On Thu, Aug 24, 2023 at 1:23 AM Mark Thomas <ma...@apache.org> wrote: > > The proposed Apache Tomcat 11.0.0-M11 release is now available for > voting. > > Apache Tomcat 11.0.0-M11 is a milestone release of the 11.0.x branch and > has been made to provide users with early access to the new features in > Apache Tomcat 11.0.x so that they may provide feedback. The notable > changes compared to the previous milestone include: > > - Update the HTTP parameter handling to align with the changes in the > Jakarta Servlet 6.1 API Javadoc for the ServletRequest methods used > to obtain request parameters. Invalid parameters and/or exceeding > parameter size and/or quantity limits now triggerm exceptions. As a > consequence, the FailedRequestFilter has been removed. > > - If an application or library sets both a non-500 error code and the > jakarta.servlet.error.exception</code> request attribute, use the > provided error code during error page processing rather than assuming > an error code of 500. > > - Fix for FORM authentication open redirect - CVE-2023-41080 > > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. Applications using deprecated APIs may require > further changes. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M11/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1451 > > The tag is: > https://github.com/apache/tomcat/tree/11.0.0-M11 > ae109f6248e00a1952f706d6941ff930ad4466e1 > > > The proposed 11.0.0-M11 release is: > [ ] -1 Broken - do not release > [X] +1 Alpha - go ahead and release as 11.0.0-M11
Rémy --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org