Versions Compared

Old Version 10

changes.mady.by.user Remy Maucherat

Saved on

compared with

New Version Current

changes.mady.by.user Remy Maucherat

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

https://github.com/eufossa/apache-hackathon-2019

Ideas

  1. Security hardening.
    1. https://bz.apache.org/bugzilla/show_bug.cgi?id=55969 (improvements to Windows installer)
    2. https://bz.apache.org/bugzilla/show_bug.cgi?id=58837 (a more general mod_headers style solution)
  2. TCK + CI
    1. Integrate the Jakarta EE TCKs for Servlet, JSP, EL and WebSocket into the Tomcat CI builds
  3. Cloud enablement
    1. Improve use of a CDI 2 implementation (OpenWebBeans and/or Weld) in Tomcat
    2. Should be able to use a single Server listener and hopefully only a few JARs so that the user experience is better, in that scenarios all webapps should be CDI enabled
    3. Better Eclipse Microprofile (Health and Metrics in particular) support using the CDI 2 extensions support added in a and b
  4. Coyote clean-up / improvements
    1. Consider wrapping the SocketWrapper with a facade to detect / prevent components retaining references longer than they should (from the Tomcat next document)
  5. Add support for TLS key logging via OpenSSL to Tomcat-Native to aid debugging
  6. Look at TLS 1.3 early data and review the costs / benefits / feasibility of implementing it in Apache Tomcat
  7. Check HTTP/2 priority implementation
    1. https://github.com/andydavies/http2-prioritization-issues 
    2. https://github.com/pmeenan/http2priorities/tree/master/stand-alone
    3. Review Tomcat's use of buffering. Generally, want to commit to the network as late as possible to help (re-)prioritisation work.
  8. Check Tomcat's caching behaviour
    1. https://github.com/http-tests/cache-tests
  9. Look at new(ish) cookie extensions and review the costs / benefits / feasibility of implementing them in Apache Tomcat
    1. https://scotthelme.co.uk/tough-cookies/
  10. Coverity Scan analysis: https://scan.coverity.com/projects/apache-tomcat
  11. GraalVM native-image tool compatibility
    1. Should use https://github.com/apache/tomcat/tree/master/res/tomcat-maven
    2. Should use the JVM agent to generate reflection information https://github.com/oracle/graal/blob/master/substratevm/CONFIGURE.md
    3. The agent should be post CR16, to get the commit https://github.com/oracle/graal/commit/8c84d1e5d411d2515a123257c720d85c16edefee
  12. POEditor i18n contributions
  13. PGP key signing (https://s.apache.org/pgpkeysigning)