Re: [tomcat] branch main updated: Fix BZ 65563. Correct parsing of Content-Range headers

2021-09-17 Thread Mark Thomas
On 17/09/2021 11:55, Rainer Jung wrote: Am 09.09.2021 um 09:36 schrieb ma...@apache.org: diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 86bbbc6..aa4aac8 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -105,6 +105,16 @@     issues do not

Re: [tomcat] branch main updated: Fix MethodExpression.getMethodInfo() when parameters are provided

2021-09-17 Thread Mark Thomas
93dd0c2 Fix MethodExpression.getMethodInfo() when parameters are provided 93dd0c2 is described below commit 93dd0c2e2a15b9e5d37a92b4d435c4f53de3c00d Author: Mark Thomas AuthorDate: Fri Sep 17 21:32:38 2021 +0100 Fix MethodExpression.getMethodInfo() when parameters are provided Just

[SECURITY] CVE-2021-41079 Apache Tomcat DoS

2021-09-15 Thread Mark Thomas
CVE-2021-41079 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.2 Apache Tomcat 9.0.0-M1 to 9.0.43 Apache Tomcat 8.5.0 to 8.5.63 Description: When Tomcat was configured to use NIO+OpenSSL or NIO2+OpenSSL for TLS, a

Re: Drop module-info from tomcat*.jar?

2021-09-15 Thread Mark Thomas
wordpress.com> | Github <https://github.com/rmannibucau> | LinkedIn <https://www.linkedin.com/in/rmannibucau> | Book <https://www.packtpub.com/application-development/java-ee-8-high-performance> Le mer. 15 sept. 2021 à 11:17, Mark Thomas a écrit : On 15/09/2021 08:34, Romain M

Re: Drop module-info from tomcat*.jar?

2021-09-15 Thread Mark Thomas
On 15/09/2021 08:34, Romain Manni-Bucau wrote: Hi all, I was trying to strim down a JDK, all was smooth until I started to work with Tomcat. I am assuming this is with embedded. The issues I hit: - Tomcat is designed to be fully used with JPMS whereas I would like to be able to use it in

Re: [tomcat] branch main updated (878caf6 -> dbd137f)

2021-09-13 Thread Mark Thomas
On 13/09/2021 17:05, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git. from 878caf6 Use DataSource in DataSourceUserDatabase constructor new

[ANN] Apache Tomcat 10.0.11 available

2021-09-13 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.11. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M5 (alpha) available

2021-09-13 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M5 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

Re: [VOTE][RESULT] Release Apache Tomcat 10.0.11

2021-09-10 Thread Mark Thomas
The following votes were cast: Binding: +1: markt, remm, isapir, mgrigorov No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark - To unsubscribe, e-mail:

Re: [VOTE] Release Apache Tomcat 10.1.0-M5

2021-09-10 Thread Mark Thomas
The following votes were cast: Binding: +1: markt, remm, isapir, mgrigorov, jfclere No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark - To unsubscribe, e-mail:

Re: [VOTE] Release Apache Tomcat 10.1.0-M5

2021-09-10 Thread Mark Thomas
On 08/09/2021 09:52, Martin Grigorov wrote: On Mon, Sep 6, 2021 at 5:43 PM Mark Thomas wrote: It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.0-M4/ This should be -M5 Sorry about that. I must have missed it in the copy/paste/edit. Mark

[jira] [Deleted] (MTOMCAT-326) Slot Deposit Dana Bersama SBA99

2021-09-10 Thread Mark Thomas (Jira)
[ https://issues.apache.org/jira/browse/MTOMCAT-326?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mark Thomas deleted MTOMCAT-326: > Slot Deposit Dana Bersama SBA99 > --- > >

[jira] [Deleted] (MTOMCAT-324) Ver la Película After 3 Almas Perdidas (2021) en Español Latin

2021-09-08 Thread Mark Thomas (Jira)
[ https://issues.apache.org/jira/browse/MTOMCAT-324?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mark Thomas deleted MTOMCAT-324: > Ver la Película After 3 Almas Perdidas (2021) en Español La

[jira] [Deleted] (MTOMCAT-325) Ver la Película After 3 Almas Perdidas (2021) en Español Latin

2021-09-08 Thread Mark Thomas (Jira)
[ https://issues.apache.org/jira/browse/MTOMCAT-325?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mark Thomas deleted MTOMCAT-325: > Ver la Película After 3 Almas Perdidas (2021) en Español La

Re: [VOTE] Release Apache Tomcat 10.0.11

2021-09-07 Thread Mark Thomas
On 06/09/2021 19:30, Mark Thomas wrote: The proposed 10.0.11 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 10.0.11 (stable) Unit tests pass for NIO, NIO2 and APR/Native on Windows Linux and MacOS with Tomcat Native 1.2.31. Mark

Re: svn commit: r49785 - in /dev/tomcat/tomcat-10/v10.0.11: ./ bin/ bin/embed/ src/

2021-09-07 Thread Mark Thomas
On 07/09/2021 08:20, Rémy Maucherat wrote: On Tue, Sep 7, 2021 at 8:42 AM Konstantin Kolinko wrote: пн, 6 сент. 2021 г. в 21:28, : Author: markt Date: Mon Sep 6 18:28:21 2021 New Revision: 49785 Log: Upload 10.0.11 for voting Added:

[VOTE] Release Apache Tomcat 10.0.11

2021-09-06 Thread Mark Thomas
The proposed Apache Tomcat 10.0.11 release is now available for voting. Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary package for all the specification APIs has changed from javax.* to jakarta.* Applications that run on Tomcat 9 will not run on Tomcat 10 without changes.

Re: [VOTE] Release Apache Tomcat 10.1.0-M5

2021-09-06 Thread Mark Thomas
On 06/09/2021 15:43, Mark Thomas wrote: The proposed 10.1.0-M5 release is: [ ] Broken - do not release [X] Alpha - go ahead and release as 10.1.0-M5 (alpha) Unit tests pass on Windows, Linux and MacOS with NIO and NIO2 with Tomcat Native 1.2.31. Mark

[VOTE] Release Apache Tomcat 10.1.0-M5

2021-09-06 Thread Mark Thomas
The proposed Apache Tomcat 10.1.0-M5 release is now available for voting. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat

Re: Tagging 10.1.0-M5 etc

2021-09-03 Thread Mark Thomas
On Tue, Aug 31, 2021 at 8:02 PM Mark Thomas wrote: Hi all, Things are looking good for the September release. We do need the Tomcat Native 1.2.31 vote to complete first (thanks for your vote Rémy). If you have time to test with 1.2.31 your vote would be really helpful as we only have 2 votes

Re: [tomcat] branch main updated: jarsToSkip += derby-*.jar

2021-09-03 Thread Mark Thomas
/heads/main by this push: new e9cbd4c jarsToSkip += derby-*.jar e9cbd4c is described below commit e9cbd4c2cdb958930fed1cfeabdd3e911fc8b1e6 Author: Mark Thomas AuthorDate: Fri Sep 3 09:02:05 2021 +0100 jarsToSkip += derby-*.jar Thanks, I always keep forgetting that ... No worries

[ANN] Apache Tomcat Native 1.2.31 released

2021-09-02 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat Native 1.2.31 stable. The key features of this release are: - Windows binaries built using OpenSSL 1.1.1l - Fix an issue when building with OpenSSl 3.0.0 Please refer to the change log for the complete list of changes:

Re: [VOTE][RESULT] Release Apache Tomcat Native 1.2.31

2021-09-01 Thread Mark Thomas
The following votes were cast: Binding: +1: markt, remm, isapir No other votes were cast. The vote therefore passes. Thank you to everyone who contributed to this release. Mark - To unsubscribe, e-mail:

Re: Tagging 10.1.0-M5 etc

2021-09-01 Thread Mark Thomas
On 31/08/2021 21:44, Rémy Maucherat wrote: On Tue, Aug 31, 2021 at 8:02 PM Mark Thomas wrote: Hi all, Things are looking good for the September release. We do need the Tomcat Native 1.2.31 vote to complete first (thanks for your vote Rémy). If you have time to test with 1.2.31 your vote

Tagging 10.1.0-M5 etc

2021-08-31 Thread Mark Thomas
Hi all, Things are looking good for the September release. We do need the Tomcat Native 1.2.31 vote to complete first (thanks for your vote Rémy). If you have time to test with 1.2.31 your vote would be really helpful as we only have 2 votes so far. Assuming 1.2.31 passes, I'll complete the

Re: [NOTICE] - Moving and Upgrading of Buildbot Jobs

2021-08-31 Thread Mark Thomas
On 31/08/2021 08:07, Gavin McDonald wrote: Does the above mean that the migration includes necessary changes to generate this output to nightlies.a.o instead? If so, that is great and thanks for taking care of this. If not, what do we need to do? Yes I can take care of the code changes

Re: [VOTE] Release Apache Tomcat Native 1.2.31

2021-08-31 Thread Mark Thomas
On 26/08/2021 17:04, Mark Thomas wrote: Version 1.2.31 includes the following changes compared to 1.2.30 - Build an issue when building with OpenSSL 3.0.0 - Clean up remaining reference to pkg-config The proposed release artefacts can be found at [1], and the build was done using tag [2

[VOTE] Release Apache Tomcat Native 1.2.31

2021-08-26 Thread Mark Thomas
Version 1.2.31 includes the following changes compared to 1.2.30 - Build an issue when building with OpenSSL 3.0.0 - Clean up remaining reference to pkg-config The proposed release artefacts can be found at [1], and the build was done using tag [2]. The Apache Tomcat Native 1.2.31 release is

Re: Embedded JDBC for the testsuite ?

2021-08-26 Thread Mark Thomas
On 26/08/2021 15:06, Rémy Maucherat wrote: Hi, Given there are components that use JDBC, they probably could use some testsuite coverage. What would be the best option for a "real" embedded JDBC DB for the Tomcat testsuite ? Derby ? Derby is the one I thought of. If we needed a feature not

Re: OpenSSL security announcement - do we need a Tomcat Native release?

2021-08-26 Thread Mark Thomas
On 25/08/2021 09:08, Mark Thomas wrote: Hi all, OpenSSL have published a security announcement alongside the latest release: https://www.openssl.org/news/secadv/20210824.txt I'm trying to figure out if Tomcat Native is affected by these. For CVE-2021-3711 it isn't clear to me

Re: OT: Parsing EC private keys in PEM format

2021-08-26 Thread Mark Thomas
On 25/08/2021 18:04, Christopher Schultz wrote: Mark, On 8/25/21 10:28, Mark Thomas wrote: On 25/08/2021 15:10, Christopher Schultz wrote: All, I'm trying to do this without looking at the code which is in Tomcat because I'd like to release it separately and not have to worry about

Re: OT: Parsing EC private keys in PEM format

2021-08-25 Thread Mark Thomas
On 25/08/2021 15:10, Christopher Schultz wrote: All, I'm trying to do this without looking at the code which is in Tomcat because I'd like to release it separately and not have to worry about figuring out hos to get permission, etc. It is ALv2 so the requirements are pretty minimal. You

OpenSSL security announcement - do we need a Tomcat Native release?

2021-08-25 Thread Mark Thomas
Hi all, OpenSSL have published a security announcement alongside the latest release: https://www.openssl.org/news/secadv/20210824.txt I'm trying to figure out if Tomcat Native is affected by these. For CVE-2021-3711 it isn't clear to me if the issue relates to just stand-alone decryption or

Re: OpenSSL using /lib64 rather than /lib

2021-08-23 Thread Mark Thomas
either works). And how to do that? Thanks, Mark Regards, Rainer Am 23.08.2021 um 10:35 schrieb Mark Thomas: Hi, I've noticed that both local and Gump builds of OpenSSL master have started using .../lib64 rather than .../lib for the shared libraries that are built. This is causing build

OpenSSL using /lib64 rather than /lib

2021-08-23 Thread Mark Thomas
Hi, I've noticed that both local and Gump builds of OpenSSL master have started using .../lib64 rather than .../lib for the shared libraries that are built. This is causing build problems - for example httpd looks in /lib I'm not sure if something has changed in the build environments or in

Re: [tomcat] branch 8.5.x updated: Additional configuration required for JSign + DigiCert ONE on Java 7

2021-08-18 Thread Mark Thomas
On 18/08/2021 18:03, Christopher Schultz wrote: Mark, On 8/18/21 08:11, ma...@apache.org wrote: Additional configuration required for JSign + DigiCert ONE on Java 7 Ugh. I'm so glad this foolishness isn't required in Java 8 and later. So we actually have to build 8.5 with Java

Re: [tomcat] branch 8.5.x updated: Update to JSign 4.0 to remove dependency on client tools.

2021-08-18 Thread Mark Thomas
On 17/08/2021 23:33, Mark Thomas wrote: On 17/08/2021 22:38, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added

Re: [tomcat] branch 8.5.x updated: Update to JSign 4.0 to remove dependency on client tools.

2021-08-17 Thread Mark Thomas
On 17/08/2021 22:38, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 8.5.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/8.5.x by this push: new

Re: [tomcat] branch main updated: Update to JSign 4.0 to remove dependency on client tools.

2021-08-17 Thread Mark Thomas
On 17/08/2021 21:08, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new

[ANN] Apache Tomcat 8.5.70 available

2021-08-17 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 8.5.70. Apache Tomcat 8 is an open source software implementation of the Java Servlet, JavaServer Pages, Java Unified Expression Language, Java WebSocket and Java Authentication Service Provider Interface for Containers

Re: [VOTE] Release Apache Tomcat 8.5.70

2021-08-16 Thread Mark Thomas
On 12/08/2021 12:20, jean-frederic clere wrote: On 09/08/2021 22:05, Mark Thomas wrote: [X] Stable - go ahead and release as 8.5.70 On fedora 34, I have the following failures: +++    [concat] Testsuites with failed tests:    [concat] TEST

Re: [VOTE][RESULT] Release Apache Tomcat 8.5.70

2021-08-16 Thread Mark Thomas
The following votes were cast: Binding: +1: isapir, mturk, kkolinko, jfclere, schultz No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark - To unsubscribe, e-mail:

Re: svn commit: r49514 - in /dev/tomcat/tomcat-8/v8.5.70: bin/ bin/embed/ bin/extras/ src/

2021-08-16 Thread Mark Thomas
On 16/08/2021 09:50, Rémy Maucherat wrote: On Mon, Aug 16, 2021 at 9:32 AM Mark Thomas wrote: On 16/08/2021 08:19, ma...@apache.org wrote: Author: markt Date: Mon Aug 16 07:19:55 2021 New Revision: 49514 Log: Sign 8.5.70 with the correct key To be on the safe side, could someone other

Re: [NOTICE] - Moving and Upgrading of Buildbot Jobs

2021-08-16 Thread Mark Thomas
On 15/08/2021 09:44, Gavin McDonald wrote: For those of you with nightly builds that use ci.apache.org/projects/* - please note that this service is deprecated and will NOT be available going forward. Instead, your jobs should be changed to upload to https://nightlies.apache.org/$project/*

Re: svn commit: r49514 - in /dev/tomcat/tomcat-8/v8.5.70: bin/ bin/embed/ bin/extras/ src/

2021-08-16 Thread Mark Thomas
On 16/08/2021 08:19, ma...@apache.org wrote: Author: markt Date: Mon Aug 16 07:19:55 2021 New Revision: 49514 Log: Sign 8.5.70 with the correct key To be on the safe side, could someone other than me please validate that the 8.5.70 release is now OpenPGP signed as expected. Thanks, Mark

Re: openssl-3.0.0 test failures with 9.0.x (I have not checked the other branches)

2021-08-10 Thread Mark Thomas
On August 10, 2021 2:24:12 PM UTC, jean-frederic clere wrote: >On 10/08/2021 14:56, Konstantin Kolinko wrote: >> Looking at Apache Gump, >> - tomcat/10.1.x (main) fails to compile >> Apparently Gunp tries to build it with Java 8 instead of Java 11 > >Well according to

[VOTE] Release Apache Tomcat 8.5.70

2021-08-09 Thread Mark Thomas
The proposed Apache Tomcat 8.5.70 release is now available for voting. Chris was having some difficulties before the weekend getting the release to build. He hasn't had time to get to the bottom of these issues and time is ticking on so I took a look. I had different issues on Windows but was

[ANN] Apache Tomcat 10.1.0-M4 (alpha) available

2021-08-07 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M4 (alpha). Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

Re: [VOTE][RESULT] Release Apache Tomcat 10.1.0-M4

2021-08-06 Thread Mark Thomas
The following votes were cast: Binding: +1: remm, jfclere, kolinko No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark On 03/08/2021 21:21, Mark Thomas wrote: The proposed Apache Tomcat 10.1.0-M4 release is now available

[ANN] Apache Tomcat 10.0.10 available

2021-08-06 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.10. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

Re: [VOTE][RESULT] Release Apache Tomcat 10.0.10

2021-08-05 Thread Mark Thomas
The following votes were cast: Binding: +1: isapir, remm, markt No other votes were cast. The vote therefore passes. Thank you to everyone who contributed to this release. Mark On 30/07/2021 12:18, Mark Thomas wrote: The proposed Apache Tomcat 10.0.10 release is now available for voting

[VOTE] Release Apache Tomcat 10.1.0-M4

2021-08-03 Thread Mark Thomas
The proposed Apache Tomcat 10.1.0-M4 release is now available for voting. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat

Re: [VOTE] Release Apache Tomcat 10.0.10

2021-08-03 Thread Mark Thomas
On 30/07/2021 12:18, Mark Thomas wrote: The proposed 10.0.10 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 10.0.10 (stable) Tests pass for NIO, NIO2 and APR/Native with Tomcat Native 1.2.30 on Windows, MacOS and Linux. Mark

[VOTE][CANCELLED] Release Apache Tomcat 10.1.0-M3

2021-08-03 Thread Mark Thomas
I'm cancelling the vote due to a regression. The Java 8 -> Java 11 changes broke WebSocket due to a missing "!". I'll tag M4 shortly. Mark On 29/07/2021 16:37, Mark Thomas wrote: The proposed Apache Tomcat 10.1.0-M3 release is now available for voting. Applications that ru

Re: [VOTE] Release Apache Tomcat 10.1.0-M3

2021-08-02 Thread Mark Thomas
Hi Rainer, I see the same thing. My Java 11 cleanup is the obvious likely candidate for the root cause. I can dig into this some more tomorrow. Looks like we'll need an M4 release. Mark On 03/08/2021 00:12, Rainer Jung wrote: Hi there, is anyone able to run he websockets examples? For

[VOTE] Release Apache Tomcat 10.0.10

2021-07-30 Thread Mark Thomas
The proposed Apache Tomcat 10.0.10 release is now available for voting. Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary package for all the specification APIs has changed from javax.* to jakarta.* Applications that run on Tomcat 9 will not run on Tomcat 10 without changes.

[VOTE][CANCELLED] Release Apache Tomcat 10.0.9

2021-07-30 Thread Mark Thomas
Vote cancelled due to https://bz.apache.org/bugzilla/show_bug.cgi?id=65476 The fix has already been applied. A new tag and vote will follow shortly. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For

Re: [VOTE] Release Apache Tomcat 10.0.9

2021-07-29 Thread Mark Thomas
On 29/07/2021 20:07, Mark Thomas wrote: The proposed 10.0.9 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 10.0.9 (stable) Unit tests pass on Linux, MacOS and Windows for NIO, NIO2 and APR/Native (with Tomcat Native 1.2.30). Mark

[VOTE] Release Apache Tomcat 10.0.9

2021-07-29 Thread Mark Thomas
The proposed Apache Tomcat 10.0.9 release is now available for voting. Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary package for all the specification APIs has changed from javax.* to jakarta.* Applications that run on Tomcat 9 will not run on Tomcat 10 without changes.

Re: [VOTE] Release Apache Tomcat 10.1.0-M3

2021-07-29 Thread Mark Thomas
On 29/07/2021 15:37, Mark Thomas wrote: The proposed 10.1.0-M3 release is: [ ] Broken - do not release [X] Alpha - go ahead and release as 10.1.0-M3 (alpha) Unit tests pass on Linux, MacOS and Windows for NIO, NIO2 and APR/Native (with Tomcat Native 1.2.30). Mark

[VOTE] Release Apache Tomcat 10.1.0-M3

2021-07-29 Thread Mark Thomas
The proposed Apache Tomcat 10.1.0-M3 release is now available for voting. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat

Re: [tomcat] branch main updated: The minimum Java version for the Jakarta 10 platform will be Java 11

2021-07-27 Thread Mark Thomas
5f41348 The minimum Java version for the Jakarta 10 platform will be Java 11 5f41348 is described below commit 5f4134894a3744647a4671faa4140555f1013abc Author: Mark Thomas AuthorDate: Tue Jul 27 16:13:54 2021 +0100 The minimum Java version for the Jakarta 10 platform will be Java 11 I'm

Re: Tagging next release

2021-07-27 Thread Mark Thomas
On 27/07/2021 04:17, Christopher Schultz wrote: Mark, On 7/23/21 09:40, Mark Thomas wrote: Hi all, Partly due to the couple of regressions that have emerged this month, I'd like to aim to get the next set of releases out closer to the start of August than the middle. With that in mind

Tagging next release

2021-07-23 Thread Mark Thomas
Hi all, Partly due to the couple of regressions that have emerged this month, I'd like to aim to get the next set of releases out closer to the start of August than the middle. With that in mind I'll be starting release prep shortly with a view to tagging around the middle of next week and

Re: buildbot failure in on tomcat-9.0.x

2021-07-21 Thread Mark Thomas
: asf946_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-9.0-commit' triggered this build Build Source Stamp: [branch 9.0.x] f5146f694698b3b53cdb19e940bc03d862caa33f Blamelist: Mark Thomas BUILD FAILED: failed compile_1 https://ci.apache.org/projects/tomcat/tomcat-9.0.x/logs

[SECURITY] CVE-2021-30640 Apache Tomcat JNDI realm authentication weakness

2021-07-12 Thread Mark Thomas
CVE-2021-30640 JNDI Realm Authentication Weakness Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.5 Apache Tomcat 9.0.0.M1 to 9.0.45 Apache Tomcat 8.5.0 to 8.5.65 Apache Tomcat 7.0.0 to 7.0.108 Description: Queries made by the JNDI Realm

[SECURITY] CVE-2021-33037 Apache Tomcat HTTP request smuggling

2021-07-12 Thread Mark Thomas
CVE-2021-33037 HTTP request smuggling Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.6 Apache Tomcat 9.0.0.M1 to 9.0.46 Apache Tomcat 8.5.0 to 8.5.66 Description: Apache Tomcat did not correctly parse the HTTP transfer-encoding

[SECURITY] CVE-2021-30639 Apache Tomcat DoS

2021-07-12 Thread Mark Thomas
CVE-2021-30639 Denial of Service Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.3 to 10.0.4 Apache Tomcat 9.0.44 Apache Tomcat 8.5.64 Description: An error introduced as part of a change to improve error handling during non-blocking I/O meant

Re: [tomcat] 03/03: Add support for coercing LambdaExpression to any functional interface

2021-07-09 Thread Mark Thomas
On 09/07/2021 11:40, Konstantin Kolinko wrote: пт, 9 июл. 2021 г. в 12:19, Mark Thomas : On 09/07/2021 09:58, Konstantin Kolinko wrote: Thanks Konstantin. This is good feedback. [...] I wonder how Java itself (a java compiler) deals with coercion of lambdas to interfaces. Either

Re: https://bz.apache.org/bugzilla/show_bug.cgi?id=55707 in tomcat

2021-07-09 Thread Mark Thomas
On 09/07/2021 11:08, jean-frederic clere wrote: Hi, I think we need the same fix in tomcat or I missed something? If we need it I will work on it next week ;-) To clarify, you mean checking Tomcat can (and implementing if it can't) the ability to configure supported SSL protocols per

Re: [tomcat] 03/03: Add support for coercing LambdaExpression to any functional interface

2021-07-09 Thread Mark Thomas
On 09/07/2021 09:58, Konstantin Kolinko wrote: Thanks Konstantin. This is good feedback. пт, 9 июл. 2021 г. в 00:07, Mark Thomas : Add support for coercing LambdaExpression to any functional interface The implementation for this turned out to be a lot simpler than I initially

Re: [tomcat] 03/03: Add support for coercing LambdaExpression to any functional interface

2021-07-08 Thread Mark Thomas
On 08/07/2021 22:05, ma...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 2fcb104294b2676154cb08f00d5665d668792280 Author: Mark Thomas AuthorDate

Re: Update "developers" list

2021-07-08 Thread Mark Thomas
On 08/07/2021 15:28, Christopher Schultz wrote: All, The Apache Tomcat web site has a few places where people are specifically listed by name. One is under "Who We Are"[1], and it's fairly up-to-date. (Reasonable people can disagree as to whether e.g. "jim" is a committer or a

Graal now supports JMX?

2021-07-08 Thread Mark Thomas
Hi, I got pinged on this issue yesterday: https://github.com/spring-projects-experimental/spring-native/issues/805#issuecomment-875335648 That reads to me as if Graal now supports the use of JMX. If that is the case I think we can remove this code:

[ANN] Apache Tomcat 10.0.8 available

2021-07-05 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.8. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M2 (alpha) available

2021-07-05 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M2. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

Re: [VOTE][RESULT] Release Apache Tomcat 10.0.8

2021-07-02 Thread Mark Thomas
The following votes were cast: Binding: 1+: isapir, remm, mturk, markt, mgrigorov, csutherl No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark - To unsubscribe,

Re: [VOTE][RESULT] Release Apache Tomcat 10.1.0-M2

2021-07-02 Thread Mark Thomas
The following votes were cast: Binding: +1: isapir, remm, jfclere, markt, mgrigorov No other votes were cast. The vote therefore passes. Thanks to everyone who contributed to this release. Mark - To unsubscribe, e-mail:

Re: Fwd: [Bug 56430] Extension mapping that includes a dot in the extension does not work

2021-07-01 Thread Mark Thomas
On 30/06/2021 23:13, Christopher Schultz wrote: All, I don't believe I have any BZ karma at all, but this user has duplicated old comments and inserted spam URLs into the comment stream. Can someone kill this stuff? Yes. Felix or I can do it. I've just removed it. Please don't duplicate

Possible code clean-up

2021-06-30 Thread Mark Thomas
All, I wanted to get some feedback on a possible code clean-up. Currently, we declare literal arrays like this: String[] array = new String[] { "value1", "value2", "value3" ); We could simplify these declarations to: String[] array = { "value1", "value2", "value3" ); There doesn't appear

Re: [VOTE] Release Apache Tomcat 9.0.50

2021-06-30 Thread Mark Thomas
On 28/06/2021 09:56, Rémy Maucherat wrote: The proposed 9.0.50 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 9.0.50 (stable) Unit tests pass for NIO, NIO2 and APR/Native (1.2.30) on Windows, Linux and MacOS. Mark

Re: [VOTE] Release Apache Tomcat 10.0.8

2021-06-30 Thread Mark Thomas
On 26/06/2021 00:26, Mark Thomas wrote: The proposed 10.0.8 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 10.0.8 (stable) Unit tests pass for NIO, NIO2 and APR/Native (1.2.30) on Windows, Linux and MacOS. Mark

Re: [VOTE] Release Apache Tomcat 10.1.0-M2

2021-06-30 Thread Mark Thomas
On 25/06/2021 23:06, Mark Thomas wrote: The proposed 10.1.0-M2 release is: [ ] Broken - do not release [X] Alpha - go ahead and release as 10.1.0-M2 (alpha) Unit tests pass for NIO, NIO2 and APR/Native (1.2.30) on Windows, Linux and MacOS. Mark

Re: certificateVerification="optionalNoCA" and OCSP validation.

2021-06-29 Thread Mark Thomas
On 29/06/2021 15:19, jean-frederic clere wrote: On 29/06/2021 14:45, Mark Thomas wrote: On 29/06/2021 12:29, jean-frederic clere wrote: Hi, It seems certificateVerification="optionalNoCA" only works if the OCSP is disabled.       In

Re: certificateVerification="optionalNoCA" and OCSP validation.

2021-06-29 Thread Mark Thomas
On 29/06/2021 12:29, jean-frederic clere wrote: Hi, It seems certificateVerification="optionalNoCA" only works if the OCSP is disabled.         In Otherwise the OCSP check forces an error because it can't check anything... How to "fix" that? Just

Re: [tomcat] branch 9.0.x updated: Fix Jakarta backport

2021-06-28 Thread Mark Thomas
On 27/06/2021 18:35, r...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/9.0.x by this push: new

[VOTE] Release Apache Tomcat 10.0.8

2021-06-25 Thread Mark Thomas
The proposed Apache Tomcat 10.0.8 release is now available for voting. Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary package for all the specification APIs has changed from javax.* to jakarta.* Applications that run on Tomcat 9 will not run on Tomcat 10 without changes.

[VOTE] Release Apache Tomcat 10.1.0-M2

2021-06-25 Thread Mark Thomas
The proposed Apache Tomcat 10.1.0-M2 release is now available for voting. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat

Re: [tomcat] branch main updated: More refactoring of the BZ 65397 fix.

2021-06-25 Thread Mark Thomas
4df19b7 More refactoring of the BZ 65397 fix. 4df19b7 is described below commit 4df19b792eae949e74ac18b170fdce718aab5953 Author: Mark Thomas AuthorDate: Fri Jun 25 21:38:56 2021 +0100 More refactoring of the BZ 65397 fix. Revert some of the changes made for MacOs and implement

Re: [tomcat] branch main updated: Further fix for BZ 65397. Account for symlink above CATALINA_BASE

2021-06-25 Thread Mark Thomas
8f3cba9 Further fix for BZ 65397. Account for symlink above CATALINA_BASE 8f3cba9 is described below commit 8f3cba9bb189ada767537126efb3ebd181f3aae6 Author: Mark Thomas AuthorDate: Fri Jun 25 16:10:11 2021 +0100 Further fix for BZ 65397. Account for symlink above CATALINA_BASE

Tagging 10.1.0-M2 & 10.0.8

2021-06-24 Thread Mark Thomas
Hi all, My current plan is: - fix bz 65377 - check the tests pass locally - tag Hopefully, this will mean tagging some time tomorrow which means a release around 30 June / 1 July. Of course, the mere act of sending this email means a new bug report is going to arrive that is going to take

Re: [tomcat] branch main updated: Simplify - identified by SpotBugs

2021-06-24 Thread Mark Thomas
added to refs/heads/main by this push:   new b9bd126  Simplify - identified by SpotBugs b9bd126 is described below commit b9bd12608d3a14ed036a1602f39b148d91fb5489 Author: Mark Thomas AuthorDate: Wed Jun 23 18:18:37 2021 +0100 Simplify - identified by SpotBugs > ---   java/org/apa

Re: mod_headers as a Filter

2021-06-23 Thread Mark Thomas
On 07/05/2021 09:33, Rémy Maucherat wrote: On Wed, Apr 28, 2021 at 10:45 AM Rémy Maucherat wrote: On Wed, Apr 28, 2021 at 9:07 AM Mark Thomas wrote: I'm wondering if there is merit in a Valve-like mechanism for Coyote. Name TBD but would look something like: - callbacks - after request

Re: [tomcat] branch 10.0.x updated: Avoid synchronization on roles verification

2021-06-23 Thread Mark Thomas
On 23/06/2021 10:37, Rémy Maucherat wrote: On Wed, Jun 23, 2021 at 11:18 AM Mark Thomas wrote: I have a fix in mind for the toString()/toXml() methods. It may have a marginal performance impact but given that these methods are only used when debugging and/or persisting configuration

Re: [tomcat] branch 10.0.x updated: Avoid synchronization on roles verification

2021-06-23 Thread Mark Thomas
On 04/06/2021 09:14, r...@apache.org wrote: This is an automated email from the ASF dual-hosted git repository. remm pushed a commit to branch 10.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/10.0.x by this push: new

Re: JSP regressions - do we need a new set of releases

2021-06-21 Thread Mark Thomas
On 21/06/2021 14:16, Rémy Maucherat wrote: On Mon, Jun 21, 2021 at 12:17 PM Mark Thomas wrote: All, Despite the extra tests I added to improve code coverage to almost 100% for JSP code generation, the changes I made to remove unnecessary code have triggered a couple of regressions

JSP regressions - do we need a new set of releases

2021-06-21 Thread Mark Thomas
All, Despite the extra tests I added to improve code coverage to almost 100% for JSP code generation, the changes I made to remove unnecessary code have triggered a couple of regressions. There is no easy way to avoid these regressions. Given the above do we want to pull forward the July

Re: [tomcat] branch main updated: Fix BZ 65390 - revert code removal made in error

2021-06-19 Thread Mark Thomas
/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push:   new a65466f  Fix BZ 65390 - revert code removal made in error a65466f is described below commit a65466f13beed2fe65f5c569cd3b2f706406 Author: Mark Thomas AuthorDate: Fri Jun 18 16:54:45 2021 +0100

[ANN] Apache Tomcat 10.0.7 available

2021-06-17 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.0.7. This release is targeted at Jakarta EE 9. Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the

[ANN] Apache Tomcat 10.1.0-M1 (alpha) available

2021-06-17 Thread Mark Thomas
The Apache Tomcat team announces the immediate availability of Apache Tomcat 10.1.0-M1. Apache Tomcat 10 is an open source software implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations

  1   2   3   4   5   6   7   8   9   10   >