Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Move some items into "Environment Setup" and remove unnecessary older stuff.


  • Check that the version numbers have been incremented after the previous release, as expected. (e.g.
  • Check that the changelog file mentions your login name as release manager for this release (e.g. "Tomcat 9.0.94 (markt)").
  • Check whether the KEYS file differs from one. The latter one will be replaced after you do a release. Check that the KEYS file contains your public key.
  • Check that you are using the latest release of the Java Development Kit and Apache Ant that are appropriate for your Tomcat branch.
  • the full build still works (ant release, preferably). Check that Buildbot builds ( are green.
  • Prepare your build environment:
    • Add a file (or, better yet, keep this file in your ~/ if you have a dedicated build machine) with the following configuration (adjust paths for your environment)

      No Format
      gpg.exec=C:/Program Files (x86)/GNU/GnuPG/gpg2.exe
      # Enable the following if the DigiCert ONE magic is all set up, including ~/.digicertone/pkcs11properties.cfg


The aim is to create a copy of the current trunk but without the "-dev" appended to the end of the version number. All artifacts required for repeatable builds will be included as well.

  • Perform an a git clone and switch to the correct branch
  • (Hint: using Execute ant pre-release  may save you the following step, plus steps 2-3 in the Maven release process.)
  • Edit "" and change the lines after "# ----- Reproducible builds -----" to a new value. (NOTE: this is done by 'ant pre-release')

    • Note that the value of property is in seconds (unlike the value returned by System.currentTimeMillis() method which is milliseconds, see bug 65527 for how this happened for Tomcat 8.5.70).
      The value can be printed in a Bash shell with the following command:
      date +%s
      To print seconds since epoch, and date and time in human-readable format in UTC time zone:
      date -u '+%s %Y-%m-%d %H:%M:%S %Z'
  • Edit "" and change the line to (NOTE: this is done by 'ant pre-release')

    • This can be done with sed -i.bak "s/^*/"
  • . This makes the following changes to the source tree:Edit "
    • Create containing a number of handy settings:
      • set to the ISO-8601 timestamp value of "now" e.g. 2024-07-07T21:02:13Z (this can be generated using the UNIX date command: TZ=UTC date +'%Y-%m-%dT%H:%M:%SZ')

      • string)

    • Edit
    • webapps/docs/changelog.xml
    • and replace rtext="in development" with rtext="Release in progress" for the version being released
    (NOTE: this is done by 'ant pre-release')
    • Remember that notepad.exe will remove UTF-8 Byte-Order Marks (BOMs). Use write.exe or Notepad++ instead.
  • Build the release
    • ant release
  • Commit these changes
    • git add --all (to pick-up the repeatable build artifacts in addition to the content-changes from above)
    • git commit --all --message "Tag 9.0.94"
    • git tag 9.0.94
    • git push origin 9.0.94
  • Check the diff mailed to the dev list


  • GPG should be configured to use your Apache code signing key by default.
  • I always ensured c:/temp/libs was empty so that the build had to download all the dependenciesThis does not include the signing of the Windows installer, which must be done using and which is automated during the build process once the Tomcat PMC key is accessible by using jsign. (Working! Try setting do.codesigning=true in
  • The logs for the Windows signing are in ~/.signingmanager/logs on Linux
  • If you get an error signing the installer/uninstaller "Cannot load keystore ~/.digicertone/pkcs11properties.cfg" then you probably don't have your environment variables (or codesigning.storepass property propert) set properly.

Upload the release


See steps 1 to 3 for the release (not step 4 until the vote passes !)

  • cd res/maven
  • ant -f mvn-pub.xml deploy-release

Call a vote