Delay between release tags and announcement
Hi, Writing this on behalf of the endoflife.date project, where we recently started tracking tomcat releases and support[0]. To track tomcat releases automatically, we are tracking the tags on the GitHub repository[1] which results in this data[2]. I wanted some clarification about the release process, specifically with regards to tagging new releases. I read through the archives, and noticed that the 10.0.23 release is still pending a vote, but it is already tagged: - https://github.com/apache/tomcat/releases/tag/10.0.23 Arch (and its downstream distros) seems have to have already packaged this: https://repology.org/project/tomcat/history. Repology is already marking 10.0.22 as an "outdated" release in this case. A similar delay happened for 9.0.65 as well, where it was tagged (and released downstream) before being announced. I read through the Apache Voting process[3] doc, but it doesn't make a clarification about when the releases should be tagged. What happens if a vote doesn't pass or get vetoed - do the tags get deleted? Perhaps the tagging/voting process should include a rc tag instead of a release tag, so as to avoid getting released downstream accidentally? Thanks, Nemo (Please keep me in cc for replies) [0]: https://endoflife.date/tomcat [1]: https://github.com/apache/tomcat, https://git.apache.org/repos/asf?p=tomcat.git;a=tags [2]: https://github.com/endoflife-date/release-data/blob/main/releases/tomcat.json [3]: https://apache.org/foundation/voting.html#ReleaseVotes - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r55878 - /release/tomcat/tomcat-9/v9.0.64/
Author: remm Date: Thu Jul 21 05:10:47 2022 New Revision: 55878 Log: Drop 9.0.64 Removed: release/tomcat/tomcat-9/v9.0.64/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 9.0.65 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.65. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.65 is a bugfix and feature release. The notable changes compared to 9.0.64 include: - Implement support for repeatable builds. - Update the packaged version of the Tomcat Native Library to 1.2.35. This includes Windows binaries built with OpenSSL 1.1.1q. - Fix CVE-2022-34305, a low severity XSS vulnerability in the Form authentication example. Along with lots of other bug fixes and improvements. Please refer to the change log for the complete list of changes: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html Downloads: https://tomcat.apache.org/download-90.cgi Migration guides from Apache Tomcat 7.x and 8.x: https://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1902895 - in /tomcat/site/trunk/docs/tomcat-9.0-doc: ./ annotationapi/ annotationapi/javax/annotation/ annotationapi/javax/annotation/security/ annotationapi/javax/annotation/sql/ api/ ap
Author: remm Date: Wed Jul 20 21:14:46 2022 New Revision: 1902895 URL: http://svn.apache.org/viewvc?rev=1902895&view=rev Log: Update docs for 9.0.65 [This commit notification would consist of 68 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1902893 - in /tomcat/site/trunk: docs/ xdocs/
Author: remm Date: Wed Jul 20 21:04:37 2022 New Revision: 1902893 URL: http://svn.apache.org/viewvc?rev=1902893&view=rev Log: Update site for 9.0.65 Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf tomcat/site/trunk/docs/download-90.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/migration-9.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/docs/whichversion.html tomcat/site/trunk/xdocs/doap_Tomcat.rdf tomcat/site/trunk/xdocs/download-90.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/migration-9.xml tomcat/site/trunk/xdocs/oldnews.xml tomcat/site/trunk/xdocs/whichversion.xml Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/doap_Tomcat.rdf?rev=1902893&r1=1902892&r2=1902893&view=diff == --- tomcat/site/trunk/docs/doap_Tomcat.rdf (original) +++ tomcat/site/trunk/docs/doap_Tomcat.rdf Wed Jul 20 21:04:37 2022 @@ -67,8 +67,8 @@ Latest Stable 9.0.x Release -2022-06-09 -9.0.64 +2022-07-20 +9.0.65 Modified: tomcat/site/trunk/docs/download-90.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-90.html?rev=1902893&r1=1902892&r2=1902893&view=diff == --- tomcat/site/trunk/docs/download-90.html (original) +++ tomcat/site/trunk/docs/download-90.html Wed Jul 20 21:04:37 2022 @@ -10,7 +10,7 @@ Quick Navigation -[define v]9.0.64[end] +[define v]9.0.65[end] https://downloads.apache.org/tomcat/tomcat-9/KEYS";>KEYS | [v] | Browse | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1902893&r1=1902892&r2=1902893&view=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Wed Jul 20 21:04:37 2022 @@ -34,6 +34,27 @@ wiki page. Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation. +2022-07-20 Tomcat 9.0.65 Released + +The Apache Tomcat Project is proud to announce the release of version 9.0.65 +of Apache Tomcat. This release implements specifications that are part of the +Java EE 8 platform. The notable changes compared to 9.0.64 include: + +Implement support for repeatable builds. +Update the packaged version of the Tomcat Native Library to 1.2.35. +This includes Windows binaries built with OpenSSL 1.1.1q. +Fix CVE-2022-34305, a low severity XSS vulnerability in the Form +authentication example. + + +Full details of these changes, and all the other changes, are available in the +Tomcat 9 +changelog. + + + +https://tomcat.apache.org/download-90.cgi";>Download + 2022-07-20 Tomcat 10.1.0-M17 (beta) Released The Apache Tomcat Project is proud to announce the release of version 10.1.0-M17 @@ -179,31 +200,6 @@ changelog. https://tomcat.apache.org/download-10.cgi";>Download -2022-06-09 Tomcat 9.0.64 Released - -The Apache Tomcat Project is proud to announce the release of version 9.0.64 -of Apache Tomcat. This release implements specifications that are part of the -Java EE 8 platform. The notable changes compared to 9.0.63 include: - -Correct a regression in the support added for encrypted PKCS#1 -formatted private keys in the previous release that broke support -for unencrypted PKCS#1 formatted private keys. -Increase the default buffer size for cluster messages from 43800 -to 65536 bytes. This is expected to improve performance for large -messages when running on Linux based systems. -When using TLS with non-blocking writes and the NIO connector, -ensure that flushing the buffers attempts to empty all of the -output buffers. - - -Full details of these changes, and all the other changes, are available in the -Tomcat 9 -changelog. - - - -https://tomcat.apache.org/download-90.cgi";>Download - 2020-03-06 Tomcat Connectors 1.2.48 Released The Apache Tomcat Project is proud to announce the release of version 1.2.48 of Modified: tomcat/site/trunk/docs/migration-9.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-9.html?rev=1902893&r1=1902892&r2=1902893&view=diff == --- tomcat/site/trunk/docs/migration-9.html (original) +++ tomcat/site/trunk/docs/migration-9.html Wed Jul 20 21:04:37 2022 @@ -445,7 +445,8 @@ of Apache Tomcat. 9.0.59 9.0.60 9.0.62 -9.0.63 +9.0.63 +9.0.64 , new version: 9.0.0-M1 @@ -514,7 +515,8 @@ of Apache Tomcat. 9.0.60 9.0.62 9.0.63 -9.0.64 +9.0.64 +9.0.65 trunk (unreleased) Modified: tomcat/site/trunk/docs
[tomcat] branch 9.0.x updated: Next is 9.0.66.
This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 2b6f1c1efa Next is 9.0.66. 2b6f1c1efa is described below commit 2b6f1c1efae97f135794ddb5ffdfac9785cbbba2 Author: remm AuthorDate: Wed Jul 20 22:35:36 2022 +0200 Next is 9.0.66. --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index 2330ddeeba..bc51bd99de 100644 --- a/build.properties.default +++ b/build.properties.default @@ -31,7 +31,7 @@ # - Version Control Flags - version.major=9 version.minor=0 -version.build=65 +version.build=66 version.patch=0 version.suffix= version.dev=-dev diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index eddb25bb95..8297385271 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=9.0.65 +maven.asf.release.deploy.version=9.0.66 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index b7a3988de9..8da9d71bb5 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r55875 - /dev/tomcat/tomcat-9/v9.0.65/ /release/tomcat/tomcat-9/v9.0.65/
Author: remm Date: Wed Jul 20 20:24:12 2022 New Revision: 55875 Log: Release Apache Tomcat 9.0.65 Added: release/tomcat/tomcat-9/v9.0.65/ - copied from r55874, dev/tomcat/tomcat-9/v9.0.65/ Removed: dev/tomcat/tomcat-9/v9.0.65/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 9.0.65
The following votes were cast: Binding: +1: remm, jfclere, csutherl Non-binding: +1: Han Li The vote therefore passes. Thanks to everyone who contributed to this release. Remy On Thu, Jul 14, 2022 at 3:17 PM Rémy Maucherat wrote: > > The proposed Apache Tomcat 9.0.65 release is now available for voting. > > The notable changes compared to 9.0.64 are: > > - Implement support for repeatable builds. > > - Update the packaged version of the Tomcat Native Library to 1.2.35. >This includes Windows binaries built with OpenSSL 1.1.1q. > > - Fix CVE-2022-34305, a low severity XSS vulnerability in the Form >authentication example. > > Along with lots of other bug fixes and improvements. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.65/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1384 > The tag is: > https://github.com/apache/tomcat/tree/9.0.65 > c443b393281c7eee5d6a95977c4faeed28906bdf > > The proposed 9.0.65 release is: > [ ] Broken - do not release > [ ] Stable - go ahead and release as 9.0.65 (stable) > > Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.0.23
Ping. We need one more PMC vote for this release. Mark On 14/07/2022 10:25, Mark Thomas wrote: The proposed Apache Tomcat 10.0.23 release is now available for voting. Apache Tomcat 10.0.x implements Jakarta EE 9 and, as such, the primary package for all the specification APIs has changed from javax.* to jakarta.* Applications that run on Tomcat 9 will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory The notable changes compared to 10.0.22 are: - Implement support for repeatable builds - Update the packaged version of the Tomcat Native Library to 1.2.35. This includes Windows binaries built with with OpenSSL 1.1.1q. - Fix CVE-2022-34305, a low severity XSS vulnerability in the Form authentication example Along with lots of other bug fixes and improvements. For full details, see the changelog: https://nightlies.apache.org/tomcat/tomcat-10.0.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.23/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1383 The tag is: https://github.com/apache/tomcat/tree/10.0.23 cda46e050e09bd394c82ba874633367f80eeb259 The proposed 10.0.23 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 10.0.23 (stable) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 10.1.0-M17 (beta) available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M17 (beta). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specifications. The Jakarta EE specifications implemented by Tomcat 10.1.x are now final and Tomcat's implementation of those specifications is complete. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use. Apache Tomcat 10.1.0-M17 is a milestone release of the 10.1.x branch and has been made to provide users with early access to the new features in Apache Tomcat 10.1.x so that they may provide feedback. The notable changes compared to 10.1.0-M16 include: - Implement support for repeatable builds - Update the packaged version of the Tomcat Native Library to 2.0.1. This includes Windows binaries built with with OpenSSL 3.0.5. - Update experimental Panama modules with support for OpenSSL 3.0+. OpenSSL 1.1 remains supported. Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-10.1-doc/changelog.html Downloads: http://tomcat.apache.org/download-10.cgi Migration guides from Apache Tomcat 7.0.x, 8.5.x and 9.0.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1902887 - in /tomcat/site/trunk: docs/download-10.html docs/index.html docs/migration-10.1.html docs/oldnews.html docs/whichversion.html xdocs/download-10.xml xdocs/index.xml xdocs/migrat
Author: markt Date: Wed Jul 20 18:20:18 2022 New Revision: 1902887 URL: http://svn.apache.org/viewvc?rev=1902887&view=rev Log: Update site for 10.1.0-M17 release Modified: tomcat/site/trunk/docs/download-10.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/migration-10.1.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/docs/whichversion.html tomcat/site/trunk/xdocs/download-10.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/migration-10.1.xml tomcat/site/trunk/xdocs/oldnews.xml tomcat/site/trunk/xdocs/whichversion.xml Modified: tomcat/site/trunk/docs/download-10.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-10.html?rev=1902887&r1=1902886&r2=1902887&view=diff == --- tomcat/site/trunk/docs/download-10.html (original) +++ tomcat/site/trunk/docs/download-10.html Wed Jul 20 18:20:18 2022 @@ -20,7 +20,7 @@ Quick Navigation [define v]10.0.22[end] -[define w]10.1.0-M16[end] +[define w]10.1.0-M17[end] https://downloads.apache.org/tomcat/tomcat-10/KEYS";>KEYS | [v] | [w] (beta) | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1902887&r1=1902886&r2=1902887&view=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Wed Jul 20 18:20:18 2022 @@ -34,6 +34,36 @@ wiki page. Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation. +2022-07-20 Tomcat 10.1.0-M17 (beta) Released + +The Apache Tomcat Project is proud to announce the release of version 10.1.0-M17 +of Apache Tomcat. This release is a milestone release and is targeted at Jakarta +EE 10. +Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 +without changes. Java EE based applications designed for Tomcat 9 and earlier +may be placed in the $CATALINA_BASE/webapps-javaee directory and +Tomcat will automatically convert them to Jakarta EE and copy them to the +webapps directory. This conversion is performed using the +https://github.com/apache/tomcat-jakartaee-migration";>Apache Tomcat +migration tool for Jakarta EE tool which is also available as a separate +https://tomcat.apache.org/download-migration.cgi";>download for off-line use. +The notable changes in this release are: + +Implement support for repeatable builds. +Update the packaged version of the Tomcat Native Library to 2.0.1. This +includes Windows binaries built with with OpenSSL 3.0.5. +Update experimental Panama modules with support for OpenSSL 3.0+. OpenSSL +1.1 remains supported. + + +Full details of these changes, and all the other changes, are available in the +Tomcat 10.1 +(beta) changelog. + + + +https://tomcat.apache.org/download-10.cgi";>Download + 2022-07-12 Tomcat Native 2.0.1 Released The Apache Tomcat Project is proud to announce the release of version 2.0.1 of @@ -174,40 +204,6 @@ changelog. https://tomcat.apache.org/download-90.cgi";>Download -2022-06-09 Tomcat 10.1.0-M16 (beta) Released - -The Apache Tomcat Project is proud to announce the release of version 10.1.0-M16 -of Apache Tomcat. This release is a milestone release and is targeted at Jakarta -EE 10. -Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 -without changes. Java EE based applications designed for Tomcat 9 and earlier -may be placed in the $CATALINA_BASE/webapps-javaee directory and -Tomcat will automatically convert them to Jakarta EE and copy them to the -webapps directory. This conversion is performed using the -https://github.com/apache/tomcat-jakartaee-migration";>Apache Tomcat -migration tool for Jakarta EE tool which is also available as a separate -https://tomcat.apache.org/download-migration.cgi";>download for off-line use. -The notable changes in this release are: - -Refactor synchronization blocks locking on SocketWrapper to use -ReentrantLock to support users wishing to experiment with project -Loom. -Correct a regression in the support added for encrypted PKCS#1 -formatted private keys in the previous release that broke support -for unencrypted PKCS#1 formatted private keys. -Increase the default buffer size for cluster messages from 43800 - to 65536 bytes. This is expected to improve performance for large - messages when running on Linux based systems. - - -Full details of these changes, and all the other changes, are available in the -Tomcat 10.1 -(beta) changelog. - - - -https://tomcat.apache.org/download-10.cgi";>Download - 2020-03-06 Tomcat Connectors 1.2.48 Released The Apache Tomcat Project is proud to announce the release of version 1.2.48 of Modified: tomcat/site/trunk/docs/migration-10.1.html URL: http://svn.apache.org/viewvc/tomcat/si
svn commit: r1902886 - in /tomcat/site/trunk: ./ docs/tomcat-10.1-doc/ docs/tomcat-10.1-doc/annotationapi/ docs/tomcat-10.1-doc/annotationapi/jakarta/annotation/ docs/tomcat-10.1-doc/annotationapi/jak
Author: markt Date: Wed Jul 20 18:19:27 2022 New Revision: 1902886 URL: http://svn.apache.org/viewvc?rev=1902886&view=rev Log: Update docs for 10.1.0-M17 release [This commit notification would consist of 78 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Increment version for next dev cycle. Add release date for 10.1.0-M17
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 20b98b80cc Increment version for next dev cycle. Add release date for 10.1.0-M17 20b98b80cc is described below commit 20b98b80ccff43f6cd91c8f756e5e31fe330e775 Author: Mark Thomas AuthorDate: Wed Jul 20 18:42:44 2022 +0100 Increment version for next dev cycle. Add release date for 10.1.0-M17 --- build.properties.default | 2 +- res/maven/mvn.properties.default | 2 +- webapps/docs/changelog.xml | 4 +++- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/build.properties.default b/build.properties.default index acdfb5dc02..1a7b0a2b3a 100644 --- a/build.properties.default +++ b/build.properties.default @@ -33,7 +33,7 @@ version.major=10 version.minor=1 version.build=0 version.patch=0 -version.suffix=-M17 +version.suffix=-M18 version.dev=-dev # - Build tools - diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default index 3d2abafa0c..62335290dc 100644 --- a/res/maven/mvn.properties.default +++ b/res/maven/mvn.properties.default @@ -39,7 +39,7 @@ maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d maven.asf.release.repo.repositoryId=apache.releases.https # Release version info -maven.asf.release.deploy.version=10.1.0-M17 +maven.asf.release.deploy.version=10.1.0-M18 #Where do we load the libraries from tomcat.lib.path=../../output/build/lib diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 4bce2710b5..adf784ccb6 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -104,7 +104,9 @@ They eventually become mixed with the numbered issues (i.e., numbered issues do not "pop up" wrt. others). --> - + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r55870 - /dev/tomcat/tomcat-10/v10.1.0-M17/ /release/tomcat/tomcat-10/v10.1.0-M17/
Author: markt Date: Wed Jul 20 17:38:44 2022 New Revision: 55870 Log: Release Apache Tomcat 10.1.0-M17 Added: release/tomcat/tomcat-10/v10.1.0-M17/ - copied from r55869, dev/tomcat/tomcat-10/v10.1.0-M17/ Removed: dev/tomcat/tomcat-10/v10.1.0-M17/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 10.1.0-M17
The following votes were cast: Binding: +1: markt, remm, jfclere Non-binding: +1: Han Li The vote therefore passes. Thanks to everyone who contributed to this release. Mark On 13/07/2022 22:57, Mark Thomas wrote: The proposed Apache Tomcat 10.1.0-M17 release is now available for voting. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. The notable changes compared to 10.1.0-M16 are: - Implement support for repeatable builds - Update the packaged version of the Tomcat Native Library to 2.0.1. This includes Windows binaries built with with OpenSSL 3.0.5. - Update experimental Panama modules with support for OpenSSL 3.0+. OpenSSL 1.1 remains supported. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.0-M17/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1382 The tag is: https://github.com/apache/tomcat/tree/10.1.0-M17 7a261dff58bc9581317c400b5c0fa4f7ae371fda The proposed 10.1.0-M17 release is: [ ] Broken - do not release [ ] Beta - go ahead and release as 10.1.0-M17 (beta) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: tcnative crashes during shutdown (TC 10.x unit tests)
Hi Jean-Frederic, Am 20.07.2022 um 08:47 schrieb jean-frederic clere: On 20/07/2022 00:16, Rainer Jung wrote: Roughly the same pattern I saw for TC 10.0 now also seen for TC 10.1. May be something wrong in apr? Which apr version are you using? - the same APR library for tcnative 1.2.35 and 2.0.1 - the same tcnative plus APR for TC 9.x and 10.x. Observer crashes for TC 10, but not for TC 9. - APR version is 1.7.0 plus r1878355, r1877195, r1872035, r1891198: *) Restore fix for out-of-bounds array dereference in apr_time_exp*() functions. (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and later 1.6.x releases, but was missing in 1.7.0.) [Stefan Sperling] *) Don't silently set APR_FOPEN_NOCLEANUP for apr_file_mktemp() created file to avoid a fd and inode leak when/if later passed to apr_file_setaside(). [Yann Ylavic] *) Address some warnings raised by MSVC-32/64. *) Avoid an overflow on 32 bit platforms. [René Hjortskov Nielsen ] I think for the current topic it is just as good as 1.7.0 without the four patches. Regards, Rainer Am 18.07.2022 um 12:09 schrieb Rainer Jung: Hi there, this is just an info, at this point probably not a showstopper. The topic is crashes in tcnative 1.2 and 2.0 for TC 10.0 during shutdown after TLS unit tests. Details: I ran the TC unit tests for latest 9.x, 10.x and 10.1.x with tcnative 1.2.35 OpenSSL 1.1.1q, 1.2.35 OpenSSL 3.0.2 and 2.0.1 OpenSSL 3.0.2. I ran the test for a variety of OpenJDK builds (Adoptium, Zulu, Oracle, RedHat) and versions (latest 1.8.0 except for 10.1, 11, 17 and current 19). The platforms where SLES 11, 12 and 15 and RHEL 6, 7 and 8. For RHEL 7 and 8 there were 48 runs, for the other platforms 39 (no RedHat JDK). I only ran about 150 test classes (for NIO and also for NIO2), because I also ran the full unit tests (about 450 classes) for JSSE and didn't want to rerun all tests for time and efficiency reasons. For TC 10 I observed crashes in TLS tests during shutdown: Out of the roughly 250 test runs, 5 produced such a crash. For TC 9 I did not observe a single one. Tests for TC 10.1 are ongoing, until now no crash, but it is a bit early for a final result. I think the crashes are not new. All hapened in the TLS tests in org.apache.tomcat.util.net. The list of crashes I saw for TC 10.0.23: RHEL7 jdk1.8.0 tcnative 1.2.35 OpenSSL 3.0.2 org.apache.tomcat.util.net.TestSsl FAILED (crashed) openjdk version "1.8.0_332-ea" OpenJDK Runtime Environment (build 1.8.0_332-ea-b06) OpenJDK 64-Bit Server VM (build 25.332-b06, mixed mode) double free or corruption (!prev): 0x7f473c19df50 === Backtrace: = /lib64/libc.so.6(+0x7d56d)[0x7f4742aa456d] /.../tcnative-deps/libapr-1.so.0(apr_allocator_destroy+0x1d)[0x7f472871923d] /.../tcnative-deps/libapr-1.so.0(apr_pool_terminate+0x30)[0x7f4728719c10] [0x7f472d018427] RHEL7 jdk17 tcnative 1.2.35 OpenSSL 1.1.1q org.apache.tomcat.util.net.TestCustomSslTrustManager FAILED (crashed) openjdk version "17.0.2" 2022-01-18 OpenJDK Runtime Environment (build 17.0.2+8-86) OpenJDK 64-Bit Server VM (build 17.0.2+8-86, mixed mode, sharing) corrupted double-linked list: 0x7f6bb8001d10 === Backtrace: = /lib64/libc.so.6(+0x7bfc7)[0x7f6bf481dfc7] /lib64/libc.so.6(+0x7d774)[0x7f6bf481f774] /.../tcnative-deps/libapr-1.so.0(apr_allocator_destroy+0x1d)[0x7f6bc543223d] /.../tcnative-deps/libapr-1.so.0(apr_pool_terminate+0x30)[0x7f6bc5432c10] [0x7f6bd572249a] SLES11 oracle_jdk1.8.0 tcnative 2.0.1 OpenSSL 3.0.2 org.apache.tomcat.util.net.TestSsl FAILED (crashed) java version "1.8.0_331" Java(TM) SE Runtime Environment (build 1.8.0_331-b09) Java HotSpot(TM) 64-Bit Server VM (build 25.331-b09, mixed mode) double free or corruption (!prev): 0x7fbf88c1de10 === Backtrace: = /lib64/libc.so.6(+0x75018)[0x7fbf87b35018] /lib64/libc.so.6(cfree+0x6c)[0x7fbf87b39f6c] /.../tcnative-deps/libapr-1.so.0(apr_allocator_destroy+0x1d)[0x7fbf718a5aad] /.../tcnative-deps/libapr-1.so.0(apr_pool_terminate+0x34)[0x7fbf718a66f4] [0x7fbf770264a7] SLES11 jdk11 tcnative 1.2.35 OpenSSL 1.1.1q org.apache.tomcat.util.net.TestSsl FAILED (crashed) openjdk version "11.0.15" 2022-04-19 OpenJDK Runtime Environment 18.9 (build 11.0.15+10) OpenJDK 64-Bit Server VM 18.9 (build 11.0.15+10, mixed mode) double free or corruption (!prev): 0x7f4f6bb93040 === Backtrace: = /lib64/libc.so.6(+0x75018)[0x7f4f6a171018] /lib64/libc.so.6(cfree+0x6c)[0x7f4f6a175f6c] /.../tcnative-deps/libapr-1.so.0(apr_allocator_destroy+0x1d)[0x7f4f49403aad] /.../tcnative-deps/libapr-1.so.0(apr_pool_terminate+0x34)[0x7f4f494046f4] [0x7f4f508b88b0] RHEL 8 Adoptium jdk11 tcnative 1.2.35 OpenSSL 1.1.1q Test org.apache.tomcat.util.net.TestClientCert FAILED (crashed) Since they are rare and happen in various tests and version combinations, it seems the general shutdown behavior w.r.t. the library is not yet perfect. Once the tests for 10.1 complet
Re: [VOTE] Release Apache Tomcat 9.0.65
On Thu, Jul 14, 2022 at 9:17 AM Rémy Maucherat wrote: > The proposed Apache Tomcat 9.0.65 release is now available for voting. > > The notable changes compared to 9.0.64 are: > > - Implement support for repeatable builds. > > - Update the packaged version of the Tomcat Native Library to 1.2.35. >This includes Windows binaries built with OpenSSL 1.1.1q. > > - Fix CVE-2022-34305, a low severity XSS vulnerability in the Form >authentication example. > > Along with lots of other bug fixes and improvements. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.65/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1384 > The tag is: > https://github.com/apache/tomcat/tree/9.0.65 > c443b393281c7eee5d6a95977c4faeed28906bdf > > The proposed 9.0.65 release is: > [ ] Broken - do not release > [x] Stable - go ahead and release as 9.0.65 (stable) > +1, LGTM on Fedora 36 > Rémy > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
[GitHub] [tomcat] aooohan commented on pull request #532: Don't perform protection checks in Unix Domain Socket mode
aooohan commented on PR #532: URL: https://github.com/apache/tomcat/pull/532#issuecomment-1189954168 > The cleanup in NIO is still limited (on purpose): it is only cleaned up if the socket was created successfully by the connector, and it anything fails really badly it will stay there. Thanks for your reply. Indeed, the cleanup does have limitations. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] aooohan commented on pull request #532: Don't perform protection checks in Unix Domain Socket mode
aooohan commented on PR #532: URL: https://github.com/apache/tomcat/pull/532#issuecomment-1189948078 > > We noticed the the socket file doesn't seem to get cleaned up, despite the documentation indicating it should. As a workaround, we have the systemd unit remove the file after Tomcat stops. We are trying to root cause this in Tomcat code and see if we can figure out whats wrong. > > @exabrial I also noticed this problem. I found that the automatic cleaning of UDS file was implemented in NioEndpoint, and I didn't find any logic about it in AprEndpoint. @exabrial Aha, i found it! The cleanup function is implemented in tc-native, you can take a look at this https://github.com/apache/tomcat-native/blob/a3498fa0992ac37c7358e00d1555395b52762e9b/xdocs/index.xml#L180 and https://github.com/apache/tomcat-native/commit/a3498fa0992ac37c7358e00d1555395b52762e9b -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] rmaucher commented on pull request #532: Don't perform protection checks in Unix Domain Socket mode
rmaucher commented on PR #532: URL: https://github.com/apache/tomcat/pull/532#issuecomment-1189940447 The cleanup in NIO is still limited (on purpose): it is only cleaned up if the socket was created successfully by the connector, and it anything fails really badly it will stay there. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] aooohan commented on pull request #532: Don't perform protection checks in Unix Domain Socket mode
aooohan commented on PR #532: URL: https://github.com/apache/tomcat/pull/532#issuecomment-1189933250 > We noticed the the socket file doesn't seem to get cleaned up, despite the documentation indicating it should. As a workaround, we have the systemd unit remove the file after Tomcat stops. We are trying to root cause this in Tomcat code and see if we can figure out whats wrong. @exabrial I also noticed this problem. I found that the automatic cleaning of UDS file was implemented in NioEndpoint, and I didn't find any logic about it in AprEndpoint. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org