You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Christopher Schultz <ch...@christopherschultz.net> on 2023/05/09 16:12:02 UTC
[VOTE] Release Apache Tomcat 10.1.9
The proposed Apache Tomcat 10.1.9 release is now available for
voting.
The notable changes compared to 10.1.8 are:
- Many improvements to the JSON access log valve.
- Deprecate support for the HTTP Connector settings rejectIllegalHeader
and allowHostHeaderMismatch and reject HTTP headers without names.
- Add a RateLimitFilter which can be used to mitigate DoS and Brute
Force attacks.
For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
will automatically convert them to Jakarta EE and copy them to the
webapps directory.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1435
The tag is:
https://github.com/apache/tomcat/tree/10.1.9
5d45c1a9359c2298d7140c1ca90cb8c43809a168
The proposed 10.1.9 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.9
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
Posted by Han Li <li...@apache.org>.
> On May 10, 2023, at 00:12, Christopher Schultz <ch...@christopherschultz.net> wrote:
>
> The proposed Apache Tomcat 10.1.9 release is now available for
> voting.
>
> The notable changes compared to 10.1.8 are:
>
> - Many improvements to the JSON access log valve.
>
> - Deprecate support for the HTTP Connector settings rejectIllegalHeader
> and allowHostHeaderMismatch and reject HTTP headers without names.
>
> - Add a RateLimitFilter which can be used to mitigate DoS and Brute
> Force attacks.
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1435
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.9
> 5d45c1a9359c2298d7140c1ca90cb8c43809a168
>
> The proposed 10.1.9 release is:
> [ ] Broken - do not release
> [X ] Stable - go ahead and release as 10.1.9
Han
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
Posted by Christopher Schultz <ch...@christopherschultz.net>.
All,
On 5/9/23 12:56, Christopher Schultz wrote:
> Please standby. I will be re-issuing this VOTE with an amended Maven
> repo link.
False alarm. I was able to remove the unintended artifacts from the
Maven repository. The existing VOTE email and all references therein is
fine.
Thanks,
-chris
> On 5/9/23 12:12, Christopher Schultz wrote:
>> The proposed Apache Tomcat 10.1.9 release is now available for
>> voting.
>>
>> The notable changes compared to 10.1.8 are:
>>
>> - Many improvements to the JSON access log valve.
>>
>> - Deprecate support for the HTTP Connector settings rejectIllegalHeader
>> and allowHostHeaderMismatch and reject HTTP headers without names.
>>
>> - Add a RateLimitFilter which can be used to mitigate DoS and Brute
>> Force attacks.
>>
>> For full details, see the change log:
>> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>>
>> Applications that run on Tomcat 9 and earlier will not run on Tomcat
>> 10 without changes. Java EE applications designed for Tomcat 9 and
>> earlier may be placed in the $CATALINA_BASE/webapps-javaee directory
>> and Tomcat will automatically convert them to Jakarta EE and copy them
>> to the webapps directory.
>>
>> It can be obtained from:
>> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/
>>
>> The Maven staging repo is:
>> https://repository.apache.org/content/repositories/orgapachetomcat-1435
>>
>> The tag is:
>> https://github.com/apache/tomcat/tree/10.1.9
>> 5d45c1a9359c2298d7140c1ca90cb8c43809a168
>>
>> The proposed 10.1.9 release is:
>> [ ] Broken - do not release
>> [ ] Stable - go ahead and release as 10.1.9
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
Posted by Christopher Schultz <ch...@christopherschultz.net>.
All,
Please standby. I will be re-issuing this VOTE with an amended Maven
repo link.
Thanks,
-chris
On 5/9/23 12:12, Christopher Schultz wrote:
> The proposed Apache Tomcat 10.1.9 release is now available for
> voting.
>
> The notable changes compared to 10.1.8 are:
>
> - Many improvements to the JSON access log valve.
>
> - Deprecate support for the HTTP Connector settings rejectIllegalHeader
> and allowHostHeaderMismatch and reject HTTP headers without names.
>
> - Add a RateLimitFilter which can be used to mitigate DoS and Brute
> Force attacks.
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1435
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.9
> 5d45c1a9359c2298d7140c1ca90cb8c43809a168
>
> The proposed 10.1.9 release is:
> [ ] Broken - do not release
> [ ] Stable - go ahead and release as 10.1.9
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
Posted by Mark Thomas <ma...@apache.org>.
On 09/05/2023 21:03, Igal Sapir wrote:
> On Tue, May 9, 2023 at 12:51 PM Mark Thomas <ma...@apache.org> wrote:
>
>> <snip/>
>>
>> The new rate limit tests failed in MacOs and on Windows but that is an
>> issue with the tests and I am in the process of fixing it.
>>
>
> Thanks Mark. I look forward to seeing your patch.
>
> It passed on my machine before I commited it but I realize that it can, and
> should, be more robust.
No worries.
Anything timing related has a chance of taking longer than you'd
reasonably expect. I've lost count of the number of tests of mine that
broke in similar ways. I'm surprised that my MacOS machines hit the
issue as they are usually pretty speedy but they seem happy with the
patch so far.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
Posted by Igal Sapir <is...@apache.org>.
On Tue, May 9, 2023 at 12:51 PM Mark Thomas <ma...@apache.org> wrote:
> <snip/>
>
> The new rate limit tests failed in MacOs and on Windows but that is an
> issue with the tests and I am in the process of fixing it.
>
Thanks Mark. I look forward to seeing your patch.
It passed on my machine before I commited it but I realize that it can, and
should, be more robust.
Igal
>
> Otherwise, tests passed on Linux, Windows and MacOS.
>
> Mark
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
Re: [VOTE] Release Apache Tomcat 10.1.9
Posted by Mark Thomas <ma...@apache.org>.
On 09/05/2023 17:12, Christopher Schultz wrote:
> The proposed 10.1.9 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 10.1.9
The new rate limit tests failed in MacOs and on Windows but that is an
issue with the tests and I am in the process of fixing it.
Otherwise, tests passed on Linux, Windows and MacOS.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
Posted by Rémy Maucherat <re...@apache.org>.
On Tue, May 9, 2023 at 6:57 PM Christopher Schultz
<ch...@christopherschultz.net> wrote:
>
> The proposed Apache Tomcat 10.1.9 release is now available for
> voting.
>
> The notable changes compared to 10.1.8 are:
>
> - Many improvements to the JSON access log valve.
>
> - Deprecate support for the HTTP Connector settings rejectIllegalHeader
> and allowHostHeaderMismatch and reject HTTP headers without names.
>
> - Add a RateLimitFilter which can be used to mitigate DoS and Brute
> Force attacks.
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1435
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.9
> 5d45c1a9359c2298d7140c1ca90cb8c43809a168
>
> The proposed 10.1.9 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 10.1.9
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
Posted by Christopher Schultz <ch...@christopherschultz.net>.
All,
On 5/9/23 12:12, Christopher Schultz wrote:
> The proposed Apache Tomcat 10.1.9 release is now available for
> voting.
>
> The notable changes compared to 10.1.8 are:
>
> - Many improvements to the JSON access log valve.
>
> - Deprecate support for the HTTP Connector settings rejectIllegalHeader
> and allowHostHeaderMismatch and reject HTTP headers without names.
>
> - Add a RateLimitFilter which can be used to mitigate DoS and Brute
> Force attacks.
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1435
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.9
> 5d45c1a9359c2298d7140c1ca90cb8c43809a168
>
> The proposed 10.1.9 release is:
> [ ] Broken - do not release
> [ ] Stable - go ahead and release as 10.1.9
Running checkstyle gives me an error something like "cannot create
Module Root". I don't have the exact error message, since I just
disabled checkstyle and re-ran the build.
Anyone ever seen that before?
In other checkstyle news, the version of checkstyle used for 8.5.x is
too recent for Java 1.8 to run. I think I reported that in the past and
the consensus was that "RMs should be using Java 11 or later so that's
fine." I'm reporting that just in case I didn't do so before.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
Posted by Dimitris Soumis <ds...@redhat.com>.
Tests pass on Fedora 36 with Java 17.
On Tue, May 9, 2023 at 8:01 PM Christopher Schultz <
chris@christopherschultz.net> wrote:
> The proposed Apache Tomcat 10.1.9 release is now available for
> voting.
>
> The notable changes compared to 10.1.8 are:
>
> - Many improvements to the JSON access log valve.
>
> - Deprecate support for the HTTP Connector settings rejectIllegalHeader
> and allowHostHeaderMismatch and reject HTTP headers without names.
>
> - Add a RateLimitFilter which can be used to mitigate DoS and Brute
> Force attacks.
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1435
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.9
> 5d45c1a9359c2298d7140c1ca90cb8c43809a168
>
> The proposed 10.1.9 release is:
> [ ] Broken - do not release
> [X ] Stable - go ahead and release as 10.1.9
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
Re: [VOTE] Release Apache Tomcat 10.1.9
Posted by Christopher Schultz <ch...@christopherschultz.net>.
All,
On 5/9/23 12:12 PM, Christopher Schultz wrote:
> The proposed Apache Tomcat 10.1.9 release is now available for
> voting.
>
> The notable changes compared to 10.1.8 are:
>
> - Many improvements to the JSON access log valve.
>
> - Deprecate support for the HTTP Connector settings rejectIllegalHeader
> and allowHostHeaderMismatch and reject HTTP headers without names.
>
> - Add a RateLimitFilter which can be used to mitigate DoS and Brute
> Force attacks.
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1435
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.9
> 5d45c1a9359c2298d7140c1ca90cb8c43809a168
>
> The proposed 10.1.9 release is:
> [ ] Broken - do not release
> [ ] Stable - go ahead and release as 10.1.9
+1 for stable release.
Unit test pass on MacOS on Intel. Failing unit tests are expected in
this environment.
Details:
* Environment
* Java (build): java version "11.0.7" 2020-04-14 LTS Java(TM) SE
Runtime Environment 18.9 (build 11.0.7+8-LTS) Java HotSpot(TM) 64-Bit
Server VM 18.9 (build 11.0.7+8-LTS, mixed mode)
* Java (test): java version "11.0.7" 2020-04-14 LTS Java(TM) SE
Runtime Environment 18.9 (build 11.0.7+8-LTS) Java HotSpot(TM) 64-Bit
Server VM 18.9 (build 11.0.7+8-LTS, mixed mode)
* OS: Darwin 21.6.0 x86_64
* cc: Apple clang version 12.0.0 (clang-1200.0.31.1)
* make: GNU Make 3.81
* OpenSSL: OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
* APR: 1.7.0
*
* Valid SHA-512 signature for apache-tomcat-10.1.9.zip
* Valid GPG signature for apache-tomcat-10.1.9.zip
* Valid SHA-512 signature for apache-tomcat-10.1.9.tar.gz
* Valid GPG signature for apache-tomcat-10.1.9.tar.gz
* Valid SHA-512 signature for apache-tomcat-10.1.9.exe
* Valid GPG signature for apache-tomcat-10.1.9.exe
* Valid SHA512 signature for apache-tomcat-10.1.9-src.zip
* Valid GPG signature for apache-tomcat-10.1.9-src.zip
* Valid SHA512 signature for apache-tomcat-10.1.9-src.tar.gz
* Valid GPG signature for apache-tomcat-10.1.9-src.tar.gz
*
* Binary Zip and tarball: Same
* Source Zip and tarball: Same
*
* Building dependencies returned: 0
* tcnative builds cleanly
* Tomcat builds cleanly
* Junit Tests: FAILED
*
* Tests that failed:
* org.apache.catalina.filters.TestRateLimitFilter.NIO.txt
* org.apache.catalina.filters.TestRateLimitFilter.NIO2.txt
* org.apache.tomcat.util.net.jsse.TestPEMFile.NIO.txt
* org.apache.tomcat.util.net.jsse.TestPEMFile.NIO2.txt
* org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt
* org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO2.txt
*
org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt
*
org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO2.txt
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 10.1.9
Posted by Igal Sapir <is...@apache.org>.
On Tue, May 9, 2023 at 10:00 AM Christopher Schultz <
chris@christopherschultz.net> wrote:
> The proposed Apache Tomcat 10.1.9 release is now available for
> voting.
>
> The notable changes compared to 10.1.8 are:
>
> - Many improvements to the JSON access log valve.
>
> - Deprecate support for the HTTP Connector settings rejectIllegalHeader
> and allowHostHeaderMismatch and reject HTTP headers without names.
>
> - Add a RateLimitFilter which can be used to mitigate DoS and Brute
> Force attacks.
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1435
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.9
> 5d45c1a9359c2298d7140c1ca90cb8c43809a168
>
> The proposed 10.1.9 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 10.1.9
>
+1
Unit tests passed on Ubuntu 22.04 with Java 17
Igal
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>