-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Oliver,
On 9/26/17 4:57 AM, Oliver Heister wrote: > I have two suggestions: > > 1. The table on http://tomcat.apache.org/whichversion.html has a > column “Supported Java Versions” which has entries like “8 and > later”. My understanding from e.g. > https://marc.info/?l=tomcat-dev&m=150617891913261&w=2 is that > currently no stable tomcat release supports Java 9 yet. > > IMO a remark regarding Java 9 should be added to > http://tomcat.apache.org/whichversion.html . Sounds good. I don't know of anything specific that does NOT work with Java 9, but markt has been following the pre-releases of Java 9 pretty closely, and has made adjustments (mostly disabling various workarounds for bugs in previous JVMs) accordingly. There may be some NEW items that may need to be worked-around -- those usually turn out to be various ClassLoader-pinning memory-leaks -- but my guess is that most Tomcat versions will work just find under Java 9 without any special effort. Could you try (the latest patch-level of) whatever version of Tomcat you are currently using with Java 9 and let us know how things go? > 2. Currently MITM attacks by evil ISPs or WiFi networks are > possible against people downloading tomcat from > http://tomcat.apache.org/download-80.cgi . (The page has links to > PGP, md5 and sha1 hashes for validation, but the links are on a > http page that does not redirect to https. This means they could be > replaced in case of MITM.) > > IMO a HTTP 301 redirect to the https version and HSTS headers > should be added to http://tomcat.apache.org/ . Agreed about the redirect... not so sure about HSTS, as that affects the whole domain. > Should I try to submit issues in Bugzilla for both? Yes, please. Post-back with URLs to the BZ issues you raise. - -chris -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlnLtH8ACgkQHPApP6U8 pFiODA//aTKgTuNYFZ+pLwZmweRXapD5lVfn2c9VWIh8DIaYuCa6LE1nGLNTrX9Z p8WUj5gubOvjjtYYuoebZmrkLhS1l98tRqy6aUCnSgxkgUYJtoNGyKvMO0cceVg2 5mROW5B1fKhZdwonIWbpO6gGsrye5FC4elTPZE1B/iigPrK/sakhWCHPTARG5xHd KJkimzppTewV/KExIyS4QeOPWn6RJPjGeZWDFNT5YDDsTEF3VKFqVnf2afLvs+Fp mGjE47GsWjNJtKFkuQeAyI46zaRvbhW9g6XTtwGquNmZ+e4orJSKNfSjaM+CpkKk UdmiddlsoyzyC6ZUvftUdLG35l4NPWHnuhTGdnuxAqm6xSRoB5M5zC7EYGoMzYGS 1HXQeqKqQtJG3NlPi7lOH+h7qJwMnGz8GvBlwtWTrxlzbXWKWu9UFwY2SceBEJOa xavbUirNui5qyxbfWea8cnVVztDVbFEUJNv5G1i2tumQj7CuJjpgg/yr2m8MIU6M c7sW1iKjrwmtUkr84Ha+C8CQO5zE1oRITCfKQHRcFNE+7xZq1LrNMVrnF9Oj5M++ pkoXh9wKlm+DT1h7Zx/icqOkRuSzgWaEob1Syx76+ixUJJCVd0sn9bUqx9g+URFv x0bZpqzfMIQ8pO7ZYzhBcr8G/4t28TjZZybEmBPrDovy6kQVwyg= =phJW -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org