16 Jul 2026 21:00:21 Thomas Williams <[email protected]>:
Hi Tomcat Team,
I noticed a discrepancy between the recent release documentation and
the
actual release artifacts for Tomcat 9.0.120, 10.1.57 and 11.0.24.
The release notes state that CVE-2026-59084 was fixed via commits
617d7275
for 9.0.120, 79466463 for 10.1.57 and 57e80e9b 11.0.24. However,
checking
the source tree for the 9.0.120, 10.1.57 and 11.0.24 tags, these
commits do
not appear to be merged into the release builds.
Could someone please verify if these fixes were accidentally omitted
from
the artifacts, or if the release notes are pointing to the wrong commit
references?
My mistake. I picked the wrong doc change. The correct one is the earlier
commit that is included in those releases that adds details about
ordering requirements.
I'll correct that next week unless another committee gets there first.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]