Am 18.06.26 um 00:19 schrieb Mark Thomas:
The proposed Apache Tomcat 11.0.23 release is now available for voting.
The notable changes compared to 11.0.22 include:
- Align the rewrite conditions ornext flag processing with
mod_rewrite, which follows a purely sequential evaluation
strategy.
- Ensure that malformed HTTP/2 messages that should trigger a
stream reset do so, rather than triggered a connection close.
- Add replay protection to the EncryptInterceptor. This is a
breaking change for the EncryptInterceptor.
For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html
Applications that run on Tomcat 9 and earlier will not run on Tomcat 11
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
will automatically convert them to Jakarta EE and copy them to the
webapps directory. Applications using deprecated APIs may require
further changes.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.23/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1594
The tag is:
https://github.com/apache/tomcat/tree/11.0.23
b5c1bba61f2e54875bd6d538ae145fffd7b217a8
The proposed 11.0.23 release is:
[ ] -1 Broken - do not release
[X] +1 Stable - go ahead and release as 11.0.23
+1 to release.
Reproducibility of the build checked (including the Windows installer)
using "ant verify-release" on Linux Mint 22.3. OK after setting LANG.
Original Windows installer signature verified with osslsigncode 2.10.
Unit tests ran on platforms
- RHEL 8, 9 and 10 and SLES 15
using
- recent patch versions of JDK 17, 21, 25, 26 and 27+28 (EA)
- first time also tested with JDK 28 EA
from
- Eclipse Adoptium, Azul Zulu, Amazon Coretto, Oracle, RedHat and from
OpenJDK for 27
where available.
Also tested with
- tcnative 1.3.8, 2.0.15 and panama
- tcnative including post-release memory leak patches
based on
- OpenSSL 3.0.21, 3.5.7, 3.6.3 and 4.0.1 (4.x only for tcnative 2 and
panama)
Test observations:
- IMHO nothing critical
- 17 times SocketException in
org.apache.tomcat.util.net.TestSslHandshakeFailure
always with tcnative, reason SocketException.
Should already be fixed by cda5762e2b.
- TestOcspSoftFailTryLater one failure with amazon JDK 25 on RHEL 8
- TestOcspEnabled 2 failures various JDKs with tcnative or panama
- in addition
- very few crashes with tcnative (8 in 567 runs)
- very few failures with jsse (4 in 81 runs)
- very few non-crash-failures with tcnative (2 in 567 runs)
Thanks for RM!
Best regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
