You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by Rémy Maucherat <re...@apache.org> on 2022/03/31 14:56:00 UTC

[VOTE] Release Apache Tomcat 9.0.62

The proposed Apache Tomcat 9.0.62 release is now available for voting.

The notable changes compared to 9.0.60 are:

- Update the packaged version of the Tomcat Native Library to 1.2.32 to
   pick up Windows binaries built with OpenSSL 1.1.1n.

- Improve logging of unknown HTTP/2 settings frames. Pull request by
   Thomas Hoffmann.

- Add additional warnings if incompatible TLS configurations are used
   such as HTTP/2 with CLIENT-CERT authentication

- Harden the class loader to provide a mitigation for CVE-2022-22965
   a Spring Framework vulnerability

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1368
The tag is:
https://github.com/apache/tomcat/tree/9.0.62
85113741042dcce9e9792bdbc3d498172bc31291

The proposed 9.0.62 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 9.0.62 (stable)

Rémy

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.62

Posted by Raymond Augé <ra...@liferay.com.INVALID>.

> [X] Stable - go ahead and release as 9.0.62 (stable)

Ray

On Thu, Mar 31, 2022 at 11:23 AM Rémy Maucherat <re...@apache.org> wrote:

> On Thu, Mar 31, 2022 at 4:56 PM Rémy Maucherat <re...@apache.org> wrote:
> >
> > The proposed Apache Tomcat 9.0.62 release is now available for voting.
> >
> > The notable changes compared to 9.0.60 are:
> >
> > - Update the packaged version of the Tomcat Native Library to 1.2.32 to
> >    pick up Windows binaries built with OpenSSL 1.1.1n.
> >
> > - Improve logging of unknown HTTP/2 settings frames. Pull request by
> >    Thomas Hoffmann.
> >
> > - Add additional warnings if incompatible TLS configurations are used
> >    such as HTTP/2 with CLIENT-CERT authentication
> >
> > - Harden the class loader to provide a mitigation for CVE-2022-22965
> >    a Spring Framework vulnerability
> >
> > Along with lots of other bug fixes and improvements.
> >
> > For full details, see the changelog:
> > https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
> >
> > It can be obtained from:
> > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
> > The Maven staging repo is:
> > https://repository.apache.org/content/repositories/orgapachetomcat-1368
> > The tag is:
> > https://github.com/apache/tomcat/tree/9.0.62
> > 85113741042dcce9e9792bdbc3d498172bc31291
> >
> > The proposed 9.0.62 release is:
> > [ ] Broken - do not release
> > [X] Stable - go ahead and release as 9.0.62 (stable)
>
> Rémy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>

-- 
*Raymond Augé* (@rotty3000)
Senior Software Architect *Liferay, Inc.* (@Liferay)
OSGi Fellow, Java Champion

Re: [VOTE] Release Apache Tomcat 9.0.62

Posted by Rémy Maucherat <re...@apache.org>.

On Thu, Mar 31, 2022 at 4:56 PM Rémy Maucherat <re...@apache.org> wrote:
>
> The proposed Apache Tomcat 9.0.62 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
>    pick up Windows binaries built with OpenSSL 1.1.1n.
>
> - Improve logging of unknown HTTP/2 settings frames. Pull request by
>    Thomas Hoffmann.
>
> - Add additional warnings if incompatible TLS configurations are used
>    such as HTTP/2 with CLIENT-CERT authentication
>
> - Harden the class loader to provide a mitigation for CVE-2022-22965
>    a Spring Framework vulnerability
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1368
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.62
> 85113741042dcce9e9792bdbc3d498172bc31291
>
> The proposed 9.0.62 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.62 (stable)

Rémy

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.62

Posted by Mark Thomas <ma...@apache.org>.

On 31/03/2022 15:56, Rémy Maucherat wrote:

> The proposed 9.0.62 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.62 (stable)

Unit tests pass on Linux, Windows and MacOS

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.62

Posted by jean-frederic clere <jf...@gmail.com>.

On 31/03/2022 16:56, Rémy Maucherat wrote:
> [X] Stable - go ahead and release as 9.0.62 (stable)


-- 
Cheers

Jean-Frederic


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.62

Posted by Felix Schumacher <fe...@internetallee.de>.

Am 31.03.22 um 16:56 schrieb Rémy Maucherat:
> The proposed Apache Tomcat 9.0.62 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
>     pick up Windows binaries built with OpenSSL 1.1.1n.
>
> - Improve logging of unknown HTTP/2 settings frames. Pull request by
>     Thomas Hoffmann.
>
> - Add additional warnings if incompatible TLS configurations are used
>     such as HTTP/2 with CLIENT-CERT authentication
>
> - Harden the class loader to provide a mitigation for CVE-2022-22965
>     a Spring Framework vulnerability
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1368
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.62
> 85113741042dcce9e9792bdbc3d498172bc31291
>
> The proposed 9.0.62 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.62 (stable)

Unit tests run with Java 11 and Java 8 on Linux

Felix

>
> Rémy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail:dev-help@tomcat.apache.org
>

Re: [VOTE] Release Apache Tomcat 9.0.62

Posted by Filip Hanik <fi...@hanik.com>.

On Thu, Mar 31, 2022 at 7:56 AM Rémy Maucherat <re...@apache.org> wrote:

> The proposed Apache Tomcat 9.0.62 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
>    pick up Windows binaries built with OpenSSL 1.1.1n.
>
> - Improve logging of unknown HTTP/2 settings frames. Pull request by
>    Thomas Hoffmann.
>
> - Add additional warnings if incompatible TLS configurations are used
>    such as HTTP/2 with CLIENT-CERT authentication
>
> - Harden the class loader to provide a mitigation for CVE-2022-22965
>    a Spring Framework vulnerability
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1368
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.62
> 85113741042dcce9e9792bdbc3d498172bc31291
>
> The proposed 9.0.62 release is:
> [ ] Broken - do not release
>
>  [X] Stable - go ahead and release as 9.0.62 (stable)

Filip


>
>

Re: [VOTE] Release Apache Tomcat 9.0.62

Posted by Tim Funk <fu...@apache.org>.

On Thu, Mar 31, 2022 at 10:56 AM Rémy Maucherat <re...@apache.org> wrote:

>
> The proposed 9.0.62 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.62 (stable)
>
>

[VOTE][RESULT] Release Apache Tomcat 9.0.62

Posted by Rémy Maucherat <re...@apache.org>.

The following votes were cast:

Binding:
+1: remm, fschumacher, markt, csutherl, fhanik, funkman, jfclere

Non-binding:
+1: rotty3000

No other votes were cast. The vote therefore passes.

Thanks to everyone who contributed to this release.

Rémy

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.62

Posted by Coty Sutherland <cs...@apache.org>.

On Thu, Mar 31, 2022 at 10:57 AM Rémy Maucherat <re...@apache.org> wrote:

> The proposed Apache Tomcat 9.0.62 release is now available for voting.
>
> The notable changes compared to 9.0.60 are:
>
> - Update the packaged version of the Tomcat Native Library to 1.2.32 to
>    pick up Windows binaries built with OpenSSL 1.1.1n.
>
> - Improve logging of unknown HTTP/2 settings frames. Pull request by
>    Thomas Hoffmann.
>
> - Add additional warnings if incompatible TLS configurations are used
>    such as HTTP/2 with CLIENT-CERT authentication
>
> - Harden the class loader to provide a mitigation for CVE-2022-22965
>    a Spring Framework vulnerability
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1368
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.62
> 85113741042dcce9e9792bdbc3d498172bc31291
>
> The proposed 9.0.62 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.62 (stable)
>

+1


> Rémy
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>