svn commit: r1911921 - in /tomcat/site/trunk: docs/security-10.html docs/security-11.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-11.xml xdocs/security-8.xml xdo

[markt]

Author: markt
Date: Fri Aug 25 20:38:04 2023
New Revision: 1911921

URL: http://svn.apache.org/viewvc?rev=1911921=rev
Log:
Update site with CVE-2023-41080 info

Modified:
tomcat/site/trunk/docs/security-10.html
tomcat/site/trunk/docs/security-11.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-10.xml
tomcat/site/trunk/xdocs/security-11.xml
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml

Modified: tomcat/site/trunk/docs/security-10.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-10.html?rev=1911921=1911920=1911921=diff
==
--- tomcat/site/trunk/docs/security-10.html (original)
+++ tomcat/site/trunk/docs/security-10.html Fri Aug 25 20:38:04 2023
@@ -42,7 +42,24 @@
 
 
   Table of Contents
-Fixed in Apache Tomcat 
10.1.9Fixed in Apache 
Tomcat 10.1.8Fixed in 
Apache Tomcat 10.1.6Fixed 
in Apache Tomcat 10.1.5Fixed in Apache Tomcat 
10.1.2Fixed in Apache 
Tomcat 10.1.1Fixed in 
Apache Tomcat 10.0.27Fixed in Apache Tomcat 
10.0.23Fixed in 
Apache Tomcat 10.1.0-M17Fixed in Apache Tomcat 
10.0.21Fixed in 
Apache Tomcat 10.1.0-M15Fixed in
  Apache Tomcat 10.0.20Fixed in Apache Tomcat 
10.1.0-M14Fixed in 
Apache Tomcat 10.0.16Fixed in Apache Tomcat 
10.1.0-M10Fixed in 
Apache Tomcat 10.0.12Fixed in Apache Tomcat 
10.1.0-M6Fixed in Apache 
Tomcat 10.0.7Fixed in 
Apache Tomcat 10.0.6Fixed 
in Apache Tomcat 10.0.5Fixed in Apache Tomcat 
10.0.4Fixed in Apache 
Tomcat 10.0.2Fixed in 
Apache Tomcat 10.0.0-M10Fixed in Apache Tomcat 10.0.0-M8Fixed in Apache Tomcat 
10.0.0-M7Fixed in 
Apache Tomcat 10.0.0-M6Fixed in Apache Tomcat 
10.0.0-M5Not a 
vulnerability in Tomcat
+Fixed in Apache Tomcat 
10.1.13Fixed in Apache 
Tomcat 10.1.9Fixed in 
Apache Tomcat 10.1.8Fixed 
in Apache Tomcat 10.1.6Fixed in Apache Tomcat 
10.1.5Fixed in Apache 
Tomcat 10.1.2Fixed in 
Apache Tomcat 10.1.1Fixed in Apache Tomcat 
10.0.27Fixed in Apache 
Tomcat 10.0.23Fixed 
in Apache Tomcat 10.1.0-M17Fixed in Apache Tomcat 
10.0.21Fixed in Ap
 ache Tomcat 10.1.0-M15Fixed in Apache Tomcat 
10.0.20Fixed in 
Apache Tomcat 10.1.0-M14Fixed in Apache Tomcat 
10.0.16Fixed in 
Apache Tomcat 10.1.0-M10Fixed in Apache Tomcat 
10.0.12Fixed in Apache 
Tomcat 10.1.0-M6Fixed in 
Apache Tomcat 10.0.7Fixed 
in Apache Tomcat 10.0.6Fixed in Apache Tomcat 
10.0.5Fixed in Apache 
Tomcat 10.0.4Fixed in 
Apache Tomcat 10.0.2Fixed in Apache Tomcat 10.0.0-M10Fixed in Apache Tomcat 
10.0.0-M8Fixed in 
Apache Tomcat 10.0.0-M7Fixed in Apache Tomcat 
10.0.0-M6Fixed in 
Apache Tomcat 10.0.0-M5Not a vulnerability in 
Tomcat
+  2023-08-25 Fixed in Apache Tomcat 10.1.13
+
+Moderate: Open redirect
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080; 
rel="nofollow">CVE-2023-41080
+
+If the ROOT (default) web application is configured to use FORM
+   authentication then it is possible that a specially crafted URL could be
+   used to trigger a redirect to an URL of the attackers choice.
+   
+This was fixed with commit
+   https://github.com/apache/tomcat/commit/bb4624a9f3e69d495182ebfa68d7983076407a27;>bb4624a9.
+
+This issue was reported to the Tomcat Security Team on 17 August 2023. 
The
+   issue was made public on 22 August 2023.
+
+Affects: 10.1.0-M1 to 10.1.12
+
   2023-05-19 Fixed in Apache Tomcat 10.1.9
 
 Important: Information disclosure

Modified: tomcat/site/trunk/docs/security-11.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-11.html?rev=1911921=1911920=1911921=diff
==
--- tomcat/site/trunk/docs/security-11.html (original)
+++ tomcat/site/trunk/docs/security-11.html Fri Aug 25 20:38:04 2023
@@ -36,7 +36,24 @@
 
 
   Table of Contents
-Fixed in Apache Tomcat 
11.0.0-M6Fixed in 
Apache Tomcat 11.0.0-M5Fixed in Apache Tomcat 
11.0.0-M3
+Fixed in Apache 
Tomcat 11.0.0-M11Fixed 
in Apache Tomcat 11.0.0-M6Fixed in Apache Tomcat 
11.0.0-M5Fixed in 
Apache Tomcat 11.0.0-M3
+  2023-08-25 Fixed in Apache Tomcat 11.0.0-M11
+
+Moderate: Open redirect
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-41080; 
rel="nofollow">CVE-2023-41080
+
+If the ROOT (default) web application is configured to use FORM
+   authentication then it is possible that a specially crafted URL could be
+   used to trigger a redirect to an URL of the attackers choice.
+   
+This was fixed with commit
+   https://github.com/apache/tomcat/commit/e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a;>e3703c9a.
+
+This issue was reported to the Tomcat Security Team on 17 August 2023. 
The
+   issue was made public on 22 August 2023.
+
+Affects: 11.0.0-M1 to 11.0.0-M10
+
   2023-05-09 Fixed in Apache Tomcat 11.0.0-M6
 
 Important: Information disclosure

[SECURITY] CVE-2023-41080 Apache Tomcat - open redirect

[Mark Thomas]

CVE-2023-41080 Apache Tomcat - Open redirect

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 11.0.0-M1 to 11.0.0-M10
Apache Tomcat 10.1.0-M1 to 10.1.12
Apache Tomcat 9.0.0-M1 to 9.0.79
Apache Tomcat 8.5.0 to 8.5.92

Description:
If the ROOT (default) web application is configured to use FORM 
authentication then it is possible that a specially crafted URL could be 
used to trigger a redirect to an URL of the attackers choice.


Mitigation:
Users of the affected versions should apply one of the following
mitigations:
- Upgrade to Apache Tomcat 11.0.0-M11 or later
- Upgrade to Apache Tomcat 10.1.13 or later
- Upgrade to Apache Tomcat 9.0.80 or later
- Upgrade to Apache Tomcat 8.5.93 or later

Credit:
This vulnerability was reported responsibly to the Tomcat security team 
by Yiheng Cao.


History:
2023-08-25 Original advisory

References:
[1] https://tomcat.apache.org/security-11.html
[2] https://tomcat.apache.org/security-10.html
[3] https://tomcat.apache.org/security-9.html
[4] https://tomcat.apache.org/security-8.html

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[ANN] Apache Tomcat 8.5.93 available

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.5.93.

Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.

Apache Tomcat 8.5.93 is a bugfix and feature release. The notable
changes compared to 8.5.92 include:

- If an application or library sets both a non-500 error code and the
  jakarta.servlet.error.exception request attribute, use the
  provided error code during error page processing rather than assuming
  an error code of 500.

- Fix for FORM authentication open redirect - CVE-2023-41080

Along with lots of other bug fixes and improvements.

Please refer to the change log for the complete list of changes:
https://tomcat.apache.org/tomcat-8.5-doc/changelog.html

Downloads:
https://tomcat.apache.org/download-80.cgi

Migration guides from Apache Tomcat 7.x and 8.0:
https://tomcat.apache.org/migration.html

Please note that Tomcat 8.5.x will reach End-of-life (EOL) on 31 March 
2024. For more information please visit 
https://tomcat.apache.org/tomcat-85-eol.html


Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[ANN] Apache Tomcat 9.0.80 available

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 9.0.80.

Apache Tomcat 9 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and JASPIC technologies.

Apache Tomcat 9.0.80 is a bugfix and feature release. The notable
changes compared to 9.0.79 include:

- If an application or library sets both a non-500 error code and the
  jakarta.servlet.error.exception request attribute, use the
  provided error code during error page processing rather than assuming
  an error code of 500.

- Fix for FORM authentication open redirect - CVE-2023-41080

Along with lots of other bug fixes and improvements.

Please refer to the change log for the complete list of changes:
https://tomcat.apache.org/tomcat-9.0-doc/changelog.html


Downloads:
https://tomcat.apache.org/download-90.cgi

Migration guides from Apache Tomcat 7.x and 8.x:
https://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[ANN] Apache Tomcat 10.1.13 available

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 10.1.13.

Apache Tomcat 10 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat 
will automatically convert them to Jakarta EE and copy them to the 
webapps directory. This conversion is performed using the Apache Tomcat 
migration tool for Jakarta EE tool which is also available as a separate 
download for off-line use.


The notable changes compared to 10.1.12 include:

- If an application or library sets both a non-500 error code and the
  jakarta.servlet.error.exception request attribute, use the
  provided error code during error page processing rather than assuming
  an error code of 500.

- Fix for FORM authentication open redirect - CVE-2023-41080

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-10.1-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-10.cgi

Migration guides from Apache Tomcat 8.5.x and 9.0.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[ANN] Apache Tomcat 11.0.0-M11 (alpha) available

[Mark Thomas]

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M11 (alpha).

Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications.

Users of Tomcat 10 onwards should be aware that, as a result of the move
from Java EE to Jakarta EE as part of the transfer of Java EE to the
Eclipse Foundation, the primary package for all implemented APIs has
changed from javax.* to jakarta.*. This will almost certainly require
code changes to enable applications to migrate from Tomcat 9 and earlier
to Tomcat 10 and later. A migration tool is available to aid this process.

Apache Tomcat 11.0.0-M11 is a milestone release of the 11.0.x branch and 
has been made to provide users with early access to the new features in 
Apache Tomcat 11.0.x so that they may provide feedback. The notable 
changes compared to 11.0.0-M10 include:


- Update the HTTP parameter handling to align with the changes in the
  Jakarta Servlet 6.1 API Javadoc for the ServletRequest methods used
  to obtain request parameters. Invalid parameters and/or exceeding
  parameter size and/or quantity limits now triggerm exceptions. As a
  consequence, the FailedRequestFilter has been removed.

- If an application or library sets both a non-500 error code and the
  jakarta.servlet.error.exception request attribute, use the
  provided error code during error page processing rather than assuming
  an error code of 500.

- Fix for FORM authentication open redirect - CVE-2023-41080

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-11.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-11.cgi

Migration guides from Apache Tomcat 8.5.x, 9.0.x and 10.1.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r63636 - in /release/tomcat: tomcat-10/v10.1.12/ tomcat-11/v11.0.0-M10/ tomcat-8/v8.5.91/ tomcat-8/v8.5.92/ tomcat-9/v9.0.78/ tomcat-9/v9.0.79/

[markt]

Author: markt
Date: Fri Aug 25 17:40:39 2023
New Revision: 63636

Log:
Drop old releases from CDN

Removed:
release/tomcat/tomcat-10/v10.1.12/
release/tomcat/tomcat-11/v11.0.0-M10/
release/tomcat/tomcat-8/v8.5.91/
release/tomcat/tomcat-8/v8.5.92/
release/tomcat/tomcat-9/v9.0.78/
release/tomcat/tomcat-9/v9.0.79/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1911919 - in /tomcat/site/trunk: docs/ xdocs/

[markt]

Author: markt
Date: Fri Aug 25 17:37:29 2023
New Revision: 1911919

URL: http://svn.apache.org/viewvc?rev=1911919=rev
Log:
Update site for 8.5.93 release

Modified:
tomcat/site/trunk/docs/doap_Tomcat.rdf
tomcat/site/trunk/docs/download-80.html
tomcat/site/trunk/docs/index.html
tomcat/site/trunk/docs/migration-85.html
tomcat/site/trunk/docs/oldnews.html
tomcat/site/trunk/docs/whichversion.html
tomcat/site/trunk/xdocs/doap_Tomcat.rdf
tomcat/site/trunk/xdocs/download-80.xml
tomcat/site/trunk/xdocs/index.xml
tomcat/site/trunk/xdocs/migration-85.xml
tomcat/site/trunk/xdocs/oldnews.xml
tomcat/site/trunk/xdocs/whichversion.xml

Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/doap_Tomcat.rdf?rev=1911919=1911918=1911919=diff
==
--- tomcat/site/trunk/docs/doap_Tomcat.rdf (original)
+++ tomcat/site/trunk/docs/doap_Tomcat.rdf Fri Aug 25 17:37:29 2023
@@ -81,8 +81,8 @@
 
   
 Latest Stable 8.5.x Release
-2023-08-14
-8.5.92
+2023-08-25
+8.5.93
   
 
 

Modified: tomcat/site/trunk/docs/download-80.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-80.html?rev=1911919=1911918=1911919=diff
==
--- tomcat/site/trunk/docs/download-80.html (original)
+++ tomcat/site/trunk/docs/download-80.html Fri Aug 25 17:37:29 2023
@@ -10,7 +10,7 @@
 
   Quick Navigation
 
-[define v]8.5.92[end]
+[define v]8.5.93[end]
 https://downloads.apache.org/tomcat/tomcat-8/KEYS;>KEYS |
 [v] |
 Browse |

Modified: tomcat/site/trunk/docs/index.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1911919=1911918=1911919=diff
==
--- tomcat/site/trunk/docs/index.html (original)
+++ tomcat/site/trunk/docs/index.html Fri Aug 25 17:37:29 2023
@@ -85,6 +85,32 @@ changelog.
 
 https://tomcat.apache.org/download-90.cgi;>Download
 
+2023-08-25 Tomcat 8.5.93 Released
+ 
+The Apache Tomcat Project is proud to announce the release of version 8.5.93
+of Apache Tomcat. This release implements specifications that are part of the
+Java EE 7 platform. The notable changes compared to 8.5.92 include:
+
+
+If an application or library sets both a non-500 error code and the
+jakarta.servlet.error.exception request attribute, use the
+provided error code during error page processing rather than assuming an
+error code of 500.
+Fix for FORM authentication open redirect - CVE-2023-41080
+
+
+Full details of these changes, and all the other changes, are available in the
+Tomcat 8
+changelog.
+
+
+Please note that Apache Tomcat 8.5.x will
+reach https://tomcat.apache.org/tomcat-85-eol.html;>End-of-life
+(EOL) on 31 March 2024.
+
+
+https://tomcat.apache.org/download-80.cgi;>Download
+
 2023-08-25 Tomcat 11.0.0-M11 Released
 
 The Apache Tomcat Project is proud to announce the release of version 
11.0.0-M11
@@ -120,33 +146,6 @@ Full details of these changes, and all t
 
 https://tomcat.apache.org/download-11.cgi;>Download
 
-2023-08-14 Tomcat 8.5.92 Released
- 
-The Apache Tomcat Project is proud to announce the release of version 8.5.92
-of Apache Tomcat. This release implements specifications that are part of the
-Java EE 7 platform. The notable changes compared to 8.5.91 include:
-
-
-Refactor HTTP/2 implementation to reduce pinning when using virtual
-threads.
-Fix a NullPointerException when flushing batched WebSocket messages
-with compression enabled using permessage-deflate.
-Update Tomcat Native to 1.2.38 to pick up Windows binaries built
-with OpenSSL 1.1.1v 
-
-
-Full details of these changes, and all the other changes, are available in the
-Tomcat 8
-changelog.
-
-
-Please note that Apache Tomcat 8.5.x will
-reach https://tomcat.apache.org/tomcat-85-eol.html;>End-of-life
-(EOL) on 31 March 2024.
-
-
-https://tomcat.apache.org/download-80.cgi;>Download
-
 2023-08-07 Tomcat Native 2.0.5 Released
 
 The Apache Tomcat Project is proud to announce the release of version 2.0.5 of

Modified: tomcat/site/trunk/docs/migration-85.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-85.html?rev=1911919=1911918=1911919=diff
==
--- tomcat/site/trunk/docs/migration-85.html (original)
+++ tomcat/site/trunk/docs/migration-85.html Fri Aug 25 17:37:29 2023
@@ -391,8 +391,9 @@ versions of Apache Tomcat.
 8.5.88
 8.5.89
 8.5.90
-8.5.91
-8.5.92
+8.5.91
+8.5.92
+8.5.93
 , new version:
 
 8.5.0
@@ -470,7 +471,8 @@ versions of Apache Tomcat.
 8.5.89
 8.5.90
 8.5.91
-8.5.92
+8.5.92
+8.5.93
 trunk (unreleased)
 
 

Modified: 

svn commit: r1911918 - in /tomcat/site/trunk: docs/ xdocs/

[markt]

Author: markt
Date: Fri Aug 25 17:34:19 2023
New Revision: 1911918

URL: http://svn.apache.org/viewvc?rev=1911918=rev
Log:
Update site for 9.0.80 release

Modified:
tomcat/site/trunk/docs/doap_Tomcat.rdf
tomcat/site/trunk/docs/download-90.html
tomcat/site/trunk/docs/index.html
tomcat/site/trunk/docs/migration-9.html
tomcat/site/trunk/docs/oldnews.html
tomcat/site/trunk/docs/whichversion.html
tomcat/site/trunk/xdocs/doap_Tomcat.rdf
tomcat/site/trunk/xdocs/download-90.xml
tomcat/site/trunk/xdocs/index.xml
tomcat/site/trunk/xdocs/migration-9.xml
tomcat/site/trunk/xdocs/oldnews.xml
tomcat/site/trunk/xdocs/whichversion.xml

Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/doap_Tomcat.rdf?rev=1911918=1911917=1911918=diff
==
--- tomcat/site/trunk/docs/doap_Tomcat.rdf (original)
+++ tomcat/site/trunk/docs/doap_Tomcat.rdf Fri Aug 25 17:34:19 2023
@@ -74,8 +74,8 @@
 
   
 Latest Stable 9.0.x Release
-2023-08-15
-9.0.79
+2023-08-25
+9.0.80
   
 
 

Modified: tomcat/site/trunk/docs/download-90.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-90.html?rev=1911918=1911917=1911918=diff
==
--- tomcat/site/trunk/docs/download-90.html (original)
+++ tomcat/site/trunk/docs/download-90.html Fri Aug 25 17:34:19 2023
@@ -10,7 +10,7 @@
 
   Quick Navigation
 
-[define v]9.0.79[end]
+[define v]9.0.80[end]
 https://downloads.apache.org/tomcat/tomcat-9/KEYS;>KEYS |
 [v] |
 Browse |

Modified: tomcat/site/trunk/docs/index.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1911918=1911917=1911918=diff
==
--- tomcat/site/trunk/docs/index.html (original)
+++ tomcat/site/trunk/docs/index.html Fri Aug 25 17:34:19 2023
@@ -64,6 +64,27 @@ changelog.
 
 https://tomcat.apache.org/download-10.cgi;>Download
 
+2023-08-25 Tomcat 9.0.80 Released
+
+The Apache Tomcat Project is proud to announce the release of version 9.0.90
+of Apache Tomcat. This release implements specifications that are part of the
+Java EE 8 platform. The notable changes compared to 9.0.79 include:
+
+If an application or library sets both a non-500 error code and the
+jakarta.servlet.error.exception request attribute, use the
+provided error code during error page processing rather than assuming an
+error code of 500.
+Fix for FORM authentication open redirect - CVE-2023-41080
+
+
+Full details of these changes, and all the other changes, are available in the
+Tomcat 9
+changelog.
+
+
+
+https://tomcat.apache.org/download-90.cgi;>Download
+
 2023-08-25 Tomcat 11.0.0-M11 Released
 
 The Apache Tomcat Project is proud to announce the release of version 
11.0.0-M11
@@ -99,27 +120,6 @@ Full details of these changes, and all t
 
 https://tomcat.apache.org/download-11.cgi;>Download
 
-2023-08-15 Tomcat 9.0.79 Released
-
-The Apache Tomcat Project is proud to announce the release of version 9.0.79
-of Apache Tomcat. This release implements specifications that are part of the
-Java EE 8 platform. The notable changes compared to 9.0.78 include:
-
-Refactor HTTP/2 implementation to reduce pinning when using virtual
-threads.
-Pass through ciphers referring to an OpenSSL profile, such as
-PROFILE=SYSTEM instead of producing an error trying to parse it.
-Update Tomcat Native to 2.0.5. 
-
-
-Full details of these changes, and all the other changes, are available in the
-Tomcat 9
-changelog.
-
-
-
-https://tomcat.apache.org/download-90.cgi;>Download
-
 2023-08-14 Tomcat 8.5.92 Released
  
 The Apache Tomcat Project is proud to announce the release of version 8.5.92

Modified: tomcat/site/trunk/docs/migration-9.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-9.html?rev=1911918=1911917=1911918=diff
==
--- tomcat/site/trunk/docs/migration-9.html (original)
+++ tomcat/site/trunk/docs/migration-9.html Fri Aug 25 17:34:19 2023
@@ -462,7 +462,9 @@ versions of Apache Tomcat.
 9.0.74
 9.0.75
 9.0.76
-9.0.78
+9.0.78
+9.0.79
+9.0.90
 , new version:
 
 9.0.0-M1
@@ -544,7 +546,8 @@ versions of Apache Tomcat.
 9.0.75
 9.0.76
 9.0.78
-9.0.79
+9.0.79
+9.0.80
 trunk (unreleased)
 
 

Modified: tomcat/site/trunk/docs/oldnews.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/oldnews.html?rev=1911918=1911917=1911918=diff
==
--- tomcat/site/trunk/docs/oldnews.html (original)
+++ tomcat/site/trunk/docs/oldnews.html Fri Aug 25 17:34:19 2023
@@ -17,6 +17,27 @@
   year 

svn commit: r1911917 - in /tomcat/site/trunk: docs/ xdocs/

[markt]

Author: markt
Date: Fri Aug 25 17:29:53 2023
New Revision: 1911917

URL: http://svn.apache.org/viewvc?rev=1911917=rev
Log:
Update site for 10.1.13 release

Modified:
tomcat/site/trunk/docs/doap_Tomcat.rdf
tomcat/site/trunk/docs/download-10.html
tomcat/site/trunk/docs/index.html
tomcat/site/trunk/docs/migration-10.1.html
tomcat/site/trunk/docs/oldnews.html
tomcat/site/trunk/docs/whichversion.html
tomcat/site/trunk/xdocs/doap_Tomcat.rdf
tomcat/site/trunk/xdocs/download-10.xml
tomcat/site/trunk/xdocs/index.xml
tomcat/site/trunk/xdocs/migration-10.1.xml
tomcat/site/trunk/xdocs/oldnews.xml
tomcat/site/trunk/xdocs/whichversion.xml

Modified: tomcat/site/trunk/docs/doap_Tomcat.rdf
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/doap_Tomcat.rdf?rev=1911917=1911916=1911917=diff
==
--- tomcat/site/trunk/docs/doap_Tomcat.rdf (original)
+++ tomcat/site/trunk/docs/doap_Tomcat.rdf Fri Aug 25 17:29:53 2023
@@ -60,8 +60,8 @@
 
   
 Latest Stable 10.1.x Release
-2023-08-14
-10.1.12
+2023-08-25
+10.1.13
   
 
 

Modified: tomcat/site/trunk/docs/download-10.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-10.html?rev=1911917=1911916=1911917=diff
==
--- tomcat/site/trunk/docs/download-10.html (original)
+++ tomcat/site/trunk/docs/download-10.html Fri Aug 25 17:29:53 2023
@@ -19,7 +19,7 @@
 
   Quick Navigation
 
-[define v]10.1.12[end]
+[define v]10.1.13[end]
 https://downloads.apache.org/tomcat/tomcat-10/KEYS;>KEYS |
 [v] |
 Browse |

Modified: tomcat/site/trunk/docs/index.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1911917=1911916=1911917=diff
==
--- tomcat/site/trunk/docs/index.html (original)
+++ tomcat/site/trunk/docs/index.html Fri Aug 25 17:29:53 2023
@@ -34,9 +34,39 @@ wiki page.
 Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat
 project logo are trademarks of the Apache Software Foundation.
 
+2023-08-25 Tomcat 10.1.13 Released
+
+The Apache Tomcat Project is proud to announce the release of version 10.1.13
+of Apache Tomcat. This release implements specifications that are part of the
+Jakarta EE 10 platform.
+Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
+without changes. Java EE based applications designed for Tomcat 9 and earlier
+may be placed in the $CATALINA_BASE/webapps-javaee directory and
+Tomcat will automatically convert them to Jakarta EE and copy them to the
+webapps directory. This conversion is performed using the
+https://github.com/apache/tomcat-jakartaee-migration;>Apache Tomcat
+migration tool for Jakarta EE tool which is also available as a separate
+https://tomcat.apache.org/download-migration.cgi;>download for 
off-line use.
+The notable changes in this release are:
+
+If an application or library sets both a non-500 error code and the
+jakarta.servlet.error.exception request attribute, use the
+provided error code during error page processing rather than assuming an
+error code of 500.
+Fix for FORM authentication open redirect - CVE-2023-41080
+
+
+Full details of these changes, and all the other changes, are available in the
+Tomcat 10.1
+changelog.
+
+
+
+https://tomcat.apache.org/download-10.cgi;>Download
+
 2023-08-25 Tomcat 11.0.0-M11 Released
 
-The Apache Tomcat Project is proud to announce the release of version 
11.0.0-M10
+The Apache Tomcat Project is proud to announce the release of version 
11.0.0-M11
 (alpha) of Apache Tomcat. This release is a milestone release and is targeted 
at
 Jakarta EE 11.
 Users of Tomcat 10 onwards should be aware that, as a result of the move 
from
@@ -62,7 +92,7 @@ tool is available to aid this proces
 
 
 Full details of these changes, and all the other changes, are available in the
-Tomcat 11
+Tomcat 11
 (alpha) changelog.
 
 
@@ -90,36 +120,6 @@ changelog.
 
 https://tomcat.apache.org/download-90.cgi;>Download
 
-2023-08-14 Tomcat 10.1.12 Released
-
-The Apache Tomcat Project is proud to announce the release of version 10.1.12
-of Apache Tomcat. This release implements specifications that are part of the
-Jakarta EE 10 platform.
-Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
-without changes. Java EE based applications designed for Tomcat 9 and earlier
-may be placed in the $CATALINA_BASE/webapps-javaee directory and
-Tomcat will automatically convert them to Jakarta EE and copy them to the
-webapps directory. This conversion is performed using the
-https://github.com/apache/tomcat-jakartaee-migration;>Apache Tomcat
-migration tool for Jakarta EE tool which is also available as a separate

[Bug 67065] Using "::1" to bind to all local addresses (IPV4 and IPV6)

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=67065

Amit Pande  changed:

   What|Removed |Added

   Severity|normal  |enhancement
 OS||All

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 67065] New: Using "::1" to bind to all local addresses (IPV4 and IPV6)

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=67065

Bug ID: 67065
   Summary: Using "::1" to bind to all local addresses (IPV4 and
IPV6)
   Product: Tomcat 9
   Version: 9.0.78
  Hardware: PC
Status: NEW
  Severity: normal
  Priority: P2
 Component: Connectors
  Assignee: dev@tomcat.apache.org
  Reporter: amit.pa...@veritas.com
  Target Milestone: -

Reference thread:

https://lists.apache.org/thread/d7ppg7mpvzb1cmjfnhqrqnjs5v94zw6l


Main problem statement:

By default, the Tomcat HTTP connectors bind to all local interfaces (including
public interfaces).  If we need to bind to only local loopback addresses,
currently we need to define two connectors with everything else identical but
only address attribute being different (::1 for IPv6 and 127.0.0.1 for IPv4).

It would be handy if we could use an address like ::1 to bind to all local
interfaces (IPv4 and IPv6). This will ensure only one connector configuration
is sufficient to bind to only local interfaces (IPv4 and IPv6).

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1911916 - in /tomcat/site/trunk: docs/download-11.html docs/index.html docs/migration-11.0.html docs/oldnews.html docs/whichversion.html xdocs/download-11.xml xdocs/index.xml xdocs/migrat

[markt]

Author: markt
Date: Fri Aug 25 17:25:37 2023
New Revision: 1911916

URL: http://svn.apache.org/viewvc?rev=1911916=rev
Log:
Update site for release of 11.0.0-M11

Modified:
tomcat/site/trunk/docs/download-11.html
tomcat/site/trunk/docs/index.html
tomcat/site/trunk/docs/migration-11.0.html
tomcat/site/trunk/docs/oldnews.html
tomcat/site/trunk/docs/whichversion.html
tomcat/site/trunk/xdocs/download-11.xml
tomcat/site/trunk/xdocs/index.xml
tomcat/site/trunk/xdocs/migration-11.0.xml
tomcat/site/trunk/xdocs/oldnews.xml
tomcat/site/trunk/xdocs/whichversion.xml

Modified: tomcat/site/trunk/docs/download-11.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-11.html?rev=1911916=1911915=1911916=diff
==
--- tomcat/site/trunk/docs/download-11.html (original)
+++ tomcat/site/trunk/docs/download-11.html Fri Aug 25 17:25:37 2023
@@ -19,7 +19,7 @@
 
   Quick Navigation
 
-[define v]11.0.0-M10[end]
+[define v]11.0.0-M11[end]
 https://downloads.apache.org/tomcat/tomcat-11/KEYS;>KEYS |
 [v] (alpha) |
 Browse |

Modified: tomcat/site/trunk/docs/index.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1911916=1911915=1911916=diff
==
--- tomcat/site/trunk/docs/index.html (original)
+++ tomcat/site/trunk/docs/index.html Fri Aug 25 17:25:37 2023
@@ -34,6 +34,41 @@ wiki page.
 Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat
 project logo are trademarks of the Apache Software Foundation.
 
+2023-08-25 Tomcat 11.0.0-M11 Released
+
+The Apache Tomcat Project is proud to announce the release of version 
11.0.0-M10
+(alpha) of Apache Tomcat. This release is a milestone release and is targeted 
at
+Jakarta EE 11.
+Users of Tomcat 10 onwards should be aware that, as a result of the move 
from
+Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse
+Foundation, the primary package for all implemented APIs has changed from
+javax.* to jakarta.*. This will almost certainly
+require code changes to enable applications to migrate from Tomcat 9 and 
earlier
+to Tomcat 10 and later. A
+https://github.com/apache/tomcat-jakartaee-migration;>migration
+tool is available to aid this process.
+The notable changes in this release are:
+
+Update the HTTP parameter handling to align with the changes in the Jakarta
+Servlet 6.1 API Javadoc for the ServletRequest methods used to obtain
+request parameters. Invalid parameters and/or exceeding parameter size
+and/or quantity limits now trigger exceptions. As a consequence, the
+FailedRequestFilter has been removed.
+If an application or library sets both a non-500 error code and the
+jakarta.servlet.error.exception request attribute, use the
+provided error code during error page processing rather than assuming an
+error code of 500.
+Fix for FORM authentication open redirect - CVE-2023-41080
+
+
+Full details of these changes, and all the other changes, are available in the
+Tomcat 11
+(alpha) changelog.
+
+
+
+https://tomcat.apache.org/download-11.cgi;>Download
+
 2023-08-15 Tomcat 9.0.79 Released
 
 The Apache Tomcat Project is proud to announce the release of version 9.0.79
@@ -112,36 +147,6 @@ reach https://tomcat.apache.org
 
 https://tomcat.apache.org/download-80.cgi;>Download
 
-2023-08-14 Tomcat 11.0.0-M10 Released
-
-The Apache Tomcat Project is proud to announce the release of version 
11.0.0-M10
-(alpha) of Apache Tomcat. This release is a milestone release and is targeted 
at
-Jakarta EE 11.
-Users of Tomcat 10 onwards should be aware that, as a result of the move 
from
-Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse
-Foundation, the primary package for all implemented APIs has changed from
-javax.* to jakarta.*. This will almost certainly
-require code changes to enable applications to migrate from Tomcat 9 and 
earlier
-to Tomcat 10 and later. A
-https://github.com/apache/tomcat-jakartaee-migration;>migration
-tool is available to aid this process.
-The notable changes in this release are:
-
-Refactor HTTP/2 implementation to reduce pinning when using virtual
-threads.
-Pass through ciphers referring to an OpenSSL profile, such as
-PROFILE=SYSTEM instead of producing an error trying to parse it.
-Update Tomcat Native to 2.0.5. 
-
-
-Full details of these changes, and all the other changes, are available in the
-Tomcat 11
-(alpha) changelog.
-
-
-
-https://tomcat.apache.org/download-11.cgi;>Download
-
 2023-08-07 Tomcat Native 2.0.5 Released
 
 The Apache Tomcat Project is proud to announce the release of version 2.0.5 of

Modified: tomcat/site/trunk/docs/migration-11.0.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-11.0.html?rev=1911916=1911915=1911916=diff

svn commit: r1911915 - in /tomcat/site/trunk/docs/tomcat-8.5-doc: ./ annotationapi/ annotationapi/javax/annotation/ annotationapi/javax/annotation/security/ annotationapi/javax/annotation/sql/ api/ ap

[markt]

Author: markt
Date: Fri Aug 25 17:19:40 2023
New Revision: 1911915

URL: http://svn.apache.org/viewvc?rev=1911915=rev
Log:
Update docs for 8.5.93 release


[This commit notification would consist of 72 parts, 
which exceeds the limit of 50 ones, so it was shortened to the summary.]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1911914 - in /tomcat/site/trunk/docs/tomcat-9.0-doc: ./ annotationapi/ annotationapi/javax/annotation/ annotationapi/javax/annotation/security/ annotationapi/javax/annotation/sql/ annotat

[markt]

Author: markt
Date: Fri Aug 25 17:11:47 2023
New Revision: 1911914

URL: http://svn.apache.org/viewvc?rev=1911914=rev
Log:
Update docs for 9.0.80 release


[This commit notification would consist of 76 parts, 
which exceeds the limit of 50 ones, so it was shortened to the summary.]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1911913 - in /tomcat/site/trunk/docs/tomcat-10.1-doc: ./ annotationapi/ annotationapi/jakarta/annotation/ annotationapi/jakarta/annotation/security/ annotationapi/jakarta/annotation/sql/

[markt]

Author: markt
Date: Fri Aug 25 17:05:40 2023
New Revision: 1911913

URL: http://svn.apache.org/viewvc?rev=1911913=rev
Log:
Update docs for 10.1.13 release


[This commit notification would consist of 1352 parts, 
which exceeds the limit of 50 ones, so it was shortened to the summary.]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Add release date for 8.5.93

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new c81869a8de Add release date for 8.5.93
c81869a8de is described below

commit c81869a8ded084c7aacb094b212efb109fc94c2a
Author: Mark Thomas 
AuthorDate: Fri Aug 25 09:50:10 2023 -0700

Add release date for 8.5.93
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 472714636f..ae55fbbf45 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -106,7 +106,7 @@
 -->
 
 
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1911912 - in /tomcat/site/trunk/docs/tomcat-11.0-doc: ./ annotationapi/ annotationapi/jakarta/annotation/ annotationapi/jakarta/annotation/security/ annotationapi/jakarta/annotation/sql/

[markt]

Author: markt
Date: Fri Aug 25 16:50:11 2023
New Revision: 1911912

URL: http://svn.apache.org/viewvc?rev=1911912=rev
Log:
Update docs for 11.0.0-M11 release


[This commit notification would consist of 126 parts, 
which exceeds the limit of 50 ones, so it was shortened to the summary.]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated: Add release date for 9.0.80

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 822bf6794d Add release date for 9.0.80
822bf6794d is described below

commit 822bf6794d579ae6ca7fa89cb8cbae269bf2fb4e
Author: Mark Thomas 
AuthorDate: Fri Aug 25 09:49:41 2023 -0700

Add release date for 9.0.80
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 200b0588c1..3e51f63466 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -106,7 +106,7 @@
 -->
 
 
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.1.x updated: Add release date for 10.1.13

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 46390dde41 Add release date for 10.1.13
46390dde41 is described below

commit 46390dde41dde33852181dac2636b0eebb0667d5
Author: Mark Thomas 
AuthorDate: Fri Aug 25 09:49:15 2023 -0700

Add release date for 10.1.13
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 5aae74744d..7d7733fbce 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -106,7 +106,7 @@
 -->
 
 
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Add release date for 11.0.0-M11

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 66261e42e5 Add release date for 11.0.0-M11
66261e42e5 is described below

commit 66261e42e5f188d42a5e02632d5b9bcacc2a9903
Author: Mark Thomas 
AuthorDate: Fri Aug 25 09:48:51 2023 -0700

Add release date for 11.0.0-M11
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 33036ef6f4..7962aeea93 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -106,7 +106,7 @@
 -->
 
 
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1911911 - /tomcat/site/trunk/build.properties.default

[markt]

Author: markt
Date: Fri Aug 25 16:36:52 2023
New Revision: 1911911

URL: http://svn.apache.org/viewvc?rev=1911911=rev
Log:
Update versions

Modified:
tomcat/site/trunk/build.properties.default

Modified: tomcat/site/trunk/build.properties.default
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/build.properties.default?rev=1911911=1911910=1911911=diff
==
--- tomcat/site/trunk/build.properties.default (original)
+++ tomcat/site/trunk/build.properties.default Fri Aug 25 16:36:52 2023
@@ -36,10 +36,10 @@ tomcat.loc=https://downloads.apache.org/
 
 
 # - Tomcat versions -
-tomcat8.5=8.5.92
-tomcat9.0=9.0.79
-tomcat10.1=10.1.12
-tomcat11.0=11.0.0-M10
+tomcat8.5=8.5.93
+tomcat9.0=9.0.80
+tomcat10.1=10.1.13
+tomcat11.0=11.0.0-M11
 
 # - Download destination -
 tomcat-site-docs.home=${base.path}/tomcat-site-docs/



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r63634 - /dev/tomcat/tomcat-8/v8.5.93/ /release/tomcat/tomcat-8/v8.5.93/

[markt]

Author: markt
Date: Fri Aug 25 16:18:12 2023
New Revision: 63634

Log:
Release Tomcat 8.5.93

Added:
release/tomcat/tomcat-8/v8.5.93/
  - copied from r63633, dev/tomcat/tomcat-8/v8.5.93/
Removed:
dev/tomcat/tomcat-8/v8.5.93/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r63632 - /dev/tomcat/tomcat-10/v10.1.13/ /release/tomcat/tomcat-10/v10.1.13/

[markt]

Author: markt
Date: Fri Aug 25 16:17:30 2023
New Revision: 63632

Log:
Release Tomcat 10.1.13

Added:
release/tomcat/tomcat-10/v10.1.13/
  - copied from r63631, dev/tomcat/tomcat-10/v10.1.13/
Removed:
dev/tomcat/tomcat-10/v10.1.13/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r63633 - /dev/tomcat/tomcat-9/v9.0.80/ /release/tomcat/tomcat-9/v9.0.80/

[markt]

Author: markt
Date: Fri Aug 25 16:17:48 2023
New Revision: 63633

Log:
Release Tomcat 9.0.80

Added:
release/tomcat/tomcat-9/v9.0.80/
  - copied from r63632, dev/tomcat/tomcat-9/v9.0.80/
Removed:
dev/tomcat/tomcat-9/v9.0.80/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r63631 - /dev/tomcat/tomcat-11/v11.0.0-M11/ /release/tomcat/tomcat-11/v11.0.0-M11/

[markt]

Author: markt
Date: Fri Aug 25 16:17:11 2023
New Revision: 63631

Log:
Release Tomcat 11.0.0-M11

Added:
release/tomcat/tomcat-11/v11.0.0-M11/
  - copied from r63630, dev/tomcat/tomcat-11/v11.0.0-M11/
Removed:
dev/tomcat/tomcat-11/v11.0.0-M11/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat 8.5.93

[Mark Thomas]

The following votes were cast:

Binding:
+1: schultz, markt, remm, lihan

No other votes were cast. The vote therefore passes.

Thanks to everyone who contributed to this release.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat 10.1.13

[Mark Thomas]

The following votes were cast:

Binding:
+1: markt, jfclere, lihan, remm

No other votes were cast. The vote therefore passes.

Thanks to everyone who contributed to this release.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat 9.0.80

[Mark Thomas]

The following votes were cast:

Binding:
+1: lihan, jfclere, markt, remm

No other votes were cast. The vote therefore passes.

Thanks to everyone who contributed to this release.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat 11.0.0-M11

[Mark Thomas]

The following votes were cast:

Binding:
+1: lihan, markt, remm

No other votes were cast. The vote therefore passes.

Thanks to everyone who contributed to this release.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.13

[jean-frederic clere]

On 8/24/23 01:28, Mark Thomas wrote:

[X] Stable - go ahead and release as 10.1.13


Tested on fedora 38 with open-ssl-3.0.9, tc-native-2.0.5 and open-jdk 17.0.8
--
Cheers

Jean-Frederic


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.93

[Han Li]

> On Aug 24, 2023, at 07:31, Mark Thomas  wrote:
> 
> The proposed Apache Tomcat 8.5.93 release is now available for voting.
> 
> The notable changes compared to 8.5.92 are:
> 
> - If an application or library sets both a non-500 error code and the
>  jakarta.servlet.error.exception request attribute, use the
>  provided error code during error page processing rather than assuming
>  an error code of 500.
> 
> - Fix for FORM authentication open redirect - CVE-2023-41080
> 
> 
> Along with lots of other bug fixes and improvements.
> 
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html
> 
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.93/
> 
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1454
> 
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.93/
> 9d9aea65c435a38c737c1e600e6513f9d0980cf1
> 
> The proposed 8.5.93 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.93 (stable)

Han

> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.13

[Rémy Maucherat]

On Thu, Aug 24, 2023 at 1:28 AM Mark Thomas  wrote:
>
> The proposed Apache Tomcat 10.1.13 release is now available for
> voting.
>
> The notable changes compared to 10.1.12 are:
>
> - If an application or library sets both a non-500 error code and the
>jakarta.servlet.error.exception request attribute, use the
>provided error code during error page processing rather than assuming
>an error code of 500.
>
> - Fix for FORM authentication open redirect - CVE-2023-41080
>
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.13/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1452
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.13
> 71dddc8a1b8fe1175a14e6dd98bb8af56c9ad75d
>
> The proposed 10.1.13 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 10.1.13

Rémy

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.93

[Rémy Maucherat]

On Thu, Aug 24, 2023 at 1:31 AM Mark Thomas  wrote:
>
> The proposed Apache Tomcat 8.5.93 release is now available for voting.
>
> The notable changes compared to 8.5.92 are:
>
> - If an application or library sets both a non-500 error code and the
>jakarta.servlet.error.exception request attribute, use the
>provided error code during error page processing rather than assuming
>an error code of 500.
>
> - Fix for FORM authentication open redirect - CVE-2023-41080
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.93/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1454
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.93/
> 9d9aea65c435a38c737c1e600e6513f9d0980cf1
>
> The proposed 8.5.93 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.93 (stable)

Rémy

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 11.0.0-M11

[Rémy Maucherat]

On Thu, Aug 24, 2023 at 1:23 AM Mark Thomas  wrote:
>
> The proposed Apache Tomcat 11.0.0-M11 release is now available for
> voting.
>
> Apache Tomcat 11.0.0-M11 is a milestone release of the 11.0.x branch and
> has been made to provide users with early access to the new features in
> Apache Tomcat 11.0.x so that they may provide feedback. The notable
> changes compared to the previous milestone include:
>
> - Update the HTTP parameter handling to align with the changes in the
>Jakarta Servlet 6.1 API Javadoc for the ServletRequest methods used
>to obtain request parameters. Invalid parameters and/or exceeding
>parameter size and/or quantity limits now triggerm exceptions. As a
>consequence, the FailedRequestFilter has been removed.
>
> - If an application or library sets both a non-500 error code and the
>jakarta.servlet.error.exception request attribute, use the
>provided error code during error page processing rather than assuming
>an error code of 500.
>
> - Fix for FORM authentication open redirect - CVE-2023-41080
>
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 11
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory. Applications using deprecated APIs may require
> further changes.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M11/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1451
>
> The tag is:
> https://github.com/apache/tomcat/tree/11.0.0-M11
> ae109f6248e00a1952f706d6941ff930ad4466e1
>
>
> The proposed 11.0.0-M11 release is:
> [ ] -1 Broken - do not release
> [X] +1 Alpha  - go ahead and release as 11.0.0-M11

Rémy

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.80

[Rémy Maucherat]

On Thu, Aug 24, 2023 at 1:30 AM Mark Thomas  wrote:
>
> The proposed Apache Tomcat 9.0.80 release is now available for voting.
>
> The notable changes compared to 9.0.79 are:
>
> - If an application or library sets both a non-500 error code and the
>jakarta.servlet.error.exception request attribute, use the
>provided error code during error page processing rather than assuming
>an error code of 500.
>
> - Fix for FORM authentication open redirect - CVE-2023-41080
>
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.80/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1453
>
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.80
> 0ea24187a89ca09f3841e4690f931cca56e222fd
>
> The proposed 9.0.80 release is:
> [ ] -1, Broken - do not release
> [X] +1, Stable - go ahead and release as 9.0.80

Rémy

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 67061] SSLVerifyClient="optionalNoCA" still not doing what it should

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=67061

--- Comment #1 from ruedige...@yahoo.de ---
On top, the problem also exists in my local installation (Ubuntu 20.04, Java
17):

tomcat 9.0.55   tc-native 1.2.31   openssl 1.1.1f

Here is the relevant longer excerpt from server.xml (the rest is unchanged from
the default):


  

  


If I remove the caCertificateFile attribute, I get handshake problems with my
self-signed certificate.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org