You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2017/09/04 11:52:27 UTC
Draft EOL announcement for Tomcat Native 1.1.x
This one is a little different since we haven't had a 1.1.x release in a
while and are unlikely to before the EOL date.
Comments, feedback etc welcome.
The Apache Tomcat Team announces that support for Apache Tomcat Native
1.1.x will end on 30 September 2018.
This means that after 30 September 2018:
- releases from the 1.1.x branch are highly unlikely
- bugs affecting only the 1.1.x branch will not be addressed
- security vulnerability reports will not be checked against the 1.1.x
branch
- Apache Tomcat releases of 7.0.x after this date may require 1.2.x as a
minimum
Three months later (i.e. after 31 December 2018)
- the 1.1.x download pages will be removed
- the latest 1.1.x release will be removed from the mirror system
- the links to the 1.1.x documentation will be removed from
tomcat.apache.org
Note that all 1.1.x releases will always be available from the archive.
Tomcat Native 1.2.x is a drop-in replacement for 1.1.x although it does
require OpenSSL 1.0.2 as a minimum.
All Tomcat Native releases from 1.1.34 onwards have indicated that users
should use 1.2.x in preference to 1.1.x.
The most recent release of 1.1.x (1.1.34) was released in December 2015.
It is likely that 1.1.34 will be the final 1.1.x release unless a
security vulnerability is discovered in 1.1.x that cannot be worked
around without a new release.
--
The Apache Tomcat Team
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Draft EOL announcement for Tomcat Native 1.1.x
Posted by Konstantin Kolinko <kn...@gmail.com>.
2017-09-04 14:52 GMT+03:00 Mark Thomas <ma...@apache.org>:
> This one is a little different since we haven't had a 1.1.x release in a
> while and are unlikely to before the EOL date.
>
> Comments, feedback etc welcome.
>
>
>
> The Apache Tomcat Team announces that support for Apache Tomcat Native
> 1.1.x will end on 30 September 2018.
>
Two points to note:
1. We are talking about "source code" releases here.
Existing binary releases of 1.1.x for Windows are already obsolete:
they are not built with current versions of OpenSSL.
I expect that using those binaries may be unsafe. Maybe remove them
from mirrors?
2. We may add info that this only affects users of Tomcat 7.0 and 8.0.
In AprLifecycleListener.java 7.0 and 8.0 require 1.1.32, recommend >= 1.2.8
8.5 requires 1.2.x.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Draft EOL announcement for Tomcat Native 1.1.x
Posted by Konstantin Kolinko <kn...@gmail.com>.
2017-09-19 23:45 GMT+03:00 Mark Thomas <ma...@apache.org>:
> Updated with Konstantin's feedback.
>
> Further comments, feedback etc welcome.
>
>
>
> The Apache Tomcat Team announces that support for Apache Tomcat Native
> 1.1.x will end on 30 September 2018.
>
> This means that after 30 September 2018:
> - releases from the 1.1.x branch are highly unlikely
> - bugs affecting only the 1.1.x branch will not be addressed
> - security vulnerability reports will not be checked against the 1.1.x
> branch
> - Apache Tomcat releases of 7.0.x after this date may require 1.2.x as a
> minimum
>
> Three months later (i.e. after 31 December 2018)
> - the 1.1.x download pages will be removed
> - the latest 1.1.x release will be removed from the mirror system
> - the links to the 1.1.x documentation will be removed from
> tomcat.apache.org
>
> The latest binary releases of 1.1.x for Windows are not built with a
"Microsoft Windows"
> current version of OpenSSL and will therefore be removed from the
> download pages with immediate effect.
>
> Please also note the following additional information:
>
> Tomcat 8.5.x and 9.0.x require a minimum of Tomcat Native 1.2.x and are
> therefore unaffected by this notice.
>
> Tomcat 8.0.x will reach end of life on 30 June 2018 and is therefore
> unaffected by this notice.
>
> Only Tomcat 7.0.x is affected by this notice.
>
> Tomcat 7.0.x has shipped with Tomcat Native 1.2.x since 7.0.70 (June 2016).
>
> All 1.1.x releases will always be available from the archive.
>
> Tomcat Native 1.2.x is a drop-in replacement for 1.1.x although it does
> require OpenSSL 1.0.2 as a minimum.
>
> All Tomcat Native releases from 1.1.34 onwards have indicated that users
> should use 1.2.x in preference to 1.1.x.
>
> The most recent release of 1.1.x (1.1.34) was released in December 2015.
> It is likely that 1.1.34 will be the final 1.1.x release unless a
> security vulnerability is discovered in 1.1.x that cannot be worked
> around without a new release.
>
> --
> The Apache Tomcat Team
+1. Looks good.
s/Windows/Microsoft Windows"/
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: Draft EOL announcement for Tomcat Native 1.1.x
Posted by Mark Thomas <ma...@apache.org>.
Updated with Konstantin's feedback.
Further comments, feedback etc welcome.
The Apache Tomcat Team announces that support for Apache Tomcat Native
1.1.x will end on 30 September 2018.
This means that after 30 September 2018:
- releases from the 1.1.x branch are highly unlikely
- bugs affecting only the 1.1.x branch will not be addressed
- security vulnerability reports will not be checked against the 1.1.x
branch
- Apache Tomcat releases of 7.0.x after this date may require 1.2.x as a
minimum
Three months later (i.e. after 31 December 2018)
- the 1.1.x download pages will be removed
- the latest 1.1.x release will be removed from the mirror system
- the links to the 1.1.x documentation will be removed from
tomcat.apache.org
The latest binary releases of 1.1.x for Windows are not built with a
current version of OpenSSL and will therefore be removed from the
download pages with immediate effect.
Please also note the following additional information:
Tomcat 8.5.x and 9.0.x require a minimum of Tomcat Native 1.2.x and are
therefore unaffected by this notice.
Tomcat 8.0.x will reach end of life on 30 June 2018 and is therefore
unaffected by this notice.
Only Tomcat 7.0.x is affected by this notice.
Tomcat 7.0.x has shipped with Tomcat Native 1.2.x since 7.0.70 (June 2016).
All 1.1.x releases will always be available from the archive.
Tomcat Native 1.2.x is a drop-in replacement for 1.1.x although it does
require OpenSSL 1.0.2 as a minimum.
All Tomcat Native releases from 1.1.34 onwards have indicated that users
should use 1.2.x in preference to 1.1.x.
The most recent release of 1.1.x (1.1.34) was released in December 2015.
It is likely that 1.1.34 will be the final 1.1.x release unless a
security vulnerability is discovered in 1.1.x that cannot be worked
around without a new release.
--
The Apache Tomcat Team
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org