You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2014/01/28 00:08:36 UTC
[VOTE] Release Apache Tomcat 6.0.39
The proposed Apache Tomcat 6.0.39 release candidate is now available
for voting.
The main changes since 6.0.37 are:
- Updated to use the Eclipse compiler 4.3.1
- Back-ported various improvements to the validation of XML
configuration files from Tomcat 7
- Avoid CVE-2013-1571 when generating Javadoc
The main changes since 6.0.38 are:
- Fixed regression in XML validation
- Cleaned up various aspects of the source
along with a number of bug fixes. Full details are in the change log.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-6/v6.0.39/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1001/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_39
The proposed 6.0.39 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 6.0.39 Stable
Cheers,
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 6.0.39
Posted by Keiichi Fujino <kf...@apache.org>.
2014-01-28 Mark Thomas <ma...@apache.org>:
> The proposed Apache Tomcat 6.0.39 release candidate is now available
> for voting.
>
> The main changes since 6.0.37 are:
> - Updated to use the Eclipse compiler 4.3.1
> - Back-ported various improvements to the validation of XML
> configuration files from Tomcat 7
> - Avoid CVE-2013-1571 when generating Javadoc
>
> The main changes since 6.0.38 are:
> - Fixed regression in XML validation
> - Cleaned up various aspects of the source
>
> along with a number of bug fixes. Full details are in the change log.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-6/v6.0.39/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1001/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_39
>
> The proposed 6.0.39 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 6.0.39 Stable
>
>
+1.
Tested on my simple handmade app.(enable session replication).
> Cheers,
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
> --
> Keiichi.Fujino <de...@tomcat.apache.org>
Re: [VOTE] Release Apache Tomcat 6.0.39
Posted by Rainer Jung <ra...@kippdata.de>.
On 28.01.2014 00:08, Mark Thomas wrote:
> The proposed Apache Tomcat 6.0.39 release candidate is now available
> for voting.
>
> The main changes since 6.0.37 are:
> - Updated to use the Eclipse compiler 4.3.1
> - Back-ported various improvements to the validation of XML
> configuration files from Tomcat 7
> - Avoid CVE-2013-1571 when generating Javadoc
>
> The main changes since 6.0.38 are:
> - Fixed regression in XML validation
> - Cleaned up various aspects of the source
>
> along with a number of bug fixes. Full details are in the change log.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-6/v6.0.39/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1001/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_39
>
> The proposed 6.0.39 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 6.0.39 Stable
+1 to release, thanks for RM.
Some (minor) findings:
- .gitignore only in svn, not in src tgz or zip
- changed JMX attributes (changes from 6.0.37, not from 6.0.38):
- new: tldValidation: false in MBeans with j2eeType=WebModule
- new: xmlNamespaceAware: false and xmlValidation: false
in j2eeType=WebModule in addition to unchanged Host MBean
- bin tgz seems to contain DOS line ends in many files inside
bundled webapps, bin/catalina-tasks.xml and RELEASE-NOTES.
- new javadoc packages org.apache.tomcat.util.descriptor and
org.apache.tomcat.util.http.parser (changes from 6.0.37, not from 6.0.38).
- much less javadoc warnings (from 190 down to 35)
- src/java/org/apache/jasper/compiler/JDTCompiler.java
14 warnings of type package org.eclipse.jdt.... does not exist
- src/java/org/apache/naming/factory/webservices/ServiceProxy.java
7 warnings of type package javax.xml.rpc does not exist resp.
and not found symbols as a consequence of that
- src/java/org/apache/naming/factory/webservices/ServiceRefFactory.java
14 warnings of type package javax.wsdl... does not exist
or package javax.xml.rpc.... does not exist plus not
found symbols as a consequence of that.
Regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE][RESULT] Release Apache Tomcat 6.0.39
Posted by Rémy Maucherat <re...@apache.org>.
2014-01-31 Mark Thomas <ma...@apache.org>:
> Check the subject Remy. This is for 6.0.39, not 8.0.1.
>
> Hum. Ok :D
Rémy
Re: [VOTE][RESULT] Release Apache Tomcat 6.0.39
Posted by Mark Thomas <ma...@apache.org>.
On 31/01/2014 20:42, Rémy Maucherat wrote:
> 2014-01-31 Mark Thomas <ma...@apache.org>:
>
>> stable (binding) : markt, rjung, kfujino, kkolinko
>> stable (non-binding) : Ognjen Blagojevic
>>
>> This release vote therefore passes. Thanks to everyone who voted.
>>
>> I'll move the bits to dist/release now and announce this once the
>> mirrors catch up. Given that that will take this into the weekend, it
>> might slip a little.
>>
>> IMO, there's something wrong here. It is unprecedented to jump straight
> from alpha to stable [if someone heard of any major piece of software which
> did that, let me know ;) ], it just shouldn't be possible since there's
> never going to be enough testing during the alpha stage.
Check the subject Remy. This is for 6.0.39, not 8.0.1.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE][RESULT] Release Apache Tomcat 6.0.39
Posted by Rémy Maucherat <re...@apache.org>.
2014-01-31 Mark Thomas <ma...@apache.org>:
> stable (binding) : markt, rjung, kfujino, kkolinko
> stable (non-binding) : Ognjen Blagojevic
>
> This release vote therefore passes. Thanks to everyone who voted.
>
> I'll move the bits to dist/release now and announce this once the
> mirrors catch up. Given that that will take this into the weekend, it
> might slip a little.
>
> IMO, there's something wrong here. It is unprecedented to jump straight
from alpha to stable [if someone heard of any major piece of software which
did that, let me know ;) ], it just shouldn't be possible since there's
never going to be enough testing during the alpha stage.
Rémy
Re: [VOTE][RESULT] Release Apache Tomcat 6.0.39
Posted by Mark Thomas <ma...@apache.org>.
stable (binding) : markt, rjung, kfujino, kkolinko
stable (non-binding) : Ognjen Blagojevic
This release vote therefore passes. Thanks to everyone who voted.
I'll move the bits to dist/release now and announce this once the
mirrors catch up. Given that that will take this into the weekend, it
might slip a little.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 6.0.39
Posted by Ognjen Blagojevic <og...@gmail.com>.
On 28.1.2014 0:08, Mark Thomas wrote:
> The proposed Apache Tomcat 6.0.39 release candidate is now available
> for voting.
...
> The proposed 6.0.39 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 6.0.39 Stable
Tested .zip distribution on Windows 7 64-bit:
- Tested SSL/TLS connectivity for BIO, NIO and APR connectors.
- Crawled all links (except /manager, /host-manager and
/examples/async*). No broken links found, except links to JavaDocs.
- Smoke tests of BIO, NIO and APR, with and without TLS, all passed.
-Ognjen
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 6.0.39
Posted by Konstantin Kolinko <kn...@gmail.com>.
2014-01-28 Mark Thomas <ma...@apache.org>:
>> The proposed 6.0.39 release is:
>> [ ] Broken - do not release
>> [X] Stable - go ahead and release as 6.0.39 Stable
>
Ack. Seeing these two issues with Java 5u20 (32-bit, Windows), to be specific.
> Issue 1
> =======
>
> XML validation with DTDs on Java 5 is broken.
>
> Switching to Java 6 fixes this. Given the support status of Java 5 I
> don't plan on addressing this other than mentioning it in the release
> announcement.
>
> For some reason I haven't got to the bottom of, when validation is
> enabled for a web app with a 2.2 DTD the parser attempts to resolve a
> schema with a null public id and null system id. Unsurprisingly this
> fails. The end result is a NPE during parsing which is fatal for a web
> application if it is web.xml that is being parsed.
The same error for 2.3 DTD.
I am testing with test/webapp-(2.2|2.3|2.4|2.5) from trunk.
Confirmed, that placing Xerces 2.11 into CATALINA_HOME/endorsed
fixes this with Java 5.
Webapps start and the following URLs are working:
http://localhost:8080/webapp-2.2/el-as-literal.jsp
http://localhost:8080/webapp-2.3/el-as-literal.jsp
http://localhost:8080/webapp-2.4/el-as-literal.jsp
http://localhost:8080/webapp-2.5/el-as-literal.jsp
> Issue 2
> =======
>
> https://issues.apache.org/bugzilla/show_bug.cgi?id=55973
>
> XML validation in Jasper is broken with Java 5. Without r1557719 the
> error in BZ 55973 is displayed. With r1557719, feature not supported
> errors are thrown.
>
I think that I was so happy that with r1561625 the apps started
successfully, that I forgot to test this.
The error is
[[[
SEVERE: Servlet.service() for servlet jsp threw exception
javax.xml.parsers.ParserConfigurationException:
jaxp_feature_not_supported: Feature
"http://xml.org/sax/features/validation" is not supported.
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl.setFeature(DocumentBuilderFactoryImpl.java:207)
at org.apache.jasper.xmlparser.ParserUtils.parseXMLDocument(ParserUtils.java:115)
]]]
It is odd, because the same feature is set and used in other places.
E.g. it works with Catalina's use of Digester.
I wonder what is the difference.
> Switching to Java 6 fixes this. Given the support status of Java 5 I
> don't plan on addressing this other than mentioning it in the release
> announcement.
OK.
Using Xerces 2.11 fixes this issue as well.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 6.0.39
Posted by Mark Thomas <ma...@apache.org>.
> The proposed 6.0.39 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 6.0.39 Stable
Issue 1
=======
XML validation with DTDs on Java 5 is broken.
Switching to Java 6 fixes this. Given the support status of Java 5 I
don't plan on addressing this other than mentioning it in the release
announcement.
For some reason I haven't got to the bottom of, when validation is
enabled for a web app with a 2.2 DTD the parser attempts to resolve a
schema with a null public id and null system id. Unsurprisingly this
fails. The end result is a NPE during parsing which is fatal for a web
application if it is web.xml that is being parsed.
Issue 2
=======
https://issues.apache.org/bugzilla/show_bug.cgi?id=55973
XML validation in Jasper is broken with Java 5. Without r1557719 the
error in BZ 55973 is displayed. With r1557719, feature not supported
errors are thrown.
Switching to Java 6 fixes this. Given the support status of Java 5 I
don't plan on addressing this other than mentioning it in the release
announcement.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org