svn commit: r1911921 - in /tomcat/site/trunk: docs/security-10.html docs/security-11.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-11.xml xdocs/security-8.xml xdo
Author: markt Date: Fri Aug 25 20:38:04 2023 New Revision: 1911921 URL: http://svn.apache.org/viewvc?rev=1911921=rev Log: Update site with CVE-2023-41080 info Modified: tomcat/site/trunk/docs/security-10.html tomcat/site/trunk/docs/security-11.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.html tomcat/site/trunk/xdocs/security-10.xml tomcat/site/trunk/xdocs/security-11.xml tomcat/site/trunk/xdocs/security-8.xml tomcat/site/trunk/xdocs/security-9.xml Modified: tomcat/site/trunk/docs/security-10.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-10.html?rev=1911921=1911920=1911921=diff == --- tomcat/site/trunk/docs/security-10.html (original) +++ tomcat/site/trunk/docs/security-10.html Fri Aug 25 20:38:04 2023 @@ -42,7 +42,24 @@ Table of Contents -Fixed in Apache Tomcat 10.1.9Fixed in Apache Tomcat 10.1.8Fixed in Apache Tomcat 10.1.6Fixed in Apache Tomcat 10.1.5Fixed in Apache Tomcat 10.1.2Fixed in Apache Tomcat 10.1.1Fixed in Apache Tomcat 10.0.27Fixed in Apache Tomcat 10.0.23Fixed in Apache Tomcat 10.1.0-M17Fixed in Apache Tomcat 10.0.21Fixed in Apache Tomcat 10.1.0-M15Fixed in Apache Tomcat 10.0.20Fixed in Apache Tomcat 10.1.0-M14Fixed in Apache Tomcat 10.0.16Fixed in Apache Tomcat 10.1.0-M10Fixed in Apache Tomcat 10.0.12Fixed in Apache Tomcat 10.1.0-M6Fixed in Apache Tomcat 10.0.7Fixed in Apache Tomcat 10.0.6Fixed in Apache Tomcat 10.0.5Fixed in Apache Tomcat 10.0.4Fixed in Apache Tomcat 10.0.2Fixed in Apache Tomcat 10.0.0-M10Fixed in Apache Tomcat 10.0.0-M8Fixed in Apache Tomcat 10.0.0-M7Fixed in Apache Tomcat 10.0.0-M6Fixed in Apache Tomcat 10.0.0-M5Not a vulnerability in Tomcat +Fixed in Apache Tomcat 10.1.13Fixed in Apache Tomcat 10.1.9Fixed in Apache Tomcat 10.1.8Fixed in Apache Tomcat 10.1.6Fixed in Apache Tomcat 10.1.5Fixed in Apache Tomcat 10.1.2Fixed in Apache Tomcat 10.1.1Fixed in Apache Tomcat 10.0.27Fixed in Apache Tomcat 10.0.23Fixed in Apache Tomcat 10.1.0-M17Fixed in Apache Tomcat 10.0.21Fixed in Ap ache Tomcat 10.1.0-M15Fixed in Apache Tomcat 10.0.20Fixed in Apache Tomcat 10.1.0-M14Fixed in Apache Tomcat 10.0.16Fixed in Apache Tomcat 10.1.0-M10Fixed in Apache Tomcat 10.0.12Fixed in Apache Tomcat 10.1.0-M6Fixed in Apache Tomcat 10.0.7Fixed in Apache Tomcat 10.0.6Fixed in Apache Tomcat 10.0.5Fixed in Apache Tomcat 10.0.4Fixed in Apache Tomcat 10.0.2Fixed in Apache Tomcat 10.0.0-M10Fixed in Apache Tomcat 10.0.0-M8Fixed in Apache Tomcat 10.0.0-M7Fixed in Apache Tomcat 10.0.0-M6Fixed in Apache Tomcat 10.0.0-M5Not a vulnerability in Tomcat + 2023-08-25 Fixed in Apache Tomcat 10.1.13 + +Moderate: Open redirect + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080; rel="nofollow">CVE-2023-41080 + +If the ROOT (default) web application is configured to use FORM + authentication then it is possible that a specially crafted URL could be + used to trigger a redirect to an URL of the attackers choice. + +This was fixed with commit + https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27;>bb4624a9. + +This issue was reported to the Tomcat Security Team on 17 August 2023. The + issue was made public on 22 August 2023. + +Affects: 10.1.0-M1 to 10.1.12 + 2023-05-19 Fixed in Apache Tomcat 10.1.9 Important: Information disclosure Modified: tomcat/site/trunk/docs/security-11.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-11.html?rev=1911921=1911920=1911921=diff == --- tomcat/site/trunk/docs/security-11.html (original) +++ tomcat/site/trunk/docs/security-11.html Fri Aug 25 20:38:04 2023 @@ -36,7 +36,24 @@ Table of Contents -Fixed in Apache Tomcat 11.0.0-M6Fixed in Apache Tomcat 11.0.0-M5Fixed in Apache Tomcat 11.0.0-M3 +Fixed in Apache Tomcat 11.0.0-M11Fixed in Apache Tomcat 11.0.0-M6Fixed in Apache Tomcat 11.0.0-M5Fixed in Apache Tomcat 11.0.0-M3 + 2023-08-25 Fixed in Apache Tomcat 11.0.0-M11 + +Moderate: Open redirect + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080; rel="nofollow">CVE-2023-41080 + +If the ROOT (default) web application is configured to use FORM + authentication then it is possible that a specially crafted URL could be + used to trigger a redirect to an URL of the attackers choice. + +This was fixed with commit + https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a;>e3703c9a. + +This issue was reported to the Tomcat Security Team on 17 August 2023. The + issue was made public on 22 August 2023. + +Affects: 11.0.0-M1 to 11.0.0-M10 + 2023-05-09 Fixed in Apache Tomcat 11.0.0-M6 Important: Information disclosure
[SECURITY] CVE-2023-41080 Apache Tomcat - open redirect
CVE-2023-41080 Apache Tomcat - Open redirect Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 11.0.0-M1 to 11.0.0-M10 Apache Tomcat 10.1.0-M1 to 10.1.12 Apache Tomcat 9.0.0-M1 to 9.0.79 Apache Tomcat 8.5.0 to 8.5.92 Description: If the ROOT (default) web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger a redirect to an URL of the attackers choice. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 11.0.0-M11 or later - Upgrade to Apache Tomcat 10.1.13 or later - Upgrade to Apache Tomcat 9.0.80 or later - Upgrade to Apache Tomcat 8.5.93 or later Credit: This vulnerability was reported responsibly to the Tomcat security team by Yiheng Cao. History: 2023-08-25 Original advisory References: [1] https://tomcat.apache.org/security-11.html [2] https://tomcat.apache.org/security-10.html [3] https://tomcat.apache.org/security-9.html [4] https://tomcat.apache.org/security-8.html - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 8.5.93 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.93. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 8.5.93 is a bugfix and feature release. The notable changes compared to 8.5.92 include: - If an application or library sets both a non-500 error code and the jakarta.servlet.error.exception request attribute, use the provided error code during error page processing rather than assuming an error code of 500. - Fix for FORM authentication open redirect - CVE-2023-41080 Along with lots of other bug fixes and improvements. Please refer to the change log for the complete list of changes: https://tomcat.apache.org/tomcat-8.5-doc/changelog.html Downloads: https://tomcat.apache.org/download-80.cgi Migration guides from Apache Tomcat 7.x and 8.0: https://tomcat.apache.org/migration.html Please note that Tomcat 8.5.x will reach End-of-life (EOL) on 31 March 2024. For more information please visit https://tomcat.apache.org/tomcat-85-eol.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 9.0.80 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 9.0.80. Apache Tomcat 9 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and JASPIC technologies. Apache Tomcat 9.0.80 is a bugfix and feature release. The notable changes compared to 9.0.79 include: - If an application or library sets both a non-500 error code and the jakarta.servlet.error.exception request attribute, use the provided error code during error page processing rather than assuming an error code of 500. - Fix for FORM authentication open redirect - CVE-2023-41080 Along with lots of other bug fixes and improvements. Please refer to the change log for the complete list of changes: https://tomcat.apache.org/tomcat-9.0-doc/changelog.html Downloads: https://tomcat.apache.org/download-90.cgi Migration guides from Apache Tomcat 7.x and 8.x: https://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 10.1.13 available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.13. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specifications. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use. The notable changes compared to 10.1.12 include: - If an application or library sets both a non-500 error code and the jakarta.servlet.error.exception request attribute, use the provided error code during error page processing rather than assuming an error code of 500. - Fix for FORM authentication open redirect - CVE-2023-41080 Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-10.1-doc/changelog.html Downloads: http://tomcat.apache.org/download-10.cgi Migration guides from Apache Tomcat 8.5.x and 9.0.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[ANN] Apache Tomcat 11.0.0-M11 (alpha) available
The Apache Tomcat team announces the immediate availability of Apache Tomcat 11.0.0-M11 (alpha). Apache Tomcat 11 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations specifications. Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.*. This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool is available to aid this process. Apache Tomcat 11.0.0-M11 is a milestone release of the 11.0.x branch and has been made to provide users with early access to the new features in Apache Tomcat 11.0.x so that they may provide feedback. The notable changes compared to 11.0.0-M10 include: - Update the HTTP parameter handling to align with the changes in the Jakarta Servlet 6.1 API Javadoc for the ServletRequest methods used to obtain request parameters. Invalid parameters and/or exceeding parameter size and/or quantity limits now triggerm exceptions. As a consequence, the FailedRequestFilter has been removed. - If an application or library sets both a non-500 error code and the jakarta.servlet.error.exception request attribute, use the provided error code during error page processing rather than assuming an error code of 500. - Fix for FORM authentication open redirect - CVE-2023-41080 Please refer to the change log for the complete list of changes: http://tomcat.apache.org/tomcat-11.0-doc/changelog.html Downloads: http://tomcat.apache.org/download-11.cgi Migration guides from Apache Tomcat 8.5.x, 9.0.x and 10.1.x: http://tomcat.apache.org/migration.html Enjoy! - The Apache Tomcat team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r63636 - in /release/tomcat: tomcat-10/v10.1.12/ tomcat-11/v11.0.0-M10/ tomcat-8/v8.5.91/ tomcat-8/v8.5.92/ tomcat-9/v9.0.78/ tomcat-9/v9.0.79/
Author: markt Date: Fri Aug 25 17:40:39 2023 New Revision: 63636 Log: Drop old releases from CDN Removed: release/tomcat/tomcat-10/v10.1.12/ release/tomcat/tomcat-11/v11.0.0-M10/ release/tomcat/tomcat-8/v8.5.91/ release/tomcat/tomcat-8/v8.5.92/ release/tomcat/tomcat-9/v9.0.78/ release/tomcat/tomcat-9/v9.0.79/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1911919 - in /tomcat/site/trunk: docs/ xdocs/
Author: markt Date: Fri Aug 25 17:37:29 2023 New Revision: 1911919 URL: http://svn.apache.org/viewvc?rev=1911919=rev Log: Update site for 8.5.93 release Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf tomcat/site/trunk/docs/download-80.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/migration-85.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/docs/whichversion.html tomcat/site/trunk/xdocs/doap_Tomcat.rdf tomcat/site/trunk/xdocs/download-80.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/migration-85.xml tomcat/site/trunk/xdocs/oldnews.xml tomcat/site/trunk/xdocs/whichversion.xml Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/doap_Tomcat.rdf?rev=1911919=1911918=1911919=diff == --- tomcat/site/trunk/docs/doap_Tomcat.rdf (original) +++ tomcat/site/trunk/docs/doap_Tomcat.rdf Fri Aug 25 17:37:29 2023 @@ -81,8 +81,8 @@ Latest Stable 8.5.x Release -2023-08-14 -8.5.92 +2023-08-25 +8.5.93 Modified: tomcat/site/trunk/docs/download-80.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-80.html?rev=1911919=1911918=1911919=diff == --- tomcat/site/trunk/docs/download-80.html (original) +++ tomcat/site/trunk/docs/download-80.html Fri Aug 25 17:37:29 2023 @@ -10,7 +10,7 @@ Quick Navigation -[define v]8.5.92[end] +[define v]8.5.93[end] https://downloads.apache.org/tomcat/tomcat-8/KEYS;>KEYS | [v] | Browse | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1911919=1911918=1911919=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Fri Aug 25 17:37:29 2023 @@ -85,6 +85,32 @@ changelog. https://tomcat.apache.org/download-90.cgi;>Download +2023-08-25 Tomcat 8.5.93 Released + +The Apache Tomcat Project is proud to announce the release of version 8.5.93 +of Apache Tomcat. This release implements specifications that are part of the +Java EE 7 platform. The notable changes compared to 8.5.92 include: + + +If an application or library sets both a non-500 error code and the +jakarta.servlet.error.exception request attribute, use the +provided error code during error page processing rather than assuming an +error code of 500. +Fix for FORM authentication open redirect - CVE-2023-41080 + + +Full details of these changes, and all the other changes, are available in the +Tomcat 8 +changelog. + + +Please note that Apache Tomcat 8.5.x will +reach https://tomcat.apache.org/tomcat-85-eol.html;>End-of-life +(EOL) on 31 March 2024. + + +https://tomcat.apache.org/download-80.cgi;>Download + 2023-08-25 Tomcat 11.0.0-M11 Released The Apache Tomcat Project is proud to announce the release of version 11.0.0-M11 @@ -120,33 +146,6 @@ Full details of these changes, and all t https://tomcat.apache.org/download-11.cgi;>Download -2023-08-14 Tomcat 8.5.92 Released - -The Apache Tomcat Project is proud to announce the release of version 8.5.92 -of Apache Tomcat. This release implements specifications that are part of the -Java EE 7 platform. The notable changes compared to 8.5.91 include: - - -Refactor HTTP/2 implementation to reduce pinning when using virtual -threads. -Fix a NullPointerException when flushing batched WebSocket messages -with compression enabled using permessage-deflate. -Update Tomcat Native to 1.2.38 to pick up Windows binaries built -with OpenSSL 1.1.1v - - -Full details of these changes, and all the other changes, are available in the -Tomcat 8 -changelog. - - -Please note that Apache Tomcat 8.5.x will -reach https://tomcat.apache.org/tomcat-85-eol.html;>End-of-life -(EOL) on 31 March 2024. - - -https://tomcat.apache.org/download-80.cgi;>Download - 2023-08-07 Tomcat Native 2.0.5 Released The Apache Tomcat Project is proud to announce the release of version 2.0.5 of Modified: tomcat/site/trunk/docs/migration-85.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-85.html?rev=1911919=1911918=1911919=diff == --- tomcat/site/trunk/docs/migration-85.html (original) +++ tomcat/site/trunk/docs/migration-85.html Fri Aug 25 17:37:29 2023 @@ -391,8 +391,9 @@ versions of Apache Tomcat. 8.5.88 8.5.89 8.5.90 -8.5.91 -8.5.92 +8.5.91 +8.5.92 +8.5.93 , new version: 8.5.0 @@ -470,7 +471,8 @@ versions of Apache Tomcat. 8.5.89 8.5.90 8.5.91 -8.5.92 +8.5.92 +8.5.93 trunk (unreleased) Modified:
svn commit: r1911918 - in /tomcat/site/trunk: docs/ xdocs/
Author: markt Date: Fri Aug 25 17:34:19 2023 New Revision: 1911918 URL: http://svn.apache.org/viewvc?rev=1911918=rev Log: Update site for 9.0.80 release Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf tomcat/site/trunk/docs/download-90.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/migration-9.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/docs/whichversion.html tomcat/site/trunk/xdocs/doap_Tomcat.rdf tomcat/site/trunk/xdocs/download-90.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/migration-9.xml tomcat/site/trunk/xdocs/oldnews.xml tomcat/site/trunk/xdocs/whichversion.xml Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/doap_Tomcat.rdf?rev=1911918=1911917=1911918=diff == --- tomcat/site/trunk/docs/doap_Tomcat.rdf (original) +++ tomcat/site/trunk/docs/doap_Tomcat.rdf Fri Aug 25 17:34:19 2023 @@ -74,8 +74,8 @@ Latest Stable 9.0.x Release -2023-08-15 -9.0.79 +2023-08-25 +9.0.80 Modified: tomcat/site/trunk/docs/download-90.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-90.html?rev=1911918=1911917=1911918=diff == --- tomcat/site/trunk/docs/download-90.html (original) +++ tomcat/site/trunk/docs/download-90.html Fri Aug 25 17:34:19 2023 @@ -10,7 +10,7 @@ Quick Navigation -[define v]9.0.79[end] +[define v]9.0.80[end] https://downloads.apache.org/tomcat/tomcat-9/KEYS;>KEYS | [v] | Browse | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1911918=1911917=1911918=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Fri Aug 25 17:34:19 2023 @@ -64,6 +64,27 @@ changelog. https://tomcat.apache.org/download-10.cgi;>Download +2023-08-25 Tomcat 9.0.80 Released + +The Apache Tomcat Project is proud to announce the release of version 9.0.90 +of Apache Tomcat. This release implements specifications that are part of the +Java EE 8 platform. The notable changes compared to 9.0.79 include: + +If an application or library sets both a non-500 error code and the +jakarta.servlet.error.exception request attribute, use the +provided error code during error page processing rather than assuming an +error code of 500. +Fix for FORM authentication open redirect - CVE-2023-41080 + + +Full details of these changes, and all the other changes, are available in the +Tomcat 9 +changelog. + + + +https://tomcat.apache.org/download-90.cgi;>Download + 2023-08-25 Tomcat 11.0.0-M11 Released The Apache Tomcat Project is proud to announce the release of version 11.0.0-M11 @@ -99,27 +120,6 @@ Full details of these changes, and all t https://tomcat.apache.org/download-11.cgi;>Download -2023-08-15 Tomcat 9.0.79 Released - -The Apache Tomcat Project is proud to announce the release of version 9.0.79 -of Apache Tomcat. This release implements specifications that are part of the -Java EE 8 platform. The notable changes compared to 9.0.78 include: - -Refactor HTTP/2 implementation to reduce pinning when using virtual -threads. -Pass through ciphers referring to an OpenSSL profile, such as -PROFILE=SYSTEM instead of producing an error trying to parse it. -Update Tomcat Native to 2.0.5. - - -Full details of these changes, and all the other changes, are available in the -Tomcat 9 -changelog. - - - -https://tomcat.apache.org/download-90.cgi;>Download - 2023-08-14 Tomcat 8.5.92 Released The Apache Tomcat Project is proud to announce the release of version 8.5.92 Modified: tomcat/site/trunk/docs/migration-9.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-9.html?rev=1911918=1911917=1911918=diff == --- tomcat/site/trunk/docs/migration-9.html (original) +++ tomcat/site/trunk/docs/migration-9.html Fri Aug 25 17:34:19 2023 @@ -462,7 +462,9 @@ versions of Apache Tomcat. 9.0.74 9.0.75 9.0.76 -9.0.78 +9.0.78 +9.0.79 +9.0.90 , new version: 9.0.0-M1 @@ -544,7 +546,8 @@ versions of Apache Tomcat. 9.0.75 9.0.76 9.0.78 -9.0.79 +9.0.79 +9.0.80 trunk (unreleased) Modified: tomcat/site/trunk/docs/oldnews.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/oldnews.html?rev=1911918=1911917=1911918=diff == --- tomcat/site/trunk/docs/oldnews.html (original) +++ tomcat/site/trunk/docs/oldnews.html Fri Aug 25 17:34:19 2023 @@ -17,6 +17,27 @@ year
svn commit: r1911917 - in /tomcat/site/trunk: docs/ xdocs/
Author: markt Date: Fri Aug 25 17:29:53 2023 New Revision: 1911917 URL: http://svn.apache.org/viewvc?rev=1911917=rev Log: Update site for 10.1.13 release Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf tomcat/site/trunk/docs/download-10.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/migration-10.1.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/docs/whichversion.html tomcat/site/trunk/xdocs/doap_Tomcat.rdf tomcat/site/trunk/xdocs/download-10.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/migration-10.1.xml tomcat/site/trunk/xdocs/oldnews.xml tomcat/site/trunk/xdocs/whichversion.xml Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/doap_Tomcat.rdf?rev=1911917=1911916=1911917=diff == --- tomcat/site/trunk/docs/doap_Tomcat.rdf (original) +++ tomcat/site/trunk/docs/doap_Tomcat.rdf Fri Aug 25 17:29:53 2023 @@ -60,8 +60,8 @@ Latest Stable 10.1.x Release -2023-08-14 -10.1.12 +2023-08-25 +10.1.13 Modified: tomcat/site/trunk/docs/download-10.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-10.html?rev=1911917=1911916=1911917=diff == --- tomcat/site/trunk/docs/download-10.html (original) +++ tomcat/site/trunk/docs/download-10.html Fri Aug 25 17:29:53 2023 @@ -19,7 +19,7 @@ Quick Navigation -[define v]10.1.12[end] +[define v]10.1.13[end] https://downloads.apache.org/tomcat/tomcat-10/KEYS;>KEYS | [v] | Browse | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1911917=1911916=1911917=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Fri Aug 25 17:29:53 2023 @@ -34,9 +34,39 @@ wiki page. Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation. +2023-08-25 Tomcat 10.1.13 Released + +The Apache Tomcat Project is proud to announce the release of version 10.1.13 +of Apache Tomcat. This release implements specifications that are part of the +Jakarta EE 10 platform. +Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 +without changes. Java EE based applications designed for Tomcat 9 and earlier +may be placed in the $CATALINA_BASE/webapps-javaee directory and +Tomcat will automatically convert them to Jakarta EE and copy them to the +webapps directory. This conversion is performed using the +https://github.com/apache/tomcat-jakartaee-migration;>Apache Tomcat +migration tool for Jakarta EE tool which is also available as a separate +https://tomcat.apache.org/download-migration.cgi;>download for off-line use. +The notable changes in this release are: + +If an application or library sets both a non-500 error code and the +jakarta.servlet.error.exception request attribute, use the +provided error code during error page processing rather than assuming an +error code of 500. +Fix for FORM authentication open redirect - CVE-2023-41080 + + +Full details of these changes, and all the other changes, are available in the +Tomcat 10.1 +changelog. + + + +https://tomcat.apache.org/download-10.cgi;>Download + 2023-08-25 Tomcat 11.0.0-M11 Released -The Apache Tomcat Project is proud to announce the release of version 11.0.0-M10 +The Apache Tomcat Project is proud to announce the release of version 11.0.0-M11 (alpha) of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 11. Users of Tomcat 10 onwards should be aware that, as a result of the move from @@ -62,7 +92,7 @@ tool is available to aid this proces Full details of these changes, and all the other changes, are available in the -Tomcat 11 +Tomcat 11 (alpha) changelog. @@ -90,36 +120,6 @@ changelog. https://tomcat.apache.org/download-90.cgi;>Download -2023-08-14 Tomcat 10.1.12 Released - -The Apache Tomcat Project is proud to announce the release of version 10.1.12 -of Apache Tomcat. This release implements specifications that are part of the -Jakarta EE 10 platform. -Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 -without changes. Java EE based applications designed for Tomcat 9 and earlier -may be placed in the $CATALINA_BASE/webapps-javaee directory and -Tomcat will automatically convert them to Jakarta EE and copy them to the -webapps directory. This conversion is performed using the -https://github.com/apache/tomcat-jakartaee-migration;>Apache Tomcat -migration tool for Jakarta EE tool which is also available as a separate
[Bug 67065] Using "::1" to bind to all local addresses (IPV4 and IPV6)
https://bz.apache.org/bugzilla/show_bug.cgi?id=67065 Amit Pande changed: What|Removed |Added Severity|normal |enhancement OS||All -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67065] New: Using "::1" to bind to all local addresses (IPV4 and IPV6)
https://bz.apache.org/bugzilla/show_bug.cgi?id=67065 Bug ID: 67065 Summary: Using "::1" to bind to all local addresses (IPV4 and IPV6) Product: Tomcat 9 Version: 9.0.78 Hardware: PC Status: NEW Severity: normal Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: amit.pa...@veritas.com Target Milestone: - Reference thread: https://lists.apache.org/thread/d7ppg7mpvzb1cmjfnhqrqnjs5v94zw6l Main problem statement: By default, the Tomcat HTTP connectors bind to all local interfaces (including public interfaces). If we need to bind to only local loopback addresses, currently we need to define two connectors with everything else identical but only address attribute being different (::1 for IPv6 and 127.0.0.1 for IPv4). It would be handy if we could use an address like ::1 to bind to all local interfaces (IPv4 and IPv6). This will ensure only one connector configuration is sufficient to bind to only local interfaces (IPv4 and IPv6). -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1911916 - in /tomcat/site/trunk: docs/download-11.html docs/index.html docs/migration-11.0.html docs/oldnews.html docs/whichversion.html xdocs/download-11.xml xdocs/index.xml xdocs/migrat
Author: markt Date: Fri Aug 25 17:25:37 2023 New Revision: 1911916 URL: http://svn.apache.org/viewvc?rev=1911916=rev Log: Update site for release of 11.0.0-M11 Modified: tomcat/site/trunk/docs/download-11.html tomcat/site/trunk/docs/index.html tomcat/site/trunk/docs/migration-11.0.html tomcat/site/trunk/docs/oldnews.html tomcat/site/trunk/docs/whichversion.html tomcat/site/trunk/xdocs/download-11.xml tomcat/site/trunk/xdocs/index.xml tomcat/site/trunk/xdocs/migration-11.0.xml tomcat/site/trunk/xdocs/oldnews.xml tomcat/site/trunk/xdocs/whichversion.xml Modified: tomcat/site/trunk/docs/download-11.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-11.html?rev=1911916=1911915=1911916=diff == --- tomcat/site/trunk/docs/download-11.html (original) +++ tomcat/site/trunk/docs/download-11.html Fri Aug 25 17:25:37 2023 @@ -19,7 +19,7 @@ Quick Navigation -[define v]11.0.0-M10[end] +[define v]11.0.0-M11[end] https://downloads.apache.org/tomcat/tomcat-11/KEYS;>KEYS | [v] (alpha) | Browse | Modified: tomcat/site/trunk/docs/index.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1911916=1911915=1911916=diff == --- tomcat/site/trunk/docs/index.html (original) +++ tomcat/site/trunk/docs/index.html Fri Aug 25 17:25:37 2023 @@ -34,6 +34,41 @@ wiki page. Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation. +2023-08-25 Tomcat 11.0.0-M11 Released + +The Apache Tomcat Project is proud to announce the release of version 11.0.0-M10 +(alpha) of Apache Tomcat. This release is a milestone release and is targeted at +Jakarta EE 11. +Users of Tomcat 10 onwards should be aware that, as a result of the move from +Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse +Foundation, the primary package for all implemented APIs has changed from +javax.* to jakarta.*. This will almost certainly +require code changes to enable applications to migrate from Tomcat 9 and earlier +to Tomcat 10 and later. A +https://github.com/apache/tomcat-jakartaee-migration;>migration +tool is available to aid this process. +The notable changes in this release are: + +Update the HTTP parameter handling to align with the changes in the Jakarta +Servlet 6.1 API Javadoc for the ServletRequest methods used to obtain +request parameters. Invalid parameters and/or exceeding parameter size +and/or quantity limits now trigger exceptions. As a consequence, the +FailedRequestFilter has been removed. +If an application or library sets both a non-500 error code and the +jakarta.servlet.error.exception request attribute, use the +provided error code during error page processing rather than assuming an +error code of 500. +Fix for FORM authentication open redirect - CVE-2023-41080 + + +Full details of these changes, and all the other changes, are available in the +Tomcat 11 +(alpha) changelog. + + + +https://tomcat.apache.org/download-11.cgi;>Download + 2023-08-15 Tomcat 9.0.79 Released The Apache Tomcat Project is proud to announce the release of version 9.0.79 @@ -112,36 +147,6 @@ reach https://tomcat.apache.org https://tomcat.apache.org/download-80.cgi;>Download -2023-08-14 Tomcat 11.0.0-M10 Released - -The Apache Tomcat Project is proud to announce the release of version 11.0.0-M10 -(alpha) of Apache Tomcat. This release is a milestone release and is targeted at -Jakarta EE 11. -Users of Tomcat 10 onwards should be aware that, as a result of the move from -Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse -Foundation, the primary package for all implemented APIs has changed from -javax.* to jakarta.*. This will almost certainly -require code changes to enable applications to migrate from Tomcat 9 and earlier -to Tomcat 10 and later. A -https://github.com/apache/tomcat-jakartaee-migration;>migration -tool is available to aid this process. -The notable changes in this release are: - -Refactor HTTP/2 implementation to reduce pinning when using virtual -threads. -Pass through ciphers referring to an OpenSSL profile, such as -PROFILE=SYSTEM instead of producing an error trying to parse it. -Update Tomcat Native to 2.0.5. - - -Full details of these changes, and all the other changes, are available in the -Tomcat 11 -(alpha) changelog. - - - -https://tomcat.apache.org/download-11.cgi;>Download - 2023-08-07 Tomcat Native 2.0.5 Released The Apache Tomcat Project is proud to announce the release of version 2.0.5 of Modified: tomcat/site/trunk/docs/migration-11.0.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-11.0.html?rev=1911916=1911915=1911916=diff
svn commit: r1911915 - in /tomcat/site/trunk/docs/tomcat-8.5-doc: ./ annotationapi/ annotationapi/javax/annotation/ annotationapi/javax/annotation/security/ annotationapi/javax/annotation/sql/ api/ ap
Author: markt Date: Fri Aug 25 17:19:40 2023 New Revision: 1911915 URL: http://svn.apache.org/viewvc?rev=1911915=rev Log: Update docs for 8.5.93 release [This commit notification would consist of 72 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1911914 - in /tomcat/site/trunk/docs/tomcat-9.0-doc: ./ annotationapi/ annotationapi/javax/annotation/ annotationapi/javax/annotation/security/ annotationapi/javax/annotation/sql/ annotat
Author: markt Date: Fri Aug 25 17:11:47 2023 New Revision: 1911914 URL: http://svn.apache.org/viewvc?rev=1911914=rev Log: Update docs for 9.0.80 release [This commit notification would consist of 76 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1911913 - in /tomcat/site/trunk/docs/tomcat-10.1-doc: ./ annotationapi/ annotationapi/jakarta/annotation/ annotationapi/jakarta/annotation/security/ annotationapi/jakarta/annotation/sql/
Author: markt Date: Fri Aug 25 17:05:40 2023 New Revision: 1911913 URL: http://svn.apache.org/viewvc?rev=1911913=rev Log: Update docs for 10.1.13 release [This commit notification would consist of 1352 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Add release date for 8.5.93
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new c81869a8de Add release date for 8.5.93 c81869a8de is described below commit c81869a8ded084c7aacb094b212efb109fc94c2a Author: Mark Thomas AuthorDate: Fri Aug 25 09:50:10 2023 -0700 Add release date for 8.5.93 --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 472714636f..ae55fbbf45 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -106,7 +106,7 @@ --> - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1911912 - in /tomcat/site/trunk/docs/tomcat-11.0-doc: ./ annotationapi/ annotationapi/jakarta/annotation/ annotationapi/jakarta/annotation/security/ annotationapi/jakarta/annotation/sql/
Author: markt Date: Fri Aug 25 16:50:11 2023 New Revision: 1911912 URL: http://svn.apache.org/viewvc?rev=1911912=rev Log: Update docs for 11.0.0-M11 release [This commit notification would consist of 126 parts, which exceeds the limit of 50 ones, so it was shortened to the summary.] - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Add release date for 9.0.80
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new 822bf6794d Add release date for 9.0.80 822bf6794d is described below commit 822bf6794d579ae6ca7fa89cb8cbae269bf2fb4e Author: Mark Thomas AuthorDate: Fri Aug 25 09:49:41 2023 -0700 Add release date for 9.0.80 --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 200b0588c1..3e51f63466 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -106,7 +106,7 @@ --> - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Add release date for 10.1.13
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 10.1.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.1.x by this push: new 46390dde41 Add release date for 10.1.13 46390dde41 is described below commit 46390dde41dde33852181dac2636b0eebb0667d5 Author: Mark Thomas AuthorDate: Fri Aug 25 09:49:15 2023 -0700 Add release date for 10.1.13 --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 5aae74744d..7d7733fbce 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -106,7 +106,7 @@ --> - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Add release date for 11.0.0-M11
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new 66261e42e5 Add release date for 11.0.0-M11 66261e42e5 is described below commit 66261e42e5f188d42a5e02632d5b9bcacc2a9903 Author: Mark Thomas AuthorDate: Fri Aug 25 09:48:51 2023 -0700 Add release date for 11.0.0-M11 --- webapps/docs/changelog.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 33036ef6f4..7962aeea93 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -106,7 +106,7 @@ --> - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1911911 - /tomcat/site/trunk/build.properties.default
Author: markt Date: Fri Aug 25 16:36:52 2023 New Revision: 1911911 URL: http://svn.apache.org/viewvc?rev=1911911=rev Log: Update versions Modified: tomcat/site/trunk/build.properties.default Modified: tomcat/site/trunk/build.properties.default URL: http://svn.apache.org/viewvc/tomcat/site/trunk/build.properties.default?rev=1911911=1911910=1911911=diff == --- tomcat/site/trunk/build.properties.default (original) +++ tomcat/site/trunk/build.properties.default Fri Aug 25 16:36:52 2023 @@ -36,10 +36,10 @@ tomcat.loc=https://downloads.apache.org/ # - Tomcat versions - -tomcat8.5=8.5.92 -tomcat9.0=9.0.79 -tomcat10.1=10.1.12 -tomcat11.0=11.0.0-M10 +tomcat8.5=8.5.93 +tomcat9.0=9.0.80 +tomcat10.1=10.1.13 +tomcat11.0=11.0.0-M11 # - Download destination - tomcat-site-docs.home=${base.path}/tomcat-site-docs/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r63634 - /dev/tomcat/tomcat-8/v8.5.93/ /release/tomcat/tomcat-8/v8.5.93/
Author: markt Date: Fri Aug 25 16:18:12 2023 New Revision: 63634 Log: Release Tomcat 8.5.93 Added: release/tomcat/tomcat-8/v8.5.93/ - copied from r63633, dev/tomcat/tomcat-8/v8.5.93/ Removed: dev/tomcat/tomcat-8/v8.5.93/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r63632 - /dev/tomcat/tomcat-10/v10.1.13/ /release/tomcat/tomcat-10/v10.1.13/
Author: markt Date: Fri Aug 25 16:17:30 2023 New Revision: 63632 Log: Release Tomcat 10.1.13 Added: release/tomcat/tomcat-10/v10.1.13/ - copied from r63631, dev/tomcat/tomcat-10/v10.1.13/ Removed: dev/tomcat/tomcat-10/v10.1.13/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r63633 - /dev/tomcat/tomcat-9/v9.0.80/ /release/tomcat/tomcat-9/v9.0.80/
Author: markt Date: Fri Aug 25 16:17:48 2023 New Revision: 63633 Log: Release Tomcat 9.0.80 Added: release/tomcat/tomcat-9/v9.0.80/ - copied from r63632, dev/tomcat/tomcat-9/v9.0.80/ Removed: dev/tomcat/tomcat-9/v9.0.80/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r63631 - /dev/tomcat/tomcat-11/v11.0.0-M11/ /release/tomcat/tomcat-11/v11.0.0-M11/
Author: markt Date: Fri Aug 25 16:17:11 2023 New Revision: 63631 Log: Release Tomcat 11.0.0-M11 Added: release/tomcat/tomcat-11/v11.0.0-M11/ - copied from r63630, dev/tomcat/tomcat-11/v11.0.0-M11/ Removed: dev/tomcat/tomcat-11/v11.0.0-M11/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 8.5.93
The following votes were cast: Binding: +1: schultz, markt, remm, lihan No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 10.1.13
The following votes were cast: Binding: +1: markt, jfclere, lihan, remm No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 9.0.80
The following votes were cast: Binding: +1: lihan, jfclere, markt, remm No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 11.0.0-M11
The following votes were cast: Binding: +1: lihan, markt, remm No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.13
On 8/24/23 01:28, Mark Thomas wrote: [X] Stable - go ahead and release as 10.1.13 Tested on fedora 38 with open-ssl-3.0.9, tc-native-2.0.5 and open-jdk 17.0.8 -- Cheers Jean-Frederic - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.93
> On Aug 24, 2023, at 07:31, Mark Thomas wrote: > > The proposed Apache Tomcat 8.5.93 release is now available for voting. > > The notable changes compared to 8.5.92 are: > > - If an application or library sets both a non-500 error code and the > jakarta.servlet.error.exception request attribute, use the > provided error code during error page processing rather than assuming > an error code of 500. > > - Fix for FORM authentication open redirect - CVE-2023-41080 > > > Along with lots of other bug fixes and improvements. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.93/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1454 > > The tag is: > https://github.com/apache/tomcat/tree/8.5.93/ > 9d9aea65c435a38c737c1e600e6513f9d0980cf1 > > The proposed 8.5.93 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.93 (stable) Han > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.13
On Thu, Aug 24, 2023 at 1:28 AM Mark Thomas wrote: > > The proposed Apache Tomcat 10.1.13 release is now available for > voting. > > The notable changes compared to 10.1.12 are: > > - If an application or library sets both a non-500 error code and the >jakarta.servlet.error.exception request attribute, use the >provided error code during error page processing rather than assuming >an error code of 500. > > - Fix for FORM authentication open redirect - CVE-2023-41080 > > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.13/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1452 > > The tag is: > https://github.com/apache/tomcat/tree/10.1.13 > 71dddc8a1b8fe1175a14e6dd98bb8af56c9ad75d > > The proposed 10.1.13 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 10.1.13 Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.93
On Thu, Aug 24, 2023 at 1:31 AM Mark Thomas wrote: > > The proposed Apache Tomcat 8.5.93 release is now available for voting. > > The notable changes compared to 8.5.92 are: > > - If an application or library sets both a non-500 error code and the >jakarta.servlet.error.exception request attribute, use the >provided error code during error page processing rather than assuming >an error code of 500. > > - Fix for FORM authentication open redirect - CVE-2023-41080 > > > Along with lots of other bug fixes and improvements. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.93/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1454 > > The tag is: > https://github.com/apache/tomcat/tree/8.5.93/ > 9d9aea65c435a38c737c1e600e6513f9d0980cf1 > > The proposed 8.5.93 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.93 (stable) Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.0-M11
On Thu, Aug 24, 2023 at 1:23 AM Mark Thomas wrote: > > The proposed Apache Tomcat 11.0.0-M11 release is now available for > voting. > > Apache Tomcat 11.0.0-M11 is a milestone release of the 11.0.x branch and > has been made to provide users with early access to the new features in > Apache Tomcat 11.0.x so that they may provide feedback. The notable > changes compared to the previous milestone include: > > - Update the HTTP parameter handling to align with the changes in the >Jakarta Servlet 6.1 API Javadoc for the ServletRequest methods used >to obtain request parameters. Invalid parameters and/or exceeding >parameter size and/or quantity limits now triggerm exceptions. As a >consequence, the FailedRequestFilter has been removed. > > - If an application or library sets both a non-500 error code and the >jakarta.servlet.error.exception request attribute, use the >provided error code during error page processing rather than assuming >an error code of 500. > > - Fix for FORM authentication open redirect - CVE-2023-41080 > > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. Applications using deprecated APIs may require > further changes. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M11/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1451 > > The tag is: > https://github.com/apache/tomcat/tree/11.0.0-M11 > ae109f6248e00a1952f706d6941ff930ad4466e1 > > > The proposed 11.0.0-M11 release is: > [ ] -1 Broken - do not release > [X] +1 Alpha - go ahead and release as 11.0.0-M11 Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.80
On Thu, Aug 24, 2023 at 1:30 AM Mark Thomas wrote: > > The proposed Apache Tomcat 9.0.80 release is now available for voting. > > The notable changes compared to 9.0.79 are: > > - If an application or library sets both a non-500 error code and the >jakarta.servlet.error.exception request attribute, use the >provided error code during error page processing rather than assuming >an error code of 500. > > - Fix for FORM authentication open redirect - CVE-2023-41080 > > > Along with lots of other bug fixes and improvements. > > For full details, see the changelog: > https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.80/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1453 > > The tag is: > https://github.com/apache/tomcat/tree/9.0.80 > 0ea24187a89ca09f3841e4690f931cca56e222fd > > The proposed 9.0.80 release is: > [ ] -1, Broken - do not release > [X] +1, Stable - go ahead and release as 9.0.80 Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 67061] SSLVerifyClient="optionalNoCA" still not doing what it should
https://bz.apache.org/bugzilla/show_bug.cgi?id=67061 --- Comment #1 from ruedige...@yahoo.de --- On top, the problem also exists in my local installation (Ubuntu 20.04, Java 17): tomcat 9.0.55 tc-native 1.2.31 openssl 1.1.1f Here is the relevant longer excerpt from server.xml (the rest is unchanged from the default): If I remove the caCertificateFile attribute, I get handshake problems with my self-signed certificate. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org