https://github.com/eufossa/apache-hackathon-2019
Ideas
- Security hardening.
- https://bz.apache.org/bugzilla/show_bug.cgi?id=55969 (improvements to Windows installer)
- https://bz.apache.org/bugzilla/show_bug.cgi?id=58837 (a more general mod_headers style solution)
- TCK + CI
- Integrate the Jakarta EE TCKs for Servlet, JSP, EL and WebSocket into the Tomcat CI builds
- Cloud enablement
- Improve use of a CDI 2 implementation (OpenWebBeans and/or Weld) in Tomcat
- Should be able to use a single Server listener and hopefully only a few JARs so that the user experience is better, in that scenarios all webapps should be CDI enabled
- Better Eclipse Microprofile (Health and Metrics in particular) support using the CDI 2 extensions support added in a and b
- Coyote clean-up / improvements
- Consider wrapping the SocketWrapper with a facade to detect / prevent components retaining references longer than they should (from the Tomcat next document)
- Add support for TLS key logging via OpenSSL to Tomcat-Native to aid debugging
- Look at TLS 1.3 early data and review the costs / benefits / feasibility of implementing it in Apache Tomcat
- Check HTTP/2 priority implementation
- https://github.com/andydavies/http2-prioritization-issues
- https://github.com/pmeenan/http2priorities/tree/master/stand-alone
- Review Tomcat's use of buffering. Generally, want to commit to the network as late as possible to help (re-)prioritisation work.
- Check Tomcat's caching behaviour
- Look at new(ish) cookie extensions and review the costs / benefits / feasibility of implementing them in Apache Tomcat
- Coverity Scan analysis: https://scan.coverity.com/projects/apache-tomcat
- GraalVM native-image tool compatibility
- Should use https://github.com/apache/tomcat/tree/master/res/tomcat-maven
- Should use the JVM agent to generate reflection information https://github.com/oracle/graal/blob/master/substratevm/CONFIGURE.md
- The agent should be post CR16, to get the commit https://github.com/oracle/graal/commit/8c84d1e5d411d2515a123257c720d85c16edefee
- POEditor i18n contributions
- PGP key signing (https://s.apache.org/pgpkeysigning)