...
- Security hardening.
- https://bz.apache.org/bugzilla/show_bug.cgi?id=55969
- https://bz.apache.org/bugzilla/show_bug.cgi?id=58837 (a more general mod_headers style solution)
- TCK + CI
- Integrate the Jakarta EE TCKs for Servlet, JSP, EL and WebSocket into the Tomcat CI builds
- HTTP/2 improvements
- remm to provide details
- Cloud functionality
- remm to provide details
- Coyote clean-up / improvements
- remm to provide details
- Add support for TLS key logging via OpenSSL to Tomcat-Native to aid debugging
- Look at TLS 1.3 early data and review the costs / benefits / feasability feasibility of implementing it in Apache Tomcat
- Check HTTP/2 priority implementation
- https://github.com/andydavies/http2-prioritization-issues
- https://github.com/pmeenan/http2priorities/tree/master/stand-alone
- Review Tomcat's use of buffering. Generally, want to commit to the network as late as possible to help (re-)prioritisation work.
- Check Tomcat's aching behaviour
- Look at new(ish) cookie extensions and review the costs / benefits / feasibility of implementing them in Apache Tomcat
- PGP key signing