request IDs are reset to 0 each time Tomcat is restarted 3. Request IDs are sometimes generated by another system like a load balancer or reverse proxy, and passed around via the HTTP header "X-Request-Id" I want to propose a patch that would: 1. Check for HTTP header "X-Request-Id" and if valid (e.g. does not attempt SQL or XSS injection etc.) returns it That is behaviour we'd typically place in a Valve or Filter. Possibly an extension to the RemoteIp[Valve|Filter] ? Rather than us validate it, I'd make processing it optional and the admins responsibility to ensure it is trusted if they opt to process it. Yes, that makes sense. I can add that part to the RemoteIp[Valve|Filter] as long as we can add a Setter for requestId that can be called from the filter/valve. I could have sworn this feature already existed. Rainer added support for httpd-generated unique request identifiers to mod_jk a while back and maybe I just assumed that he also added the code in Tomcat to accept them and wire them into getRequestId. 2. Generates a URL-safe Base64-encoded UUID (22 CaSe sensitive characters) How expensive is that process compared to the existing mechanism? I will run some benchmarks to find out. While it would almost certainly be more expensive than AtomicLong.incrementAndGet(), I would think that the value that it adds can be acceptable up to some arbitrary threshold of per-request overhead, e.g. 1ms is too much but 50us might be acceptable. We could also make it lazy-init so that it is only processed when getRequestId() is called the first time per Request (though I would want it in the Logs so every request would trigger it in that case), and possibly and opt-in and pluggable implementation according to the next point below. We could also generate a "proper" UUID on startup, discard a portion of it, and then increment a counter on each request. OR maybe not even bother discarding anything. Just a huge integer value that we begin randomly and then increment from there. I'd like to see the performance numbers, of course. I like the idea of lazy work, here. Since this is a new feature in the spec, probably 0% of applications are using it right now. Why bother wasting CPU cycles generating request identifiers for applications that aren't even using them? The value will be set to the requestId private variable to ensure consistent return value for multiple calls on the same Request. I have the code ready, but wanted to discuss the matter here first. The Servlet spec requires only that the ID is unique for the lifetime of the container. How will this interact with ServletRequest.getRequestId() and the associated methods? My idea is that ServletRequest.getRequestId() would still delegate calls to Coyote's getRequestId(), so the new implementation would be used for it. Should we make the request ID generator a pluggable component? If so, of what? That would be great as it would allow us to keep the current behavior as default, for example, make this enhancement opt-in, and allow for future implementations e.g. UUIDv7 which allows for natural order sorting. I like plugability, and then we can offer at least two implementations: the naive one we have now which guarantees uniqueness within a single JVM and another one which guarantees universal uniqueness[1] but likely has a bit of a performance penalty. Which component is a great question. On one hand I'm thinking that Coyote is part of the Connectors, but on the other hand we might want to allow admins to configure different behavior for different Hosts or Contexts? I personally feel that running multiple Hosts or Contexts in a single Tomcat deployment is something that was more valuable in the past when compute resources were much more expensive than they are today. Nowadays it is easy to deploy Tomcat in a container like Docker and map the hosts and ports as needed, and I rarely find myself needing to have different configurations for different Hosts or Contexts. Speaking of hosts... since an engine probably already has a jvmRoute defined on it, maybe we could use that to provide cross-cluster uniqueness. You could have jvmRoute + random seed + counter = request id and that should be unique across your cluster. -chris [1] Of course, UUIDs are not actually guaranteed to be unique. Just really really REALLY unlikely to experience colissions. -
(tomcat) branch 10.1.x updated: Increment version numbers for the next release.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new c221f90651 Increment version numbers for the next release. c221f90651 is described below commit c221f90651f265943cf7bbb56e9d0e9b8c5dbbb6 Author: Christopher Schultz AuthorDate: Tue Sep 17 07:40:10 2024 -0400 Increment version numbers for the next release. --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index 7469fb8634..82c3b1995a 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=10 version.minor=1 -version.build=30 +version.build=31 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index b23a74630c..a3022b3ade 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=10.1.30 +maven.asf.release.deploy.version=10.1.31 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index d78cd2861e..c3b02af15f 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r71636 - /release/tomcat/tomcat-10/v10.1.29/
Author: schultz Date: Tue Sep 17 11:37:21 2024 New Revision: 71636 Log: Drop old release artifacts Removed: release/tomcat/tomcat-10/v10.1.29/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1920746 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationa
Author: schultz Date: Tue Sep 17 11:36:26 2024 New Revision: 1920746 URL: http://svn.apache.org/viewvc?rev=1920746&view=rev Log: Update web site with 10.1.30 announcement. [This commit notification would consist of 61 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r71635 - /dev/tomcat/tomcat-10/v10.1.30/ /release/tomcat/tomcat-10/v10.1.30/
Author: schultz Date: Tue Sep 17 11:27:49 2024 New Revision: 71635 Log: Promote v10.1.30 release. Added: release/tomcat/tomcat-10/v10.1.30/ - copied from r71634, dev/tomcat/tomcat-10/v10.1.30/ Removed: dev/tomcat/tomcat-10/v10.1.30/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 10.1.30
All, The following votes were cast: +1: remm, markt, ebourg, isapir Non-binding: +1: dsoumis No other votes were cast, therefore the vote passes. Thanks to everyone who contributed toward this release. -chris On 9/14/24 07:10, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.30 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.29 are: - Fix the regression in HTTP/2 support introduced in 10.1.29. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.30/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1516 The tag is: https://github.com/apache/tomcat/tree/10.1.30 https://github.com/apache/tomcat/commit/08bb04e1711e9856479596403b38cccf8287bc5b Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.95
Rémy, Thanks for RMing. On 9/13/24 15:18, Rémy Maucherat wrote: The proposed Apache Tomcat 9.0.95 release is now available for voting. The notable changes compared to 9.0.94 are: - Fix the regression in HTTP/2 support introduced in 9.0.94. For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.95/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1515 The tag is: https://github.com/apache/tomcat/tree/9.0.95 9f8c522e2a556002ecb356ed71dcaf788da6aa5f The proposed 9.0.95 release is: [ ] -1, Broken - do not release [ ] +1, Stable - go ahead and release as 9.0.95 +1 for stable release. Unit tests pass(*) on MacOS aarch64 and the build is reproducible (except "fulldocs") on that platform. * Several unit tests failed due to renegotiation being unavailable in this environment. I can see that the FFM tests are picking-up on the LibreSSL binary instead of OpenSSL. I will try to get this corrected for future votes. I'm also seeing skipped tests as well, which should only happen when using Java <22, but I'm definitely using Java 22 for testing. Details: * Environment * Java (build):openjdk version "17.0.12" 2024-07-16 OpenJDK Runtime Environment Temurin-17.0.12+7 (build 17.0.12+7) OpenJDK 64-Bit Server VM Temurin-17.0.12+7 (build 17.0.12+7, mixed mode) * Java (test): openjdk version "22.0.2" 2024-07-16 OpenJDK Runtime Environment Temurin-22.0.2+9 (build 22.0.2+9) OpenJDK 64-Bit Server VM Temurin-22.0.2+9 (build 22.0.2+9, mixed mode) * Ant: Apache Ant(TM) version 1.10.15 compiled on August 25 2024 * OS: Darwin 23.6.0 arm64 * cc: Apple clang version 15.0.0 (clang-1500.3.9.4) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.3.1 4 Jun 2024 (Library: OpenSSL 3.3.1 4 Jun 2024) * APR: 1.7.4 * * Valid SHA-512 signature for apache-tomcat-9.0.95.zip * Valid GPG signature for apache-tomcat-9.0.95.zip * Valid SHA-512 signature for apache-tomcat-9.0.95.tar.gz * Valid GPG signature for apache-tomcat-9.0.95.tar.gz * Valid SHA-512 signature for apache-tomcat-9.0.95.exe * Valid GPG signature for apache-tomcat-9.0.95.exe * Valid SHA512 signature for apache-tomcat-9.0.95-src.zip * Valid GPG signature for apache-tomcat-9.0.95-src.zip * Valid SHA512 signature for apache-tomcat-9.0.95-src.tar.gz * Valid GPG signature for apache-tomcat-9.0.95-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: FAILED * * Tests that failed: * org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt * org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt * org.apache.tomcat.util.net.TestClientCert.NIO.txt * org.apache.tomcat.util.net.TestClientCert.NIO2.txt * org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO.txt * org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO2.txt -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.30
Rémy, On 9/16/24 03:37, Rémy Maucherat wrote: On Sat, Sep 14, 2024 at 1:10 PM Christopher Schultz wrote: The proposed Apache Tomcat 10.1.30 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.29 are: - Fix the regression in HTTP/2 support introduced in 10.1.29. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.30/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1516 The tag is: https://github.com/apache/tomcat/tree/10.1.30 https://github.com/apache/tomcat/commit/08bb04e1711e9856479596403b38cccf8287bc5b Please reply with a +1 for release or +0/-0/-1 with an explanation. +1 Maybe you can upgrade your Ant to 1.10.15 for the next build ? Java 23 will be out so I plan to try upgrading that as well. :/ I thought for sure I had done that. I'm using 3 different machines for building and testing, and it looks like I have upgraded ant only on two of them. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.0-M26
Mark, Thanks for RMing. On 9/13/24 2:03 PM, Mark Thomas wrote: The proposed Apache Tomcat 11.0.0-M26 release is now available for voting. Apache Tomcat 11.0.0-M26 is a milestone release of the 11.0.x branch and has been made to provide users with early access to the new features in Apache Tomcat 11.0.x so that they may provide feedback. The notable changes compared to 11.0.0-M25 include: - Fix the regression in HTTP/2 support introduced in 11.0.0-M25. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. Applications using deprecated APIs may require further changes. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M26/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1514 The tag is: https://github.com/apache/tomcat/tree/11.0.0-M26 e9935d107776339a4a48cf4e32195a763fbf8379 The proposed 11.0.0-M26 release is: [ ] -1 Broken - do not release [ ] +1 Beta - go ahead and release as 11.0.0-M26 +1 for beta release. Unit tests pass(*) on MacOS x86-64 and the build is 100% reproducible on that platform. * Some unit tests fail with OpenSSL-FFM because renegotiation is unsupported. It appears that LibreSSL is being used for FFM instead of OpenSSL. I will look into correcting this for future votes. Details: * Environment * Java (build):openjdk version "22.0.2" 2024-07-16 OpenJDK Runtime Environment Temurin-22.0.2+9 (build 22.0.2+9) OpenJDK 64-Bit Server VM Temurin-22.0.2+9 (build 22.0.2+9, mixed mode) * Java (test): openjdk version "22.0.2" 2024-07-16 OpenJDK Runtime Environment Temurin-22.0.2+9 (build 22.0.2+9) OpenJDK 64-Bit Server VM Temurin-22.0.2+9 (build 22.0.2+9, mixed mode) * Ant: Apache Ant(TM) version 1.10.15 compiled on August 25 2024 * OS: Darwin 21.6.0 x86_64 * cc: Apple clang version 12.0.0 (clang-1200.0.31.1) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024) * APR: 1.7.4 * * Valid SHA-512 signature for apache-tomcat-11.0.0-M26.zip * Valid GPG signature for apache-tomcat-11.0.0-M26.zip * Valid SHA-512 signature for apache-tomcat-11.0.0-M26.tar.gz * Valid GPG signature for apache-tomcat-11.0.0-M26.tar.gz * Valid SHA-512 signature for apache-tomcat-11.0.0-M26.exe * Valid GPG signature for apache-tomcat-11.0.0-M26.exe * Valid SHA512 signature for apache-tomcat-11.0.0-M26-src.zip * Valid GPG signature for apache-tomcat-11.0.0-M26-src.zip * Valid SHA512 signature for apache-tomcat-11.0.0-M26-src.tar.gz * Valid GPG signature for apache-tomcat-11.0.0-M26-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: FAILED * * Tests that failed: * org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt * org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt * org.apache.tomcat.util.net.TestClientCert.NIO.txt * org.apache.tomcat.util.net.TestClientCert.NIO2.txt * org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO.txt * org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO2.txt -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat 10.1.30
The proposed Apache Tomcat 10.1.30 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.29 are: - Fix the regression in HTTP/2 support introduced in 10.1.29. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.30/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1516 The tag is: https://github.com/apache/tomcat/tree/10.1.30 https://github.com/apache/tomcat/commit/08bb04e1711e9856479596403b38cccf8287bc5b Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r71576 - in /dev/tomcat/tomcat-10/v10.1.30: ./ bin/ bin/embed/ src/
Author: schultz Date: Sat Sep 14 11:02:32 2024 New Revision: 71576 Log: Upload v10.1.30 for voting. Added: dev/tomcat/tomcat-10/v10.1.30/ dev/tomcat/tomcat-10/v10.1.30/KEYS dev/tomcat/tomcat-10/v10.1.30/README.html dev/tomcat/tomcat-10/v10.1.30/RELEASE-NOTES dev/tomcat/tomcat-10/v10.1.30/bin/ dev/tomcat/tomcat-10/v10.1.30/bin/README.html dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-deployer.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-deployer.tar.gz.asc dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-deployer.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-deployer.zip (with props) dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-deployer.zip.asc dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-deployer.zip.sha512 dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-fulldocs.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-fulldocs.tar.gz.asc dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-fulldocs.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-windows-x64.zip (with props) dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-windows-x64.zip.asc dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-windows-x64.zip.sha512 dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-windows-x86.zip (with props) dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-windows-x86.zip.asc dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30-windows-x86.zip.sha512 dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30.exe (with props) dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30.exe.asc dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30.exe.sha512 dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30.tar.gz.asc dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30.zip (with props) dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30.zip.asc dev/tomcat/tomcat-10/v10.1.30/bin/apache-tomcat-10.1.30.zip.sha512 dev/tomcat/tomcat-10/v10.1.30/bin/embed/ dev/tomcat/tomcat-10/v10.1.30/bin/embed/apache-tomcat-10.1.30-embed.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.30/bin/embed/apache-tomcat-10.1.30-embed.tar.gz.asc dev/tomcat/tomcat-10/v10.1.30/bin/embed/apache-tomcat-10.1.30-embed.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.30/bin/embed/apache-tomcat-10.1.30-embed.zip (with props) dev/tomcat/tomcat-10/v10.1.30/bin/embed/apache-tomcat-10.1.30-embed.zip.asc dev/tomcat/tomcat-10/v10.1.30/bin/embed/apache-tomcat-10.1.30-embed.zip.sha512 dev/tomcat/tomcat-10/v10.1.30/src/ dev/tomcat/tomcat-10/v10.1.30/src/apache-tomcat-10.1.30-src.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.30/src/apache-tomcat-10.1.30-src.tar.gz.asc dev/tomcat/tomcat-10/v10.1.30/src/apache-tomcat-10.1.30-src.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.30/src/apache-tomcat-10.1.30-src.zip (with props) dev/tomcat/tomcat-10/v10.1.30/src/apache-tomcat-10.1.30-src.zip.asc dev/tomcat/tomcat-10/v10.1.30/src/apache-tomcat-10.1.30-src.zip.sha512 Added: dev/tomcat/tomcat-10/v10.1.30/KEYS == --- dev/tomcat/tomcat-10/v10.1.30/KEYS (added) +++ dev/tomcat/tomcat-10/v10.1.30/KEYS Sat Sep 14 11:02:32 2024 @@ -0,0 +1,562 @@ +This file contains the PGP&GPG keys of various Apache developers. +Please don't use them for email unless you have to. Their main +purpose is code signing. + +Apache users: pgp < KEYS +Apache developers: +(pgpk -ll && pgpk -xa ) >> this file. + or +(gpg --fingerprint --list-sigs + && gpg --armor --export ) >> this file. + +Apache developers: please ensure that your key is also available via the +PGP keyservers (such as pgpkeys.mit.edu). + + +pub 4096R/2F6059E7 2009-09-18 + Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 +uid Mark E D Thomas +sub 4096R/5E763BEC 2009-09-18 + +-BEGIN PGP PUBLIC KEY BLOCK- +Comment: GPGTools - http://gpgtools.org + +mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX +pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t +6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K +GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz +4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M +UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF +kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn +lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi +GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4
(tomcat) tag 10.1.30 created (now 08bb04e171)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to tag 10.1.30 in repository https://gitbox.apache.org/repos/asf/tomcat.git at 08bb04e171 (commit) This tag includes the following new commits: new 08bb04e171 Tag 10.1.30 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/01: Tag 10.1.30
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to tag 10.1.30 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 08bb04e1711e9856479596403b38cccf8287bc5b Author: Christopher Schultz AuthorDate: Sat Sep 14 06:59:44 2024 -0400 Tag 10.1.30 --- build.properties.release | 54 +++ res/install-win/Uninstall.exe.sig| Bin 0 -> 10202 bytes res/install-win/tomcat-installer.exe.sig | Bin 0 -> 10202 bytes res/maven/mvn.properties.release | 27 webapps/docs/changelog.xml | 2 +- 5 files changed, 82 insertions(+), 1 deletion(-) diff --git a/build.properties.release b/build.properties.release new file mode 100644 index 00..850e04c6de --- /dev/null +++ b/build.properties.release @@ -0,0 +1,54 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Any unwanted settings may be over-ridden in a build.properties file located +# in the same directory as this file. + +# Set the version-dev to "" (empty string) as this is not a development release. +version.dev= + +# Ensure consistent timestamps for reproducible builds. +ant.tstamp.now.iso=2024-09-13T20:26:16Z + +# Enable insertion of detached signatures into the Windows installer. +do.codesigning=true + +# Re-use the same GPG executable. +gpg.exec=/usr/local/bin/gpg + +# Reproducible builds require the use of the build tools defined below. The +# vendors (where appropriate) and versions must match exactly for a reproducible +# build since this data is embedded in various files, particularly JAR file +# manifests, as part of the build process. +# +# Apache Ant: Apache Ant(TM) version 1.10.14 compiled on August 16 2023 +# +# Java Name: OpenJDK 64-Bit Server VM +# Java Vendor: Eclipse Adoptium +# Java Version:22.0.2+9 + +# The following is provided for information only. Builds will be repeatable +# whether or not the build environment is consistent with this information. +# +# OS: x86_64 Mac OS X 14.5 +# File encoding: UTF-8 +# +# Release Manager: schultz +release-java-version=22.0.2+9 +release-ant-version=1.10.14 diff --git a/res/install-win/Uninstall.exe.sig b/res/install-win/Uninstall.exe.sig new file mode 100644 index 00..698d25e65c Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ diff --git a/res/install-win/tomcat-installer.exe.sig b/res/install-win/tomcat-installer.exe.sig new file mode 100644 index 00..780261b5df Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release new file mode 100644 index 00..15403af618 --- /dev/null +++ b/res/maven/mvn.properties.release @@ -0,0 +1,27 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Remove "-dev" from the version since this is not a development release. +maven.asf.release.deploy.version=10.1.30
Re: Future of JNI in Tomcat
Mark, On 9/12/24 12:48, Mark Thomas wrote: On 12/09/2024 15:15, Rémy Maucherat wrote: Hi, This JEP has the potential to have a significant impact with Tomcat's JNI use starting with Java 26. https://openjdk.org/jeps/471 Unsafe.invokeCleaner will be removed, which will effectively prevent using the direct ByteBuffers that are needed for tomcat-native. The solution is to use a memory segment from FFM, then call MemorySegment.asByteBuffer, which creates a direct ByteBuffer with a controllable lifecycle. So using JNI would require FFM and using the full FFM code instead should make more sense. +1. We will of course have to see how things turn out ... FFM is looking more and more like the way to go. Another, less problematic, yet still annoying change will be https://openjdk.org/jeps/472 in Java 24+. Basically, the native access flag use will become mandatory. This is a bit annoying since it is not possible to add "--enable-native-access=ALL-UNNAMED" in the default command line without breaking on older Java. So we have issues when running older Tomcats that have to work with JREs that don't have FFM - hence they need JNI. We have had issues like this before and have managed to hack around them. Maybe it is time for slightly more robust solution. I was thinking something like: - new class in bootstrap JAR with a main method that just returns the current major java version as the exit code Could this be done without any custom code? I suppose running "java -version" and parsing the output using grep/sed/awk/Perl/whatever would be error-prone. I suppose the performance difference between running "java -version" and "java GetMajorVersion" is negligible. - the startup scripts call java with that class and store exit code in a variable - we use that variable to select what to include when composing the main command line to start Tomcat. +1 this should work -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1920561 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationa
Author: schultz Date: Wed Sep 11 12:32:05 2024 New Revision: 1920561 URL: http://svn.apache.org/viewvc?rev=1920561&view=rev Log: Announce the release of v10.1.29. [This commit notification would consist of 64 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r71463 - /release/tomcat/tomcat-10/v10.1.28/
Author: schultz Date: Wed Sep 11 12:25:31 2024 New Revision: 71463 Log: Drop old release artifacts. Removed: release/tomcat/tomcat-10/v10.1.28/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE][RESULT] Release Apache Tomcat 10.1.29
All, On 9/10/24 16:16, Christopher Schultz wrote: The following votes were cast: +1: markt, remm, rjung, schultz Oops technically dsoumis is non-binding. Non-binding: +1: dsoumis No other votes were cast, therefore the vote passes. Thanks to everyone who contributed toward this release. Thanks, -chris The proposed Apache Tomcat 10.1.29 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.28 are: - If an HTTP/2 client resets a stream before the request body is fully written, ensure that any ReadListener is notified via a call to ReadListener.onErrror() - An Exception being thrown during WebSocket message processing (e.g. in a method annotated with @onMessage) should not automatically cause the connection to close. The application should handle the exception and make the decision whether or not to close the connection. - Correct a regression in the fix for non-blocking reads of chunked request bodies that caused InputStream.available() to return a non-zero value when there was no data to read. In some circumstances this could cause a blocking read to block waiting for more data rather than return the data it had already received. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.29/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1513 The tag is: https://github.com/apache/tomcat/tree/10.1.29 https://github.com/apache/tomcat/commit/6e9fc6759a00036f47e2c8f2dfa854109c6c600b Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 02/02: Add new release section and old release date.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit b1fdfa4892a6894c3c4f9a58f81433c588a4c412 Author: Christopher Schultz AuthorDate: Tue Sep 10 16:22:04 2024 -0400 Add new release section and old release date. --- webapps/docs/changelog.xml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 51c3b94548..4de3ee1a47 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated (a5c684e028 -> b1fdfa4892)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git from a5c684e028 Add release date. new 4ef3e20cd0 Increment version numbers for next release. new b1fdfa4892 Add new release section and old release date. The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/02: Increment version numbers for next release.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 4ef3e20cd0ff0366bd6b5bdd53a97220389d1e9e Author: Christopher Schultz AuthorDate: Tue Sep 10 16:21:00 2024 -0400 Increment version numbers for next release. --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.properties.default b/build.properties.default index 2cdd9bdd16..7469fb8634 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=10 version.minor=1 -version.build=29 +version.build=30 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index 743ddf19db..b23a74630c 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=10.1.29 +maven.asf.release.deploy.version=10.1.30 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r71452 - /dev/tomcat/tomcat-10/v10.1.29/ /release/tomcat/tomcat-10/v10.1.29/
Author: schultz Date: Tue Sep 10 20:18:17 2024 New Revision: 71452 Log: Promote v10.1.29 release Added: release/tomcat/tomcat-10/v10.1.29/ - copied from r71451, dev/tomcat/tomcat-10/v10.1.29/ Removed: dev/tomcat/tomcat-10/v10.1.29/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 10.1.29
All, The following votes were cast: +1: markt, remm, rjung, dsoumis, schultz No other votes were cast, therefore the vote passes. Thanks to everyone who contributed toward this release. -chris The proposed Apache Tomcat 10.1.29 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.28 are: - If an HTTP/2 client resets a stream before the request body is fully written, ensure that any ReadListener is notified via a call to ReadListener.onErrror() - An Exception being thrown during WebSocket message processing (e.g. in a method annotated with @onMessage) should not automatically cause the connection to close. The application should handle the exception and make the decision whether or not to close the connection. - Correct a regression in the fix for non-blocking reads of chunked request bodies that caused InputStream.available() to return a non-zero value when there was no data to read. In some circumstances this could cause a blocking read to block waiting for more data rather than return the data it had already received. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.29/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1513 The tag is: https://github.com/apache/tomcat/tree/10.1.29 https://github.com/apache/tomcat/commit/6e9fc6759a00036f47e2c8f2dfa854109c6c600b Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r71347 - in /dev/tomcat/tomcat-10/v10.1.29: ./ bin/ bin/embed/ src/
Author: schultz Date: Thu Sep 5 16:40:46 2024 New Revision: 71347 Log: Upload release candidate for voting. Added: dev/tomcat/tomcat-10/v10.1.29/ dev/tomcat/tomcat-10/v10.1.29/KEYS dev/tomcat/tomcat-10/v10.1.29/README.html dev/tomcat/tomcat-10/v10.1.29/RELEASE-NOTES dev/tomcat/tomcat-10/v10.1.29/bin/ dev/tomcat/tomcat-10/v10.1.29/bin/README.html dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-deployer.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-deployer.tar.gz.asc dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-deployer.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-deployer.zip (with props) dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-deployer.zip.asc dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-deployer.zip.sha512 dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-fulldocs.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-fulldocs.tar.gz.asc dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-fulldocs.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-windows-x64.zip (with props) dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-windows-x64.zip.asc dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-windows-x64.zip.sha512 dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-windows-x86.zip (with props) dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-windows-x86.zip.asc dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29-windows-x86.zip.sha512 dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29.exe (with props) dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29.exe.asc dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29.exe.sha512 dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29.tar.gz.asc dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29.zip (with props) dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29.zip.asc dev/tomcat/tomcat-10/v10.1.29/bin/apache-tomcat-10.1.29.zip.sha512 dev/tomcat/tomcat-10/v10.1.29/bin/embed/ dev/tomcat/tomcat-10/v10.1.29/bin/embed/apache-tomcat-10.1.29-embed.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.29/bin/embed/apache-tomcat-10.1.29-embed.tar.gz.asc dev/tomcat/tomcat-10/v10.1.29/bin/embed/apache-tomcat-10.1.29-embed.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.29/bin/embed/apache-tomcat-10.1.29-embed.zip (with props) dev/tomcat/tomcat-10/v10.1.29/bin/embed/apache-tomcat-10.1.29-embed.zip.asc dev/tomcat/tomcat-10/v10.1.29/bin/embed/apache-tomcat-10.1.29-embed.zip.sha512 dev/tomcat/tomcat-10/v10.1.29/src/ dev/tomcat/tomcat-10/v10.1.29/src/apache-tomcat-10.1.29-src.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.29/src/apache-tomcat-10.1.29-src.tar.gz.asc dev/tomcat/tomcat-10/v10.1.29/src/apache-tomcat-10.1.29-src.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.29/src/apache-tomcat-10.1.29-src.zip (with props) dev/tomcat/tomcat-10/v10.1.29/src/apache-tomcat-10.1.29-src.zip.asc dev/tomcat/tomcat-10/v10.1.29/src/apache-tomcat-10.1.29-src.zip.sha512 Added: dev/tomcat/tomcat-10/v10.1.29/KEYS == --- dev/tomcat/tomcat-10/v10.1.29/KEYS (added) +++ dev/tomcat/tomcat-10/v10.1.29/KEYS Thu Sep 5 16:40:46 2024 @@ -0,0 +1,562 @@ +This file contains the PGP&GPG keys of various Apache developers. +Please don't use them for email unless you have to. Their main +purpose is code signing. + +Apache users: pgp < KEYS +Apache developers: +(pgpk -ll && pgpk -xa ) >> this file. + or +(gpg --fingerprint --list-sigs + && gpg --armor --export ) >> this file. + +Apache developers: please ensure that your key is also available via the +PGP keyservers (such as pgpkeys.mit.edu). + + +pub 4096R/2F6059E7 2009-09-18 + Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 +uid Mark E D Thomas +sub 4096R/5E763BEC 2009-09-18 + +-BEGIN PGP PUBLIC KEY BLOCK- +Comment: GPGTools - http://gpgtools.org + +mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX +pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t +6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K +GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz +4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M +UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF +kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn +lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi +GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4
(tomcat) 01/01: Tag 10.1.29
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to tag 10.1.29 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 6e9fc6759a00036f47e2c8f2dfa854109c6c600b Author: Christopher Schultz AuthorDate: Thu Sep 5 12:38:57 2024 -0400 Tag 10.1.29 --- build.properties.release | 54 +++ res/install-win/Uninstall.exe.sig| Bin 0 -> 10202 bytes res/install-win/tomcat-installer.exe.sig | Bin 0 -> 10202 bytes res/maven/mvn.properties.release | 27 webapps/docs/changelog.xml | 2 +- 5 files changed, 82 insertions(+), 1 deletion(-) diff --git a/build.properties.release b/build.properties.release new file mode 100644 index 00..d196ed0c1f --- /dev/null +++ b/build.properties.release @@ -0,0 +1,54 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Any unwanted settings may be over-ridden in a build.properties file located +# in the same directory as this file. + +# Set the version-dev to "" (empty string) as this is not a development release. +version.dev= + +# Ensure consistent timestamps for reproducible builds. +ant.tstamp.now.iso=2024-09-05T14:23:34Z + +# Enable insertion of detached signatures into the Windows installer. +do.codesigning=true + +# Re-use the same GPG executable. +gpg.exec=/usr/local/bin/gpg + +# Reproducible builds require the use of the build tools defined below. The +# vendors (where appropriate) and versions must match exactly for a reproducible +# build since this data is embedded in various files, particularly JAR file +# manifests, as part of the build process. +# +# Apache Ant: Apache Ant(TM) version 1.10.14 compiled on August 16 2023 +# +# Java Name: OpenJDK 64-Bit Server VM +# Java Vendor: Eclipse Adoptium +# Java Version:22.0.2+9 + +# The following is provided for information only. Builds will be repeatable +# whether or not the build environment is consistent with this information. +# +# OS: x86_64 Mac OS X 14.5 +# File encoding: UTF-8 +# +# Release Manager: schultz +release-java-version=22.0.2+9 +release-ant-version=1.10.14 diff --git a/res/install-win/Uninstall.exe.sig b/res/install-win/Uninstall.exe.sig new file mode 100644 index 00..cdcb85bcc9 Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ diff --git a/res/install-win/tomcat-installer.exe.sig b/res/install-win/tomcat-installer.exe.sig new file mode 100644 index 00..07fbf09da0 Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release new file mode 100644 index 00..95f1876677 --- /dev/null +++ b/res/maven/mvn.properties.release @@ -0,0 +1,27 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Remove "-dev" from the version since this is not a development release. +maven.asf.release.deploy.version=10.1.29
(tomcat) tag 10.1.29 created (now 6e9fc6759a)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to tag 10.1.29 in repository https://gitbox.apache.org/repos/asf/tomcat.git at 6e9fc6759a (commit) This tag includes the following new commits: new 6e9fc6759a Tag 10.1.29 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [QUESTION] Purchase UML tool using Google security funding
Mark, On 8/29/24 12:29, Mark Thomas wrote: On 29/08/2024 15:34, Felix Schumacher wrote: While I don't object to buying a license, I would love to know, which diagram you looked at and what exactly did not work out. (the activation stuff in mermaid is brittle, but I think I managed to get them all right) I couldn't find a way to get the gap in the activation of Catalina between the call to setParentClassLoader() and start(). I see how you fixed that. Nice. There are a couple of places where the message arrows don't quite meet up with the activation bar correctly and the await note isn't quite in the right place. and for mermaidjs I got I found that very hard to read but I suspect that is a fairly easy fix. My biggest complaint with mermaidjs was that the text on messages to self is centered rather than to the right. That is probably fixable too. There is a missing activation bar for the digester but that might be due to the issues you mentioned. The label is in the right place for await() which is good. To summarize my findings. plantuml seemed to be more predictable and feature-rich (for sequence diagrams) than mermaidjs. But I didn't see any showstoppers with both of them. Another alternative to use would be umlet (https://www.umlet.com/), which I used way back, but haven't looked at lately. I'll take a look. I hope you didn't mind the inline code and thus this long message. Not at all. This is all really useful. I do really like the idea of the source being human readable but I think I am still leaning towards Visual Paradigm because it doesn't have any of the niggles in the output and generally, we have a lot more control over the final layout. Another factor is time. While Visual Paradigm also has its quirks, I've found I have spent far less time cajoling the tool into providing the output I want. Is the file format for VP binary? Does it have to be? Maybe they have an XML import/export format? -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [QUESTION] Purchase UML tool using Google security funding
Mark, On 8/29/24 09:14, Mark Thomas wrote: On 29/08/2024 14:02, Christopher Schultz wrote: Felix, On 8/29/24 05:06, Felix Schumacher wrote: Am 25. August 2024 10:36:44 MESZ schrieb Mark Thomas : All, You have probably seen that I am working on updating the UML diagrams we have in the architecture section of the Tomcat documentation. The original diagrams were written in IBM Rational Rose. They were donated by a contributor. I don't thnk any committer ever had access to a license for IBM Rational Rose. That made maintaining them difficult. I managed to find a tool to export them to SVG but they are still very out of date. My expectation is that architecture diagrams like this (and possibly a few more) will be required to meet the CRA requirements. Even if I'm wrong on that, there are other benefits to having up to date diagrams explaining Tomcat's internal structure and how it works such as helping new contributors find their way around the code base. I've found a tool that appears to do everything we need and a lot more with a free community edition - Visual Paradigm - that I have been using to create updated diagrams. The tool is available for Windows, Linux, Mac and has an on-line edition. To ensure we don't end up in the same position as we did with the previous diagrams, I think - as a minimum - we should take copies of the installers for the community edition and put them somewhere safe - I have access to an ASF owned Google Drive we could use. The free version does everything that we want but it does watermark the output when the diagrams are exported. I have been wondering about the benefits of purchasing a license. A perpetual license for the modeler version (the entry level) would cost $99 for a single user. There is a floating license version but that requires a license server to be installed. It is designed for office LANs rather than global collaboration. The main benefit of the license is that it means the exported diagrams don't contain the watermarks (company logo in top-right corner). If we did want to purchase a license (in the name of the Tomcat PMC) we could use the Google security funding since the primary driver for this work is the CRA. Thoughts? Personally, I am leaning towards spending the $99 so we can remove the watermark from the Tomcat docs. Have you thought about using a tool like plantuml or mermaid-js? That way the source would be human readable. Plantuml could probably be added to the ant setup and would render SVG files or even ASCII art. The files under architecture looked like sequence diagrams, which should be doable. If other tools are on the menu, there is always graphviz. I'm happy to look at suggested alternatives. I've had hit-or-miss results with graphviz. When it's willing to generate a nice-looking graph for you, it's fantastic and easy to work with. When you can't get it to generate the graph you WANT, it's a total PITA. Looking at what is required to generate a class diagram: https://graphviz.org/Gallery/directed/UML_Class_diagram.html that looks like too much hand-crafting is required. While PlantUML didn't work out, I was able to produce something close within minutes. I'm not even sure where I'd need to start with graphviz. Yep, graphviz is definitely not UML-specific, it's ... like, its own thing, man[1]. -chris [1] https://www.youtube.com/watch?v=tML85kQfy0c (Safe for work but not necessarily your sanity) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1920023 - in /tomcat/site/trunk: docs/security-model.html xdocs/security-model.xml
Mark, On 8/29/24 03:44, Mark Thomas wrote: On 28/08/2024 22:27, Christopher Schultz wrote: On 8/28/24 06:48, Mark Thomas wrote: I've restructured the page. I've added the things you suggested. Any better? Yes, I like your work, here. I committed some minor changes. Mostly re-wording the "giving the attacker administrative rights before an attack is cheating" bit. I was tempted to edit that page to include that quote. It sums it up rather nicely. I did make a minor addition to clarify that standard distributions were from the ASF. I don't think any downstream is adding their own web applications but just in case... I'll ping the security@ folks for a review before we start linking to this from the other security pages. +1 I wonder if the term "Security Model" is correct for this page, but it's okay with me. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [QUESTION] Purchase UML tool using Google security funding
Felix, On 8/29/24 05:06, Felix Schumacher wrote: Am 25. August 2024 10:36:44 MESZ schrieb Mark Thomas : All, You have probably seen that I am working on updating the UML diagrams we have in the architecture section of the Tomcat documentation. The original diagrams were written in IBM Rational Rose. They were donated by a contributor. I don't thnk any committer ever had access to a license for IBM Rational Rose. That made maintaining them difficult. I managed to find a tool to export them to SVG but they are still very out of date. My expectation is that architecture diagrams like this (and possibly a few more) will be required to meet the CRA requirements. Even if I'm wrong on that, there are other benefits to having up to date diagrams explaining Tomcat's internal structure and how it works such as helping new contributors find their way around the code base. I've found a tool that appears to do everything we need and a lot more with a free community edition - Visual Paradigm - that I have been using to create updated diagrams. The tool is available for Windows, Linux, Mac and has an on-line edition. To ensure we don't end up in the same position as we did with the previous diagrams, I think - as a minimum - we should take copies of the installers for the community edition and put them somewhere safe - I have access to an ASF owned Google Drive we could use. The free version does everything that we want but it does watermark the output when the diagrams are exported. I have been wondering about the benefits of purchasing a license. A perpetual license for the modeler version (the entry level) would cost $99 for a single user. There is a floating license version but that requires a license server to be installed. It is designed for office LANs rather than global collaboration. The main benefit of the license is that it means the exported diagrams don't contain the watermarks (company logo in top-right corner). If we did want to purchase a license (in the name of the Tomcat PMC) we could use the Google security funding since the primary driver for this work is the CRA. Thoughts? Personally, I am leaning towards spending the $99 so we can remove the watermark from the Tomcat docs. Have you thought about using a tool like plantuml or mermaid-js? That way the source would be human readable. Plantuml could probably be added to the ant setup and would render SVG files or even ASCII art. The files under architecture looked like sequence diagrams, which should be doable. If other tools are on the menu, there is always graphviz. I've had hit-or-miss results with graphviz. When it's willing to generate a nice-looking graph for you, it's fantastic and easy to work with. When you can't get it to generate the graph you WANT, it's a total PITA. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1920023 - in /tomcat/site/trunk: docs/security-model.html xdocs/security-model.xml
Mark, On 8/28/24 06:48, Mark Thomas wrote: On 27/08/2024 17:34, Christopher Schultz wrote: Mark, On 8/27/24 11:59, Mark Thomas wrote: On 26/08/2024 15:18, Christopher Schultz wrote: + Data received by an AJP connector is trusted. Maybe clarify which data you are talking about? I'm guessing that "request attributes" and certain headers should be considered trusted, but the request entity for example is not. Thanks. Good catch. I've updated the docs. Any further changes before I add some links to this page from the security docs? I think: " Vulnerabilities in deployed web applications are application vulnerabilities, not Tomcat vulnerabilities. " ...ought to mention that Tomcat-provided web applications are in-scope for security vulnerability reports. Manager and host-manager are quite important while ROOT, docs, and examples would be limited to e.g. "low importance" because they should never be deployed into a production environment. s/multi-cast/multicast/g This list is sufficiently long that we might want to break it down a little into separate sections with separate titles e.g.: Trusted Environments The following environments, user, and code are always considered trusted. Reports that users with control over these environments will be rejected on the basis that those users are in fact trusted and have administrative or equivalent access: * Deployed web applications * Access via JMX * Access via Java Attach API or other debugging interfaces * ... As I write this, it seems to be falling apart a little. Maybe this comment will spark someone else's creativity. But the list seems to be getting long and I'm a very strong supporter of "Parallel Structure"[1] in writing, and this is all over the place. I've restructured the page. I've added the things you suggested. Any better? Yes, I like your work, here. I committed some minor changes. Mostly re-wording the "giving the attacker administrative rights before an attack is cheating" bit. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1920257 - in /tomcat/site/trunk: docs/security-model.html xdocs/security-model.xml
Author: schultz Date: Wed Aug 28 21:26:56 2024 New Revision: 1920257 URL: http://svn.apache.org/viewvc?rev=1920257&view=rev Log: Minor edits. Modified: tomcat/site/trunk/docs/security-model.html tomcat/site/trunk/xdocs/security-model.xml Modified: tomcat/site/trunk/docs/security-model.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-model.html?rev=1920257&r1=1920256&r2=1920257&view=diff == --- tomcat/site/trunk/docs/security-model.html (original) +++ tomcat/site/trunk/docs/security-model.html Wed Aug 28 21:26:56 2024 @@ -12,9 +12,9 @@ Administrative users - Administrative users are always considered to be trusted. Reports that - require attacker access to and/or control of any of the following to - succeed will be rejected: + Administrative users are always considered to be trusted. Reports for + vulnerabilities where an attacker already has access to or control over + any of the following will be rejected: The Manager or Host Manager applications provided with Tomcat @@ -29,13 +29,14 @@ Web applications Web applications deployed to Tomcat are considered to be trusted. - Vulnerabilities in user provided web applications are application + Vulnerabilities in user-provided web applications are application vulnerabilities, not Tomcat vulnerabilities. Reports of vulnerabilities in the web applications included with - Tomcat will be accepted. Reporters should review the comments about - each of the provided applications in the security considerations - section of the documentation for the version under test. + standard Tomcat distributions will be accepted. Reporters should + review the comments about each of the provided applications in the + security considerations section of the documentation for the version + under test. @@ -50,7 +51,7 @@ connector HTTP headers processed by a RemoteIpValve, SSLValve, equivalent filters or any similar -functionality. +functionality @@ -67,10 +68,10 @@ Logging - Security sensitive information will not be logged with the default + Security-sensitive information will not be logged with the default configuration apart from anything included in the request URI. - Security sensitive information may be logged with modified logging + Security-sensitive information may be logged with modified logging configurations, particularly if debug logging is enabled. Modified: tomcat/site/trunk/xdocs/security-model.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-model.xml?rev=1920257&r1=1920256&r2=1920257&view=diff == --- tomcat/site/trunk/xdocs/security-model.xml (original) +++ tomcat/site/trunk/xdocs/security-model.xml Wed Aug 28 21:26:56 2024 @@ -20,9 +20,9 @@ - Administrative users are always considered to be trusted. Reports that - require attacker access to and/or control of any of the following to - succeed will be rejected: + Administrative users are always considered to be trusted. Reports for + vulnerabilities where an attacker already has access to or control over + any of the following will be rejected: The Manager or Host Manager applications provided with Tomcat @@ -37,13 +37,14 @@ Web applications deployed to Tomcat are considered to be trusted. - Vulnerabilities in user provided web applications are application + Vulnerabilities in user-provided web applications are application vulnerabilities, not Tomcat vulnerabilities. Reports of vulnerabilities in the web applications included with - Tomcat will be accepted. Reporters should review the comments about - each of the provided applications in the security considerations - section of the documentation for the version under test. + standard Tomcat distributions will be accepted. Reporters should + review the comments about each of the provided applications in the + security considerations section of the documentation for the version + under test. @@ -58,7 +59,7 @@ connector HTTP headers processed by a RemoteIpValve, SSLValve, equivalent filters or any similar -functionality. +functionality @@ -75,10 +76,10 @@ - Security sensitive information will not be logged with the default + Security-sensitive information will not be logged with the default configuration apart from anything
Re: svn commit: r1920023 - in /tomcat/site/trunk: docs/security-model.html xdocs/security-model.xml
Mark, On 8/27/24 11:59, Mark Thomas wrote: On 26/08/2024 15:18, Christopher Schultz wrote: + Data received by an AJP connector is trusted. Maybe clarify which data you are talking about? I'm guessing that "request attributes" and certain headers should be considered trusted, but the request entity for example is not. Thanks. Good catch. I've updated the docs. Any further changes before I add some links to this page from the security docs? I think: " Vulnerabilities in deployed web applications are application vulnerabilities, not Tomcat vulnerabilities. " ...ought to mention that Tomcat-provided web applications are in-scope for security vulnerability reports. Manager and host-manager are quite important while ROOT, docs, and examples would be limited to e.g. "low importance" because they should never be deployed into a production environment. s/multi-cast/multicast/g This list is sufficiently long that we might want to break it down a little into separate sections with separate titles e.g.: Trusted Environments The following environments, user, and code are always considered trusted. Reports that users with control over these environments will be rejected on the basis that those users are in fact trusted and have administrative or equivalent access: * Deployed web applications * Access via JMX * Access via Java Attach API or other debugging interfaces * ... As I write this, it seems to be falling apart a little. Maybe this comment will spark someone else's creativity. But the list seems to be getting long and I'm a very strong supporter of "Parallel Structure"[1] in writing, and this is all over the place. -chris [1] https://en.wikipedia.org/wiki/Parallelism_(grammar) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Cookie parsing and upcoming updates to RFC6265
Mark, On 8/27/24 11:31, Mark Thomas wrote: On 26/08/2024 15:14, Christopher Schultz wrote: All, On 8/16/24 11:25, Mark Thomas wrote: On 16/08/2024 13:40, Tim Funk wrote: How about missingEqualsCookie="allow | ignore"? The proposed options were: - ignore - name - value By using [allow | ignore] instead of yes/no, it opens the door to additional behaviors. (such as reject which triggers a http error) Agreed. I think maybe we should couple this new configuration attribute with an enabled-by-default Valve (maybe only in 11/12, disabled-by-default in 9/10) that detects empty cookie names and throws an exception and/or returns a 400 response. "ignore" should remove the cookie entirely and allow requests containing these to be serviced. Using the "value" option with this Valve enabled would cause a 400 response. Or it could be worked-into an existing Valve/Filter such as the HttpHeaderSecurityFilter or similar. Or we could add a "reject" option to the configuration setting that triggered an exception. At what stage would this trigger an exception? Coudl the application somehow catch that exception? I would think that a 400 response might make more sense because what does "reject" mean to an application when Tomcat is doing the rejecting? It wouldn't be much different than "ignore" other than you have to tell the client it's being "rejected". That suggests a 400 response to me. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [QUESTION] Purchase UML tool using Google security funding
Mark, On 8/25/24 04:36, Mark Thomas wrote: All, You have probably seen that I am working on updating the UML diagrams we have in the architecture section of the Tomcat documentation. The original diagrams were written in IBM Rational Rose. They were donated by a contributor. I don't thnk any committer ever had access to a license for IBM Rational Rose. That made maintaining them difficult. I managed to find a tool to export them to SVG but they are still very out of date. My expectation is that architecture diagrams like this (and possibly a few more) will be required to meet the CRA requirements. Even if I'm wrong on that, there are other benefits to having up to date diagrams explaining Tomcat's internal structure and how it works such as helping new contributors find their way around the code base. I've found a tool that appears to do everything we need and a lot more with a free community edition - Visual Paradigm - that I have been using to create updated diagrams. The tool is available for Windows, Linux, Mac and has an on-line edition. To ensure we don't end up in the same position as we did with the previous diagrams, I think - as a minimum - we should take copies of the installers for the community edition and put them somewhere safe - I have access to an ASF owned Google Drive we could use. The free version does everything that we want but it does watermark the output when the diagrams are exported. I have been wondering about the benefits of purchasing a license. A perpetual license for the modeler version (the entry level) would cost $99 for a single user. There is a floating license version but that requires a license server to be installed. It is designed for office LANs rather than global collaboration. The main benefit of the license is that it means the exported diagrams don't contain the watermarks (company logo in top-right corner). If we did want to purchase a license (in the name of the Tomcat PMC) we could use the Google security funding since the primary driver for this work is the CRA. Thoughts? Personally, I am leaning towards spending the $99 so we can remove the watermark from the Tomcat docs. 1. $99 is nothing, even if it ends up being tied to a single person. 2. Maybe they would give ASF one of more licenses at no charge? I wouldn't want to put the burden of updating all diagrams on just one committer, even if you are kind of volunteering, here. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: svn commit: r1920023 - in /tomcat/site/trunk: docs/security-model.html xdocs/security-model.xml
Mark, On 8/19/24 07:23, ma...@apache.org wrote: Author: markt Date: Mon Aug 19 11:23:05 2024 New Revision: 1920023 URL: http://svn.apache.org/viewvc?rev=1920023&view=rev Log: Add first draft of security model Added: tomcat/site/trunk/docs/security-model.html tomcat/site/trunk/xdocs/security-model.xml Added: tomcat/site/trunk/docs/security-model.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-model.html?rev=1920023&view=auto == --- tomcat/site/trunk/docs/security-model.html (added) +++ tomcat/site/trunk/docs/security-model.html Mon Aug 19 11:23:05 2024 @@ -0,0 +1,38 @@ + +Apache Tomcat® - Security Modelhttps://www.apachecon.com/event-images/snippet.js";>http://tomcat.apache.org/";>Apache Tomcat®https://www.apache.org/foundation/contributing.html"; target="_blank" class="pull-left">https://www.apache.org/images/SupportApache-smal l.png" class="support-asf" alt="Support Apache">http://www.apache.org/"; target="_blank" class="pull-left">https://www.google.com/search"; method="get">GOApache TomcatHomeTaglibsMaven PluginDownloadWhich version?https://tomcat.apache.org/download -11.cgi">Tomcat 11 (beta)https://tomcat.apache.org/download-10.cgi";>Tomcat 10https://tomcat.apache.org/download-90.cgi";>Tomcat 9https://tomcat.apache.org/download-migration.cgi";>Tomcat Migration Tool for Jakarta EEhttps://tomcat.apache.org/download-connectors.cgi";>Tomcat Connectorshttps://tomcat.apache.org/download-native.cgi";>Tomcat Nativehttps://tomcat.apache.org/download-taglibs.cgi";>Taglibshttps://archive.apache.org/dist/tomcat/";>ArchivesDocumentationTomcat 11.0 (beta)Tomcat 10.1Tomcat 9.0UpgradingTomcat ConnectorsTomcat Native 2Tomcat Native 1.3https://cwiki.apache.org/confluence/display/TOMCAT";>WikiMigration GuidePresentationshttps://cwiki.apache.org/confluence/x/Bi8lBg";>SpecificationsProblems?Security ReportsFind helphttps://cwiki.apache.org/confluence/display/TOMCAT/FAQ";>FAQMailing ListsBug DatabaseIRCGet InvolvedOverviewSource codeBuildbothttps://cwiki.apache.org/confluence/x/vIPzBQ";>TranslationsToolsMediahttps://twitter.com/theapachetomcat";>Twitterhttps://www.youtube.com/c/ApacheTomcatOfficial";>YouTubehttps://blogs.apache.org/tomcat/";>BlogMiscWho We Arehttps://www.redbubble.com/people/comdev/works/30885254-apache-tomcat";>SwagHeritagehttp://www.apache.org";>Apache HomeResourcesContactLegalhttps://privacy.apache.org/policies/privacy-policy-public.html";>Privacyhttps://www.apache.org/foundation/contributing.html";>Support Apachehttps://www.apache.org/foundation/sponsorship.html";>Sponsorshiphttp://www.apache.org/foundation/ thanks.html">Thankshttp://www.apache.org/licenses/";>LicenseContentSecurity model for Apache Tomcat + +This security model is currently in DRAFT from. + +The Apache Tomcat® Security Team reviews reported + vulnerabilities against the following security model: + + + Users with the ability to modify Tomcat and/or application + configuration files and/or binaries are trusted. + Deployed web applications are trusted. + Vulnerabilities in deployed web applications are application + vulnerabilities, not Tomcat vulnerabilities. + Data received by an HTTP connector is untrusted. + Data received by an AJP connector is trusted. + JMX is an administrative interface and users with access to it are + trusted. + The Manager and Host manager web applications are administrative + interfaces and users with access to either of them are considered to + be trusted. + Cluster traffic requires a trusted network unless the + EncryptInterceptor is used in which case confidentiality and integrity + but not availability will be protected. + Multi-cast cluster membership always requires a trusted network. + Security sensitive information will not be logged with the default + configuration apart from anything included in the request URI. + Security sensitive information may be logged with modified logging + configurations, particularly if debug logging is enabled. + + + +Copyright © 1999-2024, The Apache Software Foundation + +Apache Tomcat, Tomcat, Apache, the Apache Tomcat logo and the Apache logo +are either registered trademarks or trademarks of the Apache Software +Foundation. + \ No newline at end of file Added: tomcat/site/trunk/xdocs/security-model.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-model.xml?rev=1920023&view=auto == --- tomcat/site/trunk/xdocs/security-model.xml (added) +++ tomcat/site/trunk/xdocs/security-model.xml Mon Aug 19 11:23:05 2024 @@ -0,0 +1,44 @@ + + + + +Apache Tomcat Project +Security Model + + + + + +This security model is currently in DRAFT from. + +The Apache Tomca
Re: Cookie parsing and upcoming updates to RFC6265
All, On 8/16/24 11:25, Mark Thomas wrote: On 16/08/2024 13:40, Tim Funk wrote: How about missingEqualsCookie="allow | ignore"? The proposed options were: - ignore - name - value By using [allow | ignore] instead of yes/no, it opens the door to additional behaviors. (such as reject which triggers a http error) Agreed. I think maybe we should couple this new configuration attribute with an enabled-by-default Valve (maybe only in 11/12, disabled-by-default in 9/10) that detects empty cookie names and throws an exception and/or returns a 400 response. "ignore" should remove the cookie entirely and allow requests containing these to be serviced. Using the "value" option with this Valve enabled would cause a 400 response. Or it could be worked-into an existing Valve/Filter such as the HttpHeaderSecurityFilter or similar. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Cookie parsing and upcoming updates to RFC6265
Mark, On 8/16/24 04:32, Mark Thomas wrote: On 14/08/2024 19:12, Konstantin Kolinko wrote: I think that 1) We would better switch to "ignore" mode right now, in all supported versions. Based on past experience I am extremely hesitant to change anything related to cookie handling behaviour unless we have to. I'd prefer to use "name" as the default more for 9.0.x and 10.1.x. I'm prepared to be convinced otherwise though. 2) The "empty name" option seems to be the correct behaviour, But as the majority of web applications would not need this feature, I think that\ "ignore" would better remain the default behaviour. No objections to that. I'm going to start working on this "noEqualsCookie" option. Suggestions for a better name still welcome. cookiesWithoutEquals? noEqualsCookie just reads weirdly to me. -chri - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Cookie parsing and upcoming updates to RFC6265
Mark, On 8/14/24 10:29, Mark Thomas wrote: Hi all, The IETF HTTP working group is working on RFC 6265bis (the RFC that will replace RFC 6265). I have been reviewing the changes to see what impact they might have on Tomcat and our users. There are a few changes (e.g. SameSite) we have already implemented. There are quite a few changes that I think don't impact us. And then there is this: Cookie: apple Current Tomcat interprets that as name="apple" value="" RFC 6265 says any name-value-pair from a Set-Cookie string without an "=" should be ignored and the Cookie headers should always use = between the name and the value. RFC 6265bis would required name="", value="apple" when using the relaxed (receiver) parsing. The strict (sender) syntax does not allow a cookie without a name. RFC 6265bis does appear to be consistent with browser intention [1] (at least intentions 10 years ago anyway). So we are currently: - accepting a cookie RFC 6265 says we should ignore - interpreting it the opposite way to apparent browser intention - interpreting it the opposite way to likely RFC 6265bis requirements Given the above, I do wonder to what extent applications are actually using these cookies. So, what should we do? I think we need a new configuration option named "noEqualsCookie" (suggestions for a better name welcome) with three options: - ignore - name - value > Tomcat 9, 10 & 11 have the default set to name so there is no change. Tomcat 12 has the default set to value. Thoughts? What good is a cookie with no name? Is this one of those "optimizations" where an application has only one cookie and doesn't want to waste all those bytes on a pesky cookie _name_? -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Retirement of people.a.o
Mark, On 8/13/24 07:01, Mark Thomas wrote: All, Mostly an FYI but if there are objections do speak up. Infra has recently informed committers that people.a.o is being retired without replacement. A number of us have been hosted presentations on people.a.o which are linked from tomcat.a.o. We'll need to relocate those files elsewhere. My current plan is to copy those files to the site repository and host them alongside the rest of the website docs. I plan on starting on this today and I intend to do all the presentations, not just my own. I suspect some sort of naming convention will evolve. I suspect simply starting with -mm-dd since that will automatically group presentations from the same event together and make things easier to fine. +1 I obviously have some stuff up there, linked from presentations.html. I'll go up there and grab everything just in case. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Create a Tomcat 12 branch?
Mark, On 8/12/24 14:30, Mark Thomas wrote: All, As I mentioned earlier, I am starting work on some new EL API features that will be part of Jakarta EE 12 so implemented in Tomcat 12. How do we want to handle this? My current thinking is: - create a 11.0.x branch from current main - main becomes 12.0.x I'm not expecting releases to start from 12.0.x any time soon. Users that want to experiment with the new features can use snapshots. If we reach a point where snapshots would be useful we can re-assess. The other alternative I thought of was creating my own 12.0.x branch in my fork but that seems wrong. Yes, it means a little more back-porting but (for me at least) that is all scripted and I'm not expecting many conflicts between 12.0.x and 11.0.x. I'd update the CI systems to build 12.0.x. Part of me thinks it is a little odd to be thinking about 12.0.x before 11.0.x is stable but on reflection I think it is a good thing that there is momentum already for new features in Jakarta EE 12. Oh, there is also a small change to the Servlet API we could pick up. Thoughts? Is there anything in Jakarta EE 12 that would actually be _inappropriate_ for us to put into Tomcat 11? -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat Connectors (JK) 1.2.50
Mark, Thanks for RMing. On 8/8/24 10:13, Mark Thomas wrote: Tag: https://github.com/apache/tomcat-connectors/tree/JK_1_2_50 Source: https://github.com/apache/tomcat-connectors/tree/JK_1_2_50 Dist: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/jk/ This is a maintenance release with a handful of dependency updates and bug fixes (compared to 1.2.49). It also includes Windows binaries for IIS. The significant changes are: - Improve shared memory handling on non-Windows The proposed JK 1.2.50 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 1.2.50 +1 for stable release Builds cleanly on Linux x86-64 with gcc 12.2.0 and GNU make 4.3. Works with an HTTP-only application in a development environment. Note that there is an instruction to run "libtool --finish /usr/lib/apache2/modules" which succeeds on my system with no errors and the bold statement: Libraries have been installed in: /usr/lib/apache2/modules The .so file has not, in face, been installed. I don't know if this is a failing of GNU libtool (2.4.7) or our own packaging, messaging, etc. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1919703 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationa
Author: schultz Date: Tue Aug 6 15:16:43 2024 New Revision: 1919703 URL: http://svn.apache.org/viewvc?rev=1919703&view=rev Log: Update web site to include v10.1.28. [This commit notification would consist of 69 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r70729 - /release/tomcat/tomcat-10/v10.1.26/
Author: schultz Date: Tue Aug 6 15:17:17 2024 New Revision: 70729 Log: Remove old release artifacts. Removed: release/tomcat/tomcat-10/v10.1.26/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r70727 - /dev/tomcat/tomcat-10/v10.1.28/ /release/tomcat/tomcat-10/v10.1.28/
Author: schultz Date: Tue Aug 6 14:45:39 2024 New Revision: 70727 Log: Promote v10.1.28 release. Added: release/tomcat/tomcat-10/v10.1.28/ - copied from r70726, dev/tomcat/tomcat-10/v10.1.28/ Removed: dev/tomcat/tomcat-10/v10.1.28/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 10.1.28
All, The following votes were cast: +1: isapir, remm, markt, schultz, rjung There were no other votes cast, therefore the vote passes. I will begin the release process shortly. Thanks, -chris On 8/2/24 13:27, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.28 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. Note that release 10.1.27 was cancelled due to a regression to HTTP/2 handling. That regression has been fixed in this release along with these additional items: The notable changes compared to 10.1.26 are: - Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector.Reponse and then calling the method void sendEarlyHints() - Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. - Ensure statements returned from Statement methods executeQuery(), getResultSet() and getGeneratedKeys() are correctly wrapped before being returned to the caller. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.28/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1508 The tag is: https://github.com/apache/tomcat/tree/10.1.28 https://github.com/apache/tomcat/commit/aae1e30f78ba5ace25848084a500662ecff0b75f Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.93
Rémy, On 8/2/24 19:02, Rémy Maucherat wrote: The proposed Apache Tomcat 9.0.93 release is now available for voting. The notable changes compared to 9.0.91 are: - Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. - Add OpenSSL support for FFM. Using this feature requires Java 22 or newer. - Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector.Reponse and then calling the method void sendEarlyHints() For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.93/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1510 The tag is: https://github.com/apache/tomcat/tree/9.0.93 a33d708d9b078e0d7bc8abda91c8634c4f338d99 The proposed 9.0.93 release is: [ ] -1, Broken - do not release [ ] +1, Stable - go ahead and release as 9.0.93 +1 for stable release. Build is reproducible and the unit tests pass on MacOS x86-64. I still see a weird difference in the -fulldocs package that do not make any sense to me: In the file list: │ │ --rw-r--r-- 000 9426093 2024-08-02 21:24:59.00 tomcat-9.0-doc/api/index-all.html │ │ +-rw-r--r-- 000 9426102 2024-08-02 21:24:59.00 tomcat-9.0-doc/api/index-all.html In the file index-all.html: │ │ -href="org/apache/tomcat/util/compat/Jre22Compat.html#addBootModulePath(java.util.Deque)" class="member-name-link">addBootModulePath(Deque) - Method in class org.apache.tomcat.util.compat.href="org/apache/tomcat/util/compat/Jre22Compat.html" title="class in org.apache.tomcat.util.compat">Jre22Compat │ │ +href="org/apache/tomcat/util/compat/Jre19Compat.html#addBootModulePath(java.util.Deque)" class="member-name-link">addBootModulePath(Deque ) - Method in class org.apache.tomcat.util.compat.href="org/apache/tomcat/util/compat/Jre19Compat.html" title="class in org.apache.tomcat.util.compat">Jre19Compat The "left file" is the one I generated locally while the "right file" is the release artifact. So my build uses Jre22Compat in this javadoc file while yours references Jre19Compat. The file tomcat-9.0-doc/api/member-search-index.js has a similar exchange of Jre22Compat for Jre19Compat. Note that I am using the same 17.0.12+7 compiler you are using plus Java 22.0.2 for the FFM bits. The details below are for my fully-automated tests which always use my latest JRE for everything. I am seeing some unit tests skipped that I am not expecting to be skipped. I wonder if my native components builds are working as expected. Details: * Environment * Testing Apache Tomcat 9.0.93 * Java (build):openjdk version "22.0.2" 2024-07-16 OpenJDK Runtime Environment Temurin-22.0.2+9 (build 22.0.2+9) OpenJDK 64-Bit Server VM Temurin-22.0.2+9 (build 22.0.2+9, mixed mode) * Java (test): 22 ( openjdk version "22.0.2" 2024-07-16 * OS: Darwin 23.5.0 x86_64 * cc: Apple clang version 12.0.5 (clang-1205.0.22.9) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.3.1 4 Jun 2024 (Library: OpenSSL 3.3.1 4 Jun 2024) * APR: 1.7.4 * * Valid SHA-512 signature for apache-tomcat-9.0.93.zip * Valid GPG signature for apache-tomcat-9.0.93.zip * Valid SHA-512 signature for apache-tomcat-9.0.93.tar.gz * Valid GPG signature for apache-tomcat-9.0.93.tar.gz * Valid SHA-512 signature for apache-tomcat-9.0.93.exe * Valid GPG signature for apache-tomcat-9.0.93.exe * Valid Windows Digital Signature for apache-tomcat-9.0.93.exe * Valid SHA512 signature for apache-tomcat-9.0.93-src.zip * Valid GPG signature for apache-tomcat-9.0.93-src.zip * Valid SHA512 signature for apache-tomcat-9.0.93-src.tar.gz * Valid GPG signature for apache-tomcat-9.0.93-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: PASSED -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.0-M24
Coty,
On 8/5/24 14:56, Coty Sutherland wrote:
On Mon, Aug 5, 2024 at 2:43 PM Rainer Jung wrote:
Am 05.08.24 um 20:18 schrieb Coty Sutherland:
I'm testing and see an issue with o.a.c.http2.TestStreamProcessor getting
some unexpected result:
Testcase: testPrepareHeaders[0: loop [0], useAsyncIO[false]] took 0.061
sec
FAILED
expected:<...-Header-[etag]-[W/"9[34]-1447269522000"]
3-H...> but was:<...-Header-[etag]-[W/"9[57]-1447269522000"]
3-H...>
junit.framework.AssertionFailedError:
expected:<...-Header-[etag]-[W/"9[34]-1447269522000"]
3-H...> but was:<...-Header-[etag]-[W/"9[57]-1447269522000"]
3-H...>
at
org.apache.coyote.http2.TestStreamProcessor.testPrepareHeaders(TestStreamProcessor.java:167)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
The test class contains:
// Different line-endings -> different files size -> different
weak eTag
if (JrePlatform.IS_WINDOWS) {
expected.append("3-Header-[etag]-[W/\"957-1447269522000\"]\n");
} else {
expected.append("3-Header-[etag]-[W/\"934-1447269522000\"]\n");
}
The number behind the "W" (weak" in the etag header ist the file size,
the second (correct) number the timestamp. It seems you get the 957 size
exoected for Windows line endings instead of the 934 for Unix line
endings. You could check the file test/webapp/index.html for size/line
endings. Maybe your git settings lead to a DOS checkout instead of a
unix one?
Bah, yeah. It's not a git setting since I'm running the test from the
src.zip but the line endings are Windows (vim flags [noeol][dos]) :) My
fault for trying to run the test suite from the zip on Linux I guess heh
You could use this:
https://github.com/ChristopherSchultz/apache-tomcat-stuff/blob/main/bin/test-tomcat-release.sh
It downloads the tarball and does all of the things.
-chris
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.28
On 8/2/24 13:27, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.28 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. Note that release 10.1.27 was cancelled due to a regression to HTTP/2 handling. That regression has been fixed in this release along with these additional items: The notable changes compared to 10.1.26 are: - Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector.Reponse and then calling the method void sendEarlyHints() - Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. - Ensure statements returned from Statement methods executeQuery(), getResultSet() and getGeneratedKeys() are correctly wrapped before being returned to the caller. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.28/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1508 The tag is: https://github.com/apache/tomcat/tree/10.1.28 https://github.com/apache/tomcat/commit/aae1e30f78ba5ace25848084a500662ecff0b75f Please reply with a +1 for release or +0/-0/-1 with an explanation. +1 for stable release. All unit tests pass on MacOS x86-64 including all the OpenSSL ones that were giving me trouble with 10.1.27. * Environment * Testing Apache Tomcat 10.1.28 * Java (build):openjdk version "22.0.2" 2024-07-16 OpenJDK Runtime Environment Temurin-22.0.2+9 (build 22.0.2+9) OpenJDK 64-Bit Server VM Temurin-22.0.2+9 (build 22.0.2+9, mixed mode) * Java (test): 22 ( openjdk version "22.0.2" 2024-07-16 * OS: Darwin 23.5.0 x86_64 * cc: Apple clang version 12.0.5 (clang-1205.0.22.9) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.3.1 4 Jun 2024 (Library: OpenSSL 3.3.1 4 Jun 2024) * APR: 1.7.4 * * Valid SHA-512 signature for apache-tomcat-10.1.28.zip * Valid GPG signature for apache-tomcat-10.1.28.zip * Valid SHA-512 signature for apache-tomcat-10.1.28.tar.gz * Valid GPG signature for apache-tomcat-10.1.28.tar.gz * Valid SHA-512 signature for apache-tomcat-10.1.28.exe * Valid GPG signature for apache-tomcat-10.1.28.exe * Valid Windows Digital Signature for apache-tomcat-10.1.28.exe * Valid SHA512 signature for apache-tomcat-10.1.28-src.zip * Valid GPG signature for apache-tomcat-10.1.28-src.zip * Valid SHA512 signature for apache-tomcat-10.1.28-src.tar.gz * Valid GPG signature for apache-tomcat-10.1.28-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: PASSED - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Increment version numbers for next release.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new c51ec407e3 Increment version numbers for next release. c51ec407e3 is described below commit c51ec407e3beb898fe9aca3db0ccf4fb5d6fe991 Author: Christopher Schultz AuthorDate: Fri Aug 2 13:29:53 2024 -0400 Increment version numbers for next release. --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index d04a5f1bbd..e8d78a38bd 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=10 version.minor=1 -version.build=28 +version.build=29 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index df15d4dd88..743ddf19db 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=10.1.28 +maven.asf.release.deploy.version=10.1.29 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 6d92a325d5..501b1787b0 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat 10.1.28
The proposed Apache Tomcat 10.1.28 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. Note that release 10.1.27 was cancelled due to a regression to HTTP/2 handling. That regression has been fixed in this release along with these additional items: The notable changes compared to 10.1.26 are: - Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector.Reponse and then calling the method void sendEarlyHints() - Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. - Ensure statements returned from Statement methods executeQuery(), getResultSet() and getGeneratedKeys() are correctly wrapped before being returned to the caller. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.28/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1508 The tag is: https://github.com/apache/tomcat/tree/10.1.28 https://github.com/apache/tomcat/commit/aae1e30f78ba5ace25848084a500662ecff0b75f Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r70665 - in /dev/tomcat/tomcat-10/v10.1.28: ./ bin/ bin/embed/ src/
Author: schultz Date: Fri Aug 2 15:28:36 2024 New Revision: 70665 Log: Upload v10.1.28 for voting Added: dev/tomcat/tomcat-10/v10.1.28/ dev/tomcat/tomcat-10/v10.1.28/KEYS dev/tomcat/tomcat-10/v10.1.28/README.html dev/tomcat/tomcat-10/v10.1.28/RELEASE-NOTES dev/tomcat/tomcat-10/v10.1.28/bin/ dev/tomcat/tomcat-10/v10.1.28/bin/README.html dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-deployer.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-deployer.tar.gz.asc dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-deployer.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-deployer.zip (with props) dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-deployer.zip.asc dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-deployer.zip.sha512 dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-fulldocs.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-fulldocs.tar.gz.asc dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-fulldocs.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-windows-x64.zip (with props) dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-windows-x64.zip.asc dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-windows-x64.zip.sha512 dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-windows-x86.zip (with props) dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-windows-x86.zip.asc dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28-windows-x86.zip.sha512 dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28.exe (with props) dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28.exe.asc dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28.exe.sha512 dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28.tar.gz.asc dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28.zip (with props) dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28.zip.asc dev/tomcat/tomcat-10/v10.1.28/bin/apache-tomcat-10.1.28.zip.sha512 dev/tomcat/tomcat-10/v10.1.28/bin/embed/ dev/tomcat/tomcat-10/v10.1.28/bin/embed/apache-tomcat-10.1.28-embed.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.28/bin/embed/apache-tomcat-10.1.28-embed.tar.gz.asc dev/tomcat/tomcat-10/v10.1.28/bin/embed/apache-tomcat-10.1.28-embed.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.28/bin/embed/apache-tomcat-10.1.28-embed.zip (with props) dev/tomcat/tomcat-10/v10.1.28/bin/embed/apache-tomcat-10.1.28-embed.zip.asc dev/tomcat/tomcat-10/v10.1.28/bin/embed/apache-tomcat-10.1.28-embed.zip.sha512 dev/tomcat/tomcat-10/v10.1.28/src/ dev/tomcat/tomcat-10/v10.1.28/src/apache-tomcat-10.1.28-src.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.28/src/apache-tomcat-10.1.28-src.tar.gz.asc dev/tomcat/tomcat-10/v10.1.28/src/apache-tomcat-10.1.28-src.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.28/src/apache-tomcat-10.1.28-src.zip (with props) dev/tomcat/tomcat-10/v10.1.28/src/apache-tomcat-10.1.28-src.zip.asc dev/tomcat/tomcat-10/v10.1.28/src/apache-tomcat-10.1.28-src.zip.sha512 Added: dev/tomcat/tomcat-10/v10.1.28/KEYS == --- dev/tomcat/tomcat-10/v10.1.28/KEYS (added) +++ dev/tomcat/tomcat-10/v10.1.28/KEYS Fri Aug 2 15:28:36 2024 @@ -0,0 +1,562 @@ +This file contains the PGP&GPG keys of various Apache developers. +Please don't use them for email unless you have to. Their main +purpose is code signing. + +Apache users: pgp < KEYS +Apache developers: +(pgpk -ll && pgpk -xa ) >> this file. + or +(gpg --fingerprint --list-sigs + && gpg --armor --export ) >> this file. + +Apache developers: please ensure that your key is also available via the +PGP keyservers (such as pgpkeys.mit.edu). + + +pub 4096R/2F6059E7 2009-09-18 + Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 +uid Mark E D Thomas +sub 4096R/5E763BEC 2009-09-18 + +-BEGIN PGP PUBLIC KEY BLOCK- +Comment: GPGTools - http://gpgtools.org + +mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX +pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t +6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K +GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz +4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M +UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF +kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn +lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi +GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4
(tomcat) tag 10.1.28 created (now aae1e30f78)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to tag 10.1.28 in repository https://gitbox.apache.org/repos/asf/tomcat.git at aae1e30f78 (commit) This tag includes the following new commits: new aae1e30f78 Tag 10.1.28 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/01: Tag 10.1.28
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to tag 10.1.28 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit aae1e30f78ba5ace25848084a500662ecff0b75f Author: Christopher Schultz AuthorDate: Fri Aug 2 11:25:23 2024 -0400 Tag 10.1.28 --- build.properties.release | 54 +++ res/install-win/Uninstall.exe.sig| Bin 0 -> 10202 bytes res/install-win/tomcat-installer.exe.sig | Bin 0 -> 10202 bytes res/maven/mvn.properties.release | 27 webapps/docs/changelog.xml | 2 +- 5 files changed, 82 insertions(+), 1 deletion(-) diff --git a/build.properties.release b/build.properties.release new file mode 100644 index 00..c2987097b1 --- /dev/null +++ b/build.properties.release @@ -0,0 +1,54 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Any unwanted settings may be over-ridden in a build.properties file located +# in the same directory as this file. + +# Set the version-dev to "" (empty string) as this is not a development release. +version.dev= + +# Ensure consistent timestamps for reproducible builds. +ant.tstamp.now.iso=2024-08-02T15:14:43Z + +# Enable insertion of detached signatures into the Windows installer. +do.codesigning=true + +# Re-use the same GPG executable. +gpg.exec=/usr/local/bin/gpg + +# Reproducible builds require the use of the build tools defined below. The +# vendors (where appropriate) and versions must match exactly for a reproducible +# build since this data is embedded in various files, particularly JAR file +# manifests, as part of the build process. +# +# Apache Ant: Apache Ant(TM) version 1.10.14 compiled on August 16 2023 +# +# Java Name: OpenJDK 64-Bit Server VM +# Java Vendor: Eclipse Adoptium +# Java Version:22.0.2+9 + +# The following is provided for information only. Builds will be repeatable +# whether or not the build environment is consistent with this information. +# +# OS: x86_64 Mac OS X 14.5 +# File encoding: UTF-8 +# +# Release Manager: schultz +release-java-version=22.0.2+9 +release-ant-version=1.10.14 diff --git a/res/install-win/Uninstall.exe.sig b/res/install-win/Uninstall.exe.sig new file mode 100644 index 00..5e67c0f8fa Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ diff --git a/res/install-win/tomcat-installer.exe.sig b/res/install-win/tomcat-installer.exe.sig new file mode 100644 index 00..0506e3f7a9 Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release new file mode 100644 index 00..ddfb322e7b --- /dev/null +++ b/res/maven/mvn.properties.release @@ -0,0 +1,27 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Remove "-dev" from the version since this is not a development release. +maven.asf.release.deploy.version=10.1.28
svn commit: r70664 - /dev/tomcat/tomcat-10/v10.1.27/
Author: schultz Date: Fri Aug 2 15:13:02 2024 New Revision: 70664 Log: Drop failed release Removed: dev/tomcat/tomcat-10/v10.1.27/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Document the failed release.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 1776822ccc Document the failed release. 1776822ccc is described below commit 1776822ccc3a4ca0dd1e7225647fdd20fa4bcb2b Author: Christopher Schultz AuthorDate: Fri Aug 2 11:12:16 2024 -0400 Document the failed release. --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 3d075e1ef2..6d92a325d5 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -114,7 +114,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][CANCELLED] Release Apache Tomcat 10.1.27
All, I am cancelling this release due to the regressions in HTTP/2 recently reported by Rainer and confirmed by Mark. It appears there is a fix immediately available so I expect I'll have a new release candidate ready shortly. -chris On 7/30/24 11:56, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.27 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.26 are: - Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector.Reponse and then calling the method void sendEarlyHints() - Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. - Ensure statements returned from Statement methods executeQuery(), getResultSet() and getGeneratedKeys() are correctly wrapped before being returned to the caller. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.27/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1506 The tag is: https://github.com/apache/tomcat/tree/10.1.27 https://github.com/apache/tomcat/commit/50d264f3bc6c8595a1e611940668fb46d076e0ba Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.27
All, On 7/30/24 11:56, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.27 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.26 are: - Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector.Reponse and then calling the method void sendEarlyHints() - Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. - Ensure statements returned from Statement methods executeQuery(), getResultSet() and getGeneratedKeys() are correctly wrapped before being returned to the caller. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.27/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1506 The tag is: https://github.com/apache/tomcat/tree/10.1.27 https://github.com/apache/tomcat/commit/50d264f3bc6c8595a1e611940668fb46d076e0ba Please reply with a +1 for release or +0/-0/-1 with an explanation. +1 for stable release. Unit tests pass on MacOS except for some which require special configuration in this environment. Taking the build script from 10.1.x/ branch and re-running these tests yields a pass. Works on a vanilla-servlet application in a development environment -- including auto-migration of a JavaEE-based application. Details: * Environment * Testing Apache Tomcat 10.1.27 * Java (build):openjdk version "22.0.2" 2024-07-16 OpenJDK Runtime Environment Temurin-22.0.2+9 (build 22.0.2+9) OpenJDK 64-Bit Server VM Temurin-22.0.2+9 (build 22.0.2+9, mixed mode) * Java (test): 22 ( openjdk version "22.0.2" 2024-07-16 * OS: Darwin 23.5.0 x86_64 * cc: Apple clang version 12.0.5 (clang-1205.0.22.9) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.3.1 4 Jun 2024 (Library: OpenSSL 3.3.1 4 Jun 2024) * APR: 1.7.4 * * Valid SHA-512 signature for apache-tomcat-10.1.27.zip * Valid GPG signature for apache-tomcat-10.1.27.zip * Valid SHA-512 signature for apache-tomcat-10.1.27.tar.gz * Valid GPG signature for apache-tomcat-10.1.27.tar.gz * Valid SHA-512 signature for apache-tomcat-10.1.27.exe * Valid GPG signature for apache-tomcat-10.1.27.exe * Valid Windows Digital Signature for apache-tomcat-10.1.27.exe * Valid SHA512 signature for apache-tomcat-10.1.27-src.zip * Valid GPG signature for apache-tomcat-10.1.27-src.zip * Valid SHA512 signature for apache-tomcat-10.1.27-src.tar.gz * Valid GPG signature for apache-tomcat-10.1.27-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: FAILED * * Tests that failed:^H^H^H^H^H^H^Hpassed: * org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt * org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt * org.apache.tomcat.util.net.TestClientCert.NIO.txt * org.apache.tomcat.util.net.TestClientCert.NIO2.txt * org.apache.tomcat.util.net.TestClientCertTls13.NIO.txt * org.apache.tomcat.util.net.TestClientCertTls13.NIO2.txt * org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO.txt * org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO2.txt - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.92
Rémy, On 7/31/24 04:14, Rémy Maucherat wrote: On Tue, Jul 30, 2024 at 7:06 PM Christopher Schultz wrote: Rémy, Thanks for RMing. On 7/29/24 11:32 PM, Rémy Maucherat wrote: The proposed Apache Tomcat 9.0.92 release is now available for voting. The notable changes compared to 9.0.91 are: - Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. - Add OpenSSL support for FFM. Using this feature requires Java 22 or newer. - Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector.Reponse and then calling the method void sendEarlyHints() For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.92/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1505 The tag is: https://github.com/apache/tomcat/tree/9.0.92 b6ca266795a4245f3c3308a619987136ad46e19a The proposed 9.0.92 release is: [ ] -1, Broken - do not release [ ] +1, Stable - go ahead and release as 9.0.92 +1 for stable release. The build is reproducible[*] and the unit tests pass on MacOS x86-64. [*] The fulldocs package is not identical. Usually this is because of LICENSE files and stuff like that, but this is not the case this time. Instead, the documentation is actually different. My locally-built fulldocs package includes references to the Jre22Compat class while yours includes references to the Jre19Compat class and some other semingly-related differences. The fulldocs at https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.92/bin/apache-tomcat-9.0.92-fulldocs.tar.gz does have Jre22Compat. Jre19Compat has not been removed. Yes, I understand, but diffoscope is showing me that in the fulldocs package, the Javadoc APIs are referencing Jre19Compat instead of Jre22Compat. I'm puzzled, but since it's just documentation I don't really care that much. -chris Since the fulldocs package is not executable, I don't think there is any reason to block the release. Works with a vanilla servlet-based application in a development environment. Details: * Environment * Java (build):openjdk version "22.0.1" 2024-04-16 OpenJDK Runtime Environment Temurin-22.0.1+8 (build 22.0.1+8) OpenJDK 64-Bit Server VM Temurin-22.0.1+8 (build 22.0.1+8, mixed mode) * Java (test): openjdk version "22.0.1" 2024-04-16 OpenJDK Runtime Environment Temurin-22.0.1+8 (build 22.0.1+8) OpenJDK 64-Bit Server VM Temurin-22.0.1+8 (build 22.0.1+8, mixed mode) * Ant: Apache Ant(TM) version 1.10.14 compiled on August 16 2023 * OS: Darwin 21.6.0 x86_64 * cc: Apple clang version 12.0.0 (clang-1200.0.31.1) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024) * APR: 1.7.4 * * Valid SHA-512 signature for apache-tomcat-9.0.92.zip * Valid GPG signature for apache-tomcat-9.0.92.zip * Valid SHA-512 signature for apache-tomcat-9.0.92.tar.gz * Valid GPG signature for apache-tomcat-9.0.92.tar.gz * Valid SHA-512 signature for apache-tomcat-9.0.92.exe * Valid GPG signature for apache-tomcat-9.0.92.exe * Valid SHA512 signature for apache-tomcat-9.0.92-src.zip * Valid GPG signature for apache-tomcat-9.0.92-src.zip * Valid SHA512 signature for apache-tomcat-9.0.92-src.tar.gz * Valid GPG signature for apache-tomcat-9.0.92-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: PASSED - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.0-M23
Markt, Thanks for RMing. On 7/29/24 14:26, Mark Thomas wrote: The proposed Apache Tomcat 11.0.0-M23 release is now available for voting. Apache Tomcat 11.0.0-M23 is a milestone release of the 11.0.x branch and has been made to provide users with early access to the new features in Apache Tomcat 11.0.x so that they may provide feedback. The notable changes compared to the previous milestone include: - Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. - Add FFM compatibility methods for LibreSSL and BoringSSL support. - Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector.Reponse and then calling the method void sendEarlyHints() For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. Applications using deprecated APIs may require further changes. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M23/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1504 The tag is: https://github.com/apache/tomcat/tree/11.0.0-M23 2bf2c6a691ad9f2cf68363123419909cebbb308a The proposed 11.0.0-M23 release is: [ ] -1 Broken - do not release [ ] +1 Beta - go ahead and release as 11.0.0-M23 +1 for beta release The build is 100% reproducible on MacOS x86-84 and most of the unit tests pass. Those tests which are failing will stop failing when using build.xml from trunk and adjustments to local ~/build.properties to set MacOS-specific settings. Now some of those unit tests are skipped ;) Details: * Environment * Testing Apache Tomcat 11.0.0-M23 * Java (build):openjdk version "22.0.2" 2024-07-16 OpenJDK Runtime Environment Temurin-22.0.2+9 (build 22.0.2+9) OpenJDK 64-Bit Server VM Temurin-22.0.2+9 (build 22.0.2+9, mixed mode) * Java (test): 22 ( openjdk version "22.0.2" 2024-07-16 * OS: Darwin 23.5.0 x86_64 * cc: Apple clang version 12.0.5 (clang-1205.0.22.9) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.3.1 4 Jun 2024 (Library: OpenSSL 3.3.1 4 Jun 2024) * APR: 1.7.4 * * Valid SHA-512 signature for apache-tomcat-11.0.0-M23.zip * Valid GPG signature for apache-tomcat-11.0.0-M23.zip * Valid SHA-512 signature for apache-tomcat-11.0.0-M23.tar.gz * Valid GPG signature for apache-tomcat-11.0.0-M23.tar.gz * Valid SHA-512 signature for apache-tomcat-11.0.0-M23.exe * Valid GPG signature for apache-tomcat-11.0.0-M23.exe * Valid Windows Digital Signature for apache-tomcat-11.0.0-M23.exe * Valid SHA512 signature for apache-tomcat-11.0.0-M23-src.zip * Valid GPG signature for apache-tomcat-11.0.0-M23-src.zip * Valid SHA512 signature for apache-tomcat-11.0.0-M23-src.tar.gz * Valid GPG signature for apache-tomcat-11.0.0-M23-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: FAILED * * Tests that failed:^H^H^H^H^H^H^Hwere skipped: * org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt * org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt * org.apache.tomcat.util.net.TestClientCert.NIO.txt * org.apache.tomcat.util.net.TestClientCert.NIO2.txt * org.apache.tomcat.util.net.TestClientCertTls13.NIO.txt * org.apache.tomcat.util.net.TestClientCertTls13.NIO2.txt * org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO.txt * org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO2.txt -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.0-M23
Mark, On 7/29/24 14:26, Mark Thomas wrote: The proposed Apache Tomcat 11.0.0-M23 release is now available for voting. Apache Tomcat 11.0.0-M23 is a milestone release of the 11.0.x branch and has been made to provide users with early access to the new features in Apache Tomcat 11.0.x so that they may provide feedback. The notable changes compared to the previous milestone include: - Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. - Add FFM compatibility methods for LibreSSL and BoringSSL support. - Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector.Reponse and then calling the method void sendEarlyHints() For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. Applications using deprecated APIs may require further changes. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M23/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1504 The tag is: https://github.com/apache/tomcat/tree/11.0.0-M23 2bf2c6a691ad9f2cf68363123419909cebbb308a The proposed 11.0.0-M23 release is: [ ] -1 Broken - do not release [ ] +1 Beta - go ahead and release as 11.0.0-M23 I'm getting unit test failures on MacOS but it looks like they might be due to whatever you are fixing in the build script (and some environment variables). Unit test failures: * org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt * org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt * org.apache.tomcat.util.net.TestClientCert.NIO.txt * org.apache.tomcat.util.net.TestClientCert.NIO2.txt * org.apache.tomcat.util.net.TestClientCertTls13.NIO.txt * org.apache.tomcat.util.net.TestClientCertTls13.NIO2.txt * org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO.txt * org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO2.txt Testcase: testSslEnv[OpenSSL-FFM] took 1.221 sec Caused an ERROR Received fatal alert: no_renegotiation javax.net.ssl.SSLHandshakeException: Received fatal alert: no_renegotiation at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:130) at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:365) at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:287) at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:204) at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1510) at java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1481) at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:1068) at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:291) at java.base/java.io.BufferedInputStream.read1(BufferedInputStream.java:347) at java.base/java.io.BufferedInputStream.implRead(BufferedInputStream.java:420) at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:399) at java.base/sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:827) at java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:759) at java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:786) at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1706) at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1615) at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:531) at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:307) at org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:685) at org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:658) at org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:652) at org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:646) at org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:631) at org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:625)
Re: [VOTE] Release Apache Tomcat 9.0.92
Rémy, Thanks for RMing. On 7/29/24 11:32 PM, Rémy Maucherat wrote: The proposed Apache Tomcat 9.0.92 release is now available for voting. The notable changes compared to 9.0.91 are: - Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. - Add OpenSSL support for FFM. Using this feature requires Java 22 or newer. - Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector.Reponse and then calling the method void sendEarlyHints() For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.92/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1505 The tag is: https://github.com/apache/tomcat/tree/9.0.92 b6ca266795a4245f3c3308a619987136ad46e19a The proposed 9.0.92 release is: [ ] -1, Broken - do not release [ ] +1, Stable - go ahead and release as 9.0.92 +1 for stable release. The build is reproducible[*] and the unit tests pass on MacOS x86-64. [*] The fulldocs package is not identical. Usually this is because of LICENSE files and stuff like that, but this is not the case this time. Instead, the documentation is actually different. My locally-built fulldocs package includes references to the Jre22Compat class while yours includes references to the Jre19Compat class and some other semingly-related differences. Since the fulldocs package is not executable, I don't think there is any reason to block the release. Works with a vanilla servlet-based application in a development environment. Details: * Environment * Java (build):openjdk version "22.0.1" 2024-04-16 OpenJDK Runtime Environment Temurin-22.0.1+8 (build 22.0.1+8) OpenJDK 64-Bit Server VM Temurin-22.0.1+8 (build 22.0.1+8, mixed mode) * Java (test): openjdk version "22.0.1" 2024-04-16 OpenJDK Runtime Environment Temurin-22.0.1+8 (build 22.0.1+8) OpenJDK 64-Bit Server VM Temurin-22.0.1+8 (build 22.0.1+8, mixed mode) * Ant: Apache Ant(TM) version 1.10.14 compiled on August 16 2023 * OS: Darwin 21.6.0 x86_64 * cc: Apple clang version 12.0.0 (clang-1200.0.31.1) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024) * APR: 1.7.4 * * Valid SHA-512 signature for apache-tomcat-9.0.92.zip * Valid GPG signature for apache-tomcat-9.0.92.zip * Valid SHA-512 signature for apache-tomcat-9.0.92.tar.gz * Valid GPG signature for apache-tomcat-9.0.92.tar.gz * Valid SHA-512 signature for apache-tomcat-9.0.92.exe * Valid GPG signature for apache-tomcat-9.0.92.exe * Valid SHA512 signature for apache-tomcat-9.0.92-src.zip * Valid GPG signature for apache-tomcat-9.0.92-src.zip * Valid SHA512 signature for apache-tomcat-9.0.92-src.tar.gz * Valid GPG signature for apache-tomcat-9.0.92-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: PASSED - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Increment version numbers for next release.
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 41ef26d37c Increment version numbers for next release. 41ef26d37c is described below commit 41ef26d37cf513cc9c676d8c9211cf5f82d43910 Author: Christopher Schultz AuthorDate: Tue Jul 30 11:58:44 2024 -0400 Increment version numbers for next release. --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index 103dbbfaed..7aa308a004 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=10 version.minor=1 -version.build=27 +version.build=28 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index 29827d8511..df15d4dd88 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=10.1.27 +maven.asf.release.deploy.version=10.1.28 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index ae672b1cb0..138468f1b3 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat 10.1.27
The proposed Apache Tomcat 10.1.27 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.26 are: - Add support for RFC 8297 (Early Hints). Applications can use this feature by casting the HttpServletResponse to org.apache.catalina.connector.Reponse and then calling the method void sendEarlyHints() - Align HTTP/2 with HTTP/1.1 and recycle the container internal request and response processing objects by default. This behaviour can be controlled via the new discardRequestsAndResponses attribute on the HTTP/2 upgrade protocol. - Ensure statements returned from Statement methods executeQuery(), getResultSet() and getGeneratedKeys() are correctly wrapped before being returned to the caller. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.27/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1506 The tag is: https://github.com/apache/tomcat/tree/10.1.27 https://github.com/apache/tomcat/commit/50d264f3bc6c8595a1e611940668fb46d076e0ba Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r70625 - in /dev/tomcat/tomcat-10/v10.1.27: ./ bin/ bin/embed/ src/
Author: schultz Date: Tue Jul 30 15:49:53 2024 New Revision: 70625 Log: Upload v10.1.27 for voting. Added: dev/tomcat/tomcat-10/v10.1.27/ dev/tomcat/tomcat-10/v10.1.27/KEYS dev/tomcat/tomcat-10/v10.1.27/README.html dev/tomcat/tomcat-10/v10.1.27/RELEASE-NOTES dev/tomcat/tomcat-10/v10.1.27/bin/ dev/tomcat/tomcat-10/v10.1.27/bin/README.html dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-deployer.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-deployer.tar.gz.asc dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-deployer.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-deployer.zip (with props) dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-deployer.zip.asc dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-deployer.zip.sha512 dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-fulldocs.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-fulldocs.tar.gz.asc dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-fulldocs.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-windows-x64.zip (with props) dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-windows-x64.zip.asc dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-windows-x64.zip.sha512 dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-windows-x86.zip (with props) dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-windows-x86.zip.asc dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27-windows-x86.zip.sha512 dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27.exe (with props) dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27.exe.asc dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27.exe.sha512 dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27.tar.gz.asc dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27.zip (with props) dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27.zip.asc dev/tomcat/tomcat-10/v10.1.27/bin/apache-tomcat-10.1.27.zip.sha512 dev/tomcat/tomcat-10/v10.1.27/bin/embed/ dev/tomcat/tomcat-10/v10.1.27/bin/embed/apache-tomcat-10.1.27-embed.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.27/bin/embed/apache-tomcat-10.1.27-embed.tar.gz.asc dev/tomcat/tomcat-10/v10.1.27/bin/embed/apache-tomcat-10.1.27-embed.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.27/bin/embed/apache-tomcat-10.1.27-embed.zip (with props) dev/tomcat/tomcat-10/v10.1.27/bin/embed/apache-tomcat-10.1.27-embed.zip.asc dev/tomcat/tomcat-10/v10.1.27/bin/embed/apache-tomcat-10.1.27-embed.zip.sha512 dev/tomcat/tomcat-10/v10.1.27/src/ dev/tomcat/tomcat-10/v10.1.27/src/apache-tomcat-10.1.27-src.tar.gz (with props) dev/tomcat/tomcat-10/v10.1.27/src/apache-tomcat-10.1.27-src.tar.gz.asc dev/tomcat/tomcat-10/v10.1.27/src/apache-tomcat-10.1.27-src.tar.gz.sha512 dev/tomcat/tomcat-10/v10.1.27/src/apache-tomcat-10.1.27-src.zip (with props) dev/tomcat/tomcat-10/v10.1.27/src/apache-tomcat-10.1.27-src.zip.asc dev/tomcat/tomcat-10/v10.1.27/src/apache-tomcat-10.1.27-src.zip.sha512 Added: dev/tomcat/tomcat-10/v10.1.27/KEYS == --- dev/tomcat/tomcat-10/v10.1.27/KEYS (added) +++ dev/tomcat/tomcat-10/v10.1.27/KEYS Tue Jul 30 15:49:53 2024 @@ -0,0 +1,562 @@ +This file contains the PGP&GPG keys of various Apache developers. +Please don't use them for email unless you have to. Their main +purpose is code signing. + +Apache users: pgp < KEYS +Apache developers: +(pgpk -ll && pgpk -xa ) >> this file. + or +(gpg --fingerprint --list-sigs + && gpg --armor --export ) >> this file. + +Apache developers: please ensure that your key is also available via the +PGP keyservers (such as pgpkeys.mit.edu). + + +pub 4096R/2F6059E7 2009-09-18 + Key fingerprint = A9C5 DF4D 22E9 9998 D987 5A51 10C0 1C5A 2F60 59E7 +uid Mark E D Thomas +sub 4096R/5E763BEC 2009-09-18 + +-BEGIN PGP PUBLIC KEY BLOCK- +Comment: GPGTools - http://gpgtools.org + +mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX +pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t +6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K +GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz +4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M +UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF +kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn +lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi +GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4
(tomcat) tag 10.1.27 created (now 50d264f3bc)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a change to tag 10.1.27 in repository https://gitbox.apache.org/repos/asf/tomcat.git at 50d264f3bc (commit) This tag includes the following new commits: new 50d264f3bc Tag 10.1.27 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) 01/01: Tag 10.1.27
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to tag 10.1.27 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 50d264f3bc6c8595a1e611940668fb46d076e0ba Author: Christopher Schultz AuthorDate: Tue Jul 30 11:48:15 2024 -0400 Tag 10.1.27 --- build.properties.release | 54 +++ res/install-win/Uninstall.exe.sig| Bin 0 -> 10202 bytes res/install-win/tomcat-installer.exe.sig | Bin 0 -> 10202 bytes res/maven/mvn.properties.release | 27 webapps/docs/changelog.xml | 2 +- 5 files changed, 82 insertions(+), 1 deletion(-) diff --git a/build.properties.release b/build.properties.release new file mode 100644 index 00..c44fb9d307 --- /dev/null +++ b/build.properties.release @@ -0,0 +1,54 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Any unwanted settings may be over-ridden in a build.properties file located +# in the same directory as this file. + +# Set the version-dev to "" (empty string) as this is not a development release. +version.dev= + +# Ensure consistent timestamps for reproducible builds. +ant.tstamp.now.iso=2024-07-30T15:42:36Z + +# Enable insertion of detached signatures into the Windows installer. +do.codesigning=true + +# Re-use the same GPG executable. +gpg.exec=/usr/local/bin/gpg + +# Reproducible builds require the use of the build tools defined below. The +# vendors (where appropriate) and versions must match exactly for a reproducible +# build since this data is embedded in various files, particularly JAR file +# manifests, as part of the build process. +# +# Apache Ant: Apache Ant(TM) version 1.10.14 compiled on August 16 2023 +# +# Java Name: OpenJDK 64-Bit Server VM +# Java Vendor: Eclipse Adoptium +# Java Version:22.0.2+9 + +# The following is provided for information only. Builds will be repeatable +# whether or not the build environment is consistent with this information. +# +# OS: x86_64 Mac OS X 14.5 +# File encoding: UTF-8 +# +# Release Manager: schultz +release-java-version=22.0.2+9 +release-ant-version=1.10.14 diff --git a/res/install-win/Uninstall.exe.sig b/res/install-win/Uninstall.exe.sig new file mode 100644 index 00..3dafbc7790 Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ diff --git a/res/install-win/tomcat-installer.exe.sig b/res/install-win/tomcat-installer.exe.sig new file mode 100644 index 00..d69ad96e55 Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release new file mode 100644 index 00..b3663b3c29 --- /dev/null +++ b/res/maven/mvn.properties.release @@ -0,0 +1,27 @@ +# - +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# - + +# This file was auto-generated by the pre-release Ant target. + +# Remove "-dev" from the version since this is not a development release. +maven.asf.release.deploy.version=10.1.27
Re: Simplifying JreCompat
Rémy, On 7/25/24 17:49, Rémy Maucherat wrote: On Thu, Jul 25, 2024 at 10:34 PM Mark Thomas wrote: As per Rémy's suggestion, I've been looking simplifying JreCompat to only support LTS versions and anything more recent than the newest LTS. That would mean: - Tomcat 9 only - Jre9Compat is renamed to Jre11Compat - Tomcat 9 and 10 - Jre16Compat is renamed to Jre17Compat - All versions - Jre18Compat and Jre19Compat are merged into the existing Jre21Compat Jre22Compat would be unchanged. So the only real change is merging Jre18Compat, Jre19Compat and Jre21Compat into a single, larger Jre21Compat. I'm on the fence as to whether this is worth doing. Thoughts? Changing the existing does not seem that worthwhile. I sent the idea because adding a Java 18 class now seemed weird. +1 Since we've never "supported" Java 18/19 specifically, I think we can just merge Jre18Compat + Jre19Compat -> Jre21Compat and call it a day. (Looks like you've already done that; I'm late to the conversation but figured I'd reinforce the decision.) -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Performance improvements for HTTP/2
Mark, On 7/24/24 02:27, Mark Thomas wrote: On 23/07/2024 21:30, Christopher Schultz wrote: Mark, On 7/23/24 13:13, Mark Thomas wrote: Prompted by some folks at $dayjob, I have been looking at the performance of Tomcat's HTTP/2 implementation using [1] Initially, I was seeing ~79k req/s. Restoring lazy init for the StreamInputBuffer increased that to ~106k req/s. O_O Moving the HttpParser from Processor to Protocol increased that to ~108k req/s. Now I am looking at recycling and reusing the coyote request and response. That increases throughput to 124k req/s. This information would be good to put (with a datestamp and environmental details) into the documentation for discardFacades and/or similar capabilities. In Bratislava, we idly speculated that "throwing those objects away should not affect performance much and improve security" but if it really is a 15% speed improvement, it might be really critical for some applications. It really does depend on which objects you are talking about. Looking at the flame graph for HTTP/2, it appears that the objects that require the creation of buffers are the expensive ones to create. I thought we were talking about the (inexpensive) facades in Bratislava. Someone (I forget who) tested the performance impact of not recycling the processors and it was horrible. Given the significant performance increase I am considering the following: - switching HTTP/2 to recycle and reuse coyote request and response objects by default Note that we just changed that default in the other direction for HTTP/1.1. I think we should probably be consistent. I think you might be getting your objects mixed up. Indeed. I was thinking we were freeing all objects and not just the facades. There are three sets: a) coyote request/response b) catalina request/response c) catalina request/response facade Currently HTTP/2 recreates all of the above for every stream. HTTP/1.1 always recycles and re-uses a) and b). It is c) that we changed to always create new objects by default for 9.0.x (to align with 10.1.x and 11.0.x). Ack. This proposal would align HTTP/2 with HTTP/1.1 and recycle and re-use a) and b) by default but with an option to re-create every time (mainly in case there is a regression due to an application and/or Tomcat issue). Okay than I'm +1 because that actually aligns entirely with our recent decision, except that it's not possible to re-use facades at all which I'm okay with. - providing an option to restore the current behaviour of creating a new coyote request and response object for every HTTP/2 stream +1 but with a different default. If that is for alignment with HTTP/1.1 then I disagree. We should recycle and re-use a) and b). If it is to avoid possible regressions then I think there is a discussion to be had due to the the performance benefits vs regression risk trade off. +1 -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: TCK CI runs
Mark, On 7/24/24 02:16, Mark Thomas wrote: On 23/07/2024 23:38, Christopher Schultz wrote: On 7/23/24 03:05, Mark Thomas wrote: Given that we are free to make factual statements such as "Tomcat 11.0.x passes the latest Annotations, EL, Pages, Servlet and WebSocket TCKs" or "Tomcat 11.0.0-M20 is a compatible implementation of the Jakarta Servlet 6.0 specification" I'm not at all convinced of the need to use a logo. It looks like we might be able to get a pass... sort of. From [1]: " Use of the “Jakarta EE Compatible” mark is limited to use in conjunction with Compatible Software Products (as defined below) distributed by: Participant, Enterprise or Strategic Members of the Jakarta EE WG who are also licensees under the Jakarta EE Compatibility Trademark License Agreement; or Guest Members of the Jakarta EE WG, if: Use of the Jakarta EE Compatible mark is approved unanimously by the Jakarta EE WG Steering Committee; and Such Guest Members are also licensees under the Eclipse Foundation Trademark License. " So we would need to be a licensee of their trademark license. We could ask to become a "Guest Member" of the Jakarta EE WG. I don't know what that entails. The ASF is currently: - an associate Eclipse Foundation member [1] - a guest member of the Jakarta EE working group [2] The trademark license agreement [3] requires (section 2.2) that the ASF is both: (i) be a Qualified Eclipse Member (ii) be a Qualified Working Group Member As per the definitions: “Qualified Eclipse Member” shall mean a Strategic or Contributing Member of Eclipse “Qualified Working Group Member” shall mean a Participant, Enterprise or Strategic Member of a Working Group. The ASF doesn't, currently, meet either of those requirements. There are other requirements around passing the TCK and publishing the results that I believe we can/do easily meet. Aw. :/ Even if Eclipse was amenable to the ASF meeting the above requirements at zero cost to the ASF (probably possible) there is the time and effort require to make that happen. While overcoming all of the above is possible, it seems like a lot of work to gain permission to use a logo none of our users seem concerned about. I'm not even sure any of them care about formal certification. They certainly never ask about it. Yep, I totally get it. Honestly nobody really does care. It would just be nice to be recognized without all the fuss. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: TCK CI runs
Mark, On 7/23/24 03:05, Mark Thomas wrote: On 22/07/2024 23:33, Christopher Schultz wrote: Mark, On 7/22/24 12:53, Mark Thomas wrote: All, Today I have configured the tomcat-tck repository to run the EL, Servlet, Pages and WebSocket TCKs once every day for all combinations of JDK 17 & 21, Ubuntu latest, MacOS latest and Windows latest using GitHub actions. There were a few issues to iron out but these should now all be resolved. The TCK will run at just after 08.00 UTC every day and it will use the latest Tomcat 11 SNAPSHOT (these are updated on every commit by buildbot). Windows seems to take a little longer than the others but the full TCK run (all four TCKs) is complete in just under 25 minutes. Considering it used to take longer than that to run any of the old TCKs, kudos to the Jakarta EE folks that have been working on the refactoring. Tomcat 11.0.x currently passes the TCK (as it should). I have no plans to formally certify Tomcat as passing the TCK over and above what I have already completed as part of the release process for each of the specifications (the specification release process requires at least one compatible implementation). Nice work. My guess is that getting Tomcat to be formally-certified would take (1) money (2) politics and (3) other stuff nobody wants to deal with any time soon. For certification the bar is pretty low. It would probably take longer on the Eclipse side getting the certified version added to the various websites than it would be on the ASF side doing the actual certification. Whether even that low level of effort is something we want to do is TBD. There is very little (no?) demand from users for formal certification. The real value to me is in running and passing the tests. Therefore, I'll probably use the tomcat-tck repo to test each release candidate as it is published and include those results in my vote. I haven't figured out how to automate that but I am thinking about it. If we want to use the "Jakarta EE compatible" logo then that is where we hit your points 1, 2 and 3 in spades. We'd need to sign a trademark agreement and my reading of that is that the ASF does not currently have the right membership of Eclipse to be able to use the logo. Fixing that looks likely to take some time and politics to resolve - particularly since the ASF is unlikely to want to pay for am Eclipse membership. Given that we are free to make factual statements such as "Tomcat 11.0.x passes the latest Annotations, EL, Pages, Servlet and WebSocket TCKs" or "Tomcat 11.0.0-M20 is a compatible implementation of the Jakarta Servlet 6.0 specification" I'm not at all convinced of the need to use a logo. It looks like we might be able to get a pass... sort of. From [1]: " Use of the “Jakarta EE Compatible” mark is limited to use in conjunction with Compatible Software Products (as defined below) distributed by: Participant, Enterprise or Strategic Members of the Jakarta EE WG who are also licensees under the Jakarta EE Compatibility Trademark License Agreement; or Guest Members of the Jakarta EE WG, if: Use of the Jakarta EE Compatible mark is approved unanimously by the Jakarta EE WG Steering Committee; and Such Guest Members are also licensees under the Eclipse Foundation Trademark License. " So we would need to be a licensee of their trademark license. We could ask to become a "Guest Member" of the Jakarta EE WG. I don't know what that entails. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat Native 2.0.8
Mark, Thanks for RMing. On 7/17/24 15:51, Mark Thomas wrote: The key differences of version 2.0.8 compared to 2.0.7 are: - Fix a crash on Windows when SSLContext.setCACertificate() is invoked with a null value for caCertificateFile and a non-null value for caCertificatePath - The windows binaries in this release have been built with OpenSSL 3.0.14 and APR 1.7.4 The 2.0.x branch is primarily intended for use with Tomcat 10.1.x onwards but can be used with earlier versions as long as the APR/native connector is not used. The proposed release artifacts can be found at [1], and the build was done using tag [2]. The Apache Tomcat Native 2.0.8 release is [ ] Stable, go ahead and release [ ] Broken because of ... +1 for stable release Builds with deprecation warnings on MacOS x86-64 with clang, APR 1.7.4 and OpenSSL 3.3.1. Tested with Tomcat 10.1.26 and NIO+OpenSSL on the same platform with Java 22.0.1. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Performance improvements for HTTP/2
Mark, On 7/23/24 13:13, Mark Thomas wrote: Prompted by some folks at $dayjob, I have been looking at the performance of Tomcat's HTTP/2 implementation using [1] Initially, I was seeing ~79k req/s. Restoring lazy init for the StreamInputBuffer increased that to ~106k req/s. O_O Moving the HttpParser from Processor to Protocol increased that to ~108k req/s. Now I am looking at recycling and reusing the coyote request and response. That increases throughput to 124k req/s. This information would be good to put (with a datestamp and environmental details) into the documentation for discardFacades and/or similar capabilities. In Bratislava, we idly speculated that "throwing those objects away should not affect performance much and improve security" but if it really is a 15% speed improvement, it might be really critical for some applications. Given the significant performance increase I am considering the following: - switching HTTP/2 to recycle and reuse coyote request and response objects by default Note that we just changed that default in the other direction for HTTP/1.1. I think we should probably be consistent. - providing an option to restore the current behaviour of creating a new coyote request and response object for every HTTP/2 stream +1 but with a different default. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat Native 1.3.1
Mark, Thanks for RMing. On 7/18/24 06:00, Mark Thomas wrote: The key differences compared to 1.3.0 are: - Fix a crash on Windows when SSLContext.setCACertificate() is invoked with a null value for caCertificateFile and a non-null value for caCertificatePath - The windows binaries in this release have been built with OpenSSL 3.0.14 and APR 1.7.4 The proposed release artifacts can be found at [1], and the build was done using tag [2]. The Apache Tomcat Native 1.3.1 release is [ ] Stable, go ahead and release [ ] Broken because of ... +1 for stable release Built with deprecation warnings on MacOS x86-64 with clang, APR 1.7.4 and OpenSSL 3.3.1. Tested on Tomcat 9.0.85 with the APR and NIO+OpenSSL connectors. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: TCK CI runs
Mark, On 7/23/24 03:05, Mark Thomas wrote: On 22/07/2024 23:33, Christopher Schultz wrote: Mark, On 7/22/24 12:53, Mark Thomas wrote: All, Today I have configured the tomcat-tck repository to run the EL, Servlet, Pages and WebSocket TCKs once every day for all combinations of JDK 17 & 21, Ubuntu latest, MacOS latest and Windows latest using GitHub actions. There were a few issues to iron out but these should now all be resolved. The TCK will run at just after 08.00 UTC every day and it will use the latest Tomcat 11 SNAPSHOT (these are updated on every commit by buildbot). Windows seems to take a little longer than the others but the full TCK run (all four TCKs) is complete in just under 25 minutes. Considering it used to take longer than that to run any of the old TCKs, kudos to the Jakarta EE folks that have been working on the refactoring. Tomcat 11.0.x currently passes the TCK (as it should). I have no plans to formally certify Tomcat as passing the TCK over and above what I have already completed as part of the release process for each of the specifications (the specification release process requires at least one compatible implementation). Nice work. My guess is that getting Tomcat to be formally-certified would take (1) money (2) politics and (3) other stuff nobody wants to deal with any time soon. For certification the bar is pretty low. It would probably take longer on the Eclipse side getting the certified version added to the various websites than it would be on the ASF side doing the actual certification. Whether even that low level of effort is something we want to do is TBD. There is very little (no?) demand from users for formal certification. +1 Anyone who needs certification also wants other things and other vendors, including TomEE can provide those things. The real value to me is in running and passing the tests. Therefore, I'll probably use the tomcat-tck repo to test each release candidate as it is published and include those results in my vote. I haven't figured out how to automate that but I am thinking about it. Watch the /dev/ directory in svn for staged-releases and kick-off the TCKs when they appear? Writing the results somewhere public would be fantastic. Not exactly a GitHub Action but it seems doable. If we want to use the "Jakarta EE compatible" logo then that is where we hit your points 1, 2 and 3 in spades. Aha. I'll just draw one in crayon and put it up on the Tomcat web site. It will be funny it we don't get sued. We'd need to sign a trademark agreement and my reading of that is that the ASF does not currently have the right membership of Eclipse to be able to use the logo. Fixing that looks likely to take some time and politics to resolve - particularly since the ASF is unlikely to want to pay for am Eclipse membership. Given that we are free to make factual statements such as "Tomcat 11.0.x passes the latest Annotations, EL, Pages, Servlet and WebSocket TCKs" or "Tomcat 11.0.0-M20 is a compatible implementation of the Jakarta Servlet 6.0 specification" I'm not at all convinced of the need to use a logo. https://www.youtube.com/watch?v=6_HBmZuJlHs I wonder if we made it so easy to certify (e.g. automated builds and automated TCK executions) that someone else might just do it for us (I'm looking at you, /Eclipse Foundation/.. I seem to remember a conference presentation about how important Tomcat was to Eclipse). It is easy enough for anyone to perform the certification. I just meant kinda being able to run a single command to do all the things, including fetch the release to be tested. I haven't checked-out the tomcat-tck project to test; maybe you've already done that. But if the first step of the instructions is "okay, go download these 19 things" nobody will ever do it. I find that every tie I want to build httpd from source I have that experience, and it totally sucks. When the TCK runs, does it produce a report which includes the identities of the files that were used to run produce that report? Specifically, I'm wondering if the TCK report can be used to verify that a *specific release* has passed and TCK and that can be verified by an external observer. No. But all the information required is there in the Maven build. It probably needs a simple(ish) Maven plugin to generate it. Cool. I'm not volunteering to add TCK runs as part of the standard release process but if "anyone" could produce a TCK report which shows the entirely-reproducible build that is Tomcat x.y.z is what has been tested, that would be really great. It should only take a couple of minutes to generate the required information manually from one of the GitHub action runs. Instead of just "trust me, I ran it on my machine and this report says it passed", anyone could verif
Re: TCK CI runs
Mark, On 7/22/24 12:53, Mark Thomas wrote: All, Today I have configured the tomcat-tck repository to run the EL, Servlet, Pages and WebSocket TCKs once every day for all combinations of JDK 17 & 21, Ubuntu latest, MacOS latest and Windows latest using GitHub actions. There were a few issues to iron out but these should now all be resolved. The TCK will run at just after 08.00 UTC every day and it will use the latest Tomcat 11 SNAPSHOT (these are updated on every commit by buildbot). Windows seems to take a little longer than the others but the full TCK run (all four TCKs) is complete in just under 25 minutes. Considering it used to take longer than that to run any of the old TCKs, kudos to the Jakarta EE folks that have been working on the refactoring. Tomcat 11.0.x currently passes the TCK (as it should). I have no plans to formally certify Tomcat as passing the TCK over and above what I have already completed as part of the release process for each of the specifications (the specification release process requires at least one compatible implementation). Nice work. My guess is that getting Tomcat to be formally-certified would take (1) money (2) politics and (3) other stuff nobody wants to deal with any time soon. I wonder if we made it so easy to certify (e.g. automated builds and automated TCK executions) that someone else might just do it for us (I'm looking at you, /Eclipse Foundation/.. I seem to remember a conference presentation about how important Tomcat was to Eclipse). When the TCK runs, does it produce a report which includes the identities of the files that were used to run produce that report? Specifically, I'm wondering if the TCK report can be used to verify that a *specific release* has passed and TCK and that can be verified by an external observer. I'm not volunteering to add TCK runs as part of the standard release process but if "anyone" could produce a TCK report which shows the entirely-reproducible build that is Tomcat x.y.z is what has been tested, that would be really great. Instead of just "trust me, I ran it on my machine and this report says it passed", anyone could verify that the same artifacts we released were the ones the TCK was run on. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: Add release date
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 46fd8b82b0 Add release date 46fd8b82b0 is described below commit 46fd8b82b0240392c9fd584d7e157c863ed7264d Author: Christopher Schultz AuthorDate: Fri Jul 12 11:53:01 2024 -0400 Add release date --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 5d050dabe6..a73a11c0c3 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -106,7 +106,7 @@ --> - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r70267 - /release/tomcat/tomcat-10/v10.1.25/
Author: schultz Date: Fri Jul 12 15:51:56 2024 New Revision: 70267 Log: Drop old release artifacts Removed: release/tomcat/tomcat-10/v10.1.25/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1919166 - in /tomcat/site/trunk: ./ docs/ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationa
Author: schultz Date: Fri Jul 12 15:48:53 2024 New Revision: 1919166 URL: http://svn.apache.org/viewvc?rev=1919166&view=rev Log: Announce v10.1.26 [This commit notification would consist of 63 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 10.1.26
All, The following votes were cast: +1 remm, schultz, rjung, csutherl Non-binding: +1: dsoumis There were no other votes, therefore the vote passes. Thanks to everyone who contributed toward this release. Thanks, -chris The proposed Apache Tomcat 10.1.26 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.25 are: - Move OpenSSL support using FFM to a separate JAR named tomcat-coyote-ffm.jar that advertises Java 22 in its manifest. - When using include directives in a tag file packaged in a JAR file, ensure that the include directives are processed correctly. - Expand the implementation of the filter value of the Authenticator attribute allowCorsPreflight, so that it applies to all requests that match the configured URL patterns for the CORS filter, rather than only applying if the CORS filter is mapped to /* For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.26/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1502 The tag is: https://github.com/apache/tomcat/tree/10.1.26 https://github.com/apache/tomcat/commit/43731ff263f74ec9949a3f535fd9254baa932603 Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r70266 - /dev/tomcat/tomcat-10/v10.1.26/ /release/tomcat/tomcat-10/v10.1.26/
Author: schultz Date: Fri Jul 12 15:42:33 2024 New Revision: 70266 Log: Promote v10.1.26 to release Added: release/tomcat/tomcat-10/v10.1.26/ - copied from r70265, dev/tomcat/tomcat-10/v10.1.26/ Removed: dev/tomcat/tomcat-10/v10.1.26/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.26 (need more votes)
All, I actually need to get at least one more vote on this release in order to push it out. Can anyone else give it a once-over and add their vote? Thanks, -chris On 7/7/24 18:07, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.26 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.25 are: - Move OpenSSL support using FFM to a separate JAR named tomcat-coyote-ffm.jar that advertises Java 22 in its manifest. - When using include directives in a tag file packaged in a JAR file, ensure that the include directives are processed correctly. - Expand the implementation of the filter value of the Authenticator attribute allowCorsPreflight, so that it applies to all requests that match the configured URL patterns for the CORS filter, rather than only applying if the CORS filter is mapped to /* For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.26/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1502 The tag is: https://github.com/apache/tomcat/tree/10.1.26 https://github.com/apache/tomcat/commit/43731ff263f74ec9949a3f535fd9254baa932603 Please reply with a +1 for release or +0/-0/-1 with an explanation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 10.1.x updated: fix typos (#741)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new a7638952aa fix typos (#741) a7638952aa is described below commit a7638952aa2a5dcb8d261ea64cdf614f37f227d4 Author: rafaeldeoliveira AuthorDate: Thu Jul 11 12:55:36 2024 -0300 fix typos (#741) --- webapps/docs/config/executor.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/webapps/docs/config/executor.xml b/webapps/docs/config/executor.xml index f0e7e0fa3e..266f12e801 100644 --- a/webapps/docs/config/executor.xml +++ b/webapps/docs/config/executor.xml @@ -77,7 +77,7 @@ - This implemtenation uses a pool of platform threads to execute the tasks assigned to the Executor. + This implementation uses a pool of platform threads to execute the tasks assigned to the Executor. The className attribute must be org.apache.catalina.core.StandardThreadExecutor to use this implementation. @@ -126,7 +126,7 @@ - This implemtenation uses a new virtual thread to execute each task assigned to the Executor. This Executor requires + This implementation uses a new virtual thread to execute each task assigned to the Executor. This Executor requires a minimum Java version of Java 21. The className attribute must be org.apache.catalina.core.StandardVirtualThreadExecutor to - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: fix typos (#741)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 81be56a0e6 fix typos (#741) 81be56a0e6 is described below commit 81be56a0e66185f20c12c9e11b5cd085e9cdf213 Author: rafaeldeoliveira AuthorDate: Thu Jul 11 12:55:36 2024 -0300 fix typos (#741) --- webapps/docs/config/executor.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/webapps/docs/config/executor.xml b/webapps/docs/config/executor.xml index f0e7e0fa3e..266f12e801 100644 --- a/webapps/docs/config/executor.xml +++ b/webapps/docs/config/executor.xml @@ -77,7 +77,7 @@ - This implemtenation uses a pool of platform threads to execute the tasks assigned to the Executor. + This implementation uses a pool of platform threads to execute the tasks assigned to the Executor. The className attribute must be org.apache.catalina.core.StandardThreadExecutor to use this implementation. @@ -126,7 +126,7 @@ - This implemtenation uses a new virtual thread to execute each task assigned to the Executor. This Executor requires + This implementation uses a new virtual thread to execute each task assigned to the Executor. This Executor requires a minimum Java version of Java 21. The className attribute must be org.apache.catalina.core.StandardVirtualThreadExecutor to - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch main updated: fix typos (#741)
This is an automated email from the ASF dual-hosted git repository. schultz pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 5900a15c6b fix typos (#741) 5900a15c6b is described below commit 5900a15c6bb30f12b4f515d18115489d25c71286 Author: rafaeldeoliveira AuthorDate: Thu Jul 11 12:55:36 2024 -0300 fix typos (#741) --- webapps/docs/config/executor.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/webapps/docs/config/executor.xml b/webapps/docs/config/executor.xml index 84cc54b4f8..eb3a901164 100644 --- a/webapps/docs/config/executor.xml +++ b/webapps/docs/config/executor.xml @@ -77,7 +77,7 @@ - This implemtenation uses a pool of platform threads to execute the tasks assigned to the Executor. + This implementation uses a pool of platform threads to execute the tasks assigned to the Executor. The className attribute must be org.apache.catalina.core.StandardThreadExecutor to use this implementation. @@ -126,7 +126,7 @@ - This implemtenation uses a new virtual thread to execute each task assigned to the Executor. + This implementation uses a new virtual thread to execute each task assigned to the Executor. The className attribute must be org.apache.catalina.core.StandardVirtualThreadExecutor to use this implementation. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.26
All, On 7/7/24 18:07, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.26 release is now available for voting. All committers and PMC members are kindly requested to provide a vote if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes are binding. We welcome non-committer votes or comments on release builds. The notable changes compared to 10.1.25 are: - Move OpenSSL support using FFM to a separate JAR named tomcat-coyote-ffm.jar that advertises Java 22 in its manifest. - When using include directives in a tag file packaged in a JAR file, ensure that the include directives are processed correctly. - Expand the implementation of the filter value of the Authenticator attribute allowCorsPreflight, so that it applies to all requests that match the configured URL patterns for the CORS filter, rather than only applying if the CORS filter is mapped to /* For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.26/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1502 The tag is: https://github.com/apache/tomcat/tree/10.1.26 https://github.com/apache/tomcat/commit/43731ff263f74ec9949a3f535fd9254baa932603 Please reply with a +1 for release or +0/-0/-1 with an explanation. +1 for stable release Build is reproducible on macos arm64. Some unit tests failed, but only with the OpenSSL-FFM because it is picking-up my system's deafult LibreSSL library for which client-renegotiation is known not to work. All other unit tests are passing as expected (including OpenSSL-JSSE). * Environment * Java (build):openjdk version "22.0.1" 2024-04-16 OpenJDK Runtime Environment Temurin-22.0.1+8 (build 22.0.1+8) OpenJDK 64-Bit Server VM Temurin-22.0.1+8 (build 22.0.1+8, mixed mode) * Java (test): openjdk version "22.0.1" 2024-04-16 OpenJDK Runtime Environment Temurin-22.0.1+8 (build 22.0.1+8) OpenJDK 64-Bit Server VM Temurin-22.0.1+8 (build 22.0.1+8, mixed mode) * Ant: Apache Ant(TM) version 1.10.14 compiled on August 16 2023 * OS: Darwin 23.5.0 arm64 * cc: Apple clang version 15.0.0 (clang-1500.3.9.4) * make:GNU Make 3.81 * OpenSSL: OpenSSL 3.3.1 4 Jun 2024 (Library: OpenSSL 3.3.1 4 Jun 2024) * APR: 1.7.4 * * Valid SHA-512 signature for apache-tomcat-10.1.26.zip * Valid GPG signature for apache-tomcat-10.1.26.zip * Valid SHA-512 signature for apache-tomcat-10.1.26.tar.gz * Valid GPG signature for apache-tomcat-10.1.26.tar.gz * Valid SHA-512 signature for apache-tomcat-10.1.26.exe * Valid GPG signature for apache-tomcat-10.1.26.exe * Valid SHA512 signature for apache-tomcat-10.1.26-src.zip * Valid GPG signature for apache-tomcat-10.1.26-src.zip * Valid SHA512 signature for apache-tomcat-10.1.26-src.tar.gz * Valid GPG signature for apache-tomcat-10.1.26-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: FAILED * * Tests that failed: * org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt * org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt * org.apache.tomcat.util.net.TestClientCert.NIO.txt * org.apache.tomcat.util.net.TestClientCert.NIO2.txt * org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO.txt * org.apache.tomcat.util.net.TestCustomSslTrustManager.NIO2.txt - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
(tomcat) branch 9.0.x updated: Add pre-release summary message.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new cc47f2cc28 Add pre-release summary message.
cc47f2cc28 is described below
commit cc47f2cc28196fef418340248653fc1c3e463604
Author: Christopher Schultz
AuthorDate: Mon Jul 8 09:54:19 2024 -0400
Add pre-release summary message.
---
build.xml | 7 +++
1 file changed, 7 insertions(+)
diff --git a/build.xml b/build.xml
index 219be34f20..74acbb349b 100644
--- a/build.xml
+++ b/build.xml
@@ -2790,6 +2790,13 @@ asf.ldap.username=${release.asfusername}
byline="true"
match="<section name="Tomcat
${version.major}.${version.minor}.${version.build}${version.suffix}
\([^)]*\).*>"
replace="<section name="Tomcat
${version.major}.${version.minor}.${version.build}${version.suffix}
\(${release.asfusername}\)" rtext="">" />
+
+=
+
+Configured for ${release.asfusername} to release Tomcat
${version.major}.${version.minor}.${version.build}${version.suffix} using Java
${java.vm.version} and ant ${antversion}
+
+=
+
(tomcat) branch 10.1.x updated: Add pre-release summary message.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 7803d2cc87 Add pre-release summary message.
7803d2cc87 is described below
commit 7803d2cc87bfe0b15d8ea4821f1bcf3b382b5d9c
Author: Christopher Schultz
AuthorDate: Mon Jul 8 09:54:19 2024 -0400
Add pre-release summary message.
---
build.xml | 7 +++
1 file changed, 7 insertions(+)
diff --git a/build.xml b/build.xml
index b3570d2dc5..43a82d856a 100644
--- a/build.xml
+++ b/build.xml
@@ -2850,6 +2850,13 @@ asf.ldap.username=${release.asfusername}
byline="true"
match="<section name="Tomcat
${version.major}.${version.minor}.${version.build}${version.suffix}
\([^)]*\).*>"
replace="<section name="Tomcat
${version.major}.${version.minor}.${version.build}${version.suffix}
\(${release.asfusername}\)" rtext="">" />
+
+=
+
+Configured for ${release.asfusername} to release Tomcat
${version.major}.${version.minor}.${version.build}${version.suffix} using Java
${java.vm.version} and ant ${antversion}
+
+=
+
(tomcat) branch main updated: Add pre-release summary message.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new aa91298f8d Add pre-release summary message.
aa91298f8d is described below
commit aa91298f8d97ab56f387893cee621ad988622097
Author: Christopher Schultz
AuthorDate: Mon Jul 8 09:54:19 2024 -0400
Add pre-release summary message.
---
build.xml | 7 +++
1 file changed, 7 insertions(+)
diff --git a/build.xml b/build.xml
index e676cc9ce9..a593c019b1 100644
--- a/build.xml
+++ b/build.xml
@@ -2817,6 +2817,13 @@ asf.ldap.username=${release.asfusername}
byline="true"
match="<section name="Tomcat
${version.major}.${version.minor}.${version.build}${version.suffix}
\([^)]*\).*>"
replace="<section name="Tomcat
${version.major}.${version.minor}.${version.build}${version.suffix}
\(${release.asfusername}\)" rtext="">" />
+
+=
+
+Configured for ${release.asfusername} to release Tomcat
${version.major}.${version.minor}.${version.build}${version.suffix} using Java
${java.vm.version} and ant ${antversion}
+
+=
+
(tomcat) branch 9.0.x updated: Update the release-manager's asf id in the changelog during pre-release.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 767eb68332 Update the release-manager's asf id in the changelog during
pre-release.
767eb68332 is described below
commit 767eb68332c18132a5d153243e8665a0f68b169f
Author: Christopher Schultz
AuthorDate: Mon Jul 8 09:48:44 2024 -0400
Update the release-manager's asf id in the changelog during pre-release.
---
build.xml | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/build.xml b/build.xml
index b518a42a4a..219be34f20 100644
--- a/build.xml
+++ b/build.xml
@@ -2784,10 +2784,12 @@ gpg.exec=${gpg.exec}
# Set the user name to use to upload the artefacts to Nexus.
asf.ldap.username=${release.asfusername}
-
+
+
(tomcat) branch 10.1.x updated: Update the release-manager's asf id in the changelog during pre-release.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new 8ff1ed7469 Update the release-manager's asf id in the changelog during
pre-release.
8ff1ed7469 is described below
commit 8ff1ed7469be63e935693bef646311fd64cd55ba
Author: Christopher Schultz
AuthorDate: Mon Jul 8 09:48:44 2024 -0400
Update the release-manager's asf id in the changelog during pre-release.
---
build.xml | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/build.xml b/build.xml
index 870ca4b866..b3570d2dc5 100644
--- a/build.xml
+++ b/build.xml
@@ -2844,10 +2844,12 @@ gpg.exec=${gpg.exec}
# Set the user name to use to upload the artefacts to Nexus.
asf.ldap.username=${release.asfusername}
-
+
+
(tomcat) branch main updated: Update the release-manager's asf id in the changelog during pre-release.
This is an automated email from the ASF dual-hosted git repository.
schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new c109106982 Update the release-manager's asf id in the changelog during
pre-release.
c109106982 is described below
commit c1091069827dd001438aa8f4bdeda546ee64e586
Author: Christopher Schultz
AuthorDate: Mon Jul 8 09:48:44 2024 -0400
Update the release-manager's asf id in the changelog during pre-release.
---
build.xml | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/build.xml b/build.xml
index ffbe79af8a..e676cc9ce9 100644
--- a/build.xml
+++ b/build.xml
@@ -2811,10 +2811,12 @@ gpg.exec=${gpg.exec}
# Set the user name to use to upload the artefacts to Nexus.
asf.ldap.username=${release.asfusername}
-
+
+
