You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2017/09/28 11:21:14 UTC
[VOTE] Release Apache Tomcat 8.5.23
The proposed Apache Tomcat 8.5.23 release is now available for voting.
The major changes compared to the 8.5.21 release are:
- Fix CVE-2017-12617
- Add ExtractingRoot, a new WebResourceRoot implementation that extracts
JARs to the work directory for improved performance when deploying
packed WAR files.
Along with lots of other bug fixes and improvements.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.23/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1157/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_23/
The proposed 8.5.23 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.23
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.23
Posted by Rainer Jung <ra...@kippdata.de>.
Am 28.09.2017 um 13:21 schrieb Mark Thomas:
> The proposed Apache Tomcat 8.5.23 release is now available for voting.
>
> The major changes compared to the 8.5.21 release are:
>
> - Fix CVE-2017-12617
>
> - Add ExtractingRoot, a new WebResourceRoot implementation that extracts
> JARs to the work directory for improved performance when deploying
> packed WAR files.
>
> Along with lots of other bug fixes and improvements.
>
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.23/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1157/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_23/
>
> The proposed 8.5.23 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.23
+1 to release.
One observation concerning compiled examples classes see below.
Details
=======
- SHA1 and MD5 OK
- signatures OK
- key in KEYS file
- gz and zip for src and bin consistent
- src consistent with svn tag
- except bin shell scripts are not executable in src tarball
(not critical)
- builds fine
- build result looks consistent with binaries
- no checkstyle complaints
- no Javadoc warnings
- JMX MBean Comparison with 8.5.22:
- ProtocolHandler MBean new attribute "allowHostHeaderMismatch: true"
(expected)
- Unit tests: No failures
Build and tests were done using Java 1.7.0_80. OS was Solaris 10 Sparc,
tcnative was 1.2.14 based on APR 1.6.2 and OpenSSL 1.0.2l plus patches.
One change started in 8.5.21: when I build TC from the src distribution,
the binary class files in the examples started to differ from the ones
in the bin dist. Example file:
webapps/examples/WEB-INF/classes/async/Async0.class
Until 8.5.20 the size was 2883 bytes and md5sum was
7e5114a9d4b873d0582f390bff112e33. These values are still correct for
8.5.23 when I rebuild TC, but the files in the bin archives have size
2899 and md5sum d2e1a9b23546290f8d22c75eb5ad216a. I am not too worried
about that but somehow curious what might have changed during the
release build between 8.5.20 and 8.5.21.
Thanks for RM and regards,
Rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.23
Posted by Coty Sutherland <cs...@redhat.com>.
On Thu, Sep 28, 2017 at 7:21 AM, Mark Thomas <ma...@apache.org> wrote:
> The proposed Apache Tomcat 8.5.23 release is now available for voting.
>
> The major changes compared to the 8.5.21 release are:
>
> - Fix CVE-2017-12617
>
> - Add ExtractingRoot, a new WebResourceRoot implementation that extracts
> JARs to the work directory for improved performance when deploying
> packed WAR files.
>
> Along with lots of other bug fixes and improvements.
>
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.23/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1157/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_23/
>
> The proposed 8.5.23 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.23
+1
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.23
Posted by Violeta Georgieva <vi...@apache.org>.
2017-09-28 14:21 GMT+03:00 Mark Thomas <ma...@apache.org>:
>
> The proposed Apache Tomcat 8.5.23 release is now available for voting.
>
> The major changes compared to the 8.5.21 release are:
>
> - Fix CVE-2017-12617
>
> - Add ExtractingRoot, a new WebResourceRoot implementation that extracts
> JARs to the work directory for improved performance when deploying
> packed WAR files.
>
> Along with lots of other bug fixes and improvements.
>
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.23/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1157/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_23/
>
> The proposed 8.5.23 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.23
Regards,
Violeta
Re: [VOTE] Release Apache Tomcat 8.5.23
Posted by Rémy Maucherat <re...@apache.org>.
On Thu, Sep 28, 2017 at 1:21 PM, Mark Thomas <ma...@apache.org> wrote:
> The proposed Apache Tomcat 8.5.23 release is now available for voting.
>
> The major changes compared to the 8.5.21 release are:
>
> - Fix CVE-2017-12617
>
> - Add ExtractingRoot, a new WebResourceRoot implementation that extracts
> JARs to the work directory for improved performance when deploying
> packed WAR files.
>
> Along with lots of other bug fixes and improvements.
>
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.23/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1157/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_23/
>
> The proposed 8.5.23 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.23
>
>
Rémy
Re: [VOTE] Release Apache Tomcat 8.5.23
Posted by Huxing Zhang <hu...@alibaba-inc.com>.
Hi,
The proposed 8.5.23 release is:
[ ] Broken - do not release
[ X ] Stable - go ahead and release as 8.5.23
* Unit test passed.
* Test web application works fine.
* Tested clean tomcat running under JDK9: ok, but with following message during stop:
29-Sep-2017 20:36:09.474 INFO [Thread-3] org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler ["http-nio-8180"]
29-Sep-2017 20:36:09.532 INFO [Thread-3] org.apache.catalina.core.StandardService.stopInternal Stopping service [Catalina]
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.apache.catalina.loader.WebappClassLoaderBase (file:/home/admin/tomcat/apache-tomcat80/svn/8.5.23/output/build/lib/catalina.jar) to field java.lang.Thread.threadLocals
WARNING: Please consider reporting this to the maintainers of org.apache.catalina.loader.WebappClassLoaderBase
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
* Tested clean tomcat running under JDK9: ok, but with the same warning message shown above
------------------------------------------------------------------
Mark Thomas <ma...@apache.org>
2017 Sep 28 (Thu) 19:21
Tomcat Developers List <de...@tomcat.apache.org>
[VOTE] Release Apache Tomcat 8.5.23
The proposed Apache Tomcat 8.5.23 release is now available for voting.
The major changes compared to the 8.5.21 release are:
- Fix CVE-2017-12617
- Add ExtractingRoot, a new WebResourceRoot implementation that extracts
JARs to the work directory for improved performance when deploying
packed WAR files.
Along with lots of other bug fixes and improvements.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.23/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1157/
The svn tag is:
http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_23/
The proposed 8.5.23 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.23
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.23
Posted by Mark Thomas <ma...@apache.org>.
On 28/09/17 12:21, Mark Thomas wrote:
> The proposed Apache Tomcat 8.5.23 release is now available for voting.
>
> The major changes compared to the 8.5.21 release are:
>
> - Fix CVE-2017-12617
>
> - Add ExtractingRoot, a new WebResourceRoot implementation that extracts
> JARs to the work directory for improved performance when deploying
> packed WAR files.
>
> Along with lots of other bug fixes and improvements.
>
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.23/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1157/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_23/
>
> The proposed 8.5.23 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.23
Unit tests pass for NIO, NIO2 and APR/native (with 1.2.14) on Windows,
OSX and Linux.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[RESULT][VOTE] Release Apache Tomcat 8.5.23
Posted by Mark Thomas <ma...@apache.org>.
The following votes were cast:
Binding:
+1: markt, remm, csutherl, huxing, violetagg, rjung
No other votes were cast.
The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org