https://github.com/eufossa/apache-hackathon-2019

Ideas

  1. Security hardening.
    1. https://bz.apache.org/bugzilla/show_bug.cgi?id=55969 (improvements to Windows installer)
    2. https://bz.apache.org/bugzilla/show_bug.cgi?id=58837 (a more general mod_headers style solution)
  2. TCK + CI
    1. Integrate the Jakarta EE TCKs for Servlet, JSP, EL and WebSocket into the Tomcat CI builds
  3. Cloud enablement
    1. Improve use of a CDI 2 implementation (OpenWebBeans and/or Weld) in Tomcat
    2. Should be able to use a single Server listener and hopefully only a few JARs so that the user experience is better, in that scenarios all webapps should be CDI enabled
    3. Better Eclipse Microprofile (Health and Metrics in particular) support using the CDI 2 extensions support added in a and b
  4. Coyote clean-up / improvements
    1. Consider wrapping the SocketWrapper with a facade to detect / prevent components retaining references longer than they should (from the Tomcat next document)
  5. Add support for TLS key logging via OpenSSL to Tomcat-Native to aid debugging
  6. Look at TLS 1.3 early data and review the costs / benefits / feasibility of implementing it in Apache Tomcat
  7. Check HTTP/2 priority implementation
    1. https://github.com/andydavies/http2-prioritization-issues 
    2. https://github.com/pmeenan/http2priorities/tree/master/stand-alone
    3. Review Tomcat's use of buffering. Generally, want to commit to the network as late as possible to help (re-)prioritisation work.
  8. Check Tomcat's caching behaviour
    1. https://github.com/http-tests/cache-tests
  9. Look at new(ish) cookie extensions and review the costs / benefits / feasibility of implementing them in Apache Tomcat
    1. https://scotthelme.co.uk/tough-cookies/
  10. Coverity Scan analysis: https://scan.coverity.com/projects/apache-tomcat
  11. GraalVM native-image tool compatibility
    1. Should use https://github.com/apache/tomcat/tree/master/res/tomcat-maven
    2. Should use the JVM agent to generate reflection information https://github.com/oracle/graal/blob/master/substratevm/CONFIGURE.md
    3. The agent should be post CR16, to get the commit https://github.com/oracle/graal/commit/8c84d1e5d411d2515a123257c720d85c16edefee
  12. POEditor i18n contributions
  13. PGP key signing (https://s.apache.org/pgpkeysigning)
  • No labels

6 Comments

  1. Remy Maucherat

    From https://docs.google.com/presentation/d/1oFYhfoFJld0IKlzwsdHCNnhqZmoS4Mde-OvDfbBaiD4/edit?usp=sharing starting at slide 26 for the "upcoming" section, I have at the moment:

    • HTTP/2 improvements
    • Cloud functionality (= better CDI2 integration)
    • Coyote cleanups and improvements
    • Native improvements
    • HTTP/3
    • Jakarata EE.next
    • Configuration improvements

    Only the first 3 items could be attempted at this time.

  2. Felix Schumacher

    It would be nice to have a pgp key signing session

    1. Jean-Frederic Clere

      See https://s.apache.org/pgpkeysigning

  3. Mark Thomas

    Ideas from the http workshop (I'll update the page once I have internet access that doesn't block WebSocket). URLs for any referenced test suites should be available in the relevant presentation linked from https://github.com/HTTPWorkshop/workshop2019/wiki/Conversation-Starters I'll dig those out when I update the page.

    • Reduce h2 max streams (most impls use 100)
    • Reduce max header list size (most impls use 16k or 32k)
    • Implement option to enable TLS key logging in OpenSSL to aid TLS debugging with Wireshark
    • Review Tomcat's use of buffering. Need to commit to the network as late as possible to permit re-prioritisation
    • Run the re-prioritisation tests and see how well we do
    • Run the caching tests and see how well we do
    • Check EOS behaviour
    • Review available new(ish) extensions and consider implementing
    • Look at TLS 1.3 early data and what would be required to support it in Tomcat

  4. Mladen Turk

    Stuff I would love to address are replacement for Apache Commons Daemon and everything around native components.

    • Simplify Windows service wrappers
      I already have working prototype, but it needs Unicode and dynamic
      file length support. Something that can be done during Hackaton
    • Try to use Windows PowerShell instead archaic CP/M batch scripts
    • Make sure we are ready for OpenSSL 1.1.1 that has new library names
      and some minimum OS requirements

  5. Remy Maucherat

    For Graal, based on https://github.com/apache/tomcat/tree/master/res/tomcat-maven


    export JAVA_HOME=/home/remm/Work/graalvm-ce-1.0.0-rc16
    export JAVA_OPTS=-agentlib:native-image-agent=config-output-dir=./target/
    java -jar ./target/tomcat-maven-1.0.jar
    cd target
    $JAVA_HOME/bin/native-image -H:+ReportUnsupportedElementsAtRuntime -H:ConfigurationFileDirectories=./ -jar tomcat-maven-1.0.jar