The proposed Apache Tomcat 9.0.80 release is now available for voting.
The notable changes compared to 9.0.79 are: - If an application or library sets both a non-500 error code and the jakarta.servlet.error.exception</code> request attribute, use the provided error code during error page processing rather than assuming an error code of 500. - Fix for FORM authentication open redirect - CVE-2023-41080 Along with lots of other bug fixes and improvements. For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.80/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1453 The tag is: https://github.com/apache/tomcat/tree/9.0.80 0ea24187a89ca09f3841e4690f931cca56e222fd The proposed 9.0.80 release is: [ ] -1, Broken - do not release [ ] +1, Stable - go ahead and release as 9.0.80 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
