You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Rémy Maucherat <re...@apache.org> on 2022/03/31 14:56:00 UTC
[VOTE] Release Apache Tomcat 9.0.62
The proposed Apache Tomcat 9.0.62 release is now available for voting.
The notable changes compared to 9.0.60 are:
- Update the packaged version of the Tomcat Native Library to 1.2.32 to
pick up Windows binaries built with OpenSSL 1.1.1n.
- Improve logging of unknown HTTP/2 settings frames. Pull request by
Thomas Hoffmann.
- Add additional warnings if incompatible TLS configurations are used
such as HTTP/2 with CLIENT-CERT authentication
- Harden the class loader to provide a mitigation for CVE-2022-22965
a Spring Framework vulnerability
Along with lots of other bug fixes and improvements.
For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1368
The tag is:
https://github.com/apache/tomcat/tree/9.0.62
85113741042dcce9e9792bdbc3d498172bc31291
The proposed 9.0.62 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 9.0.62 (stable)
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.62
Posted by Raymond Augé <ra...@liferay.com.INVALID>.
> [X] Stable - go ahead and release as 9.0.62 (stable)
Ray
On Thu, Mar 31, 2022 at 11:23 AM Rémy Maucherat <re...@apache.org> wrote:
> On Thu, Mar 31, 2022 at 4:56 PM Rémy Maucherat <re...@apache.org> wrote:
> >
> > The proposed Apache Tomcat 9.0.62 release is now available for voting.
> >
> > The notable changes compared to 9.0.60 are:
> >
> > - Update the packaged version of the Tomcat Native Library to 1.2.32 to
> > pick up Windows binaries built with OpenSSL 1.1.1n.
> >
> > - Improve logging of unknown HTTP/2 settings frames. Pull request by
> > Thomas Hoffmann.
> >
> > - Add additional warnings if incompatible TLS configurations are used
> > such as HTTP/2 with CLIENT-CERT authentication
> >
> > - Harden the class loader to provide a mitigation for CVE-2022-22965
> > a Spring Framework vulnerability
> >
> > Along with lots of other bug fixes and improvements.
> >
> > For full details, see the changelog:
> > https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
> >
> > It can be obtained from:
> > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
> > The Maven staging repo is:
> > https://repository.apache.org/content/repositories/orgapachetomcat-1368
> > The tag is:
> > https://github.com/apache/tomcat/tree/9.0.62
> > 85113741042dcce9e9792bdbc3d498172bc31291
> >
> > The proposed 9.0.62 release is:
> > [ ] Broken - do not release
> > [X] Stable - go ahead and release as 9.0.62 (stable)
>
> Rémy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
--
*Raymond Augé* (@rotty3000)
Senior Software Architect *Liferay, Inc.* (@Liferay)
OSGi Fellow, Java Champion
Re: [VOTE] Release Apache Tomcat 9.0.62
Posted by Rémy Maucherat <re...@apache.org>.
On Thu, Mar 31, 2022 at 4:56 PM Rémy Maucherat <re...@apache.org> wrote:
>
> The proposed Apache Tomcat 9.0.62 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
> pick up Windows binaries built with OpenSSL 1.1.1n.
>
> - Improve logging of unknown HTTP/2 settings frames. Pull request by
> Thomas Hoffmann.
>
> - Add additional warnings if incompatible TLS configurations are used
> such as HTTP/2 with CLIENT-CERT authentication
>
> - Harden the class loader to provide a mitigation for CVE-2022-22965
> a Spring Framework vulnerability
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1368
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.62
> 85113741042dcce9e9792bdbc3d498172bc31291
>
> The proposed 9.0.62 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.62 (stable)
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.62
Posted by Mark Thomas <ma...@apache.org>.
On 31/03/2022 15:56, Rémy Maucherat wrote:
> The proposed 9.0.62 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.62 (stable)
Unit tests pass on Linux, Windows and MacOS
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.62
Posted by jean-frederic clere <jf...@gmail.com>.
On 31/03/2022 16:56, Rémy Maucherat wrote:
> [X] Stable - go ahead and release as 9.0.62 (stable)
--
Cheers
Jean-Frederic
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.62
Posted by Felix Schumacher <fe...@internetallee.de>.
Am 31.03.22 um 16:56 schrieb Rémy Maucherat:
> The proposed Apache Tomcat 9.0.62 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
> pick up Windows binaries built with OpenSSL 1.1.1n.
>
> - Improve logging of unknown HTTP/2 settings frames. Pull request by
> Thomas Hoffmann.
>
> - Add additional warnings if incompatible TLS configurations are used
> such as HTTP/2 with CLIENT-CERT authentication
>
> - Harden the class loader to provide a mitigation for CVE-2022-22965
> a Spring Framework vulnerability
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1368
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.62
> 85113741042dcce9e9792bdbc3d498172bc31291
>
> The proposed 9.0.62 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.62 (stable)
Unit tests run with Java 11 and Java 8 on Linux
Felix
>
> Rémy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail:dev-help@tomcat.apache.org
>
Re: [VOTE] Release Apache Tomcat 9.0.62
Posted by Filip Hanik <fi...@hanik.com>.
On Thu, Mar 31, 2022 at 7:56 AM Rémy Maucherat <re...@apache.org> wrote:
> The proposed Apache Tomcat 9.0.62 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
> pick up Windows binaries built with OpenSSL 1.1.1n.
>
> - Improve logging of unknown HTTP/2 settings frames. Pull request by
> Thomas Hoffmann.
>
> - Add additional warnings if incompatible TLS configurations are used
> such as HTTP/2 with CLIENT-CERT authentication
>
> - Harden the class loader to provide a mitigation for CVE-2022-22965
> a Spring Framework vulnerability
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1368
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.62
> 85113741042dcce9e9792bdbc3d498172bc31291
>
> The proposed 9.0.62 release is:
> [ ] Broken - do not release
>
> [X] Stable - go ahead and release as 9.0.62 (stable)
Filip
>
>
Re: [VOTE] Release Apache Tomcat 9.0.62
Posted by Tim Funk <fu...@apache.org>.
On Thu, Mar 31, 2022 at 10:56 AM Rémy Maucherat <re...@apache.org> wrote:
>
> The proposed 9.0.62 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.62 (stable)
>
>
[VOTE][RESULT] Release Apache Tomcat 9.0.62
Posted by Rémy Maucherat <re...@apache.org>.
The following votes were cast:
Binding:
+1: remm, fschumacher, markt, csutherl, fhanik, funkman, jfclere
Non-binding:
+1: rotty3000
No other votes were cast. The vote therefore passes.
Thanks to everyone who contributed to this release.
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.62
Posted by Coty Sutherland <cs...@apache.org>.
On Thu, Mar 31, 2022 at 10:57 AM Rémy Maucherat <re...@apache.org> wrote:
> The proposed Apache Tomcat 9.0.62 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
> pick up Windows binaries built with OpenSSL 1.1.1n.
>
> - Improve logging of unknown HTTP/2 settings frames. Pull request by
> Thomas Hoffmann.
>
> - Add additional warnings if incompatible TLS configurations are used
> such as HTTP/2 with CLIENT-CERT authentication
>
> - Harden the class loader to provide a mitigation for CVE-2022-22965
> a Spring Framework vulnerability
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1368
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.62
> 85113741042dcce9e9792bdbc3d498172bc31291
>
> The proposed 9.0.62 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.62 (stable)
>
+1
> Rémy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>