You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Mark Thomas <ma...@apache.org> on 2023/08/23 23:22:38 UTC
[VOTE] Release Apache Tomcat 11.0.0-M11
The proposed Apache Tomcat 11.0.0-M11 release is now available for
voting.
Apache Tomcat 11.0.0-M11 is a milestone release of the 11.0.x branch and
has been made to provide users with early access to the new features in
Apache Tomcat 11.0.x so that they may provide feedback. The notable
changes compared to the previous milestone include:
- Update the HTTP parameter handling to align with the changes in the
Jakarta Servlet 6.1 API Javadoc for the ServletRequest methods used
to obtain request parameters. Invalid parameters and/or exceeding
parameter size and/or quantity limits now triggerm exceptions. As a
consequence, the FailedRequestFilter has been removed.
- If an application or library sets both a non-500 error code and the
jakarta.servlet.error.exception</code> request attribute, use the
provided error code during error page processing rather than assuming
an error code of 500.
- Fix for FORM authentication open redirect - CVE-2023-41080
For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html
Applications that run on Tomcat 9 and earlier will not run on Tomcat 11
without changes. Java EE applications designed for Tomcat 9 and earlier
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
will automatically convert them to Jakarta EE and copy them to the
webapps directory. Applications using deprecated APIs may require
further changes.
It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M11/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1451
The tag is:
https://github.com/apache/tomcat/tree/11.0.0-M11
ae109f6248e00a1952f706d6941ff930ad4466e1
The proposed 11.0.0-M11 release is:
[ ] -1 Broken - do not release
[ ] +1 Alpha - go ahead and release as 11.0.0-M11
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.0-M11
Posted by Rémy Maucherat <re...@apache.org>.
On Thu, Aug 24, 2023 at 1:23 AM Mark Thomas <ma...@apache.org> wrote:
>
> The proposed Apache Tomcat 11.0.0-M11 release is now available for
> voting.
>
> Apache Tomcat 11.0.0-M11 is a milestone release of the 11.0.x branch and
> has been made to provide users with early access to the new features in
> Apache Tomcat 11.0.x so that they may provide feedback. The notable
> changes compared to the previous milestone include:
>
> - Update the HTTP parameter handling to align with the changes in the
> Jakarta Servlet 6.1 API Javadoc for the ServletRequest methods used
> to obtain request parameters. Invalid parameters and/or exceeding
> parameter size and/or quantity limits now triggerm exceptions. As a
> consequence, the FailedRequestFilter has been removed.
>
> - If an application or library sets both a non-500 error code and the
> jakarta.servlet.error.exception</code> request attribute, use the
> provided error code during error page processing rather than assuming
> an error code of 500.
>
> - Fix for FORM authentication open redirect - CVE-2023-41080
>
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 11
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory. Applications using deprecated APIs may require
> further changes.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M11/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1451
>
> The tag is:
> https://github.com/apache/tomcat/tree/11.0.0-M11
> ae109f6248e00a1952f706d6941ff930ad4466e1
>
>
> The proposed 11.0.0-M11 release is:
> [ ] -1 Broken - do not release
> [X] +1 Alpha - go ahead and release as 11.0.0-M11
Rémy
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.0-M11
Posted by Mark Thomas <ma...@apache.org>.
On 23/08/2023 16:22, Mark Thomas wrote:
> The proposed 11.0.0-M11 release is:
> [ ] -1 Broken - do not release
> [X] +1 Alpha - go ahead and release as 11.0.0-M11
Tests pass on x64 Linux and M1 MacOS with Tomcat Native 1.2.38.
There were three test failures on x64 Windows with Tomcat Natibe 2.0.5.
I have traced these failures to issues with the newly added tests for
parameter handling. The tests don't take acocunt of all of the OS
differences. I have fixes for these tests that I'll commit shortly.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[VOTE][RESULT] Release Apache Tomcat 11.0.0-M11
Posted by Mark Thomas <ma...@apache.org>.
The following votes were cast:
Binding:
+1: lihan, markt, remm
No other votes were cast. The vote therefore passes.
Thanks to everyone who contributed to this release.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 11.0.0-M11
Posted by Han Li <li...@apache.org>.
> On Aug 24, 2023, at 07:22, Mark Thomas <ma...@apache.org> wrote:
>
> The proposed Apache Tomcat 11.0.0-M11 release is now available for
> voting.
>
> Apache Tomcat 11.0.0-M11 is a milestone release of the 11.0.x branch and has been made to provide users with early access to the new features in Apache Tomcat 11.0.x so that they may provide feedback. The notable changes compared to the previous milestone include:
>
> - Update the HTTP parameter handling to align with the changes in the
> Jakarta Servlet 6.1 API Javadoc for the ServletRequest methods used
> to obtain request parameters. Invalid parameters and/or exceeding
> parameter size and/or quantity limits now triggerm exceptions. As a
> consequence, the FailedRequestFilter has been removed.
>
> - If an application or library sets both a non-500 error code and the
> jakarta.servlet.error.exception</code> request attribute, use the
> provided error code during error page processing rather than assuming
> an error code of 500.
>
> - Fix for FORM authentication open redirect - CVE-2023-41080
>
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 without changes. Java EE applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. Applications using deprecated APIs may require further changes.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M11/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1451
>
> The tag is:
> https://github.com/apache/tomcat/tree/11.0.0-M11
> ae109f6248e00a1952f706d6941ff930ad4466e1
>
>
> The proposed 11.0.0-M11 release is:
> [ ] -1 Broken - do not release
> [X] +1 Alpha - go ahead and release as 11.0.0-M11
Tests pass on macOS(intel).
Han
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org