Am 11.04.2019 um 14:51 schrieb Rémy Maucherat:
On Thu, Apr 11, 2019 at 2:00 PM Rainer Jung <rainer.j...@kippdata.de> wrote:
Am 10.04.2019 um 15:44 schrieb Mark Thomas:
The proposed Apache Tomcat 9.0.18 release is now available for voting.
The major changes compared to the 9.0.17 release are:
- Fix for CVE-2019-0232 a RCE vulnerability on Windows
- Add support for Java 11 to the JSP compiler. Java 12 and 13 are also
now supported if used with a ECJ version with support for those Java
versions
- Various NIO2 stability improvements
Along with lots of other bug fixes and improvements.
For full details, see the changelog:
https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.18/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1207/
The tag is:
https://github.com/apache/tomcat/tree/9.0.18
0862607e5da91a7c476a6350288d8d8a9380f556
The proposed 9.0.18 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 9.0.18
Due to the security fix contained in this release, the voting period may
be shortened once sufficient votes are cast to enable a faster release.
The MBeans for beans with j2eeType seem to be not filled with data. I
have not checked since 9.0.12, so I don't know when that heppaned. Just
wantd to give a heads up before investigating more.
Example diff for one bean:
Name:
Catalina:j2eeType=Servlet,WebModule=//localhost/,name=default,J2EEApplication=none,J2EEServer=none
-modelerType: org.apache.catalina.mbeans.ContainerMBean
-maxTime: 0
-requestCount: 0
-servletClass: org.apache.catalina.servlets.DefaultServlet
-countAllocated: 0
-available: 0
-backgroundProcessorDelay: -1
-processingTime: XXX
-loadOnStartup: 1
-singleThreadModel: false
-loadTime: XXX
-stateName: STARTED
-minTime: XXX
-classLoadTime: XXX
-asyncSupported: false
-objectName:
Catalina:j2eeType=Servlet,WebModule=//localhost/,name=default,J2EEApplication=none,J2EEServer=none
-maxInstances: 20
-errorCount: 0
+modelerType: org.apache.tomcat.util.modeler.BaseModelMBean
+empty: false
The modelerType has changed, all attributes missing.
The good news is that 8.5 seems fine.
I'll investigate. If we need to do a new release (IMO: yes), I'll flip the
useAsyncIO default value ...
I did some more checks:
- as you said, 8.5.40 is fine
- using the same scripts, 9.0.17 is also fine, so this looks like a real
code regression
Thus I would also be -1 for the 9.0.18 release.
Another minor observation: file
java/org/apache/tomcat/util/json/JSONParser.jj is in git but missing
from the src distribution.
There is an explicit .jj exclusion in build.xml. But that exclusion is
older than the jj file, so I'm not sure whether it should get bundloed
or not. At least the release build process does not generate it, so it
seems we should better bundle it.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
