From dev-return-198099-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Thu Apr 11 14:11:44 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 5F33118065D for ; Thu, 11 Apr 2019 16:11:44 +0200 (CEST) Received: (qmail 94634 invoked by uid 500); 11 Apr 2019 14:11:43 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 94622 invoked by uid 99); 11 Apr 2019 14:11:43 -0000 Received: from Unknown (HELO mailrelay2-lw-us.apache.org) (10.10.3.159) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 11 Apr 2019 14:11:43 +0000 Received: from mail-it1-f179.google.com (mail-it1-f179.google.com [209.85.166.179]) by mailrelay2-lw-us.apache.org (ASF Mail Server at mailrelay2-lw-us.apache.org) with ESMTPSA id 0C6C32FE5 for ; Thu, 11 Apr 2019 14:11:43 +0000 (UTC) Received: by mail-it1-f179.google.com with SMTP id f22so9702912ita.3 for ; Thu, 11 Apr 2019 07:11:43 -0700 (PDT) X-Gm-Message-State: APjAAAU8KFHjipWUql6jAShBfJVz+iraTR77d/OtR5gon3zOQR8SuzAs bDQRsNkNyZQZ7/1NiuVdqgvQngGjla97t3H/SyE= X-Google-Smtp-Source: APXvYqx35gqnF/NiLIdVBeikI9/5F5l3F33pUIGsMYijZW0ndKUEjZsUmtOgTW6AwES+HqCIdnMrGgcK30yE9MEwfxc= X-Received: by 2002:a24:198f:: with SMTP id b137mr8677399itb.105.1554991902593; Thu, 11 Apr 2019 07:11:42 -0700 (PDT) MIME-Version: 1.0 References: <0d9caf79-1653-aae4-6036-66e519bdc967@kippdata.de> <65e1e91d-ea33-7bca-97c0-b858eabd3478@kippdata.de> <81ede812-1443-9e71-f3c2-36f42859b147@apache.org> In-Reply-To: <81ede812-1443-9e71-f3c2-36f42859b147@apache.org> From: =?UTF-8?Q?R=C3=A9my_Maucherat?= Date: Thu, 11 Apr 2019 16:11:31 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [VOTE] Release Apache Tomcat 9.0.18 To: Tomcat Developers List Content-Type: multipart/alternative; boundary="000000000000fb97ba058641c3de" --000000000000fb97ba058641c3de Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thu, Apr 11, 2019 at 4:08 PM Mark Thomas wrote: > On 11/04/2019 14:52, Mark Thomas wrote: > > On 11/04/2019 14:31, Rainer Jung wrote: > >> Am 11.04.2019 um 14:51 schrieb R=C3=A9my Maucherat: > >>> On Thu, Apr 11, 2019 at 2:00 PM Rainer Jung > >>> wrote: > >>> > >>>> Am 10.04.2019 um 15:44 schrieb Mark Thomas: > >>>>> The proposed Apache Tomcat 9.0.18 release is now available for > voting. > >>>>> > >>>>> The major changes compared to the 9.0.17 release are: > >>>>> > >>>>> - Fix for CVE-2019-0232 a RCE vulnerability on Windows > >>>>> > >>>>> - Add support for Java 11 to the JSP compiler. Java 12 and 13 are > also > >>>>> now supported if used with a ECJ version with support for those > >>>>> Java > >>>>> versions > >>>>> > >>>>> - Various NIO2 stability improvements > >>>>> > >>>>> Along with lots of other bug fixes and improvements. > >>>>> > >>>>> For full details, see the changelog: > >>>>> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html > >>>>> > >>>>> It can be obtained from: > >>>>> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.18/ > >>>>> The Maven staging repo is: > >>>>> > https://repository.apache.org/content/repositories/orgapachetomcat-1207/ > >>>>> > >>>>> The tag is: > >>>>> https://github.com/apache/tomcat/tree/9.0.18 > >>>>> 0862607e5da91a7c476a6350288d8d8a9380f556 > >>>>> > >>>>> The proposed 9.0.18 release is: > >>>>> [ ] Broken - do not release > >>>>> [ ] Stable - go ahead and release as 9.0.18 > >>>>> > >>>>> > >>>>> Due to the security fix contained in this release, the voting perio= d > >>>>> may > >>>>> be shortened once sufficient votes are cast to enable a faster > release. > >>>> > >>>> The MBeans for beans with j2eeType seem to be not filled with data. = I > >>>> have not checked since 9.0.12, so I don't know when that heppaned. > Just > >>>> wantd to give a heads up before investigating more. > >>>> > >>>> Example diff for one bean: > >>>> > >>>> Name: > >>>> > >>>> > Catalina:j2eeType=3DServlet,WebModule=3D//localhost/,name=3Ddefault,J2EEA= pplication=3Dnone,J2EEServer=3Dnone > >>>> > >>>> -modelerType: org.apache.catalina.mbeans.ContainerMBean > >>>> -maxTime: 0 > >>>> -requestCount: 0 > >>>> -servletClass: org.apache.catalina.servlets.DefaultServlet > >>>> -countAllocated: 0 > >>>> -available: 0 > >>>> -backgroundProcessorDelay: -1 > >>>> -processingTime: XXX > >>>> -loadOnStartup: 1 > >>>> -singleThreadModel: false > >>>> -loadTime: XXX > >>>> -stateName: STARTED > >>>> -minTime: XXX > >>>> -classLoadTime: XXX > >>>> -asyncSupported: false > >>>> -objectName: > >>>> > >>>> > Catalina:j2eeType=3DServlet,WebModule=3D//localhost/,name=3Ddefault,J2EEA= pplication=3Dnone,J2EEServer=3Dnone > >>>> > >>>> -maxInstances: 20 > >>>> -errorCount: 0 > >>>> +modelerType: org.apache.tomcat.util.modeler.BaseModelMBean > >>>> +empty: false > >>>> > >>>> The modelerType has changed, all attributes missing. > >>>> > >>> > >>> The good news is that 8.5 seems fine. > >>> > >>> I'll investigate. If we need to do a new release (IMO: yes), I'll fli= p > >>> the > >>> useAsyncIO default value ... > >> > >> I did some more checks: > >> > >> - as you said, 8.5.40 is fine > >> > >> - using the same scripts, 9.0.17 is also fine, so this looks like a re= al > >> code regression > >> > >> Thus I would also be -1 for the 9.0.18 release. > > > https://github.com/apache/tomcat/commit/8cbe4ba594dc41615faafb216fcb4ff3e= 0d8fafc > > seems to be the trigger. I haven't reviewed the commit yet. > Yes, sorry :( I already made the fix but the commit emails is stuck. https://github.com/apache/tomcat/commit/4c6c3e9f434ca1a5cecf04f1b9148fb221b= 3af37 R=C3=A9my --000000000000fb97ba058641c3de--