Re: [VOTE] Release Apache Tomcat 10.1.9
All, On 5/9/23 12:12 PM, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.9 release is now available for voting. The notable changes compared to 10.1.8 are: - Many improvements to the JSON access log valve. - Deprecate support for the HTTP Connector settings rejectIllegalHeader and allowHostHeaderMismatch and reject HTTP headers without names. - Add a RateLimitFilter which can be used to mitigate DoS and Brute Force attacks. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1435 The tag is: https://github.com/apache/tomcat/tree/10.1.9 5d45c1a9359c2298d7140c1ca90cb8c43809a168 The proposed 10.1.9 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 10.1.9 +1 for stable release. Unit test pass on MacOS on Intel. Failing unit tests are expected in this environment. Details: * Environment * Java (build): java version "11.0.7" 2020-04-14 LTS Java(TM) SE Runtime Environment 18.9 (build 11.0.7+8-LTS) Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.7+8-LTS, mixed mode) * Java (test): java version "11.0.7" 2020-04-14 LTS Java(TM) SE Runtime Environment 18.9 (build 11.0.7+8-LTS) Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.7+8-LTS, mixed mode) * OS: Darwin 21.6.0 x86_64 * cc: Apple clang version 12.0.0 (clang-1200.0.31.1) * make: GNU Make 3.81 * OpenSSL: OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022) * APR: 1.7.0 * * Valid SHA-512 signature for apache-tomcat-10.1.9.zip * Valid GPG signature for apache-tomcat-10.1.9.zip * Valid SHA-512 signature for apache-tomcat-10.1.9.tar.gz * Valid GPG signature for apache-tomcat-10.1.9.tar.gz * Valid SHA-512 signature for apache-tomcat-10.1.9.exe * Valid GPG signature for apache-tomcat-10.1.9.exe * Valid SHA512 signature for apache-tomcat-10.1.9-src.zip * Valid GPG signature for apache-tomcat-10.1.9-src.zip * Valid SHA512 signature for apache-tomcat-10.1.9-src.tar.gz * Valid GPG signature for apache-tomcat-10.1.9-src.tar.gz * * Binary Zip and tarball: Same * Source Zip and tarball: Same * * Building dependencies returned: 0 * tcnative builds cleanly * Tomcat builds cleanly * Junit Tests: FAILED * * Tests that failed: * org.apache.catalina.filters.TestRateLimitFilter.NIO.txt * org.apache.catalina.filters.TestRateLimitFilter.NIO2.txt * org.apache.tomcat.util.net.jsse.TestPEMFile.NIO.txt * org.apache.tomcat.util.net.jsse.TestPEMFile.NIO2.txt * org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt * org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO2.txt * org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt * org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO2.txt -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
All, On 5/9/23 12:12, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.9 release is now available for voting. The notable changes compared to 10.1.8 are: - Many improvements to the JSON access log valve. - Deprecate support for the HTTP Connector settings rejectIllegalHeader and allowHostHeaderMismatch and reject HTTP headers without names. - Add a RateLimitFilter which can be used to mitigate DoS and Brute Force attacks. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1435 The tag is: https://github.com/apache/tomcat/tree/10.1.9 5d45c1a9359c2298d7140c1ca90cb8c43809a168 The proposed 10.1.9 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 10.1.9 Running checkstyle gives me an error something like "cannot create Module Root". I don't have the exact error message, since I just disabled checkstyle and re-ran the build. Anyone ever seen that before? In other checkstyle news, the version of checkstyle used for 8.5.x is too recent for Java 1.8 to run. I think I reported that in the past and the consensus was that "RMs should be using Java 11 or later so that's fine." I'm reporting that just in case I didn't do so before. -chris - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
> On May 10, 2023, at 00:12, Christopher Schultz > wrote: > > The proposed Apache Tomcat 10.1.9 release is now available for > voting. > > The notable changes compared to 10.1.8 are: > > - Many improvements to the JSON access log valve. > > - Deprecate support for the HTTP Connector settings rejectIllegalHeader > and allowHostHeaderMismatch and reject HTTP headers without names. > > - Add a RateLimitFilter which can be used to mitigate DoS and Brute > Force attacks. > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 > without changes. Java EE applications designed for Tomcat 9 and earlier may > be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will > automatically convert them to Jakarta EE and copy them to the webapps > directory. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1435 > > The tag is: > https://github.com/apache/tomcat/tree/10.1.9 > 5d45c1a9359c2298d7140c1ca90cb8c43809a168 > > The proposed 10.1.9 release is: > [ ] Broken - do not release > [X ] Stable - go ahead and release as 10.1.9 Han > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
On Tue, May 9, 2023 at 6:57 PM Christopher Schultz wrote: > > The proposed Apache Tomcat 10.1.9 release is now available for > voting. > > The notable changes compared to 10.1.8 are: > > - Many improvements to the JSON access log valve. > > - Deprecate support for the HTTP Connector settings rejectIllegalHeader >and allowHostHeaderMismatch and reject HTTP headers without names. > > - Add a RateLimitFilter which can be used to mitigate DoS and Brute >Force attacks. > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1435 > > The tag is: > https://github.com/apache/tomcat/tree/10.1.9 > 5d45c1a9359c2298d7140c1ca90cb8c43809a168 > > The proposed 10.1.9 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 10.1.9 Rémy - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
Tests pass on Fedora 36 with Java 17. On Tue, May 9, 2023 at 8:01 PM Christopher Schultz < ch...@christopherschultz.net> wrote: > The proposed Apache Tomcat 10.1.9 release is now available for > voting. > > The notable changes compared to 10.1.8 are: > > - Many improvements to the JSON access log valve. > > - Deprecate support for the HTTP Connector settings rejectIllegalHeader >and allowHostHeaderMismatch and reject HTTP headers without names. > > - Add a RateLimitFilter which can be used to mitigate DoS and Brute >Force attacks. > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1435 > > The tag is: > https://github.com/apache/tomcat/tree/10.1.9 > 5d45c1a9359c2298d7140c1ca90cb8c43809a168 > > The proposed 10.1.9 release is: > [ ] Broken - do not release > [X ] Stable - go ahead and release as 10.1.9 > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: [VOTE] Release Apache Tomcat 10.1.9
On Tue, May 9, 2023 at 10:00 AM Christopher Schultz < ch...@christopherschultz.net> wrote: > The proposed Apache Tomcat 10.1.9 release is now available for > voting. > > The notable changes compared to 10.1.8 are: > > - Many improvements to the JSON access log valve. > > - Deprecate support for the HTTP Connector settings rejectIllegalHeader >and allowHostHeaderMismatch and reject HTTP headers without names. > > - Add a RateLimitFilter which can be used to mitigate DoS and Brute >Force attacks. > > For full details, see the change log: > https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html > > Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 > without changes. Java EE applications designed for Tomcat 9 and earlier > may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat > will automatically convert them to Jakarta EE and copy them to the > webapps directory. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/ > > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1435 > > The tag is: > https://github.com/apache/tomcat/tree/10.1.9 > 5d45c1a9359c2298d7140c1ca90cb8c43809a168 > > The proposed 10.1.9 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 10.1.9 > +1 Unit tests passed on Ubuntu 22.04 with Java 17 Igal > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: [VOTE] Release Apache Tomcat 10.1.9
On 09/05/2023 21:03, Igal Sapir wrote: On Tue, May 9, 2023 at 12:51 PM Mark Thomas wrote: The new rate limit tests failed in MacOs and on Windows but that is an issue with the tests and I am in the process of fixing it. Thanks Mark. I look forward to seeing your patch. It passed on my machine before I commited it but I realize that it can, and should, be more robust. No worries. Anything timing related has a chance of taking longer than you'd reasonably expect. I've lost count of the number of tests of mine that broke in similar ways. I'm surprised that my MacOS machines hit the issue as they are usually pretty speedy but they seem happy with the patch so far. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
On Tue, May 9, 2023 at 12:51 PM Mark Thomas wrote: > > > The new rate limit tests failed in MacOs and on Windows but that is an > issue with the tests and I am in the process of fixing it. > Thanks Mark. I look forward to seeing your patch. It passed on my machine before I commited it but I realize that it can, and should, be more robust. Igal > > Otherwise, tests passed on Linux, Windows and MacOS. > > Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
Re: [VOTE] Release Apache Tomcat 10.1.9
On 09/05/2023 17:12, Christopher Schultz wrote: The proposed 10.1.9 release is: [ ] Broken - do not release [X] Stable - go ahead and release as 10.1.9 The new rate limit tests failed in MacOs and on Windows but that is an issue with the tests and I am in the process of fixing it. Otherwise, tests passed on Linux, Windows and MacOS. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
All, On 5/9/23 12:56, Christopher Schultz wrote: Please standby. I will be re-issuing this VOTE with an amended Maven repo link. False alarm. I was able to remove the unintended artifacts from the Maven repository. The existing VOTE email and all references therein is fine. Thanks, -chris On 5/9/23 12:12, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.9 release is now available for voting. The notable changes compared to 10.1.8 are: - Many improvements to the JSON access log valve. - Deprecate support for the HTTP Connector settings rejectIllegalHeader and allowHostHeaderMismatch and reject HTTP headers without names. - Add a RateLimitFilter which can be used to mitigate DoS and Brute Force attacks. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1435 The tag is: https://github.com/apache/tomcat/tree/10.1.9 5d45c1a9359c2298d7140c1ca90cb8c43809a168 The proposed 10.1.9 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 10.1.9 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
All, Please standby. I will be re-issuing this VOTE with an amended Maven repo link. Thanks, -chris On 5/9/23 12:12, Christopher Schultz wrote: The proposed Apache Tomcat 10.1.9 release is now available for voting. The notable changes compared to 10.1.8 are: - Many improvements to the JSON access log valve. - Deprecate support for the HTTP Connector settings rejectIllegalHeader and allowHostHeaderMismatch and reject HTTP headers without names. - Add a RateLimitFilter which can be used to mitigate DoS and Brute Force attacks. For full details, see the change log: https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1435 The tag is: https://github.com/apache/tomcat/tree/10.1.9 5d45c1a9359c2298d7140c1ca90cb8c43809a168 The proposed 10.1.9 release is: [ ] Broken - do not release [ ] Stable - go ahead and release as 10.1.9 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
