Am 18.06.26 um 09:30 schrieb Rémy Maucherat:
The proposed Apache Tomcat 9.0.119 release is now available for voting.
The notable changes compared to 9.0.118 are:
- Align the rewrite conditions ornext flag processing with
mod_rewrite, which follows a purely sequential evaluation
strategy.
- Ensure that malformed HTTP/2 messages that should trigger a
stream reset do so, rather than triggered a connection close.
- Add replay protection to the EncryptInterceptor. This is a
**breaking change** for the EncryptInterceptor. Please see the
migration document for more information.
For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.119/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1596
The tag is:
https://github.com/apache/tomcat/tree/9.0.119
36c2e40f60e3176f12c0344f40f656251448b004
The proposed 9.0.119 release is:
[ ] -1, Broken - do not release
[X] +1, Stable - go ahead and release as 9.0.119
+1 to release.
Reproducibility of the build checked (including the Windows installer)
using "ant verify-release" on Linux Mint 22.3. OK after setting LANG.
Original Windows installer signature verified with osslsigncode 2.10.
Unit tests ran on platforms
- RHEL 7, 8, 9 and 10 and SLES 12 and 15
using
- recent patch versions of JDK 17, 21, 25, 26 and 27+28 (EA)
- first time also tested with JDK 28 EA
from
- Eclipse Adoptium, Azul Zulu, Amazon Coretto, Oracle, RedHat and from
OpenJDK for 27+28
where available.
Also tested with
- tcnative 1.3.8, 2.0.15 and panama
based on
- OpenSSL 3.0.21, 3.5.7, 3.6.3 and 4.0.1 (4.x only for tcnative 2 and
panama)
Test observations:
- not all test runs are done yet, but by far most of them. Only
JDK27+28 for all platforms and JDK25+26 combinations on RHEL still need
to run
- IMHO nothing critical
- 19 times SocketException in
org.apache.tomcat.util.net.TestSslHandshakeFailure
always with tcnative, reason SocketException.
Should already be fixed.
- TestOcspEnabled 6 failures with tcnative or panama
- in addition
- very few crashes with tcnative (8 in 975 runs)
- very few crashes with jsse (3 in 141 runs)
- very few failures with jsse (8 in 141 runs)
- very few non-crash-failures with tcnative (4 in 975 runs)
Thanks for RM!
Best regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
