Rainer,
On 10/11/25 5:23 AM, Rainer Jung wrote:
Am 10.10.25 um 17:01 schrieb Christopher Schultz:
The proposed Apache Tomcat 10.1.48 release is now available for
voting.
All committers and PMC members are kindly requested to provide a vote
if possible. ANY TOMCAT USER MAY VOTE, though only PMC members votes
are binding. We welcome non-committer votes or comments on release
builds.
The notable changes compared to 10.1.47 are:
- Fix AJP regression with DELETE and PROPFIND HTTP methods.
- Ensure that changes to session IDs (typically after
authentication) are promulgated to the SSO Valve to ensure that SSO
entries are fully clean-up on session expiration.
- Deprecate the RemoteAddrFilter and RemoteAddValve in favor of the
RemoteCIDRFilter and RemoteCIDRValve.
For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
Applications that run on Tomcat 9 and earlier will not run on Tomcat
10 without changes. Java EE applications designed for Tomcat 9 and
earlier may be placed in the $CATALINA_BASE/webapps-javaee directory
and Tomcat will automatically convert them to Jakarta EE and copy them
to the webapps directory.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.48/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1565
The tag is:
https://github.com/apache/tomcat/tree/10.1.48
https://github.com/apache/tomcat/
commit/4bb27b91593ba933a8b4ec222bf33143b346d542
Please reply with a +1 for release or +0/-0/-1 with an explanation.
I see differences when checking for reproducibility:
[echo] Signature mismatch for bin/apache-tomcat-10.1.48-windows-
x64.zip:
...
[echo] Signature mismatch for bin/apache-tomcat-10.1.48-windows-
x86.zip:
...
[echo] Signature mismatch for bin/apache-tomcat-10.1.48.tar.gz:
...
[echo] Signature mismatch for bin/apache-tomcat-10.1.48.zip:
The differing files have almost doubled size from .47 to .48. I checked
for the .tar.gz: the only difference is, that it additionally contains a
tcnative binary plus source distribution in the new sub directory bin/
native/. It doesn't get build and included in my local setup. That might
be a fault here but I wonder if that change is intended? It is not even
clear, what version of tcnative is bundled. Also all files in the
bundled tcnative source tarball seem to belong to mark:mark although
Chris made the release?
Oh that's very weird.
I think I didn't properly clean-out my distro before building the release.
I think I should re-roll the release based upon the same tag.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
