Re: [VOTE] Release Apache Tomcat 10.1.0-M4

[jean-frederic clere]

On 03/08/2021 21:21, Mark Thomas wrote:

[X] Alpha - go ahead and release as 10.1.0-M4 (alpha)


Tested on fedora34.

--
Cheers

Jean-Frederic


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r49216 - /dev/tomcat/tomcat-9/v9.0.52/ /release/tomcat/tomcat-9/v9.0.52/

[remm]

Author: remm
Date: Fri Aug  6 05:51:40 2021
New Revision: 49216

Log:
Release Apache Tomcat 9.0.52

Added:
release/tomcat/tomcat-9/v9.0.52/
  - copied from r49215, dev/tomcat/tomcat-9/v9.0.52/
Removed:
dev/tomcat/tomcat-9/v9.0.52/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat 9.0.52

[Rémy Maucherat]

The following votes were cast:

Binding:
+1: remm, kkolinko, jfclere

No other votes were cast.

The vote therefore passes.

Thank you to everyone who contributed to this release.

On Thu, Aug 5, 2021 at 3:34 PM jean-frederic clere  wrote:
>
> On 31/07/2021 06:35, Rémy Maucherat wrote:
> > [ ] Stable - go ahead and release as 9.0.52 (stable)
>
> tested on fedora34 with java8 and adoptium jdk8u302-b08

It's better to write an 'X', but this looks good enough.

Rémy

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] venky0070 closed pull request #440: something

[GitBox]

venky0070 closed pull request #440:
URL: https://github.com/apache/tomcat/pull/440


   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.52

[jean-frederic clere]

On 31/07/2021 06:35, Rémy Maucherat wrote:

[ ] Stable - go ahead and release as 9.0.52 (stable)


tested on fedora34 with java8 and adoptium jdk8u302-b08

--
Cheers

Jean-Frederic


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/01: Tag 8.5.70

[schultz]

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to tag 8.5.70
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 3d2e8b1964d4dff3c0656618edc0b09d0d5634b8
Author: schultz 
AuthorDate: Thu Aug 5 06:00:16 2021 -0700

Tag 8.5.70
---
 build.properties.default   | 5 +++--
 webapps/docs/changelog.xml | 2 +-
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 101f496..a45240d 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -27,12 +27,13 @@ version.major=8
 version.minor=5
 version.build=70
 version.patch=0
-version.suffix=-dev
+version.suffix=
 
 # - Reproducible builds -
 # Uncomment and set to current time for reproducible builds
 #2021-06-08T12:00:00Z
-#ant.tstamp.now=1623153600
+# 2021-08-05 08:50:00 -0400 = 162816780
+ant.tstamp.now=162816780
 
 # - Source control flags -
 git.branch=8.5.x
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 123ddb4..9759724 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 8.5.70 created (now 3d2e8b1)

[schultz]

This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to tag 8.5.70
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at 3d2e8b1  (commit)
This tag includes the following new commits:

 new 3d2e8b1  Tag 8.5.70

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on a change in pull request #439: Minimal fixes to documentation of Context and Host

[GitBox]

michael-o commented on a change in pull request #439:
URL: https://github.com/apache/tomcat/pull/439#discussion_r682466514



##
File path: webapps/docs/config/host.xml
##
@@ -302,7 +302,7 @@
 placed in the appBase directory as web application
 archive (WAR) files to be unpacked into a corresponding disk directory
 structure, false to run such web applications directly
-from a WAR file. See
+from a WAR file. The flag's value defaults to true. See

Review comment:
   The default is...




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] rrodewald commented on a change in pull request #439: Minimal fixes to documentation of Context and Host

[GitBox]

rrodewald commented on a change in pull request #439:
URL: https://github.com/apache/tomcat/pull/439#discussion_r682483565



##
File path: webapps/docs/config/host.xml
##
@@ -302,7 +302,7 @@
 placed in the appBase directory as web application
 archive (WAR) files to be unpacked into a corresponding disk directory
 structure, false to run such web applications directly
-from a WAR file. See
+from a WAR file. The flag's value defaults to true. See

Review comment:
   Shall I change this for all other occurences of the same wording?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] rrodewald commented on pull request #438: Bugfix for 65479 - PasswordValidationCallback does not return result

[GitBox]

rrodewald commented on pull request #438:
URL: https://github.com/apache/tomcat/pull/438#issuecomment-892522194


   The build failure seems unrelated to my changes IMHO.
   ```
   /home/travis/.travis/functions: line 607: 14128 Terminated  
travis_jigger "${!}" "${timeout}" "${cmd[@]}"
   [junit] Test org.apache.tomcat.websocket.TestWsRemoteEndpoint FAILED 
(crashed)
   ```


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] ChristopherSchultz commented on pull request #439: Minimal fixes to documentation of Context and Host

[GitBox]

ChristopherSchultz commented on pull request #439:
URL: https://github.com/apache/tomcat/pull/439#issuecomment-893006283


   To a native English speaker, either one is completely understandable. 
   "The default value is ___" is slightly more clear, but I would actually 
   defer to NON-native English speakers because it may be more 
   understandable to them one way or the other.
   
   I'm happy to listen to the Russian :)
   
   On 8/4/21 08:26, Robert Rodewald wrote:
   > Reviewing...
   > 
   > |1. context.xml L187 `s/docBase/docBase/ `as well 2. I
   > am more used to "The default value is" rather than "The default is".
   > I wonder what wording is better. Tomcat documentation uses both. |
   > 
   >  1. Done
   >  2. I am no native speaker so I do whatever I'm told to do...
   > 
   > —
   > You are receiving this because you are subscribed to this thread.
   > Reply to this email directly, view it on GitHub 
   > , or 
   > unsubscribe 
   > 
.
   > Triage notifications on the go with GitHub Mobile for iOS 
   > 

 
   > or Android 
   > 
.
   > 
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] rrodewald commented on pull request #439: Minimal fixes to documentation of Context and Host

[GitBox]

rrodewald commented on pull request #439:
URL: https://github.com/apache/tomcat/pull/439#issuecomment-892615291






-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] kkolinko commented on pull request #439: Minimal fixes to documentation of Context and Host

[GitBox]

kkolinko commented on pull request #439:
URL: https://github.com/apache/tomcat/pull/439#issuecomment-892610685


   Reviewing...
   1. context.xml L187  `s/docBase/docBase/ `as well
   2. I am more used to "The default value is" rather than "The default is".
   I wonder what wording is better. Tomcat documentation uses both.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.0.x updated: Increment version number for next development cycle

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
 new 9d7dad5  Increment version number for next development cycle
9d7dad5 is described below

commit 9d7dad58e47e28a4e06b358e0f25ffe1f73306e4
Author: Mark Thomas 
AuthorDate: Thu Aug 5 12:15:15 2021 +0200

Increment version number for next development cycle
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index db4fcdb..cac92e1 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -25,7 +25,7 @@
 # - Version Control Flags -
 version.major=10
 version.minor=0
-version.build=10
+version.build=11
 version.patch=0
 version.suffix=-dev
 
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 440b949..6554506 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=10.0.10
+maven.asf.release.deploy.version=10.0.11
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2a87497..cbedbad 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,9 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] rrodewald commented on pull request #439: Minimal fixes to documentation of Context and Host

[GitBox]

rrodewald commented on pull request #439:
URL: https://github.com/apache/tomcat/pull/439#issuecomment-893338812


   If we want to standardize the wording for default values, I would suggest to 
open a new pull request for this, so that the main purpose of the present pull 
request (documentation of the default value of unpackWARs) can be considered as 
done.
   
   Here is an incomplete list of wordings found:
   - Defaults to ...
   - Default [value] is ...
   - The default [value] is ...


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.52

[Konstantin Kolinko]

сб, 31 июл. 2021 г. в 07:35, Rémy Maucherat :
>
> The proposed Apache Tomcat 9.0.52 release is now available for voting.
>
> The notable changes compared to 9.0.52 are:
>
> - Correct a regression in the previous release in the HTTP/2 flow
>control window management
>
> - Correct a regression the could cause some TLS connections to hang when
>using NIO
>
> - Use of GraalVM native images no longer automatically disables JMX
>support.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.52/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1327
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.52
> 4eb8a379747847fd11ab44a54cc108b05eaa82a0
>
> The proposed 9.0.52 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.52 (stable)

Smoke tests OK
Unit tests OK
(64-bit Java 8u292, Java 11.0.11, Java 16.0.1 on Windows 10)

Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65482] Jasper jar contains CVE-2015-8751 vulnerability

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=65482

--- Comment #3 from Konstantin Kolinko  ---
CVE-2015-8751 is about JasPer, a codec library. It has no relation to Apache
Tomcat and its Jasper (JSP engine) component.

https://en.wikipedia.org/wiki/JasPer

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65482] Jasper jar contains CVE-2015-8751 vulnerability

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=65482

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |INVALID

--- Comment #2 from Mark Thomas  ---
Obviously a false positive. The CVE is for a completely unrelated piece of
software.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65482] Jasper jar contains CVE-2015-8751 vulnerability

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=65482

--- Comment #1 from Shruti  ---
Created attachment 37976
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37976&action=edit
Anchore scan report

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r49201 - /dev/tomcat/tomcat-10/v10.0.10/ /release/tomcat/tomcat-10/v10.0.10/

[markt]

Author: markt
Date: Thu Aug  5 08:12:59 2021
New Revision: 49201

Log:
Release Apache Tomcat 10.0.10

Added:
release/tomcat/tomcat-10/v10.0.10/
  - copied from r49200, dev/tomcat/tomcat-10/v10.0.10/
Removed:
dev/tomcat/tomcat-10/v10.0.10/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 65482] New: Jasper jar contains CVE-2015-8751 vulnerability

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=65482

Bug ID: 65482
   Summary: Jasper jar contains CVE-2015-8751 vulnerability
   Product: Tomcat 8
   Version: 8.5.68
  Hardware: All
OS: Linux
Status: NEW
  Severity: blocker
  Priority: P2
 Component: Jasper
  Assignee: dev@tomcat.apache.org
  Reporter: sschinchol...@gmail.com
  Target Milestone: 

Hello,

Jasper jar contains CVE-2015-8751 Vulnerability. We got this vulnerability as
part of the Anchore scan report for Apache Tomcat 8.5.68. Could you please
inform if there is a fix available for this vulnerability. 

apache-tomcat/lib/jasper.jar - CVE-2015-8751 -
https://nvd.nist.gov/vuln/detail/CVE-2015-8751

Thanks in Advance.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE][RESULT] Release Apache Tomcat 10.0.10

[Mark Thomas]

The following votes were cast:

Binding:
+1: isapir, remm, markt

No other votes were cast.

The vote therefore passes.

Thank you to everyone who contributed to this release.

Mark



On 30/07/2021 12:18, Mark Thomas wrote:

The proposed Apache Tomcat 10.0.10 release is now available for
voting.

Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
package for all the specification APIs has changed from javax.* to 
jakarta.*


Applications that run on Tomcat 9 will not run on Tomcat 10 without 
changes. Java EE applications designed for Tomcat 9 and earlier may be 
placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will 
automatically convert them to Jakarta EE and copy them to the webapps 
directory


The notable changes compared to 10.0.8 are:

- Correct a regression in the previous release in the HTTP/2 flow
   control window management

- Correct a regression the could cause some TLS connections to hang when
   using NIO

- Use of GraalVM native images no longer automatically disables JMX
   support.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://ci.apache.org/projects/tomcat/tomcat-10.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.10/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1326

The tag is:
https://github.com/apache/tomcat/tree/10.0.10
74314100023abe6d83bac842f7ef24b9d51e811f

The proposed 10.0.10 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.0.10 (stable)

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org