dev  

Messages by Date

• 2025/10/17 svn commit: r79850 - dev/tomcat/tomcat-11/v11.0.12 release/tomcat/tomcat-11/v11.0.12 markt
• 2025/10/17 (tomcat) branch 11.0.x updated: Test OCSP with BoringSSL and LibreSSL remm
• 2025/10/17 [VOTE][RESULT] Release Apache Tomcat 11.0.13 Mark Thomas
• 2025/10/17 (tomcat) branch 11.0.x updated: Add back OpenSSL 1.1.1 compatibility remm
• 2025/10/17 [Bug 69839] Changing SessionId creates eternal Single Sign On sessions bugzilla
• 2025/10/17 Re: [PR] add a shared, file based jar cache to improve performance of follow on runs of the tool [tomcat-jakartaee-migration] via GitHub
• 2025/10/17 Re: [VOTE] Release Apache Tomcat 10.1.48 Christopher Schultz
• 2025/10/17 Tests failing on MacOS with disconnected network Christopher Schultz
• 2025/10/17 [Bug 69852] {MD5}, {SHA} and {SSHA} not honored with Realm/CredentialHandler bugzilla
• 2025/10/17 (tomcat) branch 10.1.x updated: Fix BZ 69839 - Ensure session ID changes are promulgated to SSO Valve markt
• 2025/10/17 (tomcat) 01/01: Tag 10.1.48 schultz
• 2025/10/17 (tomcat) branch 11.0.x updated: Treat new test password files as text files for line-endings markt
• 2025/10/17 (tomcat-native) branch main updated: Increment version number for next development cycle markt
• 2025/10/17 [Bug 69848] http method DELETE is converted to OPTIONS when request is sent through Apache proxy over AJP Connector bugzilla
• 2025/10/17 [Bug 69839] Changing SessionId creates eternal Single Sign On sessions bugzilla
• 2025/10/17 (tomcat) branch 9.0.x updated: Avoid OpenSSL X509_STORE_CTX_get0_current_issuer function remm
• 2025/10/17 Buildbot success in on tomcat-12.0.x buildbot
• 2025/10/17 [Bug 69848] New: http method DELETE is converted to OPTIONS when request is sent through Apache proxy over AJP Connector bugzilla
• 2025/10/17 [Bug 69852] {MD5}, {SHA} and {SSHA} not honored with Realm/CredentialHandler bugzilla
• 2025/10/17 [VOTE][RESULT] Release Apache Tomcat 10.1.48 Christopher Schultz
• 2025/10/17 (tomcat) branch 9.0.x updated: Reject requests that map to invalid Windows file names earlier. markt
• 2025/10/17 (tomcat) 01/01: Tag 9.0.111 remm
• 2025/10/17 (tomcat) branch 11.0.x updated: Add a unit test for CVE-2017-15698 dsoumis
• 2025/10/17 Buildbot failure in on tomcat-11.0.x buildbot
• 2025/10/17 (tomcat) 05/07: Set specific error when V_OCSP_CERTSTATUS_REVOKED dsoumis
• 2025/10/17 Buildbot success in on tomcat-10.1.x buildbot
• 2025/10/17 [Bug 69839] Changing SessionId creates eternal Single Sign On sessions bugzilla
• 2025/10/17 Buildbot failure in on tomcat-9.0.x buildbot
• 2025/10/17 (tomcat) branch 11.0.x updated: Fix source distro line endings for new test script markt
• 2025/10/17 (tomcat) branch 11.0.x updated: Reject requests that map to invalid Windows file names earlier. markt
• 2025/10/17 [Bug 69837] JavaCompiler invalid compile classpath composing bugzilla
• 2025/10/17 (tomcat) branch 11.0.x updated: Align with the other TLS tests remm
• 2025/10/17 Re: [VOTE] Release Apache Tomcat 10.1.48 Christopher Schultz
• 2025/10/17 (tomcat) branch 9.0.x updated: Align with the other TLS tests remm
• 2025/10/17 (tomcat) 05/07: Set specific error when V_OCSP_CERTSTATUS_REVOKED dsoumis
• 2025/10/17 (tomcat) 04/07: If the OCSP response is null, the error is set as X509_V_ERR_APPLICATION_VERIFICATION (50). Should not pass our verification process. dsoumis
• 2025/10/17 (tomcat) branch 10.1.x updated: Avoid OpenSSL X509_STORE_CTX_get0_current_issuer function remm
• 2025/10/17 [Bug 69839] Changing SessionId creates eternal Single Sign On sessions bugzilla
• 2025/10/17 [ANN] Apache Tomcat 9.0.110 available Rémy Maucherat
• 2025/10/17 (tomcat) branch 10.1.x updated: Relax file name check since input can include paths markt
• 2025/10/17 [VOTE] Release Apache Tomcat 10.1.48 Christopher Schultz
• 2025/10/17 Buildbot success in on tomcat-12.0.x buildbot
• 2025/10/17 [PR] add a shared, file based jar cache to improve performance of follow on runs of the tool [tomcat-jakartaee-migration] via GitHub
• 2025/10/17 [Bug 69852] {MD5}, {SHA} and {SSHA} not honored with Realm/CredentialHandler bugzilla
• 2025/10/17 (tomcat) branch 9.0.x updated: Add missing ASF headers schultz
• 2025/10/17 (tomcat) branch main updated: Update baseline to 11.0.13 markt
• 2025/10/17 (tomcat) branch 11.0.x updated (556b14745b -> 3af0d10a5a) markt
• 2025/10/17 (tomcat) tag 9.0.111 created (now b816e34f82) remm
• 2025/10/17 Buildbot failure in on tomcat-9.0.x buildbot
• 2025/10/17 (tomcat) branch 11.0.x updated: Formatting remm
• 2025/10/17 (tomcat) branch 11.0.x updated: Add missing changelog on OCSP remm
• 2025/10/17 (tomcat) branch main updated: Fix BZ 69844 - server sending masked frames is a protocol error markt
• 2025/10/17 Re: [PR] Add support for CIDR notation in RemoteIpFilter(#632) [tomcat] via GitHub
• 2025/10/17 (tomcat) branch 9.0.x updated: Add missing changelog on OCSP remm
• 2025/10/17 (tomcat) 01/01: Tag 11.0.13 markt
• 2025/10/17 (tomcat-tck) branch main updated: Update to latest EL API (not used by default) markt
• 2025/10/17 (tomcat) branch main updated: Fix BZ 69845 - Inflater/Deflater throw ISE rather than NPE from Java 25 markt
• 2025/10/17 [Bug 69845] java.lang.IllegalStateException: Inflater has been closed bugzilla
• 2025/10/17 (tomcat) branch 10.1.x updated: Add missing ASF headers schultz
• 2025/10/17 Buildbot success in on tomcat-9.0.x buildbot
• 2025/10/17 Buildbot success in on tomcat-12.0.x buildbot
• 2025/10/17 (tomcat) 06/07: Ehnance tests and fix various issues in TestOcspIntegration tests dsoumis
• 2025/10/17 [Bug 69844] WebSocket client does not validate that data sent from the server is unmasked bugzilla
• 2025/10/16 Re: [PROPOSAL] Change embedded ZIP packaging to put zipped files into a subdirectory Coty Sutherland
• 2025/10/16 Re: Proposal for additional ant test targets Coty Sutherland
• 2025/10/15 Re: Missing ASF headers in generated documentation Mark Thomas
• 2025/10/15 [PR] fix : method name typo [tomcat] via GitHub
• 2025/10/15 Question about packaging of Windows-x86 binary ZIP Christopher Schultz
• 2025/10/15 [PROPOSAL] Change embedded ZIP packaging to put zipped files into a subdirectory Christopher Schultz
• 2025/10/15 (tomcat) branch main updated: Add missing ASF headers schultz
• 2025/10/15 [Bug 69852] {MD5}, {SHA} and {SSHA} not honored with Realm/CredentialHandler bugzilla
• 2025/10/15 (tomcat) branch main updated: Avoid OpenSSL X509_STORE_CTX_get0_current_issuer function remm
• 2025/10/14 (tomcat) branch 9.0.x updated: Add back OpenSSL 1.1.1 compatibility remm
• 2025/10/14 (tomcat) branch 10.1.x updated: Add back OpenSSL 1.1.1 compatibility remm
• 2025/10/14 Buildbot failure in on tomcat-12.0.x buildbot
• 2025/10/14 (tomcat) branch 10.1.x updated: Fix BZ 69845 - Inflater/Deflater throw ISE rather than NPE from Java 25 markt
• 2025/10/14 (tomcat) branch 11.0.x updated (4baad529fd -> 61f76458d9) dsoumis
• 2025/10/14 [Bug 69845] java.lang.IllegalStateException: Inflater has been closed bugzilla
• 2025/10/14 (tomcat) branch main updated: Add GPG signature verification to verify-release schultz
• 2025/10/14 [ANN] Apache Tomcat 11.0.13 Available Mark Thomas
• 2025/10/13 (tomcat) branch 11.0.x updated: Keep directory and directoryFile in sync markt
• 2025/10/13 (tomcat) branch 9.0.x updated: Keep directory and directoryFile in sync markt
• 2025/10/13 (tomcat) branch 10.1.x updated: Keep directory and directoryFile in sync markt
• 2025/10/13 (tomcat) branch main updated: Keep directory and directoryFile in sync markt
• 2025/10/13 [Bug 69845] java.lang.IllegalStateException: Inflater has been closed bugzilla
• 2025/10/13 svn commit: r80019 - dev/tomcat/tomcat-11/v11.0.13 release/tomcat/tomcat-11/v11.0.13 markt
• 2025/10/13 (tomcat) branch 11.0.x updated: Re-order checks to avoid NPE. Identified by Coverity Scan. markt
• 2025/10/13 (tomcat) branch main updated: Re-order checks to avoid NPE. Identified by Coverity Scan. markt
• 2025/10/13 (tomcat) branch main updated: Use constant remm
• 2025/10/13 [Bug 69848] http method DELETE is converted to OPTIONS when request is sent through Apache proxy over AJP Connector bugzilla
• 2025/10/13 Re: [PR] Bump org.apache.bcel:bcel from 6.10.0 to 6.11.0 [tomcat-jakartaee-migration] via GitHub
• 2025/10/13 [ANN] Apache Tomcat 10.1.48 Available Christopher Schultz
• 2025/10/13 svn commit: r1929136 - in tomcat/site/trunk: . docs docs/tomcat-10.1-doc docs/tomcat-10.1-doc/annotationapi docs/tomcat-10.1-doc/annotationapi/jakarta/annotation docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/security docs/tomcat-10.1-doc/annota... schultz
• 2025/10/13 svn commit: r80032 - dev/tomcat/tomcat-10/v10.1.48 release/tomcat/tomcat-10/v10.1.48 schultz
• 2025/10/13 (tomcat) branch 9.0.x updated: Add a unit test for CVE-2017-15698 dsoumis
• 2025/10/13 (tomcat) branch 10.1.x updated: Add a unit test for CVE-2017-15698 dsoumis
• 2025/10/13 [VOTE] Release Apache Tomcat 11.0.13 Mark Thomas
• 2025/10/13 (tomcat) branch main updated: Add a unit test for CVE-2017-15698 dsoumis
• 2025/10/13 Re: [PR] Add a unit test for CVE-2017-15698 [tomcat] via GitHub
• 2025/10/13 [PR] Add a unit test for CVE-2017-15698 [tomcat] via GitHub
• 2025/10/13 svn commit: r1929134 - in tomcat/site/trunk: docs xdocs remm
• 2025/10/13 [ANN] Apache Tomcat 9.0.111 available Rémy Maucherat
• 2025/10/13 svn commit: r1929133 - in tomcat/site/trunk/docs/tomcat-9.0-doc: . META-INF annotationapi annotationapi/javax/annotation annotationapi/javax/annotation/security annotationapi/javax/annotation/sql api api/org/apache/catalina api/org/apache/catalina/ant ... remm
• 2025/10/13 [VOTE][RE-VOTEx2] Release Apache Tomcat 10.1.48 Christopher Schultz
• 2025/10/13 [VOTE][RESULT] Release Apache Tomcat 9.0.111 Rémy Maucherat
• 2025/10/13 Re: [VOTE] Release Apache Tomcat 9.0.111 Dimitris Soumis
• 2025/10/13 (tomcat) 06/07: Ehnance tests and fix various issues in TestOcspIntegration tests dsoumis
• 2025/10/13 (tomcat) branch 9.0.x updated: Test OCSP with BoringSSL and LibreSSL remm
• 2025/10/13 Re: Proposal for additional ant test targets Mark Thomas
• 2025/10/13 (tomcat) 07/07: Refactor multiple instances of same code block in TestOcspIntegration dsoumis
• 2025/10/13 Re: [PR] Correctly handle optionalNoCA verification [tomcat-native] via GitHub
• 2025/10/13 [VOTE][RE-VOTE] Release Apache Tomcat 10.1.48 Christopher Schultz
• 2025/10/13 svn commit: r1929120 - in tomcat/site/trunk: docs xdocs markt
• 2025/10/13 svn commit: r1929118 - in tomcat/site/trunk/docs/tomcat-11.0-doc: . annotationapi annotationapi/jakarta/annotation annotationapi/jakarta/annotation/security annotationapi/jakarta/annotation/sql api api/org/apache/catalina api/org/apache/catalina/ant ap... markt
• 2025/10/13 (tomcat) 01/02: Add release date for 11.0.13 markt
• 2025/10/13 (tomcat) branch 9.0.x updated: Update the internal fork of Apache Commons BCEL to 6.11.0. markt
• 2025/10/13 (tomcat) branch 10.1.x updated: Update the internal fork of Apache Commons BCEL to 6.11.0. markt
• 2025/10/13 (tomcat) 02/02: Update the internal fork of Apache Commons BCEL to 6.11.0. markt
• 2025/10/13 (tomcat) branch main updated: Update the internal fork of Apache Commons BCEL to 6.11.0. markt
• 2025/10/13 (tomcat-jakartaee-migration) branch dependabot/maven/org.jacoco-jacoco-maven-plugin-0.8.14 created (now feba66b) github-bot
• 2025/10/13 [Bug 69803] HTTP/1.1 Connector Content-Length header calculation regression causing Chrome/Edge net::ERR_CONTENT_LENGTH_MISMATCH bugzilla
• 2025/10/13 Re: [VOTE][RE-VOTEx2] Release Apache Tomcat 10.1.48 Rainer Jung
• 2025/10/13 (tomcat) tag 11.0.13 created (now 51fd0788b4) markt
• 2025/10/13 (tomcat) branch 10.1.x updated: Add GPG signature verification to verify-release schultz
• 2025/10/13 (tomcat-jakartaee-migration) branch main updated: Bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14 remm
• 2025/10/13 (tomcat-jakartaee-migration) branch dependabot/maven/org.apache.bcel-bcel-6.11.0 deleted (was f03e693) github-bot
• 2025/10/13 (tomcat-jakartaee-migration) branch dependabot/maven/org.jacoco-jacoco-maven-plugin-0.8.14 deleted (was feba66b) github-bot
• 2025/10/13 (tomcat-jakartaee-migration) branch main updated: Bump org.apache.bcel:bcel from 6.10.0 to 6.11.0 remm
• 2025/10/13 Re: [PR] Bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14 [tomcat-jakartaee-migration] via GitHub
• 2025/10/12 (tomcat-jakartaee-migration) branch dependabot/maven/org.apache.bcel-bcel-6.11.0 created (now f03e693) github-bot
• 2025/10/12 [PR] Bump org.apache.bcel:bcel from 6.10.0 to 6.11.0 [tomcat-jakartaee-migration] via GitHub
• 2025/10/12 [PR] Bump org.jacoco:jacoco-maven-plugin from 0.8.13 to 0.8.14 [tomcat-jakartaee-migration] via GitHub
• 2025/10/12 [Bug 69848] http method DELETE is converted to OPTIONS when request is sent through Apache proxy over AJP Connector bugzilla
• 2025/10/12 (tomcat) 07/07: Refactor multiple instances of same code block in TestOcspIntegration dsoumis
• 2025/10/12 Re: [VOTE][RE-VOTEx2] Release Apache Tomcat 10.1.48 Rémy Maucherat
• 2025/10/12 Re: [VOTE] Release Apache Tomcat 11.0.13 Rémy Maucherat
• 2025/10/11 (tomcat-native) branch main updated: Correctly handle optionalNoCA verification dsoumis
• 2025/10/11 (tomcat) branch main updated: Disable Tomcat Native tests until release is available with the fix markt
• 2025/10/11 (tomcat) 07/07: Refactor multiple instances of same code block in TestOcspIntegration dsoumis
• 2025/10/11 (tomcat) 05/07: Set specific error when V_OCSP_CERTSTATUS_REVOKED dsoumis
• 2025/10/11 (tomcat) branch 10.1.x updated: Fix release date for 10.1.47 schultz
• 2025/10/11 (tomcat) branch 10.1.x updated: Increment version numbers for the next release. schultz
• 2025/10/11 Re: [VOTE][RE-VOTEx2] Release Apache Tomcat 10.1.48 Christopher Schultz
• 2025/10/11 (tomcat) branch 11.0.x updated: Add GPG signature verification to verify-release schultz
• 2025/10/11 (tomcat) branch 9.0.x updated: Make what we are expecting as errnum more obvious dsoumis
• 2025/10/11 Re: Buildbot failure in on tomcat-12.0.x Dimitris Soumis
• 2025/10/11 (tomcat) branch 10.1.x updated: Disable Tomcat Native tests until release is available with the fix markt
• 2025/10/11 svn commit: r79975 - in dev/tomcat/tomcat-10/v10.1.48: bin bin/embed src schultz
• 2025/10/11 svn commit: r79974 - in dev/tomcat/tomcat-10/v10.1.48: bin bin/embed src schultz
• 2025/10/11 Re: [VOTE] Release Apache Tomcat 10.1.48 Rainer Jung
• 2025/10/10 Re: Buildbot failure in on tomcat-12.0.x Mark Thomas
• 2025/10/10 Re: [VOTE] Release Apache Tomcat 10.1.48 Igal Sapir
• 2025/10/10 Re: [VOTE] Release Apache Tomcat 11.0.13 Igal Sapir
• 2025/10/10 (tomcat) branch 10.1.x updated: Fix BZ 69848 - Correct copy/paste error when refactoring method names markt
• 2025/10/10 (tomcat) branch 10.1.x updated: Fix source distro line endings for new test script markt
• 2025/10/10 (tomcat) branch 9.0.x updated: Add missing entries to list of output files markt
• 2025/10/10 (tomcat) branch 10.1.x updated: Add missing entries to list of output files markt
• 2025/10/10 (tomcat) branch 9.0.x updated: Treat new test password files as text files for line-endings markt
• 2025/10/10 (tomcat) branch main updated: Fix source distro line endings for new test script markt
• 2025/10/10 Re: [VOTE] Release Apache Tomcat 11.0.13 Christopher Schultz
• 2025/10/10 svn commit: r1929064 - in tomcat/site/trunk: docs xdocs schultz
• 2025/10/10 (tomcat) branch main updated: Add missing entries to list of output files markt
• 2025/10/10 (tomcat) tag 10.1.48 created (now 4bb27b9159) schultz
• 2025/10/10 svn commit: r79962 - in dev/tomcat/tomcat-11/v11.0.13: . bin bin/embed src markt
• 2025/10/10 (tomcat) branch 10.1.x updated: Test OCSP with BoringSSL and LibreSSL remm
• 2025/10/10 Buildbot success in on tomcat-11.0.x buildbot
• 2025/10/10 (tomcat) branch main updated: Test OCSP with BoringSSL and LibreSSL remm
• 2025/10/10 (tomcat) branch 10.1.x updated: Fix race condition. markt
• 2025/10/10 (tomcat) branch 11.0.x updated: Fix race condition. markt
• 2025/10/10 (tomcat) branch 9.0.x updated: Formatting remm
• 2025/10/10 (tomcat) branch main updated: Formatting remm
• 2025/10/10 (tomcat) branch 11.0.x updated: Disable Tomcat Native tests until release is available with the fix markt
• 2025/10/10 Re: Buildbot failure in on tomcat-12.0.x Rémy Maucherat
• 2025/10/10 Re: Buildbot failure in on tomcat-12.0.x Mark Thomas
• 2025/10/10 [Bug 69848] http method DELETE is converted to OPTIONS when request is sent through Apache proxy over AJP Connector bugzilla
• 2025/10/10 [Bug 69848] http method DELETE is converted to OPTIONS when request is sent through Apache proxy over AJP Connector bugzilla
• 2025/10/10 [Bug 69849] OPTIONS, DELETE does not work bugzilla
• 2025/10/10 (tomcat) branch 10.1.x updated: Align with the other TLS tests remm
• 2025/10/10 (tomcat) branch 10.1.x updated: Make what we are expecting as errnum more obvious dsoumis
• 2025/10/10 (tomcat) branch 11.0.x updated: Make what we are expecting as errnum more obvious dsoumis
• 2025/10/10 (tomcat) branch main updated: Make what we are expecting as errnum more obvious dsoumis
• 2025/10/10 (tomcat) branch 9.0.x updated: One further method refactoring error markt
• 2025/10/10 (tomcat) branch 10.1.x updated: One further method refactoring error markt
• 2025/10/10 (tomcat) branch 11.0.x updated: One further method refactoring error markt
• 2025/10/10 (tomcat) branch main updated: One further method refactoring error markt
• 2025/10/10 (tomcat) branch main updated: Fix BZ 69848 - Correct copy/paste error when refactoring method names markt
• 2025/10/09 [Bug 69848] http method DELETE is converted to OPTIONS when request is sent through Apache proxy over AJP Connector bugzilla
• 2025/10/09 [Bug 69848] http method DELETE is converted to OPTIONS when request is sent through Apache proxy over AJP Connector bugzilla
• 2025/10/09 [Bug 69848] http method DELETE is converted to OPTIONS when request is sent through Apache proxy over AJP Connector bugzilla
• 2025/10/09 (tomcat-native) branch main updated: Correct reference Tomcat version for JNI source dsoumis
• 2025/10/09 (tomcat) branch 10.1.x updated: Fix BZ 69837 - corrupted class path from Loader on Windows markt
• 2025/10/09 (tomcat) 01/07: If optionalNoCA is configured then OCSP should be disabled. dsoumis
• 2025/10/09 (tomcat) 02/07: CAs may not issue CRLs. dsoumis
• 2025/10/09 (tomcat) 02/07: CAs may not issue CRLs. dsoumis
• 2025/10/09 (tomcat) 03/07: If we set ok=0 with errnum==X509_V_OK (0), OpenSSL emits a fatal internal_error. Tolerate V_OCSP_CERTSTATUS_UNKNOWN and let the client policy (e.g. NO_FALLBACK) decide. dsoumis
• 2025/10/09 (tomcat) 02/07: CAs may not issue CRLs. dsoumis
• 2025/10/09 (tomcat) 03/07: If we set ok=0 with errnum==X509_V_OK (0), OpenSSL emits a fatal internal_error. Tolerate V_OCSP_CERTSTATUS_UNKNOWN and let the client policy (e.g. NO_FALLBACK) decide. dsoumis
• 2025/10/09 (tomcat) 01/07: If optionalNoCA is configured then OCSP should be disabled. dsoumis
• 2025/10/09 (tomcat) 04/07: If the OCSP response is null, the error is set as X509_V_ERR_APPLICATION_VERIFICATION (50). Should not pass our verification process. dsoumis
• 2025/10/09 (tomcat) branch main updated (7b81210bfe -> 60210a9e6c) dsoumis

• Earlier messages
• Later messages