Hi all, I have two suggestions:
1. The table on http://tomcat.apache.org/whichversion.html has a column “Supported Java Versions” which has entries like “8 and later”. My understanding from e.g. https://marc.info/?l=tomcat-dev&m=150617891913261&w=2 is that currently no stable tomcat release supports Java 9 yet. IMO a remark regarding Java 9 should be added to http://tomcat.apache.org/whichversion.html . 2. Currently MITM attacks by evil ISPs or WiFi networks are possible against people downloading tomcat from http://tomcat.apache.org/download-80.cgi . (The page has links to PGP, md5 and sha1 hashes for validation, but the links are on a http page that does not redirect to https. This means they could be replaced in case of MITM.) IMO a HTTP 301 redirect to the https version and HSTS headers should be added to http://tomcat.apache.org/ . Should I try to submit issues in Bugzilla for both? Best Regards Oliver
