Time for a 6.0.x release in January?
All, It has been over 6 months since the last 6.0.x release. The changelog for 6.0.x is reasonably long so it is looks like time for a release. Jean-Frederic or I have done the last few releases. Are there any volunteers for the release manager role this time around? Given the frequency of the 6.0.x releases we should probably take the time to consider if there are any other fixes that should be back-ported before the release. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Time for a 6.0.x release in January?
On 12/22/2015 10:23 AM, Mark Thomas wrote: > All, > > It has been over 6 months since the last 6.0.x release. The changelog > for 6.0.x is reasonably long so it is looks like time for a release. > > Jean-Frederic or I have done the last few releases. Are there any > volunteers for the release manager role this time around? I should have cycles in January to do it. > > Given the frequency of the 6.0.x releases we should probably take the > time to consider if there are any other fixes that should be back-ported > before the release. Please commit the stuff you want to see fixed ASAP ;-) First week of January is probably the best for my timing. Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Time for a 6.0.x release
On 05/06/2015 12:37 AM, Mark Thomas wrote: It has been about 6 months since the last release, the changelog is reasonably long so I think it is time for 6.0.44. I am on it Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Time for a 6.0.x release
It has been about 6 months since the last release, the changelog is reasonably long so I think it is time for 6.0.44. To top the above, RedHat recently published information on an undisclosed security vulnerability that is fixed in 6.0.x but isn't yet in a release[1]. It would be good to get 6.0.44 out with a fix for this even though the issue is far less severe than Red Hat's assessment.[2] So, there are a couple of patches in the 6.0.x status file that need votes (although neither looks like they are essential for 6.0.44). Votes and any additional patches welcome. I am aiming to tag 6.0.x in the next day or so. Mark [1] http://www.openwall.com/lists/oss-security/2015/04/10/1 [2] RedHat incorrectly described the issue as an unrestricted file upload flaw where you can very easily eat up all server ram. The reality is all you can do with this flaw is keep a connection open and a thread allocated at the expense of having to stream data to the server. It only just qualified as a security issue because Tomcat never closes the connection. There are easier ways of triggering a DoS than this issue. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org