Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


  • We need CI to be running a performance test to check for obvious regressions

TODO - finish this formatting

9.0.x - change default to true for discardfacades

Test removal of recycling - collect GC stats

processorCache == 0 => bad for performance

Document 0 == no cache & performance implications

Secure by default


  • . Need to extract results over time. How?
  • Ensure discardFacades is true for all versions
  • processorCache (Http11Processor) == 0 is very bad for performance (approx factor of 2) but very good for security. Document this.
  • Could investigate what we could do about the above.
    • Do we need to clear if we don't need to recycle?
    • Are there some recycled objects we could just recreate?
  • Shutdown port can have unexpected behaviour if there are two instances on same machine with same settings
    • Start A, Start B, Stop B actually stops A!
    • Switch default shutdown password to ${catalina.base}
  • Review TLS settings
    • Vary by JVM
    • Document
    • Do we enable anything that all JVMs disable (TLS 1.1?)
    • Are we using the right default cipher list (check with SSLLabs)?
  • Disabled more web applications by default
    • Package was WAR and then name AAA.war.disabled
  • SecurityListener - schultz already started these threads on dev@
    • Check for writeable files that should not


    • be
    • Anything from the Tomcat security guide


  • Remove SSI


  • /


  • CGI - schultz already started these threads on dev@

Next event

The majority of committers seem to be EU based. Next event likely to be most effective if EU based.

If there is a CoC next year, add on a day again. If not CoC , fosdem?Small group code review



, before Fosdem is a likely candidate. Need to keep an eye on CoC EU plans.

Next event likely to have a different focus. More code review based. Want to look at:

  • HTTP header parsing
  • Other areas TBD

Assuming similar costs, we have sufficient funding to run two more events like this.HTTP header parsing review


DateDescriptionCC Income ($)CC Expenses ($)CC Balance ($)Cash IncomeCash ExpensesCash BalanceTotal Balance

Initial funding from Google5,000.00

28 Feb 2024Meeting room for June 6th 2024 - EUR380

03 Jun 2024markt accommodation - EUR 563.86
04 Jun 2024remm accommodation - EUR 145.83

05 Jun 2024engelen accommodation - EUR 154.22

06 Jun 2024Lunch - EUR 270

06 Jun 2024Dinner - EUR 214.10