IDP on Tomcat 8.5.x
cantor.2 at osu.edu
Mon May 8 17:12:59 EDT 2017
> I found an issue (IDP-1028) that came from a session problem reported to
> the mailing list:
That's what the note refers to, it should be more explicit.
> But otherwise, I don't see widespread reports of problems with Tomcat
I don't know how much its been used. My uninformed sense is that it's a bad release. They were waiting for 9 and then decided to do one of those backporting exercises to try and get stuff out sooner, and it seems to include a "not final" version of whatever the next servlet spec is going to be, and that all sort of made me feel like I wasn't shocked that the sessions were buggy. And that's about the worst place to be suspicious with software like this.
> Is it safe to upgrade to Tomcat v8.5.14?
I have literally no idea but my opinion is that it's not, based solely on the fact that it was broken for one person and that's all I need to see from a container. Rock solid, or get out. This is not a piece of software I think is worth trying to "live with" when there are demonstrably better alternatives.
Jetty continues to try and prove me wrong with regressions, so I'm not sure I like any of them at the moment but the regressions of late have been pretty harmless.
More information about the users