You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2021/08/09 20:05:45 UTC
[VOTE] Release Apache Tomcat 8.5.70
The proposed Apache Tomcat 8.5.70 release is now available for voting.
Chris was having some difficulties before the weekend getting the
release to build. He hasn't had time to get to the bottom of these
issues and time is ticking on so I took a look. I had different issues
on Windows but was still unable to complete the release. With the
addition of JSign, we have the option to build a full release on Linux
so I tried that and it was successful. If successful, this will be the
first release for a very long time built on Linux.
Given the above, additional scrutiny on the release artefacts targetted
at Windows would be welcome.
The notable changes compared to the 8.5.69 release are:
- Correct a regression in the previous release in the HTTP/2 flow
control window management along with additional improvements to HTTP/2
flow control
- Make the CorsFilter simpler to extend
- To avoid unnecessary cache revalidation, do not add an HTTP Expires
header when setting adding an HTTP header of CacheControl: private
Along with lots of other bug fixes and improvements.
For full details, see the changelog:
https://ci.apache.org/projects/tomcat/tomcat-8.5.x/docs/changelog.html
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.70/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1329/
The tag is:
https://github.com/apache/tomcat/tree/8.5.70
3d2e8b1964d4dff3c0656618edc0b09d0d5634b8
The proposed 8.5.70 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.70
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE][RESULT] Release Apache Tomcat 8.5.70
Posted by Mark Thomas <ma...@apache.org>.
The following votes were cast:
Binding:
+1: isapir, mturk, kkolinko, jfclere, schultz
No other votes were cast.
The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.70
Posted by Mark Thomas <ma...@apache.org>.
On 12/08/2021 12:20, jean-frederic clere wrote:
> On 09/08/2021 22:05, Mark Thomas wrote:
>> [X] Stable - go ahead and release as 8.5.70
>
> On fedora 34, I have the following failures:
> +++
> [concat] Testsuites with failed tests:
> [concat]
> TEST-org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt
> [concat]
> TEST-org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt
> [concat] TEST-org.apache.tomcat.util.net.TestClientCert.NIO.txt
> [concat] TEST-org.apache.tomcat.util.net.TestClientCert.NIO2.txt
> [concat] TEST-org.apache.tomcat.util.net.TestClientCertTls13.NIO.txt
> [concat] TEST-org.apache.tomcat.util.net.TestClientCertTls13.NIO2.txt
> [concat] TEST-org.apache.tomcat.util.net.TestCustomSsl.NIO.txt
> [concat] TEST-org.apache.tomcat.util.net.TestCustomSsl.NIO2.txt
> +++
> But that looks like a configuration problem... invalid certificate...
Various test certificates have expired.
To summarise (my recollection of) previous discussion on this:
- We could auto-generate these but there are concerns around entropy
particularly on CI systems if we do this.
- We could generate certs with a longer expiry (currently 2 years). Two
years was chosen as a balance between having to regenerate these too
often, keeping up with changing requirements for certs and reducing
damage in case someone is foolish enough to use the keys in
production.
Overall, I'm happy with having to do this every two years or so.
I'll regenerate new ones. I'm about to go into a meeting but should have
this down shortly afterwards.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.70
Posted by jean-frederic clere <jf...@gmail.com>.
On 09/08/2021 22:05, Mark Thomas wrote:
> [X] Stable - go ahead and release as 8.5.70
On fedora 34, I have the following failures:
+++
[concat] Testsuites with failed tests:
[concat] TEST-org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt
[concat]
TEST-org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt
[concat] TEST-org.apache.tomcat.util.net.TestClientCert.NIO.txt
[concat] TEST-org.apache.tomcat.util.net.TestClientCert.NIO2.txt
[concat] TEST-org.apache.tomcat.util.net.TestClientCertTls13.NIO.txt
[concat] TEST-org.apache.tomcat.util.net.TestClientCertTls13.NIO2.txt
[concat] TEST-org.apache.tomcat.util.net.TestCustomSsl.NIO.txt
[concat] TEST-org.apache.tomcat.util.net.TestCustomSsl.NIO2.txt
+++
But that looks like a configuration problem... invalid certificate...
--
Cheers
Jean-Frederic
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.70
Posted by Konstantin Kolinko <kn...@gmail.com>.
пн, 9 авг. 2021 г. в 23:05, Mark Thomas <ma...@apache.org>:
>
> The proposed Apache Tomcat 8.5.70 release is now available for voting.
>
> Chris was having some difficulties before the weekend getting the
> release to build. He hasn't had time to get to the bottom of these
> issues and time is ticking on so I took a look. I had different issues
> on Windows but was still unable to complete the release. With the
> addition of JSign, we have the option to build a full release on Linux
> so I tried that and it was successful. If successful, this will be the
> first release for a very long time built on Linux.
>
> Given the above, additional scrutiny on the release artefacts targetted
> at Windows would be welcome.
>
> The notable changes compared to the 8.5.69 release are:
>
> - Correct a regression in the previous release in the HTTP/2 flow
> control window management along with additional improvements to HTTP/2
> flow control
>
> - Make the CorsFilter simpler to extend
>
> - To avoid unnecessary cache revalidation, do not add an HTTP Expires
> header when setting adding an HTTP header of CacheControl: private
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat-8.5.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.70/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1329/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.70
> 3d2e8b1964d4dff3c0656618edc0b09d0d5634b8
>
> The proposed 8.5.70 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.70
Tested on Windows 10.
- Smoke testing OK (with 32-bit Java 7u80 from Oracle)
- Unit tests OK (32-bit Java 7u80 from Oracle, 64-bit Java 8u292 from
AdoptOpenJDK, Java 11.0.12 from Eclipse Temurin - former AdoptOpenJDK,
Java 16.0.2 from OpenJDK).
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.70
Posted by Igal Sapir <is...@apache.org>.
On Mon, Aug 9, 2021 at 1:06 PM Mark Thomas <ma...@apache.org> wrote:
> The proposed Apache Tomcat 8.5.70 release is now available for voting.
>
> <snip/>
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.70
> 3d2e8b1964d4dff3c0656618edc0b09d0d5634b8
>
> The proposed 8.5.70 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.70
>
+1
Tested on Ubuntu 20.04 with Java 11
Igal
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
>
Re: [VOTE] Release Apache Tomcat 8.5.70
Posted by Konstantin Kolinko <kn...@gmail.com>.
сб, 14 авг. 2021 г. в 00:38, Christopher Schultz <ch...@christopherschultz.net>:
>
> Mark,
>
> On 8/9/21 16:05, Mark Thomas wrote:
> > The proposed Apache Tomcat 8.5.70 release is now available for voting.
> >
> > [...]
> >
> > The proposed 8.5.70 release is:
> > [ ] Broken - do not release
> > [X] Stable - go ahead and release as 8.5.70
>
> Thanks for RM'ing.
>
> I won't veto the release, but it appears that you signed the (non-Maven)
> release artifacts with an expired PGP key. I'm not even sure how that's
> possible (GPG should refuse to do such things). Before release, I would
> recommend replacing the *.asc files; the originals obviously do not need
> to change. I did not check the Maven artifacts for similar issues.
Chris,
Checking the files,
gpg: assuming signed data in 'apache-tomcat-8.5.70.zip'
gpg: Signature made Mon Aug 9 19:18:24 2021 RTZ
gpg: using RSA key E4B2A4687C520E8EFEFB2777E94CA026DD51042F
I have not tested the KEYS file, but I do not see such key at key servers, e,g,
https://keyserver.ubuntu.com/
adding '0x' to search, i.e.
0xE4B2A4687C520E8EFEFB2777E94CA026DD51042F
nor in Mark's profile at
https://whimsy.apache.org/roster/committer/markt
For comparison, looking at 10.1.0-M4 files, they were signed with a
different key:
gpg: assuming signed data in 'apache-tomcat-10.1.0-M4.zip'
gpg: Signature made Tue Aug 3 21:58:07 2021 RTZ
gpg: using RSA key A9C5DF4D22E99998D9875A5110C01C5A2F6059E7
gpg: Good signature from "Mark E D Thomas <ma...@apache.org>" [unknown]
and this key is present in Mark's profile and is known by the Key server.
Best regards,
Konstantin Kolinko
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.70
Posted by Christopher Schultz <ch...@christopherschultz.net>.
Mark,
On 8/9/21 16:05, Mark Thomas wrote:
> The proposed Apache Tomcat 8.5.70 release is now available for voting.
>
> Chris was having some difficulties before the weekend getting the
> release to build. He hasn't had time to get to the bottom of these
> issues and time is ticking on so I took a look. I had different issues
> on Windows but was still unable to complete the release. With the
> addition of JSign, we have the option to build a full release on Linux
> so I tried that and it was successful. If successful, this will be the
> first release for a very long time built on Linux.
>
> Given the above, additional scrutiny on the release artefacts targetted
> at Windows would be welcome.
>
> The notable changes compared to the 8.5.69 release are:
>
> - Correct a regression in the previous release in the HTTP/2 flow
> control window management along with additional improvements to HTTP/2
> flow control
>
> - Make the CorsFilter simpler to extend
>
> - To avoid unnecessary cache revalidation, do not add an HTTP Expires
> header when setting adding an HTTP header of CacheControl: private
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat-8.5.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.70/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1329/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.70
> 3d2e8b1964d4dff3c0656618edc0b09d0d5634b8
>
> The proposed 8.5.70 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.70
Thanks for RM'ing.
I won't veto the release, but it appears that you signed the (non-Maven)
release artifacts with an expired PGP key. I'm not even sure how that's
possible (GPG should refuse to do such things). Before release, I would
recommend replacing the *.asc files; the originals obviously do not need
to change. I did not check the Maven artifacts for similar issues.
Works on a mundane servlet-based application in a development
environment with no obvious issues.
There are some unit-test failures. Some are entirely expected though
others are not. I'll leave it up to you to decide if these are problematic:
* org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt
* org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt
* (but not APR)
* (fails due to readApplicationRecord error; OpenSSL version issue?)
* org.apache.tomcat.util.net.TestClientCert.NIO.txt
* org.apache.tomcat.util.net.TestClientCert.NIO2.txt
* org.apache.tomcat.util.net.TestClientCertTls13.APR.txt
* org.apache.tomcat.util.net.TestClientCertTls13.NIO.txt
* org.apache.tomcat.util.net.TestClientCertTls13.NIO2.txt
* (also readApplicationRecord issues)
My guess is that since I'm using OpenSSL 1.1.1 and not OpenSSL 3.0.x, so
certain things are missing that we are testing.
Thanks,
-chris
Details:
* Environment
* Java (build): openjdk version "1.8.0_292" OpenJDK Runtime
Environment (build 1.8.0_292-8u292-b10-0+deb9u1-b10) OpenJDK 64-Bit
Server VM (build 25.292-b10, mixed mode)
* Java (test): openjdk version "1.8.0_292" OpenJDK Runtime
Environment (build 1.8.0_292-8u292-b10-0+deb9u1-b10) OpenJDK 64-Bit
Server VM (build 25.292-b10, mixed mode)
* OS: Linux 4.19.0-17-amd64 x86_64
* cc: cc (Debian 8.3.0-6) 8.3.0
* make: GNU Make 4.2.1
* OpenSSL: OpenSSL 1.1.1 11 Sep 2018
* APR: 1.6.5
*
* Valid SHA-512 signature for apache-tomcat-8.5.70.zip
* !! Invalid GPG signature for apache-tomcat-8.5.70.zip
* Valid SHA-512 signature for apache-tomcat-8.5.70.tar.gz
* !! Invalid GPG signature for apache-tomcat-8.5.70.tar.gz
* Valid SHA-512 signature for apache-tomcat-8.5.70.exe
* !! Invalid GPG signature for apache-tomcat-8.5.70.exe
* Valid Windows Digital Signature for apache-tomcat-8.5.70.exe
* Valid SHA512 signature for apache-tomcat-8.5.70-src.zip
* !! Invalid GPG signature for apache-tomcat-8.5.70-src.zip
* Valid SHA512 signature for apache-tomcat-8.5.70-src.tar.gz
* !! Invalid GPG signature for apache-tomcat-8.5.70-src.tar.gz
*
* Binary Zip and tarball: !! NOT SAME
* Source Zip and tarball: Same
*
* Building dependencies returned: 0
* tcnative builds cleanly
* Tomcat builds cleanly
* Junit Tests: FAILED
*
* Tests that failed:
* org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.APR.txt
* org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.NIO.txt
* org.apache.catalina.tribes.group.TestGroupChannelMemberArrival.NIO2.txt
* org.apache.catalina.tribes.group.TestGroupChannelSenderConnections.APR.txt
* org.apache.catalina.tribes.group.TestGroupChannelSenderConnections.NIO.txt
*
org.apache.catalina.tribes.group.TestGroupChannelSenderConnections.NIO2.txt
* org.apache.catalina.tribes.group.TestGroupChannelStartStop.APR.txt
* org.apache.catalina.tribes.group.TestGroupChannelStartStop.NIO.txt
* org.apache.catalina.tribes.group.TestGroupChannelStartStop.NIO2.txt
*
org.apache.catalina.tribes.group.interceptors.TestNonBlockingCoordinator.APR.txt
*
org.apache.catalina.tribes.group.interceptors.TestNonBlockingCoordinator.NIO.txt
*
org.apache.catalina.tribes.group.interceptors.TestNonBlockingCoordinator.NIO2.txt
* org.apache.catalina.tribes.group.interceptors.TestOrderInterceptor.APR.txt
* org.apache.catalina.tribes.group.interceptors.TestOrderInterceptor.NIO.txt
*
org.apache.catalina.tribes.group.interceptors.TestOrderInterceptor.NIO2.txt
*
org.apache.catalina.tribes.group.interceptors.TestTcpFailureDetector.APR.txt
*
org.apache.catalina.tribes.group.interceptors.TestTcpFailureDetector.NIO.txt
*
org.apache.catalina.tribes.group.interceptors.TestTcpFailureDetector.NIO2.txt
* org.apache.catalina.valves.rewrite.TestResolverSSL.NIO.txt
* org.apache.catalina.valves.rewrite.TestResolverSSL.NIO2.txt
* org.apache.tomcat.util.net.TestClientCert.NIO.txt
* org.apache.tomcat.util.net.TestClientCert.NIO2.txt
* org.apache.tomcat.util.net.TestClientCertTls13.APR.txt
* org.apache.tomcat.util.net.TestClientCertTls13.NIO.txt
* org.apache.tomcat.util.net.TestClientCertTls13.NIO2.txt
* org.apache.tomcat.util.net.TestCustomSsl.NIO.txt
* org.apache.tomcat.util.net.TestCustomSsl.NIO2.txt
* org.apache.tomcat.util.net.openssl.ciphers.TestCipher.APR.txt
* org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO.txt
* org.apache.tomcat.util.net.openssl.ciphers.TestCipher.NIO2.txt
*
org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.APR.txt
*
org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO.txt
*
org.apache.tomcat.util.net.openssl.ciphers.TestOpenSSLCipherConfigurationParser.NIO2.txt
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.70
Posted by Mladen Turk <mt...@apache.org>.
On 09/08/2021 22:05, Mark Thomas wrote:
> The proposed Apache Tomcat 8.5.70 release is now available for voting.
>
>
> The proposed 8.5.70 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.70
Tested on Windows 7 and Windows Server 2019
Using both installer and zip package
Regards
--
^TM
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org