[VOTE][RESULT] Release Apache Tomcat 8.5.78

Fri, 01 Apr 2022 01:35:51 -0700 

Hi all,
I am calling the result of this release vote earlier than usual to make the alternative mitigation for the Spring vulnerability CVE-2022-22965 available sooner rather than later. 

The following votes were cast:

Binding:
+1: markt, remm, fhanik, schultz, fschumacher

Non-binding:
+1: rotty3000

The vote therefore passes.

Thanks to everyone who has contributed to this release.

Mark


On 31/03/2022 17:54, Mark Thomas wrote:

The proposed Apache Tomcat 8.5.78 release is now available for voting.

The notable changes compared to 8.5.77 are:

- Update the packaged version of the Tomcat Native Library to 1.2.32 to
    pick up Windows binaries built with OpenSSL 1.1.1n.

- Improve logging of unknown HTTP/2 settings frames. Pull request by
    Thomas Hoffmann.

- Add additional warnings if incompatible TLS configurations are used
    such as HTTP/2 with CLIENT-CERT authentication

- Harden the class loader to provide a mitigation for CVE-2022-22965
    a Spring Framework vulnerability

Along with lots of other bug fixes and improvements.


This is the third release of Tomcat 8.5 that has been built with Java 11 
(in Java 7 mode) instead of Java 7. Please report any strangeness you 
may observe especially if you are running Tomcat 8.5 in an environment 
using Java < 11. We don't expect any issues, but understand that we 
cannot test all possible environmental configurations.


For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.78/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1370
The tag is:
https://github.com/apache/tomcat/tree/8.5.78
f732d3aa5ca55eb07cb73d9ec2b585330f80f00b

The proposed 8.5.78 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.78 (stable)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org























					Reply via email to