Re: [VOTE] Release Apache Tomcat 9.0.82

2023-10-11 Thread Coty Sutherland 
On Wed, Oct 11, 2023 at 9:38 AM Rémy Maucherat  wrote:

> The proposed Apache Tomcat 9.0.82 release is now available for voting.
>
> The notable changes compared to 9.0.81 are:
>
> - Correct a regression in 9.0.81 that broke the Tomcat JBDC
>connection pool
>
> - Correct a regression in 9.0.81 that broke HTTP compression
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.82/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1461
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.82
> e3b341d78d8db0f74d8989412eb28cdc39b2c251
>
> The proposed 9.0.82 release is:
> [ ] -1, Broken - do not release
> [x] +1, Stable - go ahead and release as 9.0.82


+1

Re: [VOTE] Release Apache Tomcat 9.0.81

2023-10-09 Thread Coty Sutherland 
On Mon, Oct 9, 2023 at 5:36 PM Rémy Maucherat  wrote:

> The proposed Apache Tomcat 9.0.81 release is now available for voting.
>
> The notable changes compared to 9.0.80 are:
>
> - Provide a lifecycle listener that will automatically
>   reload TLS configurations a set time before the certificate is due to
>   expire. This is intended to be used with third-party tools that
>   regularly renew TLS certificates.
>
> - Align validation of HTTP trailer fields with standard fields.
>
> - Improvements to HTTP/2 overhead protection.
>
> - Improve performance of EL expressions in JSPs that use
>   implicit objects.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.81/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1455
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.81
> 90a0120a60faf9a3a657b113a7e2cdda2112be91
>
> The proposed 9.0.81 release is:
> [ ] -1, Broken - do not release
> [x] +1, Stable - go ahead and release as 9.0.81
>

Looks good on Fedora 38 with OpenJDK 17.

Re: [VOTE] Release Apache Tomcat 11.0.0-M12

2023-10-09 Thread Coty Sutherland 
On Mon, Oct 9, 2023 at 9:22 PM Coty Sutherland  wrote:

>
>
> On Mon, Oct 9, 2023 at 5:42 PM Mark Thomas  wrote:
>
>> The proposed Apache Tomcat 11.0.0-M12 release is now available for
>> voting.
>>
>> Apache Tomcat 11.0.0-M12 is a milestone release of the 11.0.x branch and
>> has been made to provide users with early access to the new features in
>> Apache Tomcat 11.0.x so that they may provide feedback. The notable
>> changes compared to the previous milestone include:
>>
>> - Provide a lifecycle listener that will automatically
>>reload TLS configurations a set time before the certificate is due to
>>expire. This is intended to be used with third-party tools that
>>regularly renew TLS certificates.
>>
>> - Remove support for HTTP/2 server push
>>
>> - Update Tomcat Native to 2.0.6 to pick up Windows binaries built with
>>OpenSSL 3.0.11
>>
>> For full details, see the change log:
>> https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html
>>
>> Applications that run on Tomcat 9 and earlier will not run on Tomcat 11
>> without changes. Java EE applications designed for Tomcat 9 and earlier
>> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
>> will automatically convert them to Jakarta EE and copy them to the
>> webapps directory. Applications using deprecated APIs may require
>> further changes.
>>
>> It can be obtained from:
>> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M12/
>>
>> The Maven staging repo is:
>> https://repository.apache.org/content/repositories/orgapachetomcat-1456
>>
>> The tag is:
>> https://github.com/apache/tomcat/tree/11.0.0-M12
>> 5a67c7c58d8caf24969093e6423b7f0b43df2f6a
>>
>>
>> The proposed 11.0.0-M12 release is:
>> [ ] -1 Broken - do not release
>> [x] +1 Alpha  - go ahead and release as 11.0.0-M12
>>
>
> Unit tests pass on Fedora 38 with OpenJDK 17.
>

Er, I meant OpenJDK 21 :)

Re: [VOTE] Release Apache Tomcat 10.1.14

2023-10-09 Thread Coty Sutherland 
On Mon, Oct 9, 2023 at 6:19 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> The proposed Apache Tomcat 10.1.14 release is now available for
> voting.
>
> The notable changes compared to 10.1.13 are:
>
> - Update Tomcat Native to 1.2.39 to pick up Windows binaries built with
>OpenSSL 3.0.11.
>
> - Provide a lifecycle listener that will automatically reload TLS
>configurations a set time before the certificate is due to expire.
>This is intended to be used with third-party tools that regularly
>renew TLS certificates.
>
> - Improve performance of EL expressions in JSPs that use implicit
>objects.
>
> - Several improvements to thread safety and recycling cleanup.
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.14/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1459
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.14
> 5feba31fa86b38bd645bf9cc1ddee883ad7bc6a4
>
> The proposed 10.1.14 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 10.1.14
>

+1, unit tests pass on Fedora 38 with OpenJDK 17.

Re: [VOTE] Release Apache Tomcat 11.0.0-M12

2023-10-09 Thread Coty Sutherland 
On Mon, Oct 9, 2023 at 5:42 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 11.0.0-M12 release is now available for
> voting.
>
> Apache Tomcat 11.0.0-M12 is a milestone release of the 11.0.x branch and
> has been made to provide users with early access to the new features in
> Apache Tomcat 11.0.x so that they may provide feedback. The notable
> changes compared to the previous milestone include:
>
> - Provide a lifecycle listener that will automatically
>reload TLS configurations a set time before the certificate is due to
>expire. This is intended to be used with third-party tools that
>regularly renew TLS certificates.
>
> - Remove support for HTTP/2 server push
>
> - Update Tomcat Native to 2.0.6 to pick up Windows binaries built with
>OpenSSL 3.0.11
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 11
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory. Applications using deprecated APIs may require
> further changes.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M12/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1456
>
> The tag is:
> https://github.com/apache/tomcat/tree/11.0.0-M12
> 5a67c7c58d8caf24969093e6423b7f0b43df2f6a
>
>
> The proposed 11.0.0-M12 release is:
> [ ] -1 Broken - do not release
> [x] +1 Alpha  - go ahead and release as 11.0.0-M12
>

Unit tests pass on Fedora 38 with OpenJDK 17.


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Tomcat's fork of Commons File Upload

2023-09-15 Thread Coty Sutherland 
On Fri, Sep 15, 2023 at 8:43 AM Rémy Maucherat  wrote:

> On Fri, Sep 15, 2023 at 2:38 PM Mark Thomas  wrote:
> >
> > All,
> >
> > Since the introduction of multi-part upload support in Servlet 3 (Tomcat
> > 7), Tomcat has used a package renamed fork of Commons FileUpload to
> > provide that support.
> >
> > Recently, FileUpload has undergone some major refactoring for 2.x to
> > modularise it to support different versions of the Servlet
> > specification, primarily Java EE vs Jakarta EE. As part of that, the
> > minimum Java version for 2.x is Java 11.
> >
> > The code Tomcat is currently based on is now the essentially 1.x branch.
> > This was created from the 1.4 release so Tomcat currently has a few
> > changes that were not applied to that branch. The minimum Java version
> > for this branch is Java 6.
> >
> > I have spent the last couple of hours looking at updating Tomcat 11.0.x
> > to the 2.x FileUpload code. It is doable, but we'll need to bring in
> > most of Commons IO as well which is about another 500k.
> >
> > Given the minimum Java version requirements, Tomcat 8.5.x and 9.0.x will
> > need to remain based on FileUpload 1.x.
> >
> > Tomcat 10.1.x and Tomcat 11.0.x could opt to remain based on FileUpload
> > 1.x or switch to 2.x.
> >
> > We need to decide what to do.
> >
> > Since we have little choice for Tomcat 8.5.x and 9.0.x, I will be
> > aligning these branches with FileUpload 1.x first.
> >
> > I'm not a huge fan of pulling a large chunk of Commons IO or on making
> > sufficient changes to our fork so we don't have to. I am therefore
> > currently planning on aligning 10.1.x and 11.0.x with FileUpload 1.x as
> > well.
> >
> > I do intend to see if there are changes from FileUpload 2.x that are
> > worth cherry-picking into Tomcat (and FileUpload 1.x) if minimum Java
> > versions permit.
> >
> > All that said, the Jakarta EE Migration tool already includes a package
> > renamed copy of Commons IO (as well as Lang and Compress) so there might
> > be something we co do there - maybe a new Commons forks JAR?
> >
> > Thoughts?
>
> +1 on staying with fileupload 1.x for all branches then, for the time
> being. 11 could move to 2.x eventually it seems.
>

+1

Re: [VOTE] Release Apache Tomcat 9.0.76

2023-06-06 Thread Coty Sutherland 
On Mon, Jun 5, 2023 at 3:49 AM Rémy Maucherat  wrote:

> The proposed Apache Tomcat 9.0.76 release is now available for voting.
>
> The notable changes compared to 9.0.75 are:
>
> - Add support for virtual threads. (Java 21+ only)
>
> - Update HTTP/2 to use the RFC-9218 prioritization scheme.
>
> - Deprecate the xssProtectionEnabled from HttpHeaderSecurityFilter
>and set the default value to false.
>
> - Update Tomcat Native to 2.0.4 which includes binaries for Windows
>built with OpenSSL 3.0.9.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.76/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1440
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.76
> ff0629ca2bd82d6bff5245c02b42d932149df34d
> b6eac326b5
>
> The proposed 9.0.76 release is:
> [ ] -1, Broken - do not release
> [x] +1, Stable - go ahead and release as 9.0.76
>

Test pass on Fedora 36.


> Rémy
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Java 21 and virtual threads

2023-05-05 Thread Coty Sutherland 
On Thu, May 4, 2023 at 8:37 AM Mark Thomas  wrote:

> Hi all,
>
> The latest Java 21 EA build has moved virtual threads (from project
> Loom) out of preview. How do we want to handle this in Tomcat 11? Recall
> that Jakarta EE 11 has set Java 21 as the minimum version.
>
> I think we have the following options:
>
> 1. Stick with Java 17 as the minimum version and don't provide virtual
> thread functionality.
>
> 2. Stick with Java 17 as the minimum version and provide virtual thread
> functionality via the JreCompat module.
>
> 3. Increase minimum Java version to Java 21 for Tomcat 11 and provide
> virtual thread functionality.
>
> I am currently leaning towards 3 but could live with 2.
>
> Thoughts? Other options?
>

+1 for option 3.

Re: tomcat-native v2.0+ breaks unix domain socket support on java16-

2023-03-07 Thread Coty Sutherland 
Hi there,

On Mon, Mar 6, 2023 at 6:01 PM Graham Leggett 
wrote:

> Hi all,
>
> A while back I added unix domain socket support to tomcat-native, and
> patched tomcat to use it until java16 is available.
>
> Unfortunately unix domain socket support was removed from tomcat-native
> 2.0+, and now tomcat-native 2.0+ is appearing in distros, meaning that unix
> domain socket support just broke.
>
> https://tomcat.apache.org/native-doc/miscellaneous/changelog.html
>
> "Remove all API methods (and supporting code) that are not used by Tomcat
> 10.1.x to support the use of OpenSSL as a replacement for JSSE to provide
> TLS functionality. (markt)”
>
> Is there a way to fix this, or has tomcat just broken everything for
> anyone in a RHEL environment?
>

"tomcat" has broken nothing ;)

Assuming that you're using tomcat-native from EPEL 9 (because that's the
only place to get tomcat-native for RHEL at the moment), the only option is
to downgrade to the build from Aug 2022 (tomcat-native-1.2.35-1.el9). I
reopened a similar issue https://bugzilla.redhat.com/show_bug.cgi?id=2124703
to address this; please watch/engage there with any more questions/comments
(unless they are purely tomcat/tomcat-native related). Also, if you feel
that you want to document your unique problem in more detail, you can
comment or open a new bugzilla issue against Fedora EPEL 9 too.

Apologies for the inconvenience.


> Regards,
> Graham
> —
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Regarding IDE configuration files

2023-02-06 Thread Coty Sutherland 
On Sat, Feb 4, 2023 at 5:21 AM Mark Thomas  wrote:

>
> 4 Feb 2023 04:17:29 Bailey Brownie :
>
> > Hi all,
> >
> > Recently, when setting up Tomcat for development with the Eclipse IDE,
> > I noticed that the configuration files that come with Tomcat had
> > multiple hard-coded (and outdated) references to some dependencies.
>
> Sorry. That is probably me forgetting to update those files.
>
> > Is it a good idea to handle class path configuration for IDEs by using
> > a filterset when copying the config files in the IDE build targets? Are
> > there any potential downsides to this approach?
>
> Excellent idea. No downside I can think of.
>

+1

Re: [DISCUSS] EOL date for 8.5.x

2022-10-20 Thread Coty Sutherland 
On Fri, Oct 7, 2022 at 5:28 AM Mark Thomas  wrote:

> Hi all,
>
> I don't think there is a need to make a decision on this quickly, but
> based on past experience and the current discussions about Jakarta EE 11
> I think this is something we need to start thinking about.
>
> Some key facts:
>
> - Tomcat 7.0.x reached EOL on 31 March 2021
> - EOL dates for major versions tend to be 3-4 years apart
> - We aim to support 3 major versions in parallel - currently 8.5.x,
>9.0.x and 10.1.x.
> - Tomcat 11 will implement Jakarta EE 11
> - Current Jakarta EE discussions are around a release in ~1 year
> - Ideally, Tomcat 8.5.x EOL would be just after Tomcat 11 is declared
>stable
>
> Based on the above I think EOL for 8.5.x should be either 31 March 2024
> or 30 Sept 2024 depending on when we think Jakarta EE 11 will be released.
>
> Jakarta EE releases have tendency to slip so I think the 30 Sept 2024 is
> probably the more likely. However, it is much easier to delay an EOL
> date than to bring to bring it forward so my current thinking is to
> announce 31 March 2024 as the EOL date for 8.5.x and keep in mind that
> we can extend that if we want to.
>
> Thoughts?
>

+1 for 31 March 2024.

Re: [VOTE] Release Apache Tomcat 10.1.1

2022-10-11 Thread Coty Sutherland 
On Mon, Oct 3, 2022 at 9:26 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.1.1 release is now available for
> voting.
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> The notable changes compared to 10.1.0 are:
>
> - Fix bug 66277, a refactoring regression that broke JSP includes
>amongst other functionality
>
> - Fix unexpected timeouts that may appear as client disconnections when
>using HTTP/2 and NIO2
>
> - Update to Eclipse JDT compiler 4.23
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.1/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1399
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.1
> 934df02dc68e72b95a38f372017f1b89b0d13a76
>
>
> The proposed 10.1.1 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 10.1.1
>

+1

Re: [VOTE] Release Apache Tomcat 9.0.65

2022-07-20 Thread Coty Sutherland 
On Thu, Jul 14, 2022 at 9:17 AM Rémy Maucherat  wrote:

> The proposed Apache Tomcat 9.0.65 release is now available for voting.
>
> The notable changes compared to 9.0.64 are:
>
> - Implement support for repeatable builds.
>
> - Update the packaged version of the Tomcat Native Library to 1.2.35.
>This includes Windows binaries built with OpenSSL 1.1.1q.
>
> - Fix CVE-2022-34305, a low severity XSS vulnerability in the Form
>authentication example.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.65/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1384
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.65
> c443b393281c7eee5d6a95977c4faeed28906bdf
>
> The proposed 9.0.65 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.65 (stable)
>

+1, LGTM on Fedora 36


> Rémy
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat Native 2.0.1

2022-07-12 Thread Coty Sutherland 
On Wed, Jul 6, 2022 at 6:32 AM Mark Thomas  wrote:

> This is the first release of the Tomcat Native 2.0.x branch. The major
> differences compared to the 1.2.x branch are:
>
> - JNI API has been reduced to just that required to support Tomcat's
>OpenSSL based TLS implementation. The APR/native connector is no
>longer supported in this branch.
>
> - The minimum supported versions have been increased to OpenSSL 3.0.x,
>Apache APR 1.7.x, Java 11, Windows 7 / Server 2008 R2
>
> - The windows binaries in this release have been built with OpenSSL
>3.0.5
>
> The 2.0.x branch is primarily intended for use with Tomcat 10.1.x but
> can be used with earlier versions as long as the APR/native connector is
> not used.
>
> The proposed release artefacts can be found at [1],
> and the build was done using tag [2].
>
> The Apache Tomcat Native 2.0.1 release is
>   [x] Stable, go ahead and release
>   [ ] Broken because of ...
>

+1 on Fedora 36

Re: [ANN] ApacheCon NA 2022 in New Orleans, 3-6 Oct 2022, CFP is OPEN!

2022-05-23 Thread Coty Sutherland 
On Fri, Apr 29, 2022 at 2:53 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> All,
>
> Please remember that the ApacheCon North American conference is still
> accepting presentations until 23 May 2022.
>
> The Tomcat track currently has *zero* proposals, and we were hoping to
> fill a 3-day track.
>
> So please, send in your ideas for presentations!
>

How are we doing now? I just submitted one with the hopes of submitting a
second, but I think one is about all I can handle at the moment...

Re: Plans for Tomcat Native

2022-05-23 Thread Coty Sutherland 
On Mon, May 23, 2022 at 6:52 AM Mark Thomas  wrote:

> Hi all,
>
> A question on the users list about Tomcat Native, OpenSSL 3.0 FIPs
> caused me to take a look at the current state of supported versions.
>
> The detail is here:
> https://github.com/apache/tomcat-native/blob/main/native/srclib/VERSIONS
>
> The planned transition to Tomcat Native 1.3 never happened in April 2021
> so I'd like to propose the following:
>
> - Create a 1.2.x branch from current main
> - main becomes 1.3.x
> - 1.3.x is updated to require at least OpenSSL 1.1.1
> - 1.3.x is updated to require at least APR 1.6.3
> - Update 1.3.x to support OpenSSL 3.x in FIPS mode
> - Update 10.1.x to require at least Tomcat Native 1.3.x
>
> 1.2.x releases will continue until we have a stable 1.3x release.
>
> Thoughts?
>

+1

Re: [VOTE] Release Apache Tomcat 9.0.62

2022-03-31 Thread Coty Sutherland 
On Thu, Mar 31, 2022 at 10:57 AM Rémy Maucherat  wrote:

> The proposed Apache Tomcat 9.0.62 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
>pick up Windows binaries built with OpenSSL 1.1.1n.
>
> - Improve logging of unknown HTTP/2 settings frames. Pull request by
>Thomas Hoffmann.
>
> - Add additional warnings if incompatible TLS configurations are used
>such as HTTP/2 with CLIENT-CERT authentication
>
> - Harden the class loader to provide a mitigation for CVE-2022-22965
>a Spring Framework vulnerability
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1368
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.62
> 85113741042dcce9e9792bdbc3d498172bc31291
>
> The proposed 9.0.62 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.62 (stable)
>

+1


> Rémy
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.61

2022-03-31 Thread Coty Sutherland 
On Wed, Mar 30, 2022 at 4:22 AM Rémy Maucherat  wrote:

> The proposed Apache Tomcat 9.0.61 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Fix a potential thread-safety issue that could cause HTTP/1.1 request
>processing to pause, and potentially timeout, waiting for additional
>data when the full request has been received.
>
> - Fix a regression introduced with 65757 bugfix which better identified
>non request threads but which introduced a similar problem when user
>code was doing sequential operations in a single thread.
>
> - When resolving methods in EL expressions that use beans and/or static
>fields, ensure that any custom type conversion is considered when
>identifying the method to call.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.61/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1366
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.61
> 6c6432ac1416ed369f892b9ce76e10c7eb10b91c
>
> The proposed 9.0.61 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.61 (stable)
>

+1


> Rémy
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Tomcat Native and minimum OpenSSL version

2022-03-16 Thread Coty Sutherland 
On Wed, Mar 16, 2022 at 11:21 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> Mark,
>
> On 3/15/22 16:40, Mark Thomas wrote:
> > Hi all,
> >
> > We currently have the following text in the VERSIONS file for Tomcat
> > Native:
> >
> > =
> > The current minimum versions are:
> > - OpenSSL 1.0.2
> > - APR 1.4.3
> >
> > ...
> >
> > It is current anticipated that Tomcat Native releases will transition to
> > 1.3.x
> > after April 2021 when the minimum version will become OpenSSL 1.1.0 and
> > APR 1.5.2.
> > ==
> >
> >
> > This change was driven by Ubuntu 16.04 reaching EOL in April 2021.
> > However, Debian 9 reaches EOL in June this year which would allow us to
> > move to:
> > OpenSSL 1.1.1
> > APR 1.6.x
> >
> >
> > As I am about to prepare a Tomcat Native release do we want to make the
> > switch to 1.3.0 now or wait until after June and go straight to
> > 1.1.1/1.6.x?
>
> +1 to doing a tcnative release right now (!!).
>
> I think we should not change anything until June and then go directly to
> 1.1.1.
>

+1 for a release and waiting until June too.

Re: [VOTE] Release Apache Tomcat 9.0.59

2022-02-25 Thread Coty Sutherland 
On Mon, Feb 21, 2022 at 4:21 PM Rémy Maucherat  wrote:

> The proposed Apache Tomcat 9.0.59 release is now available for voting.
>
> The notable changes compared to 9.0.58 are:
>
> - Add support for additional user attributes to TomcatPrincipal and
>GenericPrincipal
>
> - Correct a regression in the fix for 65454 that meant that
>minSpareThreads and maxThreads settings were ignored when the
>Connector used an internal executor
>
> - Improve the detection of the Linux duplicate accept bug and reduce
>(hopefully avoid) instances of false positives.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.59/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1358
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.59
> 020f955044c1f9b512ee3da477eaa018da87e71a
>
> The proposed 9.0.59 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.59 (stable)
>

+1


> Rémy
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.58

2022-01-20 Thread Coty Sutherland 
On Sat, Jan 15, 2022 at 9:51 AM Rémy Maucherat  wrote:

> The proposed Apache Tomcat 9.0.58 release is now available for voting.
>
> The notable changes compared to 9.0.56 are:
>
> - Add recycling check in the input and output stream isReady to try to
>give a more informative ISE when the facade has been recycled.
>
> - Implement support for HTTP/1.1 upgrade when the request includes a
>body. The maximum permitted size of the body is controlled by
>maxSavePostSize.
>
> - Improve handling of various cases where one request/response
>processing thread attempts to manage the asynchronous IO for a
>different request/response.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.58/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1354
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.58
> bd9afafc1ec568f8160ed3679a776b26d8a29b99
>
> The proposed 9.0.58 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.58 (stable)
>

+1


> Rémy
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 10.1.0-M10

2022-01-17 Thread Coty Sutherland 
On Sat, Jan 15, 2022 at 7:49 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.1.0-M10 release is now available for
> voting.
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> The notable changes compared to 10.1.0-M8 are:
>
> - Add recycling check in the input and output stream isReady to try to
>give a more informative ISE when the facade has been recycled.
>
> - Implement support for HTTP/1.1 upgrade when the request includes a
>body. The maximum permitted size of the body is controlled by
>maxSavePostSize.
>
> - Improve handling of various cases where one request/response
>processing thread attempts to manage the asynchronous IO for a
>different request/rsponse
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.0-M10/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1352
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.0-M10
> dc3639dd7123301ced18dbf4ddf2dca93704870d
>
>
> The proposed 10.1.0-M10 release is:
> [ ] Broken - do not release
> [x] Alpha - go ahead and release as 10.1.0-M10 (alpha)
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 10.1.0-M8

2021-12-06 Thread Coty Sutherland 
On Thu, Dec 2, 2021 at 9:45 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.1.0-M8 release is now available for
> voting.
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> The notable changes compared to 10.1.0-M7 are:
>
> - Limit cookie support to RFC 6265 to align with recent updates to the
>Servlet specification
>
> - Update the WebSocket API packaging to remove the copy of the client
>API from the server API and replace it with a dependency on the client
>API. This aligns Tomcat with changes in the WebSocket 2.1
>specification.
>
> - Provide protection against a known OS bug that causes the acceptor to
>report an incoming connection more than once.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat-10.1.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.0-M8/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1343
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.0-M8
> cd53876fefaa370c31466b0f615e9ad026541a27
>
>
> The proposed 10.1.0-M8 release is:
> [ ] Broken - do not release
> [x] Alpha - go ahead and release as 10.1.0-M8 (alpha)
>

+1 on F34 with openjdk 11.


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.56

2021-12-06 Thread Coty Sutherland 
On Fri, Dec 3, 2021 at 3:50 AM Rémy Maucherat  wrote:

> The proposed Apache Tomcat 9.0.56 release is now available for voting.
>
> The notable changes compared to 9.0.56 are:
>
> - Provide protection against a known OS bug that causes the acceptor to
>report an incoming connection more than once.
>
> - Implement a workaround for a JVM bug that can trigger a file
>descriptor leak when using multi-part upload and the application does
>not explicitly close an input stream for an uploaded file that was
>cached on disk.
>
> - Fix exceptions when the security manager is enabled and the first
>request received after starting is an HTTP request to a TLS enabled
>NIO2 connector.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.56/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1344
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.56
> af2a7a4fb2db07390362af12d0020d550abd8785
>
> The proposed 9.0.56 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.56 (stable)
>

+1 No issues on Fedora 34 with openjdk 11.


> Rémy
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.56

2021-12-06 Thread Coty Sutherland 
On Mon, Dec 6, 2021 at 10:57 AM Rémy Maucherat  wrote:

> On Mon, Dec 6, 2021 at 4:42 PM jean-frederic clere 
> wrote:
> >
> > On 06/12/2021 15:19, jean-frederic clere wrote:
> > > On 03/12/2021 09:49, Rémy Maucherat wrote:
> > >> [X] Stable - go ahead and release as 9.0.56 (stable)
> > >
> > > Tested on fedora33 with openjdk 11.0.13.
> > >
> >
> > Same results for adoptium jdk8u302-b08 looks good to me.
>
> It's a good plan to double check Java 8, thanks. I'm super careful
> about verifying I built with Java 8 though, so surprises there are
> unlikely.
>
> Both of Fedora's Ant and Maven packages are back to working again with
> the value JAVA_HOME, so things are easy again.
>

Yay! That was an annoying bug :)


> Rémy
>
> > --
> > Cheers
> >
> > Jean-Frederic
> >
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 10.1.0-M6

2021-09-30 Thread Coty Sutherland 
On Tue, Sep 28, 2021 at 8:31 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.1.0-M6 release is now available for
> voting.
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> The notable changes compared to 10.1.0-M5 are:
>
> - Servlet API updates for Servlet 6 including removal of all deprecated
>code, updated schemas and a new API for connection and request IDs.
>
> - EL API updates for EL 5.0 including deprecation of the use of
>FeatureDescriptor, improvements to BeanELResolver and the addition of
>MethodReference
>
> - Further robustness improvements to HTTP/2 flow control window
>management
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat-10.1.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.0-M6/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1334
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.0-M6
> 51d1031c36c0f2b3ee1e0d14b56228a559144153
>
>
> The proposed 10.1.0-M6 release is:
> [ ] Broken - do not release
> [x] Alpha - go ahead and release as 10.1.0-M6 (alpha)
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.54

2021-09-30 Thread Coty Sutherland 
On Tue, Sep 28, 2021 at 10:25 AM Rémy Maucherat  wrote:

> The proposed Apache Tomcat 9.0.54 release is now available for voting.
>
> The notable changes compared to 9.0.54 are:
>
> - Further robustness improvements to HTTP/2 flow control window
>management
>
> - Improvements to the DataSourceUserDatabase
>
> - Fix an issue that caused some Servlet non-blocking API reads of the
>HTTP request body to incorrectly use blocking IO.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.54/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1336
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.54
> 454f804f3336ec980e84eb84bb6a051e349c6d3a
>
> The proposed 9.0.54 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.54 (stable)
>

+1


> Rémy
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.53

2021-09-09 Thread Coty Sutherland 
On Mon, Sep 6, 2021 at 3:22 PM Rémy Maucherat  wrote:

> The proposed Apache Tomcat 9.0.53 release is now available for voting.
>
> The notable changes compared to 9.0.53 are:
>
> - Add a UserDatabase implementation as a superset of the DataSourceRealm
>functionality.
>
> - Update the internal fork of Apache Commons DBCP to 2.9.0 and Apache
>Commons Pool to 2.11.1
>
> - Update the packaged version of the Tomcat Native Library to 1.2.31 to
>pick up Windows binaries built with OpenSSL 1.1.1l.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.53/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1332
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.53
> 966ec5401970b9d4b41b53f5fff9f65966d887dd
>
> The proposed 9.0.53 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.53 (stable)
>

+1 on fc34 with OpenJDK8 :)


> Remy
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Update "developers" list

2021-07-08 Thread Coty Sutherland 
On Thu, Jul 8, 2021 at 11:17 AM Mark Thomas  wrote:

> On 08/07/2021 15:28, Christopher Schultz wrote:
> > All,
> >
> > The Apache Tomcat web site has a few places where people are
> > specifically listed by name. One is under "Who We Are"[1], and it's
> > fairly up-to-date. (Reasonable people can disagree as to whether e.g.
> > "jim" is a committer or a committer-emeritus.)
> >
> > There is another place people are listed, and it's under each version's
> > documentation. For example, there is a list of "active developers" for
> > Tomcat 8.5[2]. That list is quite out of date, and it looks like it's
> > the same for all of 8.5, 9.0, 10.0, and 10.1.
> >
> > Is it worth updating these version-specific pages? Or maybe replace them
> > with redirects to "Who We Are"? We have lots of contributors (myself
> > included) who are not listed there at all.
>
> +1 to dropping them. I'd forgotten that those pages even existed. Happy
> with adding a redirect but no particular concerns about just dropping
> them entirely. Maybe just replace the links to that page with a link to
> [1] ?
>

Yeah, I'm +1 for dropping them and replacing the page with links to the Who
We Are page.

Re: [VOTE] Release Apache Tomcat 9.0.50

2021-06-30 Thread Coty Sutherland 
On Mon, Jun 28, 2021 at 4:57 AM Rémy Maucherat  wrote:

> The proposed Apache Tomcat 9.0.50 release is now available for voting.
>
> The notable changes compared to 9.0.50 are:
>
> - Re-work the HTTP/2 overhead protection to reduce the likelihood of
>false positives. Note that the default overheadCountFactor has changed
>from 1 to 10 and that the useful range is now 0 to ~20.
>
> - Update to Eclipse JDT compiler 4.20.
>
> - Fix regressions in JSP compilation in the previous release.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.50/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1321
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.50
> 06572792aa5424b5995c91edcc1e3fca4cc89bc1
>
> The proposed 9.0.50 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.50 (stable)
>

+1, LGTM


> Remy
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 10.0.8

2021-06-30 Thread Coty Sutherland 
On Fri, Jun 25, 2021 at 7:27 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.0.8 release is now available for
> voting.
>
> Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to
> jakarta.*
>
> Applications that run on Tomcat 9 will not run on Tomcat 10 without
> changes. Java EE applications designed for Tomcat 9 and earlier may be
> placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will
> automatically convert them to Jakarta EE and copy them to the webapps
> directory
>
> The notable changes compared to 10.0.7 are:
>
> - Re-work the HTTP/2 overhead protection to reduce the likelihood of
>false positives. Note that the default overheadCountFactor has changed
>from 1 to 10 and that the useful range is now 0 to ~20.
>
> - Update to Eclipse JDT compiler 4.20.
>
> - Fix regressions in JSP compilation in the previous release.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat-10.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.8/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1319
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.8
> 64520a63e23437b4e92db42bfc70a20d1f9e79c4
>
> The proposed 10.0.8 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 10.0.8 (stable)
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Time to create Tomcat 10.1.x and master->main migration

2021-05-18 Thread Coty Sutherland 
On Tue, May 18, 2021 at 7:34 AM Mark Thomas  wrote:

> All,
>
> Things are starting to move forward for Jakarta EE 10 so I think it is
> time for us to create the 10.1.x branch. At the same time, I'd like to
> switch our primary development branches from master to main for all our
> repos.
>
> We would, therefore, end up with the following for the Tomcat repo:
>
> main   - 10.1.x development
> 10.0.x - 10.0.x development/maintenance
> 9.0.x  - 9.0.x development/maintenance
> 8.5.x  - 8.5.x development/maintenance
> 7.0.x  - 7.0.x development/maintenance
>
> There are some git commands each committer will need to run locally for
> each repo to switch from master to main.
>
> I have also been looking into how we can "retire" the 7.0.x branch when
> the time comes (after end of June). I'd like to suggest the following:
> - tag the HEAD of the 7.0.x branch as "7.0.x-archive"
> - delete the 7.0.x branch
>
> That way it won't appear in the list of branches but it is trivial to
> recreate if we need it.
>
> I'd like to get the master->main rename completed and the 10.1.x
> development branch created towards the end of this week (unless there
> are objections or things we need to discuss further).
>
> Comments?
>

+1, happy to hear there's some movement on the spec :D


> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat Native 1.2.28

2021-04-05 Thread Coty Sutherland 
On Thu, Apr 1, 2021 at 9:57 AM Mark Thomas  wrote:

> Version 1.2.28 includes the following changes compared to 1.2.27
>
> - Correct regression in previous fix for BZ 65181
>
> The proposed release artefacts can be found at [1],
> and the build was done using tag [2].
>
> The Apache Tomcat Native 1.2.28 release is
>   [x] Stable, go ahead and release
>   [ ] Broken because of ...
>

+1, LGTM with Tomcat 9


> Thanks,
>
> Mark
>
>
> [1]
>
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/1.2.28
> [2]
>
> https://gitbox.apache.org/repos/asf?p=tomcat-native.git;a=commit;h=5566385ab63361d8d707613508d803964a15a1f8
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.38

2020-09-14 Thread Coty Sutherland 
On Thu, Sep 10, 2020 at 5:03 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.38 release is now available for voting.
>
> The notable changes compared to the 9.0.37 release are:
>
> - For requests containing the Expect: 100-continue header, optional
>   support has been added to delay sending an intermediate 100 status
>   response until the servlet reads the request body, allowing the
>   servlet the opportunity to respond without asking for the request
>   body. Based on a pull request by malaysf.
>
> - Add support for a read idle timeout and a write idle timeout to the
>   WebSocket session via custom properties in the user properties
>   instance associated with the session. Based on a pull request by
>   sakshamverma.
>
> - Update the packaged version of the Tomcat Native Library to 1.2.25
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.38/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1277/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.38
> 48b6a87171e502cc0becbb4c96e2266de4e805e7
>
> The proposed 9.0.38 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.38
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 10.0.0-M8

2020-09-14 Thread Coty Sutherland 
On Wed, Sep 9, 2020 at 10:57 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.0.0-M8 release is now available for
> voting.
>
> Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to
> jakarta.*
> Applications that run on Tomcat 9 will not run on Tomcat 10 without
> changes.
>
> The notable changes compared to 10.0.0-M7 are:
>
> - For requests containing the Expect: 100-continue header, optional
>   support has been added to delay sending an intermediate 100 status
>   response until the servlet reads the request body, allowing the
>   servlet the opportunity to respond without asking for the request
>   body. Based on a pull request by malaysf.
>
> - Add support for a read idle timeout and a write idle timeout to the
>   WebSocket session via custom properties in the user properties
>   instance associated with the session. Based on a pull request by
>   sakshamverma.
>
> - Update the packaged version of the Tomcat Native Library to 1.2.25
>
> Along with lots of other bug fixes and improvements.
>
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0-M8/
> The Maven staging repo is:
>
> https://repository.apache.org/content/repositories/orgapachetomcatrepo-1276/
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.0-M8
> b3f5e0d88336d81a61a767fc10ab06930c9587ee
>
> The proposed 10.0.0-M8 release is:
> [ ] Broken - do not release
> [x] Alpha  - go ahead and release as 10.0.0-M8
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: security.txt

2020-09-01 Thread Coty Sutherland 
On Tue, Sep 1, 2020 at 1:01 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I'd like to propose that we publish a security.txt[1] file on our web
> site under /.well-known/security.txt and /security.txt
>
> This file contains information we all already know, but it's in
> obviously "proprietary" locations on our web site and might not easily
> be found by someone who maybe doesn't speak English, etc.
>
> Here's my proposed content:
>
> Contact: secur...@tomcat.apache.org
> Contact:
> https://tomcat.apache.org/security.html#Reporting_New_Security_Problems_
> with_Apache_Tomcat
> Acknowledgments: https://tomcat.apache.org/security.html
> Preferred-Languages: en
> Canonical: https://tomcat.apache.org/.well-known/security.txt
> Hiring: https://tomcat.apache.org/getinvolved.html
>
> If there are no objections, I'll add it to the site repo, soon.
>

+1 :D


> What's the best way to make sure that the same file ends up in
> /.well-known/security.txt and /security.txt? Can git link them
> together or something like that?
>

I'd guess a rewrite rule like Mark suggested.


> - -chris
>
> [1] https://securitytxt.org/
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl9OflcACgkQHPApP6U8
> pFhy7g//bvd5hO/QTg+HJyJ1pRY4DCZUtssratL9iwoXNWmRz5toO6XM+Hj3Bh0U
> 4VOV5pMl+dN6DhSvuUSDXumnkF6RFMPYFjs15TvC5BaMbt7jlwfNtez7ByrVimOm
> BX9KLsXHgjE04Z4nnqp0S+bXdig5bBTtDLPH9woQOOJfx+4LFyPPUMBaKVzxIh2h
> 3VAv1vkUCmwfqzY5jJKxERQBzhYwBzuxOe1dL+qtXZGs6R8++OltX5GH1qYks8PR
> 28A8SDp+YWrMEEMkv0vUIle3lmEpzEa3+hujFHhMjxPM3q80d9r1XR7B+T3SodEo
> 1udOfBMRG6MGU9OiFD+s8vYgVt2BBBSCTzoeuNQkkf2kbzpeFYChjv7mM4ghBSyy
> 6y8Cz5O8HHQwroaxrkbhf1iIlNDdV0zQ+vd1C3EmhiZosD/bWhIL9q0RFzkY5QIY
> d4U2AN2Q6r9Wd12jS7ELjKy2q/BshJktEjdHs0HQUvYP26zOK9AVtH/ojFLmfXf8
> E+8TxLX2Wr3e6VyaGOJayeofSeeWEs0a4kxzfTB1ChQ/tG/SBJACCYS12cCq1XIn
> nKzkNm1ftbNDgH2IxSfvAPl1m9SzoSO3RJwibrV1bwstahtbvgALHP5raGzZ8Mxo
> +piQmPr1YKwxcvQWE3X/aZOv2YryjnbXKCdHixieZu+rU4f7j6M=
> =qHDh
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [PROPOSAL] Remove the functional specs from docs webapp

2020-08-12 Thread Coty Sutherland 
On Mon, Aug 10, 2020 at 11:46 AM Mark Thomas  wrote:

> Hi all,
>
> I'd like to propose removing all the functional spec pages from the
> documentation web application.
>
> My reasoning for this proposal is, in short, that we aren't using or
> maintaining these pages.
>
> I don't recall any discussion of these docs on the dev list, proposals
> to change them, proposals for additions etc.
>
> There have been changes but going back over the changes from the last 10
> years (and there are very few of them) they each appear to be part of a
> wider global change that is updating something or removing references to
> a feature that has been removed.
>
> Should someone want to revive these pages, or more likely a subset of
> them, they'll always be in the history.
>
> Thoughts?
>

+1 to remove


> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [tomcat] 01/02: Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating a better manifest and make sure the resulting jar contents are correct.

2020-07-21 Thread Coty Sutherland 
Just FYI, I found that if I build when the aqute-bnd and aqute-bndlib
packages are installed from Fedora (version 3.5) then the classes are *not*
included in the jar, but if I remove them and use the aqute-bnd version
that tomcat requires (version 5.1) then they are present.

On Tue, Jul 21, 2020 at 10:26 AM Raymond Auge
 wrote:

> Hey all,
>
> Thanks for looking into this. I made sure using a binary comparison tool
> that the jars did in fact contained the correct bits before and after all
> my changes.
>
> But Mark is correct that some of the previously private packages are
> actually used externally and I had some changes coming to deal with those
> (but presently I'm on vacation so thanks for handling some of those those
> Mark.)
>
> Sincerely,
> - Ray
>
> On Tue, Jul 21, 2020 at 9:51 AM Coty Sutherland 
> wrote:
>
>> 
>>
>> That looks like an issue that will need fixing in Fedora's build system.
>>> Annotation scanning and the multipart upload API will be broken if those
>>> packages are missing.
>>>
>>
>> Hm, OK. I'll look into that and I guess other changes to ensure the
>> Fedora build isn't breaking stuff. I need to figure out why the step is
>> removing the classes and fix that issue since it doesn't seem to affect our
>> binary distro :(
>>
>> Going back to the fix I applied. The JSSE package was being used
>>> externally so that change looks to be OK. The modeler.modules package
>>> was not so I'm currently leaning towards reverting that part of the
>>> change.
>>>
>>> Overall, I don't mind exposing these packages externally if necessary
>>> but I'd prefer not to expose them if we don't have to.
>>>
>>
>> I agree and I'm fine with reverting your fix (I think) and continuing
>> with the patch I've applied in Fedora to keep that working. It's noteworthy
>> to mention again though that Debian had the same issue too, so whatever the
>> issue is that's causing the classes to be removed isn't just a Fedora
>> problem.
>>
>
>
> --
> *Raymond Augé* <http://www.liferay.com/web/raymond.auge/profile>
>  (@rotty3000)
> Senior Software Architect *Liferay, Inc.* <http://www.liferay.com>
>  (@Liferay)
>

Re: [tomcat] 01/02: Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating a better manifest and make sure the resulting jar contents are correct.

2020-07-21 Thread Coty Sutherland 


That looks like an issue that will need fixing in Fedora's build system.
> Annotation scanning and the multipart upload API will be broken if those
> packages are missing.
>

Hm, OK. I'll look into that and I guess other changes to ensure the Fedora
build isn't breaking stuff. I need to figure out why the step is removing
the classes and fix that issue since it doesn't seem to affect our binary
distro :(

Going back to the fix I applied. The JSSE package was being used
> externally so that change looks to be OK. The modeler.modules package
> was not so I'm currently leaning towards reverting that part of the change.
>
> Overall, I don't mind exposing these packages externally if necessary
> but I'd prefer not to expose them if we don't have to.
>

I agree and I'm fine with reverting your fix (I think) and continuing with
the patch I've applied in Fedora to keep that working. It's noteworthy to
mention again though that Debian had the same issue too, so whatever the
issue is that's causing the classes to be removed isn't just a Fedora
problem.

Re: [tomcat] 01/02: Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating a better manifest and make sure the resulting jar contents are correct.

2020-07-21 Thread Coty Sutherland 
On Tue, Jul 21, 2020 at 9:15 AM Mark Thomas  wrote:

> On 21/07/2020 14:06, Coty Sutherland wrote:
>
> 
>
> > Oh yeah, you're right. They were included in the ASF binaries, but
> > Fedora (and Debian I guess) built their own bits and that's where the
> > classes came up missing. I wasn't able to identify *why* the classes
> > weren't present, only that it was the OSGi step that was removing them.
> > I thought initially that it was because the Fedora version of aqute-bnd
> > in use is 3.5, but I don't see the classes in my local build from the
> > 9.0.37 tag (using bnd 5.1) either.
>
> OK. That means it isn't quite as bad as it could be.
>
> What about the other packages in the original list? Are:
>
> org.apache.tomcat.util.bcel
> org.apache.tomcat.util.http.fileupload.impl
> org.apache.tomcat.util.http.fileupload.util.mime
>
> still present?
>

Nope.

Re: [tomcat] 01/02: Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating a better manifest and make sure the resulting jar contents are correct.

2020-07-21 Thread Coty Sutherland 
On Tue, Jul 21, 2020 at 7:52 AM Mark Thomas  wrote:

> On 21/07/2020 12:43, Coty Sutherland wrote:
> > Hi Mark,
> >
> > On Tue, Jul 21, 2020 at 4:48 AM Mark Thomas  > <mailto:ma...@apache.org>> wrote:
> >
> > On 20/07/2020 18:20, Coty Sutherland wrote:
> > > This commit is problematic :( It's broken some projects that
> depend on
> > > Tomcat because now the tomcat-coyote.jar doesn't contain the
> > > org.apache.tomcat.util.net <http://org.apache.tomcat.util.net>.jsse
> or
> > > org.apache.tomcat.util.modeler.modules packages which results in
> > > ClassNotFoundExceptions. I haven't seen any issues with other jars
> > yet.
> > > The removal of those packages from the jar looks intentional, but
> we
> > > aren't providing the classes anywhere else for users to use which
> is
> > > causing problems. Thoughts?
> >
> > Those packages are still present.
> >
> >
> > It seems that removing the packages from the exported packages list
> > actually removed them completely from the tomcat-coyote.jar (I
> > decompiled it to look and they were not present, nor were they included
> > in any other jars).
>
> I've just checked the 9.0.37 binaries and those packages (and the
> classes they contain) are present in tomcat-coyote.jar.
>
> I saw the same when I built 10.0.x locally (before my fix).
>
> From where did you obtain a JAR where those classes were missing?
>

Oh yeah, you're right. They were included in the ASF binaries, but Fedora
(and Debian I guess) built their own bits and that's where the classes came
up missing. I wasn't able to identify *why* the classes weren't present,
only that it was the OSGi step that was removing them. I thought initially
that it was because the Fedora version of aqute-bnd in use is 3.5, but I
don't see the classes in my local build from the 9.0.37 tag (using bnd 5.1)
either.


> > Thanks for looking into it, the fix you did was the same patch that I
> > added yesterday
> > (
> https://src.fedoraproject.org/rpms/tomcat/c/a8c5ea85614dca66b492fe030a7e7cfc10cd52de?branch=master
> )
> > :) I wish I'd proposed it upstream now, I just wasn't sure what the
> > criteria was for not exporting the packages.
> >
> > The packages that were pointed out to me as broken are FreeIPA server
> > (https://bugzilla.redhat.com/show_bug.cgi?id=1857043) and Debian's
> > libtomcat9-java package
> > (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964433), both with
> > different CNFEs.
>
> Tx. I'm curious as whether the root cause was missing classes or missing
> exports - but that depends on figuring out why the classes were missing
> first.
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [tomcat] 01/02: Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating a better manifest and make sure the resulting jar contents are correct.

2020-07-21 Thread Coty Sutherland 
Hi Mark,

On Tue, Jul 21, 2020 at 4:48 AM Mark Thomas  wrote:

> On 20/07/2020 18:20, Coty Sutherland wrote:
> > This commit is problematic :( It's broken some projects that depend on
> > Tomcat because now the tomcat-coyote.jar doesn't contain the
> > org.apache.tomcat.util.net.jsse or
> > org.apache.tomcat.util.modeler.modules packages which results in
> > ClassNotFoundExceptions. I haven't seen any issues with other jars yet.
> > The removal of those packages from the jar looks intentional, but we
> > aren't providing the classes anywhere else for users to use which is
> > causing problems. Thoughts?
>
> Those packages are still present.
>

It seems that removing the packages from the exported packages list
actually removed them completely from the tomcat-coyote.jar (I decompiled
it to look and they were not present, nor were they included in any other
jars).


> Do you mean those packages are no longer listed as exported in the OSGi
> / JPMS meta-data? The following packages are currently listed as private
> (and I assume the JPMS metadata is the same):


> org.apache.tomcat.util.bcel
> org.apache.tomcat.util.http.fileupload.impl
> org.apache.tomcat.util.http.fileupload.util.mime
> org.apache.tomcat.util.modeler.modules
> org.apache.tomcat.util.net.jsse
>
> It should be fairly easy to get that fixed.
>
> Out of curiosity, what projects are broken? I'm surprised that something
> has dependencies that deep into Tomcat's internals. Is this an OSGi
> dependency or JPMS?
>

Thanks for looking into it, the fix you did was the same patch that I added
yesterday (
https://src.fedoraproject.org/rpms/tomcat/c/a8c5ea85614dca66b492fe030a7e7cfc10cd52de?branch=master)
:) I wish I'd proposed it upstream now, I just wasn't sure what the
criteria was for not exporting the packages.

The packages that were pointed out to me as broken are FreeIPA server (
https://bugzilla.redhat.com/show_bug.cgi?id=1857043) and Debian's
libtomcat9-java package (
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964433), both with
different CNFEs.

Re: [tomcat] 01/02: Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating a better manifest and make sure the resulting jar contents are correct.

2020-07-20 Thread Coty Sutherland 
This commit is problematic :( It's broken some projects that depend on
Tomcat because now the tomcat-coyote.jar doesn't contain the
org.apache.tomcat.util.net.jsse or org.apache.tomcat.util.modeler.modules
packages which results in ClassNotFoundExceptions. I haven't seen any
issues with other jars yet. The removal of those packages from the jar
looks intentional, but we aren't providing the classes anywhere else for
users to use which is causing problems. Thoughts?

On Tue, Jun 23, 2020 at 6:43 AM  wrote:

> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch 9.0.x
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
> commit 393c022c87e5cbebf1b96c3e1e7aa3b2ab4d5b74
> Author: Raymond Augé 
> AuthorDate: Fri Jun 19 09:32:56 2020 -0400
>
> Fix BZ 64540 - switch from bndwrap task to bnd task, begin generating
> a better manifest and make sure the resulting jar contents are correct.
>
> Signed-off-by: Raymond Augé 
> ---
>  build.xml | 17 ++---
>  res/bnd/annotations-api.jar.tmp.bnd   |  2 +-
>  res/bnd/build-defaults.bnd| 15 +++
>  res/bnd/catalina-tribes.jar.tmp.bnd   |  5 -
>  res/bnd/catalina.jar.tmp.bnd  |  5 -
>  res/bnd/el-api.jar.tmp.bnd|  2 +-
>  res/bnd/jasper-el.jar.tmp.bnd |  8 +++-
>  res/bnd/jasper.jar.tmp.bnd|  7 ++-
>  res/bnd/jaspic-api.jar.tmp.bnd|  2 +-
>  res/bnd/jsp-api.jar.tmp.bnd   |  2 +-
>  res/bnd/servlet-api.jar.tmp.bnd   |  2 +-
>  res/bnd/{el-api.jar.tmp.bnd => spec-defaults.bnd} | 11 ++-
>  res/bnd/tomcat-coyote.jar.tmp.bnd |  9 -
>  res/bnd/tomcat-embed-core.jar.tmp.bnd | 15 ++-
>  res/bnd/tomcat-embed-el.jar.tmp.bnd   |  8 +++-
>  res/bnd/tomcat-embed-jasper.jar.tmp.bnd   |  7 ++-
>  res/bnd/tomcat-embed-websocket.jar.tmp.bnd|  7 ++-
>  res/bnd/tomcat-util.jar.tmp.bnd   |  6 +-
>  res/bnd/tomcat-websocket.jar.tmp.bnd  |  7 ++-
>  res/bnd/websocket-api.jar.tmp.bnd |  2 +-
>  webapps/docs/changelog.xml|  5 +
>  21 files changed, 119 insertions(+), 25 deletions(-)
>
> diff --git a/build.xml b/build.xml
> index 1900b78..7dba702 100644
> --- a/build.xml
> +++ b/build.xml
> @@ -3358,9 +3358,20 @@ Read the Building page on the Apache Tomcat
> documentation site for details on ho
>
>
>  
> -
> -  
> -
> +
> +
> + +  basedir="${basedir}"
> +  output="${jarfile}.tmp"
> +>
> +  
> +
> +
> +  
> +  
> +
> +  
> +
>  
>  
>
> diff --git a/res/bnd/annotations-api.jar.tmp.bnd
> b/res/bnd/annotations-api.jar.tmp.bnd
> index 9399b6c..9b2f84e 100644
> --- a/res/bnd/annotations-api.jar.tmp.bnd
> +++ b/res/bnd/annotations-api.jar.tmp.bnd
> @@ -13,7 +13,7 @@
>  # See the License for the specific language governing permissions and
>  # limitations under the License.
>
> --include: build-defaults.bnd
> +-include: build-defaults.bnd, spec-defaults.bnd
>
>  Bundle-Name: tomcat-annotations-api
>  Bundle-SymbolicName: org.apache.tomcat-annotations-api
> diff --git a/res/bnd/build-defaults.bnd b/res/bnd/build-defaults.bnd
> index 06e64c4..cdefb9c 100644
> --- a/res/bnd/build-defaults.bnd
> +++ b/res/bnd/build-defaults.bnd
> @@ -14,3 +14,18 @@
>  # limitations under the License.
>
>  Bundle-Version: ${version_cleanup;${version}}
> +
> +Specification-Title: Apache Tomcat
> +Specification-Version: ${version.major.minor}
> +Specification-Vendor: Apache Software Foundation
> +Implementation-Title: Apache Tomcat
> +Implementation-Version: ${version}
> +Implementation-Vendor: Apache Software Foundation
> +
> +X-Compile-Source-JDK: ${compile.source}
> +X-Compile-Target-JDK: ${compile.target}
> +
> +-includeresource.notice:
> META-INF/NOTICE;literal="${replace;${cat;../META-INF/default.notice};@YEAR
> @;${year}}\n"
> +-includeresource.license: {META-INF/LICENSE=../META-INF/default.license}
> +
> +-noclassforname: true
> \ No newline at end of file
> diff --git a/res/bnd/catalina-tribes.jar.tmp.bnd
> b/res/bnd/catalina-tribes.jar.tmp.bnd
> index 630169d..d6ae14a 100644
> --- a/res/bnd/catalina-tribes.jar.tmp.bnd
> +++ b/res/bnd/catalina-tribes.jar.tmp.bnd
> @@ -28,4 +28,7 @@ Export-Package: \
>  org.apache.catalina.tribes.transport,\
>  org.apache.catalina.tribes.transport.bio,\
>  org.apache.catalina.tribes.transport.nio,\
> -org.apache.catalina.tribes.util
> \ No newline at end of file
> +org.apache.catalina.tribes.util
> +
> +-includepackage: \
> +org.apache.catalina.tribes.membership.cloud
> \ No newline at end of file
> diff --git a/res/bnd/catalina.jar.tmp.bnd

Re: [VOTE] Release Apache Tomcat 7.0.105

2020-07-07 Thread Coty Sutherland 
On Thu, Jul 2, 2020 at 9:08 AM Violeta Georgieva 
wrote:

> The proposed Apache Tomcat 7.0.105 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.105/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1275/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.105
> f95f4e146e7eb463abdd8d7e2c47095d50075d97
>
> The proposed 7.0.105 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.105 Stable
>

+1


> Regards,
> Violeta
>

Re: [ANN] New committer: Raymond Augé

2020-07-02 Thread Coty Sutherland 
Congrats and welcome!

On Thu, Jul 2, 2020 at 10:40 AM Mark Thomas  wrote:

> On behalf of the Tomcat committers I am pleased to announce that
> Raymond Augé (rotty3000) has been voted in as a new Tomcat committer.
>
> Please join me in welcoming him.
>
> Kind regards,
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 8.5.57

2020-07-01 Thread Coty Sutherland 
On Tue, Jun 30, 2020 at 6:14 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.57 release is now available for voting.
>
> The notable changes compared to the 8.5.56 release are:
>
> - Implement a significant portion of the TLS environment variables
>   for the rewrite valve.
>
> - Reduce memory footprint of closed HTTP/2 streams
>
> - Improve parsing of RFC 2109 cookies
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.57/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1274/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.57
> 9c649984ef92c2534a734c6584220a9a0c0c3462
>
> The proposed 8.5.57 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.57
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 10.0.0-M7

2020-07-01 Thread Coty Sutherland 
On Tue, Jun 30, 2020 at 2:16 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.0.0-M7 release is now available for
> voting.
>
> Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to
> jakarta.*
> Applications that run on Tomcat 9 will not run on Tomcat 10 without
> changes.
>
> The notable changes compared to 10.0.0-M6 are:
>
> - Implement a significant portion of the TLS environment variables
>   for the rewrite valve.
>
> - Add the Jakarta EE 9 schema.
>
> - Improvements to the creatio of OSGi manifests.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0-M7/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1272/
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.0-M7
> c549413165721180b15f62033c1be6c5970028fd
>
> The proposed 10.0.0-M7 release is:
> [ ] Broken - do not release
> [x] Alpha  - go ahead and release as 10.0.0-M7
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.37

2020-07-01 Thread Coty Sutherland 
On Tue, Jun 30, 2020 at 4:41 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.37 release is now available for voting.
>
> The notable changes compared to the 9.0.36 release are:
>
> - Implement a significant portion of the TLS environment variables
>   for the rewrite valve.
>
> - Improvements to the creation of OSGi manifests.
>
> - Reduce memory footprint of closed HTTP/2 streams
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.37/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1273/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.37
> bd68c421ea32fea08263db73cd5b987ab606a0bb
>
> The proposed 9.0.37 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.37
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Changing the name of the default branch in our git repos

2020-06-16 Thread Coty Sutherland 
On Tue, Jun 16, 2020 at 4:02 AM Mark Thomas  wrote:

> All,
>
> You may have seen the recent discussions both inside and outside the ASF
> about the user of "master" as the name of the default git branch. If you
> haven't, the short version is that the name can be traced back to
> master/slave and its associations with human slavery.
>
> I'd like to propose that the Apache Tomcat project renames the master
> branch in all of the project repositories.
>
> I think there are two front runners for the new name:
>
> - main - this looks to be the name GitHub and a number of OSS projects
>  will be switching to
>
> - trunk - reflects the Subversion heritage of both the project and the
>   ASF
>
> Other options I have seen suggested include "default", "dev", "develop".
> Other suggestions welcome.
>
> Personally, I am leaning towards main as that looks to be the choice of
> the majority and using the majority choice will make it (a little bit)
> easier for new community members to find their way around the project.
>
> In terms of impact, changing the name is going to break stuff. It is
> really creating a new branch and deleting the old one.
>
> Deleting a branch triggers the automatic closure of github PRs against
> that branch. However if we create "$new_branch" we can edit the PRs to
> use "$new_branch" before we delete master. Given the small number of
> open PRs that is easily done.
>
> CI systems will need to be updated (buildbot, gump). That should be
> relatively simple.
>
> Docs will need to be updated (relatively simple).
>
> Committers and contributors will rebase any local branches to $new_branch
>
> Having thought about what is involved, renaming the default branch
> doesn't look as problematic as I thought it might be. This looks like
> something that could be done in around an hour for all our repos.
>
> Thoughts?
>

I'm +1 for main


> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.36

2020-06-04 Thread Coty Sutherland 
On Wed, Jun 3, 2020 at 2:06 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.36 release is now available for voting.
>
> The notable changes compared to the 9.0.35 release are:
>
> - Add support for ALPN on recent OpenJDK 8 releases.
>
> - Add support for the CATALINA_OUT_CMD environment variable that defines
>   a command to which captured stdout and stderr will be redirected. For
>   use with, for example, rotatelogs. Patch provided by Harald Dunkel.
>
> - Be more flexible with respect to the ordering of groups, roles and
>   users in the tomcat-users.xml file
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.36/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1270/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.36
> 247c8e5ad08cdcd829a0bfc6374ecb3da0e5838e
>
> The proposed 9.0.36 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.36
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 7.0.104

2020-05-15 Thread Coty Sutherland 
On Thu, May 7, 2020 at 4:18 PM Violeta Georgieva 
wrote:

> The proposed Apache Tomcat 7.0.104 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.104/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1268/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.104
> 28db826c5a92a870a6632d85dae89d4dc3b7af00
>
> The proposed 7.0.104 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.104 Stable
>

+1


> Regards,
> Violeta
>

Re: [tomcat] branch 7.0.x updated: Use parametric replacement to ensure the proper version of wsdl4j is written to Eclipse's .classpath file.

2020-05-15 Thread Coty Sutherland 
On Fri, May 15, 2020 at 10:20 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I'd like to talk about this.
>
> First, this is a patch to Tomcat 7 where a single version number
> (wsdl4j) wasn't updated in all the places it needed to be updated
> (specifically, the Eclipse .classpath file).
>
> Rather than simply updating the version number, I replaced it with a
> replaceable token which always uses the version set in
> build.properties.default.
>
> This means that the version number is set in only one place:
> build.properites(.default)? instead of having to be set in at least 2
> places.
>
> If everyone likes this strategy, I can extend it to the other
> versioned libraries we use, and also push it to the other branches.
>
> WDYT?
>

+1 from me :D


> - -chris
>
> On 5/15/20 10:07, schu...@apache.org wrote:
> > This is an automated email from the ASF dual-hosted git
> > repository.
> >
> > schultz pushed a commit to branch 7.0.x in repository
> > https://gitbox.apache.org/repos/asf/tomcat.git
> >
> >
> > The following commit(s) were added to refs/heads/7.0.x by this
> > push: new afda9f0  Use parametric replacement to ensure the proper
> > version of wsdl4j is written to Eclipse's .classpath file. afda9f0
> > is described below
> >
> > commit afda9f0d2d2d0bc7b5a870f6df97603354655109 Author: Christopher
> > Schultz  AuthorDate: Fri May 15
> > 10:05:59 2020 -0400
> >
> > Use parametric replacement to ensure the proper version of wsdl4j
> > is written to Eclipse's .classpath file. --- build.xml
> > | 3 ++- res/ide-support/eclipse/eclipse.classpath | 2 +- 2 files
> > changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/build.xml b/build.xml index 866bad3..973646e 100644
> > --- a/build.xml +++ b/build.xml @@ -3297,9 +3297,10 @@
> > skip.installer property in build.properties" />
> > depends="download-compile, extras-webservices-prepare,
> > download-test-compile" description="Prepares the source tree to be
> > built in Eclipse">
> >
> > + > value="${wsdl4j-lib.version}" />   > file="${tomcat.home}/res/ide-support/eclipse/eclipse.project"
> > tofile="${tomcat.home}/.project"/> - > file="${tomcat.home}/res/ide-support/eclipse/eclipse.classpath"
> > tofile="${tomcat.home}/.classpath"/> + > file="${tomcat.home}/res/ide-support/eclipse/eclipse.classpath"
> > tofile="${tomcat.home}/.classpath" filtering="true" />
> >
> >   > dir="${tomcat.home}/.settings" /> diff --git
> > a/res/ide-support/eclipse/eclipse.classpath
> > b/res/ide-support/eclipse/eclipse.classpath index afd1232..74c174b
> > 100644 --- a/res/ide-support/eclipse/eclipse.classpath +++
> > b/res/ide-support/eclipse/eclipse.classpath @@ -23,7 +23,7 @@
> >  > path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/>  > kind="var" path="ANT_HOME/lib/ant.jar"/>  > path="TOMCAT_LIBS_BASE/jaxrpc-1.1-rc4/geronimo-spec-jaxrpc-1.1-rc4.jar
> "/>
> >
> >
> - - path="TOMCAT_LIBS_BASE/wsdl4j-1.6.2/wsdl4j-1.6.2.jar"/>
> > + > path="TOMCAT_LIBS_BASE/wsdl4j-@wsdl4j-lib.version@/wsdl4j-@wsdl4j-lib.
> version@.jar"/>
> >
> >
> 
> >  > path="TOMCAT_LIBS_BASE/easymock-3.2/easymock-3.2.jar"/>
> >  > path="TOMCAT_LIBS_BASE/hamcrest-1.3/hamcrest-core-1.3.jar"/>
> >
> >
> > -
> >
> >
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6+pRAACgkQHPApP6U8
> pFhX5w/+O0dVTHL5UROhgJzTq74AmBrKHml57IkY1LVN+Wv9sWnw+X1s/QCFzamb
> fVZ+TZV4hg2xIkFDyzUTwCtPULVtqsBZChIyQDzW/rh9ClHKqTsOE2D6qOHMpcwa
> KMlOFb2wb/Z1GuxtHaH8cHZJnVtUjSv0STkKTZhewXGbNkMnXoacXO/1ezaY5vDY
> 5v4O8PRCDiTIXAMfncI1jORwDvbGBMqyQHl++QG6SiY5L5bp0xIyvtf+j/+8g6Ly
> BljCXZQC69ddm3dX5K88gdhsiXphzVZMaeyfGVk3AvCygwy3vAimTsuB8Dho6RUZ
> A+Wm2BmEYUpS3bdhhh8VpsD54rJ0q5L1BFLqrfot4+KLA78VLVWsam3IUqHZqIyu
> jl8TWHGl4NzRdsMFNm5Y4PnfkWBtMWtG7HyVea2uBLKmwFa9UQ3NA+/dwE8EKGAg
> ptz1e2GtgCAwUPWx8d/Z9+4hPOKLBgCuKVpm0YvVedrBCwHZCNKUbJiQspI2lSOF
> X4fqzFT5WrSBXpBOUk3FuwLQraDeXecEfalNVgfaJESeRM/KoohHULSWBLCfFQ2R
> kvueI0Kxi5WXFcdLFp2AvenL4fHPVYyt0MoAZ6gIArCSfvVZKNPFa1saVtr+yoKr
> 94A7aOoVjOLR6DygUNj7UFBlGz/uCbg9MkHxvBAxykH0zZg2oik=
> =VYFy
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 10.0.0-M5

2020-05-06 Thread Coty Sutherland 
On Tue, May 5, 2020 at 3:34 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.0.0-M5 release is now available for
> voting.
>
> Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to
> jakarta.*
> Applications that run on Tomcat 9 will not run on Tomcat 10 without
> changes.
>
> The major changes compared to 10.0.0-M4 are:
>
> - Remove useAprConnector flag from AprLifecycleListener so that the
>   only way to use the APR connectors is to set the full class name.
>
> - Change default value separator for property replacement to ":-"
>   due to possible conflicts. The syntax is now "${name:-default}".
>
> - Update the packaged version of the Tomcat Native Library to 1.2.24.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0-M5/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1265/
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.0-M5
> b3a208c6d6d01c553178c5e718e750b0eb318151
>
> The proposed 10.0.0-M5 release is:
> [ ] Broken - do not release
> [x] Alpha  - go ahead and release as 10.0.0-M5
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.35

2020-05-06 Thread Coty Sutherland 
On Tue, May 5, 2020 at 5:41 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.35 release is now available for voting.
>
> The major changes compared to the 9.0.34 release are:
>
> - Improve the handling of requests that use an expectation. Do not
>   disable keep-alive where the response has a non-2xx status code
>   but the request body has been fully read.
>
> - Change default value separator for property replacement to ":-"
>   due to possible conflicts. The syntax is now "${name:-default}".
>
> - Update the packaged version of the Tomcat Native Library to 1.2.24.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.35/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1266/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.35
> fc2c65d390444d75412855ad0de8b878018d02dc
>
> The proposed 9.0.35 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.35
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 8.5.55

2020-05-06 Thread Coty Sutherland 
On Tue, May 5, 2020 at 6:38 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.55 release is now available for voting.
>
> The major changes compared to the 8.5.54 release are:
>
> - Improve the handling of requests that use an expectation. Do not
>   disable keep-alive where the response has a non-2xx status code
>   but the request body has been fully read.
>
> - Change default value separator for property replacement to ":-"
>   due to possible conflicts. The syntax is now "${name:-default}".
>
> - Update the packaged version of the Tomcat Native Library to 1.2.24.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.55/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1267/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.55
> c8a57e4a2db8e5af314bae48123fb5990da5b7a5
>
> The proposed 8.5.55 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.55
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Remove org.apache.catalina.tribes.transport.bio

2020-04-28 Thread Coty Sutherland 
On Tue, Apr 28, 2020 at 12:30 PM Rémy Maucherat  wrote:

> Hi,
>
> I'm still looking at things to remove or refactor in 10 following the
> rearchitecting failure for the Connector. One candidate could be the Tribes
> transport, since NIO is the default and BIO is probably never used.
>
> Can it be removed ?
>

+1


> There are a few classes here and there that could go too, for example that
> BufferPool15Impl class. Given the name, I would say it could be merged into
> the superclass.
>

+1 from me :D


> Comments ?
>
> Rémy
>
>

Re: git-fu is (still) weak

2020-04-28 Thread Coty Sutherland 
On Tue, Apr 28, 2020 at 10:58 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Coty,
>
> On 4/28/20 10:45, Coty Sutherland wrote:
> >
> >
> > On Tue, Apr 28, 2020 at 10:21 AM Christopher Schultz
> >  > <mailto:ch...@christopherschultz.net>>
> wrote:
> >
> > Rémy,
> >
> > On 4/27/20 18:41, Rémy Maucherat wrote:
> >> On Tue, Apr 28, 2020 at 12:21 AM Christopher Schultz
> >>  >> <mailto:ch...@christopherschultz.net>
> >> <mailto:ch...@christopherschultz.net
> > <mailto:ch...@christopherschultz.net>>> wrote:
> >
> >> All,
> >
> >> I tried again to commit to tc10 branch, got commit id
> >> 8dddc11512fbd3b91ed9d737a42e4b8415458ddf.
> >
> >> Moving to tc9 branch:
> >
> >> $ git cherry-pick -n 8dddc11512fbd3b91ed9d737a42e4b8415458ddf
> >> fatal: bad object 8dddc11512fbd3b91ed9d737a42e4b8415458ddf
> >
> >> - From tc10:
> >
> >> $ git remote -v origin  https://github.com/apache/tomcat (fetch)
> >> origin  https://github.com/apache/tomcat (push)
> >
> >> - From tc9.0.x:
> >
> >> $ git remote -v origin  https://github.com/apache/tomcat (fetch)
> >> origin  https://github.com/apache/tomcat (push)
> >
> >> My 9.0.x local is all up-to-date with github, and github can see
> >> the commit in tc10.
> >
> >> Other than manually handing the diffs myself, I have no idea
> >> what to do, next. :(
> >
> >
> >>> I tried and it looked "ok" to me.
> >
> > Okay, what did you do? When I try to cherry-pick from 10 -> 9 I
> > still get the "bad object" error.
> >
> > When cherry-picking your commits from 9.0.x -> 8.5.x, I get a
> > merge-conflict (of course) because you have already merged them.
> >
> > Did I do something weird with the first commit?
> >
> > Maybe I don't have my branches in order?
> >
> > - From my tomcat-trunk (10) directory:
> >
> > $ git branch -a 9.0.x * master remotes/origin/7.0.x
> > remotes/origin/8.5.x remotes/origin/9.0.x
> > remotes/origin/BZ-63636/tomcat-8.5.x
> > remotes/origin/BZ-63636/tomcat-9.0.x remotes/origin/BZ-63681/8.5.x
> > remotes/origin/BZ-63681/9.0.x remotes/origin/BZ-63835/8.5.x
> > remotes/origin/BZ-63835/9.0.x remotes/origin/HEAD -> origin/master
> > remotes/origin/master
> >
> > - From my tomcat-9.0.x directory:
> >
> > $ git branch -a * 9.0.x master remotes/origin/9.0.x
> >
> > - From my tomcat-8.5.x directory:
> >
> > $ git branch -a * 8.5.x remotes/origin/7.0.x remotes/origin/8.5.x
> > remotes/origin/9.0.x remotes/origin/BZ-63681/8.5.x
> > remotes/origin/BZ-63681/9.0.x remotes/origin/BZ-63835/9.0.x
> > remotes/origin/HEAD -> origin/master remotes/origin/master
> >
> > My 9.0.x checkout seems "light".
> >
> >
> >> Have you tried a `git fetch origin master` from your 9.0 dir?
> >> That'll update the gitdb with new objects and refs from master,
> >> which should include the one you're trying to pick. That's the
> >> only thing I can think of given that you know your object ID is
> >> correct and present in master on upstream :)
>
> That got 'er goin'!
>

Woo! \o/ I'm glad that worked.


> It definitely fetched a bunch of stuff, but no new files, etc.
> (because becasue I was "up-to-date"). How can I be "up-to-date"
> without being "up-to-date"? :(
>

You were doing a `git pull` (derived from your note about being "Already up
to date"), which was only fetching and merging the current branch when you
needed to fetch object/refs from a different branch and then pick one of
those commits from that branch. Since it was only doing the current branch,
you are technically "up to date". If you tried to `git pull origin master`
then that would fetch all the objects/refs from master while also merging
(bring the new files down) which is not what you want :) Using `git fetch`
is the best way to get up to date references without actually updating the
code base you're working with.

HTH


> Maybe now I can go back and merge the original commits from this
> thread from February.
>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6oRIAACgkQHPApP6U8
> pFhtsA/9HHIvXZSbOsJuiBSkc0mBLonbtnvu5SOGizvcHZwPymfQgv+SC4yxiam+
> oAXEcBOfXnFG+bdBeD80F16xQOXDOT1nd

Re: git-fu is (still) weak

2020-04-28 Thread Coty Sutherland 
On Tue, Apr 28, 2020 at 10:21 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Rémy,
>
> On 4/27/20 18:41, Rémy Maucherat wrote:
> > On Tue, Apr 28, 2020 at 12:21 AM Christopher Schultz
> >  > >
> wrote:
> >
> > All,
> >
> > I tried again to commit to tc10 branch, got commit id
> > 8dddc11512fbd3b91ed9d737a42e4b8415458ddf.
> >
> > Moving to tc9 branch:
> >
> > $ git cherry-pick -n 8dddc11512fbd3b91ed9d737a42e4b8415458ddf
> > fatal: bad object 8dddc11512fbd3b91ed9d737a42e4b8415458ddf
> >
> > - From tc10:
> >
> > $ git remote -v origin  https://github.com/apache/tomcat (fetch)
> > origin  https://github.com/apache/tomcat (push)
> >
> > - From tc9.0.x:
> >
> > $ git remote -v origin  https://github.com/apache/tomcat (fetch)
> > origin  https://github.com/apache/tomcat (push)
> >
> > My 9.0.x local is all up-to-date with github, and github can see
> > the commit in tc10.
> >
> > Other than manually handing the diffs myself, I have no idea what
> > to do, next. :(
> >
> >
> >> I tried and it looked "ok" to me.
>
> Okay, what did you do? When I try to cherry-pick from 10 -> 9 I still
> get the "bad object" error.
>
> When cherry-picking your commits from 9.0.x -> 8.5.x, I get a
> merge-conflict (of course) because you have already merged them.
>
> Did I do something weird with the first commit?
>
> Maybe I don't have my branches in order?
>
> - From my tomcat-trunk (10) directory:
>
> $ git branch -a
>   9.0.x
> * master
>   remotes/origin/7.0.x
>   remotes/origin/8.5.x
>   remotes/origin/9.0.x
>   remotes/origin/BZ-63636/tomcat-8.5.x
>   remotes/origin/BZ-63636/tomcat-9.0.x
>   remotes/origin/BZ-63681/8.5.x
>   remotes/origin/BZ-63681/9.0.x
>   remotes/origin/BZ-63835/8.5.x
>   remotes/origin/BZ-63835/9.0.x
>   remotes/origin/HEAD -> origin/master
>   remotes/origin/master
>
> - From my tomcat-9.0.x directory:
>
> $ git branch -a
> * 9.0.x
>   master
>   remotes/origin/9.0.x
>
> - From my tomcat-8.5.x directory:
>
> $ git branch -a
> * 8.5.x
>   remotes/origin/7.0.x
>   remotes/origin/8.5.x
>   remotes/origin/9.0.x
>   remotes/origin/BZ-63681/8.5.x
>   remotes/origin/BZ-63681/9.0.x
>   remotes/origin/BZ-63835/9.0.x
>   remotes/origin/HEAD -> origin/master
>   remotes/origin/master
>
> My 9.0.x checkout seems "light".
>

Have you tried a `git fetch origin master` from your 9.0 dir? That'll
update the gitdb with new objects and refs from master, which should
include the one you're trying to pick. That's the only thing I can think of
given that you know your object ID is correct and present in master on
upstream :)


> Thanks,
> - -chris
>
> > On 2/24/20 11:33, Christopher Schultz wrote:
> >> All,
> >
> >> I'm trying to cherry-pick a commit. The commit went through
> >> github, merged a PR from a contributor into master. I'm trying
> >> to cherry-pick it back into the 9.0.x branch:
> >
> >> $ git cherry-pick f124a9c7230227d3eaff9d2dc1c52f82ce10e03f
> >> error: commit f124a9c7230227d3eaff9d2dc1c52f82ce10e03f is a merge
> >> but no -m option was given. fatal: cherry-pick failed
> >
> >> ??
> >
> >> My local copy is all up-to-date, no weird local changes or
> >> anything like that. What is a "merge", here? Supplying "-m"
> >> doesn't like the commit id.
> >
> >> Any ideas?
> >
> >> -chris
> >
> >
> >
> - -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> >  For additional commands,
> > e-mail: dev-h...@tomcat.apache.org
> > 
> >
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6oO7kACgkQHPApP6U8
> pFgZTg//WzVb7BJyj9EKcwMm/k+tlNyZqGCH8uTMhntjFkUb9aHHLT/9PhMdBizS
> bu4dIB8MtqwxSFv+jrMypccHyRGSx8OFI8Ti0BIC42whhz8AW8BLJ2JSWZrGv+lL
> cHPxoosd/dFA4Ft4Acj8GG2WFeG9IUrf+vBbYC2y3jp8oRIvWFSFZQzG0Slt9Rv4
> J4NUIZHkuGGQP88cey1UOw/09T/4wtTm0mFcmyjnVrXDHjrXG3CkMiwU3fo/FOyj
> GmpYDEZXgVgDtUgLMG3kSynqJ4XUbRCEJJQ2nEpphFRA+qa9julCRU/D+NdLw9Ya
> 7MOWDWFiE7oRsUyU0qgK/GhMw0mQpmXrJuAQLyM2LaaUJ1ZZ5mr/Xqw1cuWJOYCW
> TZqNXhyki8XKJSxkNlBSIMouafeX3prX8A2m8erPy83RJx5d7/T1uZNHO86Vd7Qh
> ijFbAdyuICcZUPjgF/TK3AHQCVZpqQZHd/oyEVpWwdM7okhVVjoMI+WXft16oQO/
> B468o8llMLE7vTAxzB9dCSOw9wpqoaPTtkd9fH20xPGWTWii0Hkk4WrWDwoUtWbO
> xdFgCLQAd2fgVnwuSpOD5c2GeJoKD/Fc4D/JkJo5+bWVKJ7es2kCnT3xBVbDQj0T
> Tx2HJ+B0OmCKP5df6f7SYDVxtVJ15J+BgXK5msJpIZumkassfN0=
> =bp2k
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.34

2020-04-06 Thread Coty Sutherland 
On Fri, Apr 3, 2020 at 8:49 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.34 release is now available for voting.
>
> The major changes compared to the 9.0.34 release are:
>
> - Add support for default values when using ${...} property replacement
>   in configuration files. Based on a pull request provided by Bernd
>   Bohmann.
>
> - When configuring an HTTP Connector, warn if the encoding specified for
>   URIEncoding is not a superset of US-ASCII as required by RFC7230.
>
> - Replace the system property
>   org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the
>   Connector attribute encodedSolidusHandling that adds an additional
>   option to pass the %2f sequence through to the application without
>   decoding it in addition to rejecting such sequences and decoding such
>   sequences.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.34/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1263/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.34
> 1031a8edb864ac001a8f172161aa8a13b7a4e712
>
> The proposed 9.0.34 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.34
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 10.0.0-M4

2020-04-06 Thread Coty Sutherland 
On Fri, Apr 3, 2020 at 7:28 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.0.0-M4 release is now available for
> voting.
>
> Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to
> jakarta.*
> Applications that run on Tomcat 9 will not run on Tomcat 10 without
> changes.
>
> The major changes compared to 10.0.0-M3  are:
>
> - Replace configuration via system property with configuration via an
>   attribute on the appropriate element where practical. A large number
>   of system properties have been replaced.
>
> - Add support for default values when using ${...} property replacement
>   in configuration files. Based on a pull request provided by Bernd
>   Bohmann.
>
> - Replace the system property
>   org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH with the
>   Connector attribute encodedSolidusHandling that adds an additional
>   option to pass the %2f sequence through to the application without
>   decoding it in addition to rejecting such sequences and decoding such
>   sequences.
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0-M4/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1261/
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.0-M4
> 772df65db45cfccc2aad33b9b51ef9ab14c19626
>
> The proposed 10.0.0-M4 release is:
> [ ] Broken - do not release
> [x] Alpha  - go ahead and release as 10.0.0-M4
>

+1


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 7.0.103

2020-03-19 Thread Coty Sutherland 
On Mon, Mar 16, 2020 at 5:13 AM Violeta Georgieva 
wrote:

> The proposed Apache Tomcat 7.0.103 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.103/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1260/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.103
> c4e59ac215eebff2de5fd9d23fb37fe222bc99c5
>
> The proposed 7.0.103 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.103 Stable
>

+1


> Regards,
> Violeta
>

Re: [VOTE] Release Apache Tomcat 10.0.0-M1

2020-02-14 Thread Coty Sutherland 
On Fri, Feb 14, 2020 at 9:49 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.0.0-M1 release is now available for
> voting. This is the first release of 10.0.x and is based on 9.0.31.
>
> The major changes compared to 9.0.31  are:
>
> - Complete the javax to jakarta package rename
>
> - Remove duplication of configuration between HTTP/1.1 and HTTP/2.
>   HTTP/2 will now inherit values from HTTP/1.1.
>
> - Remove deprecated code
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0-M1/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1249/
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.0-M1
> b0b074b683ed2e09ff9e9755825bfce83d303a93
>
> The proposed 10.0.0-M1 release is:
> [ ] Broken - do not release
> [x] Alpha  - go ahead and release as 10.0.0-M1
>

+1


>
> I opted to only include alpha here as there are still some potentially
> significant changes on the TOMCAT-NEXT list.
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 7.0.100

2020-02-13 Thread Coty Sutherland 
On Tue, Feb 11, 2020 at 4:08 AM Violeta Georgieva 
wrote:

> The proposed Apache Tomcat 7.0.100 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.100/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1247/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.100
> a1ea109bf367ad32361396348845ffd6e524d115
>
> The proposed 7.0.100 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.100 Stable
>

LGTM


>
> Regards,
> Violeta
>

Re: Numbering schemes for future releases

2020-02-10 Thread Coty Sutherland 
On Mon, Feb 10, 2020 at 4:48 AM Mark Thomas  wrote:

> Hi,
>
> I thought it would be useful to re-open the discussion on this. If there
> is a better plan that the one we currently have I'd like to try and find
> it.
>
> I'm happy to hold off on the current 10.0.0.0-M1 release for a few days
> to give us time look for a better numbering scheme and so we have the
> opportunity to pull the 10.0.0.0-M1 release if necessary.
>
> I have tried to express the various options I have seen proposed in a
> similar way so we can compare them. If I have missed one or you think of
> a different one then please post it.
>
> Option A: The current plan:
> Jakarta EE 9:  10.0.0.x
> Jakarta EE 10: 10.0.x   (x>=1)
> Jakarta EE 11: 11.0.x
> Java EE 8: 9.y.x(where y == major Tomcat version)
>
>
> Option B: Continue with existing numbering
> Jakarta EE 9:  10.0.x
> Jakarta EE 10: 11.0.x
> Jakarta EE 11: 12.0.x
> Java EE 8: 9.y.x(where y == major Tomcat version)
>
>
> Option C: No stable Jakarta EE 9 release
> Jakarta EE 9:  10.0.0-Mx
> Jakarta EE 10: 10.0.x
> Jakarta EE 11: 11.0.x
> Java EE 8: 9.y.x(where y == major Tomcat version)
>
>
> Option D:
> Jakarta EE 9:  10.0.x
> Jakarta EE 10: 10.1.x
> Jakarta EE 11: 11.0.x
> Java EE 8: 9.y.x(where y == major Tomcat version)
>

I think I prefer option A, with D as a secondary. Initially I liked C the
best, but given the conversation I agree that it's probably not the best
way forward. Either way we do it is going to be somewhat confusing for
folks I think, at least initially, but the options we have all seem pretty
easy to explain.


>
>
> My own thoughts:
>
> I don't like option B because the off-by-one issue between Jakarta EE
> and Tomcat. It is manageable at the moment but I worry that it will
> cause confusion once we have the 9.y.x branch.
>
> I don't like option C because I think we need a stable, supported,
> passing the TCK Jakarta EE 9 release. Also, Jakarta EE 10 is meant to
> follow shortly after Jakarta EE 9 but what if it doesn't?
>
> For me, the choice is between A and D. If Jakarta EE 10 is very soon
> after Jakarta EE 9 then I think option A is better. However, D isn't
> that far behind and as soon as Jakarta EE 10 doesn't follow shortly
> after Jakarta EE 9 I think D begins to look better. As I think about it,
> the EOL decision we make for Jakarta EE 9 support depends a lot on how
> quickly Jakarta EE 10 follows and I think D gives us more flexibility.
> Finally, D is more consistent with how we have done things in the past
> (4.1.x, 5.5.x, 8.5.x etc)
>
> Thoughts?
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [PROPOSAL] Tomcat 10: change default certificateKeystoreType and truststoreType from JKS to PKCS12

2020-01-29 Thread Coty Sutherland 
On Tue, Jan 28, 2020 at 12:07 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> The subject says it all.
>
> Java 9 is changing the default keystore type from JKS to PKCS12 and
> deprecating the use of JKS.
>
> Do we know what version of Java Tomcat 10 will require? I suspect it
> will be Java 9, so it will match.
>
> In any case, PKCS12 is a better format overall and it's very early in
> the Tomcat 10 lifecycle, so I think it's the right time to make this mov
> e.
>
> It looks like there is no default type for the trust store type
> (unless javax.net.ssl.trustStoreType has a default value), so I would
> propose that we also set that default type to PKCS12.
>

+1 :D


>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl4wakwACgkQHPApP6U8
> pFg54hAAvtOwO8sGYHfllwEcQakaacJ6DvTG9YMb+mX3WvZVLPfQAv/Zn5ReV8fu
> 1tOd3Hux1W/CoYKiO4cMKjxn4mwO3/5lukYzNg1KtmsBpnqA15rUsci5VsivXMvR
> ylZkWLxt9TprcVc79cvlUrtj+xYTdiYv7p/YXGSh7JDSeSrqipGItW+QDKIH8kmg
> jNlgj67Gy2gCqGPIu/CZQgDQBn7nSWcaeB1U2WITFAKQhgCv+mCzEm6+oLrHhN9q
> IDBFqD7QlRSDRRAQTBgpnpaj2m/B5dBkXGMGMtRwkzx0IU6jO2nlWUkTmSFYn+js
> CneqphJ7szLj9JdbNUHrtBMxojDeJTejtigCTsnd+1DJEIoYJCOuy1D4e0V9eEiA
> kpaP5gsG6tN7fyk3E1w7xtmEq6dTPcNYv731RDMOC3WIQcBXxOQ5cFKhfxeWZBrZ
> mkdjksDoCizWLcmKA3p4xwNBsvi7qnOReq7TZfL1U/Lp39d/ncSxpTPxucOi5k5T
> PlJncwNsZA1tThfFjMlANXeYAeh74ajdMWAcRoIIzP09wyIQP2/pI6msBsQ6mr1j
> MOOt6b25XO9RgJBn/EYBlVKYjULdDSBd/ojcc92wZONhw8uqt6Ly7Xrj4t3eFQ4e
> EdjKPawmDhyZZ/B9IYC9p7doRuni26eBWx7wGkqQM3TqIn0Rc9k=
> =zoYm
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Tomcat 7.0.x end of life

2020-01-15 Thread Coty Sutherland 
On Tue, Jan 14, 2020 at 3:56 PM Mark Thomas  wrote:

> Hi all,
>
> This has been mentioned several times as we have figured out our
> approach to Jakarta EE 9 and Tomcat 10. I'd like to formally propose
> that we announce end of life for Tomcat 7.0.x as 31 March 2021.
>
> Thoughts?
>

+1


>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 8.5.50

2019-12-09 Thread Coty Sutherland 
On Sat, Dec 7, 2019 at 2:54 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.50 release is now available for voting.
>
> The major changes compared to the 8.5.49 release are:
>
> - Correct multiple regressions in the static resource caching related to
>   using URLs provided for cached resources
>
> - Improvements to the Realm interface and implementations
>
> - Bug fixes and improvements to the CORS filter
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.50/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1241/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.50
> c40ede65ea4fb44b1957ec482f28c7afa71f1b50
>
> The proposed 8.5.50 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.50
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.30

2019-12-09 Thread Coty Sutherland 
On Sat, Dec 7, 2019 at 12:24 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.30 release is now available for voting.
>
> The major changes compared to the 9.0.29 release are:
>
> - Correct multiple regressions in the static resource caching related to
>   using URLs provided for cached resources
>
> - Improvements to the Realm interface and implementations
>
> - Bug fixes and improvements to the CORS filter
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.30/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1240/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.30
> 4fab4cc012d0c31852e957d198cb0549f3d6074c
>
> The proposed 9.0.30 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.30
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 8.5.49

2019-11-18 Thread Coty Sutherland 
On Sun, Nov 17, 2019 at 2:01 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.49 release is now available for voting.
>
> The major changes compared to the 8.5.47 release are:
>
> - Improvements to Async error handling
>
> - Stricter processing of HTTP headers when looking for specific token
>   values
>
> - Fix various issues that could lead to modification to a JSP not being
>   reflected in the served page
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.49/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1238/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.49
>
> The proposed 8.5.49 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.49
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.29

2019-11-18 Thread Coty Sutherland 
On Sat, Nov 16, 2019 at 1:56 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.29 release is now available for voting.
>
> The major changes compared to the 9.0.27 release are:
>
> - Improvements to Async error handling
>
> - Stricter processing of HTTP headers when looking for specific token
>   values
>
> - Fix various issues that could lead to modification to a JSP not being
>   reflected in the served page
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.29/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1236/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.29
>
>
> The proposed 9.0.29 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.29
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.27

2019-10-07 Thread Coty Sutherland 
On Mon, Oct 7, 2019 at 7:51 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.27 release is now available for voting.
>
> The major changes compared to the 9.0.26 release are:
>
> - Update to Commons Daemon 1.2.2 to pick up the fix for a regression in
>   Commons Daemon 1.2.0 and 1.2.1 that triggered a crash on startup when
>   running on a Windows OS that had not been fully updated.
>
> - Fix some edge cases with NIO2 and TLS that could has a request to
>   hang.
>
> - Fix a memory leak introduced by the HTTP/2 timeout refactoring in
>   9.0.23 that could occur when HTTP/2 or WebSocket was used.
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.27/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1233/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.27
>
>
> The proposed 9.0.27 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.27
>

+1 LGTM. Tested on Fedora 30 with OpenSSL 1.1.1d and tcnative 1.2.21.


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [PROPOSAL] Tomcat 10: Remove Server-Side Includes (SSI)

2019-10-07 Thread Coty Sutherland 
On Mon, Oct 7, 2019 at 10:46 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I recently gave a presentation on locking-down Apache Tomcat[1] and I
> briefly discussed the "sharp edges" present in Tomcat. Some of them
> are unnecessarily sharp and may be actually unnecessary. I'm going to
> make a few proposals to remove functions from Tomcat.
>
> Proposal: Remove Server-Side Includes
>

+1


>
> Justification:
>
> The SSI module is a remote-code execution (RCE) vulnerability as a
> feature. My sense is that SSI is a little-used feature. A few years
> ago, markt[2] asked if anyone was using SSI. The only replies were
> from other Tomcat devs commenting on what to do with SSI if it's no
> longer in the main Tomcat distribution; there were no community
> members who responded saying that SSI was important to them.
>
> If the packaging of Tomcat could be tweaked a bit to move the SSI
> components into a separate JAR file (e.g. move
> org/apache/catalina/ssi/* to catalina-ssi.jar) and if the SSI
> components don't rely on any Tomcat specific capabilities or
> internals, then the cattalina-ssi.jar file could be used between
> Tomcat versions. For example, a user of Tomcat 10 who still needs SSI
> could get the SSI module from a distribution of Tomcat 8.5.x or 9.x.
>
> - -chris
>
>
> [1] http://tomcat.apache.org/presentations.html#latest-locking-down-tomc
> at
> [2]
> https://lists.apache.org/thread.html/969a9d1b6e883a4017907c448292880624c
> c85eb22c490b241dc9c88@%3Cusers.tomcat.apache.org%3E
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2bT78ACgkQHPApP6U8
> pFj9cQ/+Os1dBaXqqM3taTbqTzzCyLKCMz5q/66QreuH0ZMcqf/QjTGkxhsegelD
> 184cnAni2rWyV015yuqHvM/ZPn5BcH5pV31mEdJyGQiFIjvEfmZs37sGEoSOE584
> jutsktxcla7UEVMPfYU+YiVCapWRjWHNFusP2J/dP+UFYDg/cZJCoYDlMVjpfhmq
> UH6i/Sht3fpMfYYRHdgkP/r2wHLOD+qql/K8RNExhokwDZCiATmKA1uTuUHtQWQu
> rh71myzAqdzsEmLMRSLOnDY17XeG8Pd1W0JmcskdHNkZ/cYECLlMv5iqXLA3FbVM
> sLSd7PLJW1baFi9kqLTP4C44G8+j2tJAgjxkC+9nxFLB7Fy+abyV38Pt77zJ5NXS
> lIceS1jUIn4OBWFrMVnAii3slAl8WI0xknBBtJeObhw1uKtmRMJ2YtcefK89R/FR
> 9ZOAHghcYpkbTE8rO6z7HeyN/M+p972a7Pyr6nOH9XnanYBGuL/eg72/yAZpkofT
> k8AZe9VZ1SOK2TYBmNjHrzQDnodmvgtW3Q0RWY828CrOZ0x9vlQniKc/RWVa0HOR
> nv6l54oGGNoOezNnMKPRgOyUpzCtLCRkxMUVFkJJi2Hetf7QDo43MITgNNIz/VW8
> NEwTPtG/EUE98HQzl4MnV+I7MTBJK8kwwlIKYwtFFTnCy88QmOQ=
> =ap4d
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [PROPOSAL] Tomcat 10: Remove CGI Servlet

2019-10-07 Thread Coty Sutherland 
On Mon, Oct 7, 2019 at 11:00 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I recently gave a presentation on locking-down Apache Tomcat[1] and I
> briefly discussed the "sharp edges" present in Tomcat. Some of them
> are unnecessarily sharp and may be actually unnecessary. I'm going to
> make a few proposals to remove functions from Tomcat.
>
> Proposal: Remove CGI Servlet
>

+1


>
> Justification:
>
> The CGIServlet is another component, like server-side-includes, which
> is a remote-code execution (RCE) vulnerability as a feature. It is
> very easy to misconfigure. It is arguably not possible to secure it on
> Windows[2]. There are better solutions if you want to run Perl,
> Python, PHP, or whatever on your server in the form of the many fine
> web-server products out there.
>

I thought this was a really weird feature for Tomcat to provide anyway :)


>
> - -chris
>
>
> [1] http://tomcat.apache.org/presentations.html#latest-locking-down-tomc
> at
> [2]
> https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23
> /everyone-quotes-command-line-arguments-the-wrong-way/
> 
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2bUusACgkQHPApP6U8
> pFhGxw//V8a5sALHVJAGDuhYf3HJs+MyDkHI848BOW8U5JjSOC9erQg84xxOm11q
> ywHqmdJ1HkVCTlN6n+OMne4/DVtAywqetF6hVf3TdGvA/Xp2HGiz4H9FeBgD5oVS
> WgZqrShBk5xneElWkBH69yG7qC2XKhCZNtA8bNqMdUQ+zOW2Gwhk8k35r//jWivX
> ZkXloVRs2aQaArtqwIi0kWWMMbIEL6JJJigAfjfpap8HvTrLL/W5/dTpYUp1Y1Ms
> qGhv0CcbDSFmQqPEnZO0keaUJRi5QXsW7ByMnXjterr1ExEW8ZfHM7ZOAap/7VWz
> O2TFeq59YSG2KOrueDpzZk1u1l0G5vT9ttyoGtGJQlFt6TnxA0+4EouciFoVtPM8
> mrAEHkp9MSHIVGjTj6qanNnEkue3Bnyv5TQq2m5MX6mYCkyGUhZpdaIfK2aw6M2Y
> uJ4h8Qf1hX0s3/nfyF3ERTKnsB2aYcVORjcfLaEajJwbUAXRG4kLKqOszMsLKV3S
> FC/rzp1f7MSKf4nN9WVIQvxUZhxP70SjBSTtRN3UXZvrZvCiq/BaK0/inyYTKOIc
> 1QOjbfoZnI3Kcm8zKKODJRebpsrsF+f7EWwuEg07lAmgAxQGsdciss23rt6OALf0
> Dhr5Lb6mcMktmy4JLIKwbM9Hbk3IslbQlEWQEOSiagzph/ZMVP8=
> =28Zt
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [PROPOSAL] Tomcat 10: Drop APR Connector

2019-10-07 Thread Coty Sutherland 
On Mon, Oct 7, 2019 at 10:39 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> All,
>
> I recently gave a presentation on locking-down Apache Tomcat[1] and I
> briefly discussed the "sharp edges" present in Tomcat. Some of them
> are unnecessarily sharp and may be actually unnecessary. I'm going to
> make a few proposals to remove functions from Tomcat.
>
> Proposal: Remove APR connector
>

I'm +1 for this


>
> Justification:
>
> The APR connector was once used to provide superior I/O when compared
> to the only other available I/O mechanism available in Java: blocking
> I/O. Specifically, the APR connector allowed Tomcat to wait for
> keepalive requests on a connection to in a non-blocking fashion which
> was not possible with Java BIO-based connectors.
>
> The introduction of NIO into Java back in Java 1.4 (!!) changed
> things, and NIO support was added to Tomcat in 6.0. Now that it has
> had time to mature, the NIO connector is superior to the APR connector
> in several ways:
>
> 1. NIO connector allows non-blocking TLS handshakes
> 2. NIO connector uses less (Tomcat-owned) native code
>
> The first item improves performance and availability and the second
> item improves stability (and thus availability).
>
> The last advantage which (until recently) made the APR connector still
> very useful was the ability to use the OpenSSL cryptographic library
> for all cryptographic operations which is measurably
> higher-performance than those typically provided by the JVM.
>
> This last advantage no longer exists since we have a JSSE provider
> available for OpenSSL using libtcnative.
>
> Notes:
>
> This proposal does not recommend the removal of libtcnative. Only the
> removal of the APR connector, the APR lifecycle listener, and the
> associated native code required to support those components.
>
> - -chris
>
>
> [1] http://tomcat.apache.org/presentations.html#latest-locking-down-tomc
> at
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl2bTg8ACgkQHPApP6U8
> pFghUhAAwXEdrarxE5sgqMbZxswlOrRTQSIGZuh2t9KV8pJG+M8NrRbPMZxL3IX/
> UkJA9JGxFGA20D9kn0Xx2eX276tKtW/ZyVhg9vvlKqm8+n+vXLuN/sj15sPw1f64
> rCqj/GA+iMPP1AtBwc3E2bxBUI7WYGjgMutobwWOfHrlrw6/D4aNyO/t8XXlh9UT
> ZcP9Nq0ed4G4I+zx+R//FmEa0Ky2ARUtiyuBhnA+yEFm0XT/iMpgGnl5DHpJ5nOv
> U9YiTOU/bMXP1ABgCYoPgHPnYADKoEepdhD8x7CZTyUpR4vTr7DXxAABvapwynBo
> sPb+CFjlQilS8zxNYbGZbCu/mpux88jKYvOrrf5Jjb8YzxAGmmy00VyzuyzApdLs
> T9eYJazcej8u0he26U+QJi+HCQ+KpdSeMP/kQuw2BorvdD5BkPA22MvqoeIdU1Xs
> IzS6+69/MwjkTSL3YOlxp/E7HuG/gegGYBgVphVVJVAYh5lyBcY9o5diTIwdbejU
> yK+3WBbkK9dp8nM0GmKoaUqhLP/XvACG5FohW6P+EHLTjlCy7dPbr7s409coQb/1
> JQqur4GABbM47MXSDaXHisXLSLY3RpF6Uo0Fb2AC2AuuAihjNpQ0GmeuLHhoPI7W
> CycCLjMqLystoj8pNR1pil1FOgI1zOPilylpMX0mV5VuDhPxuFw=
> =MZ7V
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Tomcat-Native - Time to move to git?

2019-06-17 Thread Coty Sutherland 
On Mon, Jun 17, 2019 at 12:56 PM Mark Thomas  wrote:

> Hi,
>
> I'm starting to look at OCSP stapling for our OpenSSL based connectors
> and I suspect a Tomcat Native release will be required. Even if it isn't
> for this, it has been a while since the last Tomcat Native release so I
> expect we'll need to do one fairly soon anyway.
>
> The complication is the svn:external that picks up the
> org.apache.tomcat.jni package from 9.0.x. Now 9.0.x has moved to git,
> this no longer works.
>
> I looked at a workaround using the "GitHub makes itself look like svn"
> but that timed out for the Tomcat repo. I suspect due to size.
>
> I then looked at Git based solutions. sub-modules and sub-trees look to
> be the two options. Of the two, sub-trees looks better:
> - it is more suited to "read-only" importing
> - it doesn't require any additional commands to populate the imported
>   code
>
> However, using sub-trees means moving Tomcat-Native to git. Before I
> start a formal vote to do so, are there any objections?
>
> The process would be:
> - ensure git mirror is up to date
> - break the svn->git mirror
> - start using git
> - update web site etc
> - move svn code to archive
>
> Given how the migration of the main repos went, I'm not expecting any
> major issues.
>

No objections from me :)


>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 8.5.42

2019-06-05 Thread Coty Sutherland 
On Tue, Jun 4, 2019 at 5:06 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.42 release is now available for voting.
>
> The major changes compared to the 8.5.41 release are:
>
> - Fix various concurrency and stability issues for HTTP/2.
>
> - Add support for same-site cookie attribute. Patch provided by John
>   Kelly.
>
> - Add an option to sort directory listings provided by the Default
>   Servlet.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.42/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1214/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.42
> 00b711f6af57e043bf4d5d64dbc1617970a54d69
>
>
> The proposed 8.5.42 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.42
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.21

2019-06-05 Thread Coty Sutherland 
On Tue, Jun 4, 2019 at 4:50 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.21 release is now available for voting.
>
> The major changes compared to the 9.0.20 release are:
>
> - Fix various concurrency and stability issues for HTTP/2.
>
> - Add support for same-site cookie attribute. Patch provided by John
>   Kelly.
>
> - Add an option to sort directory listings provided by the Default
>   Servlet.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.21/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1213/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.21
> 5dd82367de857318b8a384c07c4414e5d55cc975
>
> The proposed 9.0.21 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.21
>

+1


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Are we interested in using any the GitHub features?

2019-05-28 Thread Coty Sutherland 
Hi,

Are we interested in utilizing any of the GitHub integration for Travis CI
, Coverity Scan
, LGTM
, etc? We could at least set them up
for testing PRs since we already have the Apache CI system that tests
commits. I see someone opened a PR to add travis.yaml, but then closed it
with no comment some time ago. I'm inquiring because I'm looking for ways
to make the project appear a bit more flashy to attract new contributors :)

You can see all the integrations that GitHub supports in their marketplace,
https://github.com/marketplace.



Thanks,
Coty

Re: Proposal for TLS config sanity check

2019-05-23 Thread Coty Sutherland 
On Tue, May 21, 2019 at 5:43 PM Mark Thomas  wrote:

> On 21/05/2019 21:46, Christopher Schultz wrote:
> > All,
> >
> > Looking at the legacy-versus-modern TLS configuration (Connector vs
> > SSLHostConfig), it seems easy for an admin to create a configuration
> > that looks like this (paraphrasing):
> >
> > 
> >>hostname="mysite.com"
> >SSLCertificateFile="keystore.p12" />
> > 
> >
> > Where the expectation is that only TLSv1.2 will be enabled for virsual
> > host mysite.com when in fact only the virtual host named ("_default_")
> > will actually be limited to TLSv1.2 and other hosts will accept
> > connections using a TLS handshake with all default enabled protocols
> > (currently TLSv*).
> >
> > This may be surprising and there is no indication that there is
> > something "wrong" with the configuration. Only a TLS handshake probe
> > such as SSL Labs's testing tool will expose the oversight.
> >
> > I propose the following change to the  and 
> > initialization process:
> >
> > If the  contains any TLS/SSL-related configuration AND at
> > least one  element is configured, refuse to start the
> > connector (with an appropriate error message).
> >
> > This may cause a small number of configurations to fail to start. The
> > "workaround" is to re-evaluate one's configuration to (a) determine if
> > there was a misconfiguration where expectation and reality don't match
> > and (b) move all TLS/SSL-related configuration options from the
> >  to each of the  elements.
> >
> > Any objections?
>

Seems like a good idea to me.


>
> None.
>
> Given that the old style configuration is due to be removed in Tomcat
> 10, now is probably a good time to start doing this. I'd add logging a
> warning if the deprecated config style is used.
>

+1


>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [tomcat] branch master updated: Use https instead of http

2019-05-21 Thread Coty Sutherland 
On Tue, May 21, 2019 at 8:10 AM Mark Thomas  wrote:

> On 21/05/2019 13:08, Mark Thomas wrote:
> > On 21/05/2019 13:02, csuth...@apache.org wrote:
> >> This is an automated email from the ASF dual-hosted git repository.
> >>
> >> csutherl pushed a commit to branch master
> >> in repository https://gitbox.apache.org/repos/asf/tomcat.git
> >>
> >>
> >> The following commit(s) were added to refs/heads/master by this push:
> >>  new beb2dca  Use https instead of http
> >> beb2dca is described below
> >>
> >> commit beb2dca83bb4084432fd3b44e06973730ad4dc7d
> >> Author: Coty Sutherland 
> >> AuthorDate: Tue May 21 08:01:53 2019 -0400
> >>
> >> Use https instead of http
> >
> > -1. Please revert this. It will break the build if a mirror is selected
> > that does not support http. It is also unnecessary. Any file downloaded
>
> s/does not support http/does not support https/
>

Ack. I checked the URL before pushing and noted that the mirrors I hit
redirected to http, but I didn't happen to get one that didn't support it
(and it didn't cross my mind). Reverted.


>
> Mark
>
> > over http is also checked against the known hash.
> >
> > Check the history of that file for more details.
> >
> > Mark
> >
> >
> >
> >> ---
> >>  build.properties.default | 10 +-
> >>  build.xml|  2 +-
> >>  2 files changed, 6 insertions(+), 6 deletions(-)
> >>
> >> diff --git a/build.properties.default b/build.properties.default
> >> index 1bacc19..cc217b6 100644
> >> --- a/build.properties.default
> >> +++ b/build.properties.default
> >> @@ -90,7 +90,7 @@ compile.debug=true
> >>  # Do not pass -deprecation (-Xlint:deprecation) flag to javac
> >>  compile.deprecation=false
> >>
> >> -base-apache.loc.1=
> http://www.apache.org/dyn/closer.lua?action=download=
> >> +base-apache.loc.1=
> https://www.apache.org/dyn/closer.lua?action=download=
> >>  base-apache.loc.2=https://archive.apache.org/dist
> >>  base-commons.loc.1=${base-apache.loc.1}/commons
> >>  base-commons.loc.2=${base-apache.loc.2}/commons
> >> @@ -126,8 +126,8 @@
> wsdl4j-lib.loc=${base-maven.loc}/wsdl4j/wsdl4j/${wsdl4j-lib.version}/wsdl4j-${ws
> >>  # See https://wiki.apache.org/tomcat/JDTCoreBatchCompiler before
> updating
> >>  #
> >>  # Checksum is from "SHA512 Checksums for 4.10" link at
> >> -#
> http://download.eclipse.org/eclipse/downloads/drops4/R-4.10-201812060815/
> >> -#
> http://download.eclipse.org/eclipse/downloads/drops4/R-4.10-201812060815/checksum/eclipse-4.10-SUMSSHA512
> >> +#
> https://download.eclipse.org/eclipse/downloads/drops4/R-4.10-201812060815/
> >> +#
> https://download.eclipse.org/eclipse/downloads/drops4/R-4.10-201812060815/checksum/eclipse-4.10-SUMSSHA512
> >>  #
> >>  jdt.version=4.10
> >>  jdt.release=R-4.10-201812060815
> >> @@ -137,8 +137,8 @@
> jdt.checksum.value=6528d1933d752f909e61456f1a3cbb3ae3999d263701a459e6f4fc33f97f7
> >>  jdt.home=${base.path}/ecj-${jdt.version}
> >>  jdt.jar=${jdt.home}/ecj-${jdt.version}.jar
> >>  # The download will be moved to the archive area eventually. We are
> taking care of that in advance.
> >> -jdt.loc.1=
> http://archive.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
> >> -jdt.loc.2=
> http://download.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
> >> +jdt.loc.1=
> https://archive.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
> >> +jdt.loc.2=
> https://download.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
> >>
> >>  # - Tomcat native library -
> >>  tomcat-native.version=1.2.21
> >> diff --git a/build.xml b/build.xml
> >> index 6e91e91..4d76077 100644
> >> --- a/build.xml
> >> +++ b/build.xml
> >> @@ -1971,7 +1971,7 @@ Apache Tomcat ${version} native binaries for
> Win64 AMD64/EMT64 platform.
> >>
> >>
> >>
> >> -  http://docs.oracle.com/javase/8/docs/api/"/>
> >> +  https://docs.oracle.com/javase/8/docs/api/"/>
> >>https://commons.apache.org/proper/commons-io/javadocs/api-release/"/>
> >>https://javaee.github.io/javaee-spec/javadocs/"/>
> >>
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> >> For additional commands, e-mail: dev-h...@tomcat.apache.org
> >>
> >
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: The migration guide configuration file difference feature is broken

2019-05-08 Thread Coty Sutherland 
On Wed, May 8, 2019 at 11:17 AM Mark Thomas  wrote:

> On 08/05/2019 15:35, Coty Sutherland wrote:
> > Hi,
> >
> > Someone on freenode (CiscoEagle) pointed out to me that the migration
> > guide's file comparison feature doesn't work :( Looking at the "configure
> > file differences" section on the 9.0 migration guide (
> >
> http://tomcat.apache.org/migration-9.html#Tomcat_9.0.x_configuration_file_differences
> ),
> > if you click the "view differences" button you get taken to the gitbox
> web
> > UI, but it returns a 403. Does anyone have any idea how to fix it? I
> looked
> > to see if there was an alternative method to get the diff in the web UI
> but
> > I don't see one that allows you to compare files across tags.
>
> The feature has been (hopefully)  temporarily disabled by infra due to
> abuse. If there was a way of doing this in GitHub, we could use that.
> I've tried, and failed, to find one.
>

Ah, OK. I tried to find a quick way to do it on GitHub but all I can find
is comparing all files in a tag, like
https://github.com/apache/tomcat/compare/9.0.1...9.0.17. It's really easy
to do in the git CLI, but I don't see an easy way in the web UI.


>
> > Additionally the 8.0.x configuration file differences section is
> completely
> > broken (returns a 404) because it tries to use the svn repo for
> comparison,
> > which no longer exists. Example:
> >
> http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/conf/catalina.policy?diff_format=h=1830460=1834688
>
> That page shouldn't be publicly linked any more but we can fix it to
> point to the new svn location.
>

OK. I can adjust it if you tell me where the new location is :)


>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

The migration guide configuration file difference feature is broken

2019-05-08 Thread Coty Sutherland 
Hi,

Someone on freenode (CiscoEagle) pointed out to me that the migration
guide's file comparison feature doesn't work :( Looking at the "configure
file differences" section on the 9.0 migration guide (
http://tomcat.apache.org/migration-9.html#Tomcat_9.0.x_configuration_file_differences),
if you click the "view differences" button you get taken to the gitbox web
UI, but it returns a 403. Does anyone have any idea how to fix it? I looked
to see if there was an alternative method to get the diff in the web UI but
I don't see one that allows you to compare files across tags.

Additionally the 8.0.x configuration file differences section is completely
broken (returns a 404) because it tries to use the svn repo for comparison,
which no longer exists. Example:
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/conf/catalina.policy?diff_format=h=1830460=1834688



Thanks,
Coty

Re: Finally getting around to switching to Git

2019-04-26 Thread Coty Sutherland 
On Fri, Apr 26, 2019 at 3:13 AM Mark Thomas  wrote:

> On 25/04/2019 20:07, Christopher Schultz wrote:
> > On 4/25/19 14:03, Igal Sapir wrote:
>
> 
>
> >> In some projects it's easy to maintain a single repository and
> >> switch between branches, but I find the differences between 7.0.x
> >> and master to be so major that I chose to follow Mark's method and
> >> keep separate local copies where the IDE settings do not get
> >> mangled up each time I switch branches.
> >
> > Sounds good. What is Mark's Method™? Is it documented anywhere?
>
> Overly complicated ;) - and not yet.
>
> I'm currently using one checkout per major version because Eclipse can't
> handle Git worktrees. I think I'd prefer a single checkout with
> worktrees but until I can try it I don't know. I did try switching to
> IntelliJ as it can handle Git worktrees but the pain of switching IDEs
> was greater than the minor annoyance of multiple checkouts so I quickyl
> returned to Eclipse.
>
> I do have a GitHub fork that I intend to use for large patches that need
> review. I don't use it much.
>
> I'm still getting used to my local setup and tweaking the configuration
> here and there so it does what I want by default when I pull / push etc.
>
> I'd suggest sharing Git experiences is a topic of conversation at the
> Hackathon.
>

+1, except I won't be there :( Is that something we can have someone take
notes on and send to the dev list after?


>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Finally getting around to switching to Git

2019-04-25 Thread Coty Sutherland 
On Thu, Apr 25, 2019 at 2:06 PM Igal Sapir  wrote:

> On 4/25/2019 10:56 AM, Coty Sutherland wrote:
> > On Thu, Apr 25, 2019 at 1:32 PM Christopher Schultz <
> > ch...@christopherschultz.net> wrote:
> >
> >> -BEGIN PGP SIGNED MESSAGE-
> >> Hash: SHA256
> >>
> >> Igal,
> >>
> >> On 4/23/19 12:52, Igal Sapir wrote:
> >>> Another thing that I have changed in my workflow based on Mark's
> >>> past suggestion, is that I keep a local repo for each major branch
> >>> now.
> >> Okay, I have done the following:
> >>
> >> 1. Fork tomcat master to my own GitHub account
> >> 2. git clone URL
> >> 3. edit/add/commit/push
> >> 4. Create a PR
> >>
> >> I'm sure I can import the PR into tomcat-master. No problem.
> >>
> >> Now, when attempting to keep my fork current, I've always done
> >> something like:
> >>
> >> git remote add upstream master-url
> >> git checkout master
> >> git fetch upstream
> >>
> >> And I'm all up-to-date.
> >>
> >> When I did that, I ended up bringing-down the 7.0.x and 8.5.x branches
> >> as well. How can I limit the upstream to just the master?
> >>
> > You can set the branch for your remote to master (or do it when you
> clone)
> > which should ignore other branches:
> > git remote set-branches upstream master
> >
> > Then optionally configure --no-tags in your git config (or use --no-tags
> > each time you git-fetch):
> > git config --add remote.upstream.tagOpt --no-tags
> >
> > Then try fetching to verify it worked:
> > git fetch upstream [--dry-run]
> >
> >
> >> Or does my fork have to have everything, but I have to checkout a
> >> single branch? If so, I'm not sure how to do that.
> >>
> > It doesn't, but by default a `git fetch` pulls down all new work that
> > exists on the remote, but not your local clone.
>
> I am sure that Coty knows git better than I do, so if he says that it
> doesn't then I stand corrected.
>

I don't know about that :) If you do a regular `git clone apache/tomcat` it
will pull the master branch and then references/histories for all remote
branches which for tomcat is about a 100M .git directory. If you clone a
single branch with no references such as `git clone apache/tomcat -b master
--single-branch` then you get just the references/history for the master
branch which results in about a 70M .git directory.

Note: the sytnax above is because I alias hub (https://hub.github.com/) to
`git` :) Check it out if you'd like to stop visiting the GitHub web UI for
opening PRs, etc.


> Igal
>
>
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Finally getting around to switching to Git

2019-04-25 Thread Coty Sutherland 
On Thu, Apr 25, 2019 at 1:32 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Igal,
>
> On 4/23/19 12:52, Igal Sapir wrote:
> > Another thing that I have changed in my workflow based on Mark's
> > past suggestion, is that I keep a local repo for each major branch
> > now.
>
> Okay, I have done the following:
>
> 1. Fork tomcat master to my own GitHub account
> 2. git clone URL
> 3. edit/add/commit/push
> 4. Create a PR
>
> I'm sure I can import the PR into tomcat-master. No problem.
>
> Now, when attempting to keep my fork current, I've always done
> something like:
>
> git remote add upstream master-url
> git checkout master
> git fetch upstream
>
> And I'm all up-to-date.
>
> When I did that, I ended up bringing-down the 7.0.x and 8.5.x branches
> as well. How can I limit the upstream to just the master?
>

You can set the branch for your remote to master (or do it when you clone)
which should ignore other branches:
git remote set-branches upstream master

Then optionally configure --no-tags in your git config (or use --no-tags
each time you git-fetch):
git config --add remote.upstream.tagOpt --no-tags

Then try fetching to verify it worked:
git fetch upstream [--dry-run]


>
> Or does my fork have to have everything, but I have to checkout a
> single branch? If so, I'm not sure how to do that.
>

It doesn't, but by default a `git fetch` pulls down all new work that
exists on the remote, but not your local clone.


>
> I'm just *sure* I'm gonna love git once I get this all figured out.
> All the cool kids seem to love it, so it must be better, right?
>

:D


>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlzB7zMACgkQHPApP6U8
> pFh2vA/9EnR8sJPLuF1pD31HECEckVVXnF0AlU2XzTjiPsWwDP+Z+jJAh5Q8KUG6
> zwdM17VuN3Yr3e6p55DGjD4EEn1OV2hxw1Ao/TnEJXHsDrt9Hhm9j0T4ddJRCPBk
> RSP2/by6pBneYr8jPnT0G9D2M+CZUI/cXIj4ntZ9w8+2lIOayR/B0H8Gfc077k+y
> hXza7mnxtm4W+mNfMz176Z19hn9culA6/Z9p/4ZqFAGwVnkItNvPKuJi+syfR9La
> LtJ3WY2Ut3g4KzL5D9YIrTzNf3rRKQLe8qgErUc18uhxOD8Ax5QG7x3VkXBlG8s1
> YFFvwVKmVNlG8pldle3eyBg/xE6IfxD5IYjWWPeScrpwSCnSSN2E77HyOqG1FlSl
> /F5x4b1Qo8lVUuD5jgYaUQOxHuwFmuM6jyHknJfzrHB3feLjwEYxMgTfDNJoPSd/
> 70Czh7at8HxYb5S9wQHWK4oZVSEpNoWENK0BnP2qyGbZ99kfIG1bo/Iev3P9etxx
> hWp1edDxb3msATQL3eyFCUhHis1T9nnVKK19y8XoPt0PqrmLUhc/Vm+RyGFxJLeS
> +xSU4v2GXsG07eQnK4jqLPUVV87PqFPKP+DHoFzE7rm8KYYtbgLtkmfhqKtvZnj7
> KZfqqYHViQzm6lP8CgWtPsOkbYh5xvkVZly2PiPPVC9v47Gp36U=
> =+ROt
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Finally getting around to switching to Git

2019-04-23 Thread Coty Sutherland 
On Tue, Apr 23, 2019 at 10:33 AM Rémy Maucherat  wrote:

> On Tue, Apr 23, 2019 at 4:29 PM Christopher Schultz <
> ch...@christopherschultz.net> wrote:
>
> > -BEGIN PGP SIGNED MESSAGE-
> > Hash: SHA256
> >
> > Rémy,
> >
> > On 4/23/19 10:07, Rémy Maucherat wrote:
> > > On Tue, Apr 23, 2019 at 3:54 PM Christopher Schultz <
> > > ch...@christopherschultz.net> wrote:
> > >
> > > All,
> > >
> > > I haven't updated my local working copies of Tomcat source since
> > > the move to Git. I'm going to do that, now, and I'm looking for
> > > advice.
> > >
> > > Specifically, which repo is "better" -- gitbox or GitHub? I'm
> > > guessing the its all go to the same place eventually. Should
> > > committers use gitbox for direct-commits? If I use GitHub, will my
> > > commits require some other review? Do I have to link my GitHub
> > > account with my ASF LDAP id? Is one of them reliably faster?
> > >
> > >
> > >> I use github personally. No commit review is required (but for
> > >> example I used a PR for larger NIO changes, although in the end I
> > >> didn't really get any feedback).
> >
> > So did you fork the Tomcat project and you commit to your fork with
> > PRs usually? Or just for some stuff?
> >
>
> I did fork and I use it to do big stuff [this way I can accidentally trash
> the repo without too many problems too ;) ]. For small stuff I simply use
> the main repo instead.
>

+1. Since I'm not as experienced as others, I sometimes create a PR for
things I'm unsure about to be reviewed before pushing to master also :)


>
> Rémy
>
>
> >
> > - -chris
> > -BEGIN PGP SIGNATURE-
> > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
> >
> > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly/IV0ACgkQHPApP6U8
> > pFgUFRAAmQLAO8Tn2eKDkcru+PptsybUG1aNYDpRAmAyARAZuu6m50E8HkS0urZ9
> > ZlYI4WN9SN6TZuoimnhJp8GzEmoX3nKkhMuGqvxsKLvM+QG7iEkfN1/hisf2/8im
> > C7exCA43U5TImja6Z+TaXZIV1ZFdoN5dbSzHdj+nACU0gctpjE+jurZ16unRdNCZ
> > ZlNZwJen2wKCDwmk9dedAHrVuK7mGgoNkkxj/gqeBimuVeqKSwt/85wGDG/tkqRv
> > 8JVe1OhiP/48t1T5P2cMURSUjRYsLeyqRNPjHzU+Bgi1eK/mvACqzDvRNnixU8l/
> > ZjhZGksqBTIBkDEY7C39JM0tDqjW5/N4CBovWBsM4ONAkSGiqzSKuUCn9hEGqBkq
> > t3RsWg6LJ3GfT40F3xXHhE2Z/txW5wZ6qrB9vozbbPHExCPAsRCbgQ3WfW8DxxT/
> > Wt7f+mdjGGYCmkiVsWG7+MimK1po14ANkBnE+Ylo9zd2GH6W29AC4aDOOuROOq2S
> > DLFhAlw9WxaioqtRE6mhDdadzAV0HfEnRDouZb9Ma6M7DfXoFE1BuQ7cQQeF8ItZ
> > FZ1VyiV5WOFu7+SHtePx+R6nFfsBpLNFoIEdisMn0WbTiGgoQGyJDlxazAQnuCFx
> > tKIsIDSDOOPbW8XL2bT96GpELAXFjcoOvchUh1dvblcM0Ir4DYM=
> > =i8Yc
> > -END PGP SIGNATURE-
> >
>

Re: SSLv2Hello "Protocol" Support

2019-04-17 Thread Coty Sutherland 
On Wed, Apr 17, 2019 at 2:18 PM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Coty,
>
> On 4/16/19 07:28, Coty Sutherland wrote:
> > Hi,
> >
> > It appears that the IBM JDK (version 8) has dropped support for
> > SSLv2Hello so when you startup tomcat with the IBM JDK you get a
> > warning saying that the protocol is being skipped. OpenJDK seems to
> > have dropped it in version 12 or 13 (I haven't tested, just noticed
> > a user list thread about it) so I guess we should look at dropping
> > support for SSLv2Hello whenever Tomcat's minimum JDK is one of
> > those versions? Is there a document somewhere I can add this too so
> > it doesn't get forgotten?
>
> How many / how often are these error messages generated? Just when the
> server starts? Or with every connection?
>

Yeah, just the Connector startup warning.


>
> If you get a warning on startup, I'd say that's not a big deal. It
> would be a much bigger deal to kill a user's server for clients who
> must use SSLv2Hello handshakes (which are hopefully dwindling to zero
> ... about 5 years ago).
>
> I think handling questions about how to get rid of a warning would be
> better than handling questions about how to get servers back up and
> running.
>

:) True. I just wanted to point out that it was still lingering and mark it
for removal at some point since the JDKs are dropping support too.


>
> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAly3bgQACgkQHPApP6U8
> pFhXMA/+IKU/gdhks6BJgGpM5CuPIqEFHOYqzomDnmGEcg9q51pLVGiy5Md58fLV
> 8vIyZpDftg04tt65S1DKWNY7mNg3LzegAEW0JyElXGSwMd9SQx38yFNlddqAlzCe
> Swjt1bFu7frCvaDE40BCsz7Enw0CdRTEm6daSyZI93CeLm0jKDn7cigGhPQr36jV
> 5oXmtvnC8hpes3ELsfh//WC4u2QCqZ76uCeVkbKXACDJI5nIjcoVofL/kotPWUcC
> /W2lNjxwJ5ACWM3yMUoAy12MpXv19nHZT5k+cbxgZJyKe47LBD2c6B5HbkYzHGac
> wNbuv/vjACDa48DhTSR6BtYlJexWooPmwvZoLJKilIx+UlQveg+cIg1LLkr/g1iZ
> 3ftBCxZK9g27s5CnD+VlB2CG4lZ+nSFFU3OUfOEVwgbkVhch6rJqWRTCgBpKC0jH
> LwB6bKz66vPe3uRqJ7JLBTYJn9UenvxUeASkRQmISa43jn/S60STTfDGeMTmopsU
> BsyLP3HZY3ktzdKOWhncMAzXq5vWVUMm6tw0/GAvOGhNTnGAcb7iwR8/RUfXTpLR
> D8yb01h4/bDgDLXdc0ZDV1uNJ6XKVoDdP52doHaiC/bEv9ElZkDiYB7MepiplVO0
> Ti52xTsebV6MPPW8ZP2HBN6bBT3ndm8uXItTCuiGw72apmdQdPQ=
> =PtbL
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: SSLv2Hello "Protocol" Support

2019-04-17 Thread Coty Sutherland 
If we haven't tried to remove it in 5 years it might be worth another look
:)

On Wed, Apr 17, 2019 at 3:49 AM jean-frederic clere 
wrote:

> On 16/04/2019 13:28, Coty Sutherland wrote:
> > Hi,
> >
> > It appears that the IBM JDK (version 8) has dropped support for
> SSLv2Hello
> > so when you startup tomcat with the IBM JDK you get a warning saying that
> > the protocol is being skipped. OpenJDK seems to have dropped it in
> version
> > 12 or 13 (I haven't tested, just noticed a user list thread about it) so
> I
> > guess we should look at dropping support for SSLv2Hello whenever Tomcat's
> > minimum JDK is one of those versions? Is there a document somewhere I can
> > add this too so it doesn't get forgotten?
> >
> >
> >
> > Thanks,
> > Coty
> >
>
> See
>
> https://www.oracle.com/technetwork/java/javase/documentation/cve-2014-3566-2342133.html
> basically java5/6 clients need SSLv2Hello.
>
> I remember removing SSLv2Hello broke tests in 2004 and we had to put
> SSLv2Hello back...
>
> --
> Cheers
>
> Jean-Frederic
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

SSLv2Hello "Protocol" Support

2019-04-16 Thread Coty Sutherland 
Hi,

It appears that the IBM JDK (version 8) has dropped support for SSLv2Hello
so when you startup tomcat with the IBM JDK you get a warning saying that
the protocol is being skipped. OpenJDK seems to have dropped it in version
12 or 13 (I haven't tested, just noticed a user list thread about it) so I
guess we should look at dropping support for SSLv2Hello whenever Tomcat's
minimum JDK is one of those versions? Is there a document somewhere I can
add this too so it doesn't get forgotten?



Thanks,
Coty

Re: [VOTE] Release Apache Tomcat 9.0.19

2019-04-12 Thread Coty Sutherland 
On Fri, Apr 12, 2019 at 10:48 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.19 release is now available for voting.
> 9.0.19 corrects a regression and a number of packaging errors in 9.0.18.
>
> The major changes compared to the 9.0.17 release are:
>
> - Fix for CVE-2019-0232 a RCE vulnerability on Windows
>
> - Add support for Java 11 to the JSP compiler. Java 12 and 13 are also
>   now supported if used with a ECJ version with support for those  Java
>   versions
>
> - Various NIO2 stability improvements
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.19/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1210/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.19
> 854f4dcf435a6d335576aa22402e2871c66f4fd9
>
> The proposed 9.0.19 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.19
>

+1


>
>
> Due to the security fix contained in this release, the voting period may
> be shortened once sufficient votes are cast to enable a faster release.
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: svn commit: r33591 - in /dev/tomcat/tomcat-9/v9.0.19: ./ bin/ bin/embed/ src/

2019-04-12 Thread Coty Sutherland 
On Fri, Apr 12, 2019 at 11:29 AM Coty Sutherland 
wrote:

> Are these svn commits intentional? I thought the svn repo was read-only
> now.
>

Disregard that :)


>
> On Fri, Apr 12, 2019 at 10:47 AM  wrote:
>
>> Author: markt
>> Date: Fri Apr 12 14:47:16 2019
>> New Revision: 33591
>>
>> Log:
>> Upload 9.0.19 for voting
>>
>> Added:
>> dev/tomcat/tomcat-9/v9.0.19/
>> dev/tomcat/tomcat-9/v9.0.19/KEYS
>> dev/tomcat/tomcat-9/v9.0.19/README.html
>> dev/tomcat/tomcat-9/v9.0.19/RELEASE-NOTES
>> dev/tomcat/tomcat-9/v9.0.19/bin/
>> dev/tomcat/tomcat-9/v9.0.19/bin/README.html
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.tar.gz
>>  (with props)
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.tar.gz.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.tar.gz.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.zip
>>  (with props)
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.zip.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.zip.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-fulldocs.tar.gz
>>  (with props)
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-fulldocs.tar.gz.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-fulldocs.tar.gz.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x64.zip
>>  (with props)
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x64.zip.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x64.zip.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x86.zip
>>  (with props)
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x86.zip.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x86.zip.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.exe   (with
>> props)
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.exe.asc
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.exe.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.tar.gz   (with
>> props)
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.tar.gz.asc
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.tar.gz.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.zip   (with
>> props)
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.zip.asc
>> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.zip.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.tar.gz
>>  (with props)
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.tar.gz.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.tar.gz.sha512
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.zip
>>  (with props)
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.zip.asc
>>
>> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.zip.sha512
>> dev/tomcat/tomcat-9/v9.0.19/src/
>> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.tar.gz
>>  (with props)
>> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.tar.gz.asc
>> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.tar.gz.sha512
>> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.zip   (with
>> props)
>> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.zip.asc
>> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.zip.sha512
>>
>> Added: dev/tomcat/tomcat-9/v9.0.19/KEYS
>>
>> ==
>> --- dev/tomcat/tomcat-9/v9.0.19/KEYS (added)
>> +++ dev/tomcat/tomcat-9/v9.0.19/KEYS Fri Apr 12 14:47:16 2019
>> @@ -0,0 +1,676 @@
>> +This file contains the PGP keys of various Apache developers.
>> +Please don't use them for email unless you have to. Their main
>> +purpose is code signing.
>> +
>> +Apache users: pgp < KEYS
>> +Apache developers:
>> +(pgpk -ll  && pgpk -xa ) >> this file.
>> +  or
>> +(gpg --fingerprint --list-sigs 
>> + && gpg --armor --export ) >> this file.
>> +
>> +Apache developers: please ensure that your key is also available via the
>> +PGP keyservers

Re: svn commit: r33591 - in /dev/tomcat/tomcat-9/v9.0.19: ./ bin/ bin/embed/ src/

2019-04-12 Thread Coty Sutherland 
Are these svn commits intentional? I thought the svn repo was read-only now.

On Fri, Apr 12, 2019 at 10:47 AM  wrote:

> Author: markt
> Date: Fri Apr 12 14:47:16 2019
> New Revision: 33591
>
> Log:
> Upload 9.0.19 for voting
>
> Added:
> dev/tomcat/tomcat-9/v9.0.19/
> dev/tomcat/tomcat-9/v9.0.19/KEYS
> dev/tomcat/tomcat-9/v9.0.19/README.html
> dev/tomcat/tomcat-9/v9.0.19/RELEASE-NOTES
> dev/tomcat/tomcat-9/v9.0.19/bin/
> dev/tomcat/tomcat-9/v9.0.19/bin/README.html
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.tar.gz
>  (with props)
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.tar.gz.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.tar.gz.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.zip
>  (with props)
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.zip.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-deployer.zip.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-fulldocs.tar.gz
>  (with props)
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-fulldocs.tar.gz.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-fulldocs.tar.gz.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x64.zip
>  (with props)
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x64.zip.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x64.zip.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x86.zip
>  (with props)
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x86.zip.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19-windows-x86.zip.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.exe   (with props)
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.exe.asc
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.exe.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.tar.gz   (with
> props)
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.tar.gz.asc
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.tar.gz.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.zip   (with props)
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.zip.asc
> dev/tomcat/tomcat-9/v9.0.19/bin/apache-tomcat-9.0.19.zip.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/
>
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.tar.gz
>  (with props)
>
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.tar.gz.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.tar.gz.sha512
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.zip
>  (with props)
>
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.zip.asc
>
> dev/tomcat/tomcat-9/v9.0.19/bin/embed/apache-tomcat-9.0.19-embed.zip.sha512
> dev/tomcat/tomcat-9/v9.0.19/src/
> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.tar.gz
>  (with props)
> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.tar.gz.asc
> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.tar.gz.sha512
> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.zip   (with
> props)
> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.zip.asc
> dev/tomcat/tomcat-9/v9.0.19/src/apache-tomcat-9.0.19-src.zip.sha512
>
> Added: dev/tomcat/tomcat-9/v9.0.19/KEYS
>
> ==
> --- dev/tomcat/tomcat-9/v9.0.19/KEYS (added)
> +++ dev/tomcat/tomcat-9/v9.0.19/KEYS Fri Apr 12 14:47:16 2019
> @@ -0,0 +1,676 @@
> +This file contains the PGP keys of various Apache developers.
> +Please don't use them for email unless you have to. Their main
> +purpose is code signing.
> +
> +Apache users: pgp < KEYS
> +Apache developers:
> +(pgpk -ll  && pgpk -xa ) >> this file.
> +  or
> +(gpg --fingerprint --list-sigs 
> + && gpg --armor --export ) >> this file.
> +
> +Apache developers: please ensure that your key is also available via the
> +PGP keyservers (such as pgpkeys.mit.edu).
> +
> +
> +Type Bits/KeyIDDate   User ID
> +pub  2048/F22C4FED 2001/07/02 Andy Armstrong 
> +
> +-BEGIN PGP PUBLIC KEY BLOCK-
> +Version: PGPfreeware 7.0.3 for non-commercial use 
> +
> +mQGiBDtAWuURBADZ0KUEyUkSUiTA09e7tvEbX25STsjxrR+DNTainCls+XlkVOij
> +gBv216lqge9tIsS0L6hCP4OQbFf/64qVtJssX4QXdyiZGb5wpmcj0Mz602Ew8r+N
> +I0S5NvmogoYWW7BlP4r61jNxO5zrr03KaijM5r4ipJdLUxyOmM6P2jRPUwCg/5gm
> +bpqiYl7pXX5FgDeB36tmD+UD/06iLqOnoiKO0vMbOk7URclhCObMNrHqxTxozMTS
> +B9soYURbIeArei+plYo2n+1qB12ayybjhVu3uksXRdT9bEkyxMfslvLbIpDAG8Cz
> +gNftTbKx/MVS7cQU0II8BKo2Akr+1FZah+sD4ovK8SfkMXUQUbTeefTntsAQKyyU
> +9M9tA/9on9tBiHFl0qVJht6N4GiJ2G689v7rS2giLgKjetjiCduxBXEgvUSuyQID
> +nF9ATrpXjITwsRlGKFmpZiFm5oCeCXihIVH0u6q066xNW2AXkLVoJ1l1Rs2Z0lsb
>

Re: [VOTE] Release Apache Tomcat 9.0.18

2019-04-11 Thread Coty Sutherland 
On Wed, Apr 10, 2019 at 9:44 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.18 release is now available for voting.
>
> The major changes compared to the 9.0.17 release are:
>
> - Fix for CVE-2019-0232 a RCE vulnerability on Windows
>
> - Add support for Java 11 to the JSP compiler. Java 12 and 13 are also
>   now supported if used with a ECJ version with support for those  Java
>   versions
>
> - Various NIO2 stability improvements
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.18/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1207/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.18
> 0862607e5da91a7c476a6350288d8d8a9380f556
>
> The proposed 9.0.18 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.18
>

+1


>
>
> Due to the security fix contained in this release, the voting period may
> be shortened once sufficient votes are cast to enable a faster release.
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 8.5.40

2019-04-11 Thread Coty Sutherland 
On Wed, Apr 10, 2019 at 10:58 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.40 release is now available for voting.
>
> The major changes compared to the 8.5.39 release are:
>
> - Fix for CVE-2019-0232 a RCE vulnerability on Windows
>
> - Add support for Java 11 to the JSP compiler. Java 12 and 13 are also
>   now supported if used with a ECJ version with support for those  Java
>   versions
>
> - Various NIO2 stability improvements
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.40/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1208/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.40
> 5ec070352b283535946327b44228b610a27a76c5
>
>
> The proposed 8.5.40 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.40
>

+1


>
>
> Due to the security fix contained in this release, the voting period may
> be shortened once sufficient votes are cast to enable a faster release.
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

commons-daemon packaging question

2019-04-05 Thread Coty Sutherland 
Hi,

I'm looking into commons-daemon in Tomcat and it appears that the Windows
executables (prunsrv and prunmgr) don't require the commons-daemon.jar to
run Tomcat like the *nix binary (jsvc) does. Can someone confirm that (I
tested it and it seems to work fine without the jar)? If it's unused I can
remove it to clean up the packaging a bit.



Thanks,
Coty

Re: GitHub Issues / GitHub PRs / Bugzilla

2019-03-14 Thread Coty Sutherland 
On Thu, Mar 14, 2019 at 11:14 AM Coty Sutherland 
wrote:

> On Thu, Mar 14, 2019 at 8:39 AM Mark Thomas  wrote:
>
>> It is early days but my impression is that the move to git has triggered
>> an increase in conversations that end up split between a GitHub PR and
>> Bugzilla.
>>
>> Personally, I'm not finding it unmanageable at this point but it does
>> feel a little disorganized.
>>
>
> +1, I was just thinking about this earlier while trying to follow some
> conversations.
>
>
>>
>> I'm wondering if we need clearer guidelines about what to discuss where
>> or do we need something else? What about a bigger change such as moving
>> issue tracking to GitHub? Would that be beneficial?
>>
>
> I agree that we should probably outline the best way to carry on
> conversations now that we have the possibility of dev/user list, BZ, and
> PRs; I'm not sure what exactly that would look like though. Is there a way
> to push links from PR comments into BZ (that's how GitHub does it with PRs
> and issues IIRC) to retain the conversation flow? Moving to GitHub's issue
> tracker is an interesting solution. I think that the issue tracker is
> robust enough that we wouldn't have any issues moving over, but is that OK
> in the eyes of the ASF Infra team? How would we be archiving those
> conversations (assuming that we need to)?
>

Apache CloudStack instructs people to use Jira (which mostly has GSoC
issues), but also has several issues reported on the GitHub issue tracker;
there doesn't seem to be any integration between the two. They use a nice
template for issues on GitHub too.


>
>
>>
>> What do others think?
>>
>> Mark
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>
>>

Re: GitHub Issues / GitHub PRs / Bugzilla

2019-03-14 Thread Coty Sutherland 
On Thu, Mar 14, 2019 at 8:39 AM Mark Thomas  wrote:

> It is early days but my impression is that the move to git has triggered
> an increase in conversations that end up split between a GitHub PR and
> Bugzilla.
>
> Personally, I'm not finding it unmanageable at this point but it does
> feel a little disorganized.
>

+1, I was just thinking about this earlier while trying to follow some
conversations.


>
> I'm wondering if we need clearer guidelines about what to discuss where
> or do we need something else? What about a bigger change such as moving
> issue tracking to GitHub? Would that be beneficial?
>

I agree that we should probably outline the best way to carry on
conversations now that we have the possibility of dev/user list, BZ, and
PRs; I'm not sure what exactly that would look like though. Is there a way
to push links from PR comments into BZ (that's how GitHub does it with PRs
and issues IIRC) to retain the conversation flow? Moving to GitHub's issue
tracker is an interesting solution. I think that the issue tracker is
robust enough that we wouldn't have any issues moving over, but is that OK
in the eyes of the ASF Infra team? How would we be archiving those
conversations (assuming that we need to)?


>
> What do others think?
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Git Migration: What is the svn:eol-style equilvalent?

2019-03-05 Thread Coty Sutherland 
Hi,

I updated the BUILDING and CONTRIBUTING documents so that GitHub users no
longer see instructions for SVN after our migration, however I had a few
questions. Does anyone know of a git equivalent to svn:eol-style that we
should be using? It is mentioned in the "git-svn quirks" section of
https://wiki.apache.org/general/GitAtApache, but before trying it I wanted
to get some feedback from everyone.

Secondly, the SVN references in MERGE.txt should be cleaned up at this
point, right? Is the git section still up to date (I see it was updated
last on Jan 29, so probably)?



Thanks!
Coty

Re: Git migration read for testing

2019-03-01 Thread Coty Sutherland 
The email notifications work for when we push commits to the repository,
but it looks like we're missing emails when PRs are opened.

On Wed, Feb 27, 2019 at 9:03 AM Rémy Maucherat  wrote:

> On Wed, Feb 27, 2019 at 11:09 AM Mark Thomas  wrote:
>
> > On 27/02/2019 09:44, Rémy Maucherat wrote:
> > > On Tue, Feb 26, 2019 at 1:33 PM Mark Thomas  wrote:
> > >
> > >> All,
> > >>
> > >> https://github.com/apache/tomcat
> > >
> > >
> > > Trying my test commit, I can't push to the github repo. I probably
> missed
> > > something obvious.
> >
> > You need to make sure you have three green ticks here:
> > https://gitbox.apache.org/setup/
> >
> > If you haven't linked your ASF and GitHub accounts or setup MFA then it
> > can take an hour or so after you make those changes for write access to
> > be enabled (various systems need to sync in the background).
> >
>
> I had forgotten about this as the Tomcat repo commit info was already
> linked to my account. Thanks for the help !
>
> Rémy
>
>
> >
> > Mark
> >
> >
> > >
> > > Rémy
> > >
> > >
> > >>
> > >>
> > >> is now ready for testing.
> > >>
> > >> It should contain:
> > >> branches
> > >> - master (9.0.x)
> > >> - 8.5.x
> > >> - 7.0.x
> > >>
> > >> Tags:
> > >> - one for each 7.0.x, 8.5.x and 9.0.x release
> > >>
> > >> Tags have all been renamed to follow a a.b.c-MODIFIERn format for
> > >> version number where modifier is RC or M.
> > >>
> > >> The repository is probably read/write for all committers now but
> please
> > >> refrain from making any changes until we confirm that all is well.
> > >>
> > >> If you have some time available now, please test this new repository
> and
> > >> report and questions or concerns to this thread.
> > >>
> > >> Assuming no issues are discovered, I'd like to formally move over to
> git
> > >> later today.
> > >>
> > >> Mark
> > >>
> > >> -
> > >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > >> For additional commands, e-mail: dev-h...@tomcat.apache.org
> > >>
> > >>
> > >
> >
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
> >
>

Re: New git based merging workflow?

2019-02-28 Thread Coty Sutherland 
On Thu, Feb 28, 2019 at 6:10 AM Emmanuel Bourg  wrote:

> Le 28/02/2019 à 11:47, Rainer Jung a écrit :
> > Thanks a bunch. Looks like what I was searching for, will try it.
> >
> > Rainer
>
> You could play with a single repository too:
>

+1, that's what I do.


>
>   # Initial setup
>   cd ~/repos
>   git clone g...@github.com:apache/tomcat.git
>
>   # Commit...
>   cd ~/repos/tomcat
>   # edit files
>   git commit -a -m "Some message"
>   git push
>
>   # ...and backport
>   git checkout 8.5.x
>   git cherry-pick 
>   git push origin 8.5.x
>
>   git checkout master
>

Sometimes I also create a local branch to do the work in so that I don't
have to worry about putting everything in one commit from the start. After
I'm done with the bug/feature, then I squash that whole local branch into
one commit and merge it into master (or whatever branch). From there you
can cherry-pick that single commit to wherever it's needed.


>
> Emmanuel Bourg
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

  1   2   3   >