svn commit: r1749419 - in /tomcat/tc7.0.x/trunk: java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java webapps/docs/changelog.xml
Author: kfujino Date: Tue Jun 21 04:57:07 2016 New Revision: 1749419 URL: http://svn.apache.org/viewvc?rev=1749419=rev Log: Add log message when the ping has timed-out. Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java?rev=1749419=1749418=1749419=diff == --- tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java (original) +++ tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java Tue Jun 21 04:57:07 2016 @@ -313,6 +313,8 @@ public abstract class AbstractReplicated for (Member member : members) { long access = mapMembers.get(member).longValue(); if ( (now - access) > timeout ) { +log.warn("Member[" + member + "] in the Map[" + mapname ++ "] has timed-out in the ping processing."); memberDisappeared(member); } } Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1749419=1749418=1749419=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Tue Jun 21 04:57:07 2016 @@ -79,6 +79,13 @@ + + + +Add log message when the ping has timed-out. (kfujino) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1749418 - in /tomcat/tc8.0.x/trunk: java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java java/org/apache/catalina/tribes/tipis/LocalStrings.properties webapps/docs/changelog.x
Author: kfujino Date: Tue Jun 21 04:55:56 2016 New Revision: 1749418 URL: http://svn.apache.org/viewvc?rev=1749418=rev Log: Add log message when the ping has timed-out. Modified: tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java?rev=1749418=1749417=1749418=diff == --- tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java (original) +++ tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java Tue Jun 21 04:55:56 2016 @@ -306,6 +306,7 @@ public abstract class AbstractReplicated for (Member member : members) { long access = mapMembers.get(member).longValue(); if ( (now - access) > timeout ) { + log.warn(sm.getString("abstractReplicatedMap.ping.timeout", member, mapname)); memberDisappeared(member); } } Modified: tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties?rev=1749418=1749417=1749418=diff == --- tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties (original) +++ tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties Tue Jun 21 04:55:56 2016 @@ -38,6 +38,7 @@ abstractReplicatedMap.mapMemberAdded.nul abstractReplicatedMap.mapMemberAdded.added=Map member added:{0} abstractReplicatedMap.leftOver.ignored=Message[{0}] is ignored. abstractReplicatedMap.mapMember.unavailable=Member[{0}] is not available yet. +abstractReplicatedMap.ping.timeout=Member[{0}] in the Map[{1}] has timed-out in the ping processing. mapMessage.deserialize.error.key=Deserialization error of the MapMessage.key mapMessage.deserialize.error.value=Deserialization error of the MapMessage.value lazyReplicatedMap.unableReplicate.backup=Unable to replicate backup key:{0} to backup:{1}. Reason:{2} Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1749418=1749417=1749418=diff == --- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Tue Jun 21 04:55:56 2016 @@ -77,6 +77,13 @@ + + + +Add log message when the ping has timed-out. (kfujino) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1749417 - in /tomcat/tc8.5.x/trunk: java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java java/org/apache/catalina/tribes/tipis/LocalStrings.properties webapps/docs/changelog.x
Author: kfujino Date: Tue Jun 21 04:54:56 2016 New Revision: 1749417 URL: http://svn.apache.org/viewvc?rev=1749417=rev Log: Add log message when the ping has timed-out. Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java?rev=1749417=1749416=1749417=diff == --- tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java (original) +++ tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java Tue Jun 21 04:54:56 2016 @@ -307,6 +307,7 @@ public abstract class AbstractReplicated for (Member member : members) { long access = mapMembers.get(member).longValue(); if ( (now - access) > timeout ) { + log.warn(sm.getString("abstractReplicatedMap.ping.timeout", member, mapname)); memberDisappeared(member); } } Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties?rev=1749417=1749416=1749417=diff == --- tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties (original) +++ tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties Tue Jun 21 04:54:56 2016 @@ -38,6 +38,7 @@ abstractReplicatedMap.mapMemberAdded.nul abstractReplicatedMap.mapMemberAdded.added=Map member added:{0} abstractReplicatedMap.leftOver.ignored=Message[{0}] is ignored. abstractReplicatedMap.mapMember.unavailable=Member[{0}] is not available yet. +abstractReplicatedMap.ping.timeout=Member[{0}] in the Map[{1}] has timed-out in the ping processing. mapMessage.deserialize.error.key=Deserialization error of the MapMessage.key mapMessage.deserialize.error.value=Deserialization error of the MapMessage.value lazyReplicatedMap.unableReplicate.backup=Unable to replicate backup key:{0} to backup:{1}. Reason:{2} Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1749417=1749416=1749417=diff == --- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Tue Jun 21 04:54:56 2016 @@ -94,6 +94,13 @@ + + + +Add log message when the ping has timed-out. (kfujino) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1749416 - in /tomcat/trunk: java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java java/org/apache/catalina/tribes/tipis/LocalStrings.properties webapps/docs/changelog.xml
Author: kfujino Date: Tue Jun 21 04:53:43 2016 New Revision: 1749416 URL: http://svn.apache.org/viewvc?rev=1749416=rev Log: Add log message when the ping has timed-out. Modified: tomcat/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java tomcat/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java?rev=1749416=1749415=1749416=diff == --- tomcat/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java (original) +++ tomcat/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java Tue Jun 21 04:53:43 2016 @@ -307,6 +307,7 @@ public abstract class AbstractReplicated for (Member member : members) { long access = mapMembers.get(member).longValue(); if ( (now - access) > timeout ) { + log.warn(sm.getString("abstractReplicatedMap.ping.timeout", member, mapname)); memberDisappeared(member); } } Modified: tomcat/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties?rev=1749416=1749415=1749416=diff == --- tomcat/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties Tue Jun 21 04:53:43 2016 @@ -38,6 +38,7 @@ abstractReplicatedMap.mapMemberAdded.nul abstractReplicatedMap.mapMemberAdded.added=Map member added:{0} abstractReplicatedMap.leftOver.ignored=Message[{0}] is ignored. abstractReplicatedMap.mapMember.unavailable=Member[{0}] is not available yet. +abstractReplicatedMap.ping.timeout=Member[{0}] in the Map[{1}] has timed-out in the ping processing. mapMessage.deserialize.error.key=Deserialization error of the MapMessage.key mapMessage.deserialize.error.value=Deserialization error of the MapMessage.value lazyReplicatedMap.unableReplicate.backup=Unable to replicate backup key:{0} to backup:{1}. Reason:{2} Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1749416=1749415=1749416=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Tue Jun 21 04:53:43 2016 @@ -97,6 +97,13 @@ + + + +Add log message when the ping has timed-out. (kfujino) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Timescale for 8.0.x EOL
2016-06-20 19:12 GMT+09:00 Mark Thomas: > > > Since it seems there is some interest in maintaining 8.0.x beyond > September, how about we announce that: > - the monthly release cycle for 8.0.x will end in September > - new features and bug fixes are unlikely to be back-ported from that > point > - security fixes will probably be back-ported > - further releases will depend on circumstances but are unlikely to be > more frequent that 6 monthly > > +1 > Mark > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > > -- > Keiichi.Fujino > > >
buildbot failure in on tomcat-trunk
The Buildbot has detected a new failure on builder tomcat-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/1457 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' triggered this build Build Source Stamp: [branch tomcat/trunk] 1749373 Blamelist: markt BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59233] support unlimited SSL certificates stored in database or file system without server restart
https://bz.apache.org/bugzilla/show_bug.cgi?id=59233 --- Comment #1 from Mark Thomas--- Tomcat doesn't want to get into the details of where the meta-data is stored. It is already possible to add virtual hosts dynamically. What isn't currently possible is adding an SSLHostConfig to an Endpoint. That doesn't look too tricky. I'll take a look. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59737] Tomcat endpoints are becoming extremely unresponsive
https://bz.apache.org/bugzilla/show_bug.cgi?id=59737 Mark Thomaschanged: What|Removed |Added Status|REOPENED|RESOLVED Resolution|--- |INVALID --- Comment #3 from Mark Thomas --- Again, please use the users' mailing list. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59737] Tomcat endpoints are becoming extremely unresponsive
https://bz.apache.org/bugzilla/show_bug.cgi?id=59737 Craig Lynchchanged: What|Removed |Added Status|RESOLVED|REOPENED Resolution|INVALID |--- --- Comment #2 from Craig Lynch --- Could you please elaborate? The only items in the stacktrace are either in Tomcat or java concurrency code. What appears to be happening ins Tomcat is trying to release a lock that's already been released. It seems unlikely that there's a configuration I could be setting that would cause Tomcat to try to do that. I've actually been working on this problem for well over a month now, and I do have more information that points towards Tomcat -- the TaskQueue builds up large lists of runnables when the sites are in the bad state, and I'm able to reproduce very similar issues by making the queue behave badly in different ways. As I mentioned, I'm happy to provide additional information, I'm just not sure what's useful to the project. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 54664] [1.1.27 branch] Poll.remove incorrectly reports APR_SUCCESS instead of APR_NOTFOUND for socket without poll
https://bz.apache.org/bugzilla/show_bug.cgi?id=54664 Mark Thomaschanged: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #1 from Mark Thomas --- This was fixed in r1525525 and was included in 1.1.29 onwards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: r1731030 and 1731035 release timeline
Thanks, I’ll see if we can just move to 8.5.x. Seems like that’ll be better long-term by a good margin. Peter On 6/20/16, 7:35 AM, "Mark Thomas"wrote: On 16/06/2016 20:37, Peter Robbins wrote: > Hi there, > > I’ve run into the WebappClassLoader jar scanning memory leak resolved > by r1731030 and r1731035 in Tomcat 7 trunk. It appears those changes > made it separately into both 8.0.36 and 8.5.3, but are missing from > 7.0.69 and 7.0.70. Any idea on the timeline of when those would be > released in 7.x? For the benefit of the archives, this is not a leak. There is increased memory usage but that usage is a) bounded and b) released when the application is unloaded. The current 7.0.x implementation loads the binary content for every class into memory as part of the scanning process. As classes are loaded, the binary content is dropped and the newly created class added. For applications that use most of the classes they ship with, the result is a rapid step in the memory requirements when the application starts rather than a gradual rise over time and the end result marginally increased memory usage. For applications that use few of the classes they ship with, the result is also a rapid step in the memory requirements when the application starts rather than a gradual rise over time but the end result is significantly increased memory usage. I've reviewed the code and the changes in r1731030 and r1731035 are heavily dependent on the WebResources refactoring that took place for 8.0.x and is not present in 7.0.x. This makes implementing a fix for this issue significantly more difficult in 7.0.x. Given the general fragility of resource loading in 7.0.x (itself a significant factor in introducing the WebResources refactoring) I'm currently leaning more towards recommending workarounds for this issue rather than implementing code fixes. Those workarounds boil down to minimising the number of JARs scanned and are covered in the JAR scanning section of [1]. I plan to spend some more time looking at options for fixing this in the code, but my recommendation would be to look at an upgrade to 8.5.x or to minimise the amount of JAR scanning performed if this is an issue for you. Mark [1] http://wiki.apache.org/tomcat/HowTo/FasterStartUp - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59716] Allow JNDI configuration of CorsFilter
https://bz.apache.org/bugzilla/show_bug.cgi?id=59716 --- Comment #2 from Lucas Theisen--- Fair enough... I just find it easier to have all my application config in one place (GlobalNamingResources), rather than multiple (setenv.sh and GlobalNamingResources). In any case, your suggestion would satisfy my requirement to have a single build be configurable differently per environment, so feel free to close this ticket. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59716] Allow JNDI configuration of CorsFilter
https://bz.apache.org/bugzilla/show_bug.cgi?id=59716 Mark Thomaschanged: What|Removed |Added OS||All Severity|normal |enhancement --- Comment #1 from Mark Thomas --- Moving to an enhancement request. Tomcat typically handles this via property replacement [1]. [1] http://tomcat.apache.org/tomcat-9.0-doc/config/index.html -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59708] LockOutRealm Details
https://bz.apache.org/bugzilla/show_bug.cgi?id=59708 Mark Thomaschanged: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #3 from Mark Thomas --- This has been fixed the trunk for all currently supported versions and will be included in: - 9.0.0.M9 onwards - 8.5.4 omwards - 8.0.37 onwards - 7.0.71 onwards - 6.0.46 onwards -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1749379 - in /tomcat/tc6.0.x/trunk: ./ java/org/apache/catalina/realm/LockOutRealm.java webapps/docs/changelog.xml webapps/docs/config/realm.xml
Author: markt Date: Mon Jun 20 18:47:47 2016 New Revision: 1749379 URL: http://svn.apache.org/viewvc?rev=1749379=rev Log: Modify the lock out logic. Valid authentication attempts during the lock out period will no longer reset the lock out timer to zero. Modified: tomcat/tc6.0.x/trunk/ (props changed) tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/LockOutRealm.java tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml Propchange: tomcat/tc6.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 20 18:47:47 2016 @@ -1,4 +1,4 @@ -/tomcat/tc7.0.x/trunk:1190476,1224802,1243045,1298635,1304471,1311997,1312007,1331772,1333164,1333176,1348992,1354866,1371298,1371302,1371620,1402110,1409014,1413553,1413557,1413563,1430083,1438415,1446641-1446660,1447013,1453106,1453119,1484919,1486877,1500065,1503852,1505844,1513151,1521040,1526470,1536524,1539176-1539177,1544469,1544473,1552805,1558894,1558917,1561368,1561382,1561386,1561552,1561561,1561636,1561641,1561643,1561737,1562748,1564317,1568922,1570163,1577328,1577464-1577465,1578814,1586659,1586897,1586960,1588199,1588997,1589740,1589851,1589997,1590019,1590028,1590337,1590492,1590651,1590838,1590845,1590848,1590912,1593262,1593288,1593371,1593835,1594230,1595174,1595366,1600956,1601333,1601856,1601909,1609079,1609606,1617364,1617374,1617433,1617457-1617458,1624249,1626579,1627420,1627469,1632586,1637686,1637711,1640675,1642045,1643515,1643540,1643572,1643585-1643586,1643642,1643647,1644019,1648817,1656301,1658815,1659523,1659564,1664001,1664176,1665087,1666968,1666989 ,1668541,1668635,1669802,1676557,1681183,1681841,1681865,1681867,1685829,1693109,1694293,1694433,1694875,1696381,1701945,1710353,1712656,1713873,1714000,1714005,1714540,1715213,1716221,1716417,1717107,1717210,1717212,1720236,1720398,1720443,1720464,1721814,1721883,1722645,1722801,1723151,1724435,1724553,1724675,1724797,1724806,1725931,1726631,1726808,1726813,1726815,1726817,1726819,1726917,1726919,1726922-1726924,1727031,1727034,1727043,1727158,1727672,1727903,1728450,1729363,1731010,1731119,1731956,1731978,1732362,1732674-1732675,1733942,1734116,1734134,1734532,1737249,1737253,1737968,1738049,1738186,1739778,1741178,1741184,1741193,1741211,1741218,1741228,1741235,1742281,1743121,1743142,1743649,1744061,1744129,1744155,1744241,1744383,1744689,1745230,1746942,1746994 +/tomcat/tc7.0.x/trunk:1190476,1224802,1243045,1298635,1304471,1311997,1312007,1331772,1333164,1333176,1348992,1354866,1371298,1371302,1371620,1402110,1409014,1413553,1413557,1413563,1430083,1438415,1446641-1446660,1447013,1453106,1453119,1484919,1486877,1500065,1503852,1505844,1513151,1521040,1526470,1536524,1539176-1539177,1544469,1544473,1552805,1558894,1558917,1561368,1561382,1561386,1561552,1561561,1561636,1561641,1561643,1561737,1562748,1564317,1568922,1570163,1577328,1577464-1577465,1578814,1586659,1586897,1586960,1588199,1588997,1589740,1589851,1589997,1590019,1590028,1590337,1590492,1590651,1590838,1590845,1590848,1590912,1593262,1593288,1593371,1593835,1594230,1595174,1595366,1600956,1601333,1601856,1601909,1609079,1609606,1617364,1617374,1617433,1617457-1617458,1624249,1626579,1627420,1627469,1632586,1637686,1637711,1640675,1642045,1643515,1643540,1643572,1643585-1643586,1643642,1643647,1644019,1648817,1656301,1658815,1659523,1659564,1664001,1664176,1665087,1666968,1666989 ,1668541,1668635,1669802,1676557,1681183,1681841,1681865,1681867,1685829,1693109,1694293,1694433,1694875,1696381,1701945,1710353,1712656,1713873,1714000,1714005,1714540,1715213,1716221,1716417,1717107,1717210,1717212,1720236,1720398,1720443,1720464,1721814,1721883,1722645,1722801,1723151,1724435,1724553,1724675,1724797,1724806,1725931,1726631,1726808,1726813,1726815,1726817,1726819,1726917,1726919,1726922-1726924,1727031,1727034,1727043,1727158,1727672,1727903,1728450,1729363,1731010,1731119,1731956,1731978,1732362,1732674-1732675,1733942,1734116,1734134,1734532,1737249,1737253,1737968,1738049,1738186,1739778,1741178,1741184,1741193,1741211,1741218,1741228,1741235,1742281,1743121,1743142,1743649,1744061,1744129,1744155,1744241,1744383,1744689,1745230,1746942,1746994,1749377
svn commit: r1749378 - /tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml
Author: markt Date: Mon Jun 20 18:43:38 2016 New Revision: 1749378 URL: http://svn.apache.org/viewvc?rev=1749378=rev Log: Revert unintended change included in r1749377 Modified: tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml Modified: tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml?rev=1749378=1749377=1749378=diff == --- tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml Mon Jun 20 18:43:38 2016 @@ -20,7 +20,7 @@ xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd; version="3.0" - metadata-complete="false"> + metadata-complete="true"> Servlet and JSP Examples. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1749377 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/realm/LockOutRealm.java webapps/docs/changelog.xml webapps/docs/config/realm.xml webapps/examples/WEB-INF/web.xml
Author: markt Date: Mon Jun 20 18:36:29 2016 New Revision: 1749377 URL: http://svn.apache.org/viewvc?rev=1749377=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59708 Modify the lock out logic. Valid authentication attempts during the lock out period will no longer reset the lock out timer to zero. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/LockOutRealm.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 20 18:36:29 2016 @@ -1,3 +1,3 @@ /tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553 -1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702739,1702742,1702 744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1725974,1726171-1 726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750 -/tomcat/tc8.5.x/trunk:1735579,1736839,1737199,1737966,1738042,1738044,1738162,1738165,1738178,1739157,1739173,1739177,1739476,1740132,1740521,1740536,1740804,1740811,1740981,1741165,1741174,1741182,1741191,1741203,1741209,1741226,1741233,1741410,1742277,1743118,1743126,1743139-1743140,1743718,1743722,1743724,1744059,1744127,1744151,1744232,1744377,1744687,1744698,1744706,1745228,1746940,1748548,1748716,1749288
svn commit: r1749376 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/realm/LockOutRealm.java webapps/docs/changelog.xml webapps/docs/config/realm.xml
Author: markt Date: Mon Jun 20 18:25:54 2016 New Revision: 1749376 URL: http://svn.apache.org/viewvc?rev=1749376=rev Log: Modify the lock out logic. Valid authentication attempts during the lock out period will no longer reset the lock out timer to zero. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/catalina/realm/LockOutRealm.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml tomcat/tc8.0.x/trunk/webapps/docs/config/realm.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 20 18:25:54 2016 @@ -1,2 +1,2 @@ /tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002 -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886 ,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657 592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1 666387,1666494,1666496,1666552,1666569,1666579,137,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452
svn commit: r1749375 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/realm/LockOutRealm.java webapps/docs/changelog.xml webapps/docs/config/realm.xml
Author: markt Date: Mon Jun 20 18:23:01 2016 New Revision: 1749375 URL: http://svn.apache.org/viewvc?rev=1749375=rev Log: Modify the lock out logic. Valid authentication attempts during the lock out period will no longer reset the lock out timer to zero. Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/LockOutRealm.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml tomcat/tc8.5.x/trunk/webapps/docs/config/realm.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 20 18:23:01 2016 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747 993,1748001,1748253,1748452,1748547,1748676,1748715,1749287,1749296,1749328,1749373 +/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747 993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373 Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/LockOutRealm.java URL:
[Bug 59737] Tomcat endpoints are becoming extremely unresponsive
https://bz.apache.org/bugzilla/show_bug.cgi?id=59737 Mark Thomaschanged: What|Removed |Added Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #1 from Mark Thomas --- There is nothing here that indicates a Tomcat bug. You get a better response if you post this to the users' mailing list. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59737] New: Tomcat endpoints are becoming extremely unresponsive
https://bz.apache.org/bugzilla/show_bug.cgi?id=59737 Bug ID: 59737 Summary: Tomcat endpoints are becoming extremely unresponsive Product: Tomcat 8 Version: 8.0.35 Hardware: PC OS: Windows NT Status: NEW Severity: blocker Priority: P2 Component: Connectors Assignee: dev@tomcat.apache.org Reporter: rcraigly...@gmail.com We run embedded tomcat on version 8, and for some reason are consistently seeing extreme slowness across all Tomcat endpoints at very consistent intervals of three hours. Once a site gets into the slow state, it is never able to recover, and stays unresponsive (requests take tens of minutes to hours) until the service is manually restarted. There are no resource issues that I've been able to detect (heap seems fine, no apparent memory leaks, cpu is fine, network/db connections aren't exhausted, etc). Tomcat does seem to receive the requests, but for some reason does not seem to be processing them. There is an exception that occurs right around the time the service goes into a bad state, which is the reason I believe this to be a Tomcat issue. The stack trace is as follows: Exception in thread "mc-26" java.lang.IllegalMonitorStateException at java.util.concurrent.locks.ReentrantLock$Sync.tryRelease(Unknown Source) at java.util.concurrent.locks.AbstractQueuedSynchronizer.release(Unknown Source) at java.util.concurrent.locks.ReentrantLock.unlock(Unknown Source) at java.util.concurrent.LinkedBlockingQueue.take(Unknown Source) at org.apache.tomcat.util.threads.TaskQueue.take(TaskQueue.java:103) at org.apache.tomcat.util.threads.TaskQueue.take(TaskQueue.java:31) at java.util.concurrent.ThreadPoolExecutor.getTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Unknown Source) Having done some additional testing, I can elaborate on the state of things when this exception occurs: * The ReentrantLock that is throwing the exception is meant to throw the IllegalMonitorStateException when a thread other than the thread that created the lock tries to release it. Interestingly, when tryRelease() is called, the owning thread is actually null, which means that the lock isn't currently taken or owned by anyone. * The lock's state is 0, which is consistent with the lock's owning thread being null. * The tryRelease funtion takes an int argument "releases", which is 1 (you'd find that in the stacktrace anyway, since it's passed in as a constant further up, but mentioning it might save some time). I realize that the LinkedBlockingQueue and ReentrantLock are java core concurrency libraries, but it seems like Tomcat is getting into a bad state once the error occurs, and is unable to exit the bad state. The executing thread that gets this exception dies, and almost all other threads end up staying almost all the time in an unsafe parked state. The IllegalMonitorStateException also generally occurs in several threads after it's shown up for the first time. I'm not sure how to describe how to reproduce this issue, other than saying that everyone at my company with our service installed experiences it very reliably every three hours. We've been thus far unable to determine what causes it, however. My personal theory is that somehow the TaskQueue is getting into a state where it can only rarely give tasks to the executor threads, but I don't know what causes things to enter that state. From what we can tell, it does seem to be related to our Jersey endpoints. If you need any additional information, just let me know and I'll be happy to provide anything that might be useful. I've been getting most of my information from thread/heap dumps as well as modifying local versions of Tomcat to provide additional logging. Most of our services are running Tomcat 8.0.32, but seem to still exhibit the problem on versions at least as early as 8.0.15 and as late as 8.0.34. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1749374 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/
Author: markt Date: Mon Jun 20 18:15:56 2016 New Revision: 1749374 URL: http://svn.apache.org/viewvc?rev=1749374=rev Log: Refactor key store creation to make it easier for users to insert certificate stores and trust stores programmatically. Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings_es.properties tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings_es.properties tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 20 18:15:56 2016 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747 993,1748001,1748253,1748452,1748547,1748676,1748715,1749287,1749296,1749328 +/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
svn commit: r1749373 - in /tomcat/trunk: java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/
Author: markt Date: Mon Jun 20 18:13:07 2016 New Revision: 1749373 URL: http://svn.apache.org/viewvc?rev=1749373=rev Log: Refactor key store creation to make it easier for users to insert certificate stores and trust stores programmatically. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings_es.properties tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings_es.properties tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties?rev=1749373=1749372=1749373=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties Mon Jun 20 18:13:07 2016 @@ -104,6 +104,9 @@ channel.nio.ssl.expandNetOutBuffer=Expan channel.nio.ssl.sniDefault=Unable to buffer enough data to determine requested SNI host name. Using default channel.nio.ssl.sniHostName=The SNI host name extracted for this connection was [{0}] +jsse.invalid_truststore_password=The provided trust store password could not be used to unlock and/or validate the trust store. Retrying to access the trust store with a null password which will skip validation. +jsse.keystore_load_failed=Failed to load keystore type [{0}] with path [{1}] due to [{2}] + sniExtractor.clientHelloTooBig=The ClientHello was not presented in a single TLS record so no SNI information could be extracted socket.closed=The socket associated with this connection has been closed. Modified: tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings_es.properties URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings_es.properties?rev=1749373=1749372=1749373=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings_es.properties (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings_es.properties Mon Jun 20 18:13:07 2016 @@ -34,3 +34,6 @@ endpoint.debug.channelCloseFail = No pue endpoint.debug.socketCloseFail = No pude cerrar el enchufe (socket) endpoint.apr.noSslCertFile = El atribiuto del conector SSLCertificateFile debe de ser definido al usar SSL con APR endpoint.apr.invalidSslProtocol = Se ha proporcionado un valor inv\u00E1lido [{0}] para el atributo SSLProtocol + +jsse.invalid_truststore_password = La clave del almac\u00E9n de confianza suministrada no se pudo usar para desbloquear y/o validar el almac\u00E9n de confianza. Reintentando acceder el almac\u00E9n de confianza con una clave nula que se saltar\u00E1 la validaci\u00F3n. +jsse.keystore_load_failed = No pude cargar almac\u00E9n de claves de tipo [{0}] con ruta [{1}] debido a [{2}] Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1749373=1749372=1749373=diff == --- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Mon Jun 20 18:13:07 2016 @@ -17,6 +17,9 @@ package org.apache.tomcat.util.net; import java.io.File; +import java.io.IOException; +import java.security.KeyStore; +import java.security.UnrecoverableKeyException; import java.util.HashMap; import java.util.HashSet; import java.util.LinkedHashSet; @@ -96,6 +99,7 @@ public class SSLHostConfig { private String truststorePassword = System.getProperty("javax.net.ssl.trustStorePassword"); private String truststoreProvider = System.getProperty("javax.net.ssl.trustStoreProvider"); private String truststoreType = System.getProperty("javax.net.ssl.trustStoreType"); +private KeyStore truststore = null; // OpenSSL private String certificateRevocationListPath; private String caCertificateFile; @@ -583,6 +587,38 @@ public class SSLHostConfig { } +public void setTrustStore(KeyStore truststore) { +this.truststore = truststore; +} + + +public KeyStore getTruststore() throws IOException { +KeyStore result = truststore; +if (result == null) { +if (truststoreFile != null){ +try { +result =
[GitHub] tomcat pull request #32: added small change
Github user joelschwabe closed the pull request at: https://github.com/apache/tomcat/pull/32 --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] tomcat pull request #32: added small change
GitHub user joelschwabe opened a pull request: https://github.com/apache/tomcat/pull/32 added small change pulled small change from branch into master You can merge this pull request into a Git repository by running: $ git pull https://github.com/joelschwabe/tomcat smallChange Alternatively you can review and apply these changes as the patch at: https://github.com/apache/tomcat/pull/32.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #32 commit 8772a4993268cd77357221008653548f5c5f430f Author: Joel SchwabeDate: 2016-06-20T16:28:42Z added small change --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
buildbot success in on tomcat-8-trunk
The Buildbot has detected a restored build on builder tomcat-8-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-8-trunk/builds/661 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' triggered this build Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1749330 Blamelist: markt Build succeeded! Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59735] Tomcat 8.5 breaks memcached-session-manager
https://bz.apache.org/bugzilla/show_bug.cgi?id=59735 Mark Thomaschanged: What|Removed |Added Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #1 from Mark Thomas --- The intention is to look at any problems on a case by case bases. In this case, the change is security related (CVE-2016-0714) and the new method is available in the latest release of all supported Tomcat versions so I'm leaning towards not adding this back in 8.5.x. However, if this creates problems for memcached, please feel free to re-open this issue and we can take another look. Note that the method was also removed in 9.0.x and will not be restored there. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Timescale for 8.0.x EOL
Am 20.06.2016 um 12:12 schrieb Mark Thomas: On 15/06/2016 08:02, jean-frederic clere wrote: On 06/14/2016 02:05 PM, Rémy Maucherat wrote: 2016-06-14 10:31 GMT+02:00 Mark Thomas: On 14/06/2016 09:00, Emmanuel Bourg wrote: Le 13/06/2016 à 17:47, Mark Thomas a écrit : Now we have a stable release of 8.5.x, I'd like to finialise the end of life date for 8.0.x so we can publish it. We originally said we'd do parallel releases for 6 months. That gives an EOL date of 30 September 2016 for 8.0.x which seems reasonable to me. Any objections to that date or suggestions for a better one? Hi, Just a word with my Debian maintainer hat on, Tomcat 8.0.x was shipped with Debian 8 Jessie with the expectation it would be supported during the lifetime of this release (until May 2018). I'm currently maintaining with other volunteers a stable version based on 8.0.14 (with backported security patches). Canonical does a similar job for Ubuntu 16.04 LTS based on Tomcat 8.0.32. The early EOL of 8.0.x is impractical because, at least in Debian, major updates like the switch to 8.5 aren't allowed for the stable distribution. I understand you can't maintain so many branches for a long time, but if Tomcat 8.0.x could be security supported at least until the Debian 9 release (~April/May 2017) it would allow users following the stable distribution to remain on a supported version of Tomcat (Debian 9 will include Tomcat 8.5). That is unlikely unless someone volunteers for that task. Yes JF or myself could volunteer to do some additional limited 8.0 releases, but we'll see how it goes in practice. We have to provide long term support for our customers, one way is to keep 8.0.x alive here so the community can benefit our efforts. Since it seems there is some interest in maintaining 8.0.x beyond September, how about we announce that: - the monthly release cycle for 8.0.x will end in September - new features and bug fixes are unlikely to be back-ported from that point - security fixes will probably be back-ported - further releases will depend on circumstances but are unlikely to be more frequent that 6 monthly Maybe we don't need to be too specific on the expected interval (just dropping "but are unlikely to be more frequent that 6 monthly"). But I'm +1 with and without this variation. Regards, Rainer - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1749330 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml
Author: markt Date: Mon Jun 20 13:08:51 2016 New Revision: 1749330 URL: http://svn.apache.org/viewvc?rev=1749330=rev Log: Do not attempt to start web resources during a web application's initialisation phase since the web application is not fully configured at that point and the web resources may not be correctly configured. Follow-up to https://lists.apache.org/thread.html/8c27e780a079a15169c915a8481ef129e6fc2322d548075d00753a5c@%3Cusers.tomcat.apache.org%3E Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/catalina/core/StandardContext.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 20 13:08:51 2016 @@ -1,2 +1,2 @@ /tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002 -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886 ,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657 592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1 666387,1666494,1666496,1666552,1666569,1666579,137,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452
svn commit: r1749329 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml
Author: markt Date: Mon Jun 20 13:08:19 2016 New Revision: 1749329 URL: http://svn.apache.org/viewvc?rev=1749329=rev Log: Do not attempt to start web resources during a web application's initialisation phase since the web application is not fully configured at that point and the web resources may not be correctly configured. Follow-up to https://lists.apache.org/thread.html/8c27e780a079a15169c915a8481ef129e6fc2322d548075d00753a5c@%3Cusers.tomcat.apache.org%3E Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/catalina/core/StandardContext.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 20 13:08:19 2016 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747 993,1748001,1748253,1748452,1748547,1748676,1748715,1749287,1749296 +/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747 993,1748001,1748253,1748452,1748547,1748676,1748715,1749287,1749296,1749328
[Bug 59735] New: Tomcat 8.5 breaks memcached-session-manager
https://bz.apache.org/bugzilla/show_bug.cgi?id=59735 Bug ID: 59735 Summary: Tomcat 8.5 breaks memcached-session-manager Product: Tomcat 8 Version: 8.5.2 Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: joakim.edenh...@gmail.com The removal of deprecated methods in org.apache.catalina.session.StandardSession breaks memcached-session-manager. At the very least, the method exclude(String) is needed. Others may be needed as well, I have not investigated what happens when exclude is restored. I have captured this stack trace: 20-Jun-2016 10:37:59.616 INFO [ContainerBackgroundProcessor[StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]] de.javakaffee.web.msm.MemcachedSessionService.updateExpirationInMemcached Could not update expiration in memcached for session CFC46B06D3867A23FECF4A4042E43771-n2 java.lang.NoSuchMethodError: org.apache.catalina.session.StandardSession.exclude(Ljava/lang/String;)Z at de.javakaffee.web.msm.MemcachedBackupSession.exclude(MemcachedBackupSession.java:597) at de.javakaffee.web.msm.JavaSerializationTranscoder.writeAttributes(JavaSerializationTranscoder.java:121) at de.javakaffee.web.msm.JavaSerializationTranscoder.serializeAttributes(JavaSerializationTranscoder.java:100) at de.javakaffee.web.msm.TranscoderService.serializeAttributes(TranscoderService.java:151) at de.javakaffee.web.msm.BackupSessionService.updateExpiration(BackupSessionService.java:132) at de.javakaffee.web.msm.MemcachedSessionService.updateExpirationInMemcached(MemcachedSessionService.java:1606) at de.javakaffee.web.msm.MemcachedBackupSessionManager.backgroundProcess(MemcachedBackupSessionManager.java:575) at org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5543) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1374) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1346) at java.lang.Thread.run(Thread.java:745) I am filing this bug report because the following commit message mentions the possibility of postponing removal of methods until Tomcat 9. If this problem is insufficient reason to restore necessary methods, I will open a bug with memcached-session-manager instead of this. https://github.com/apache/tomcat80/commit/a5fe49b5f5003d9da41b2ce4cd4a1065f2214a49 Steps to reproduce: 1) Install and start memcached. 2) Install Tomcat 8.5.3 3) Place memcached-session-manager-1.9.3.jar and memcached-session-manager-tc8-1.9.3.jar in $CATALINA_HOME/lib 4) Configure memcached-session-manager in your context.xml (substitute localhost:11211 with your memcached host and port): 5) Visit a page which creates a new session and then wait a few seconds for the background thread to trigger. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1749328 - in /tomcat/trunk: java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml
Author: markt Date: Mon Jun 20 13:05:17 2016 New Revision: 1749328 URL: http://svn.apache.org/viewvc?rev=1749328=rev Log: Do not attempt to start web resources during a web application's initialisation phase since the web application is not fully configured at that point and the web resources may not be correctly configured. Follow-up to https://lists.apache.org/thread.html/8c27e780a079a15169c915a8481ef129e6fc2322d548075d00753a5c@%3Cusers.tomcat.apache.org%3E Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1749328=1749327=1749328=diff == --- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original) +++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Mon Jun 20 13:05:17 2016 @@ -4824,8 +4824,8 @@ public class StandardContext extends Con */ public void resourcesStart() throws LifecycleException { -// May have been started (but not fully configured) in init() so no need -// to start the resources if they are already available +// Check current status in case resources were added that had already +// been started if (!resources.getState().isAvailable()) { resources.start(); } @@ -6211,10 +6211,6 @@ public class StandardContext extends Con namingResources.init(); } -if (resources != null) { -resources.start(); -} - // Send j2ee.object.created notification if (this.getObjectName() != null) { Notification notification = new Notification("j2ee.object.created", Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1749328=1749327=1749328=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Jun 20 13:05:17 2016 @@ -78,6 +78,12 @@ Follow-up to 59655. Improve the documentation for configuring permitted cookie names. Patch provided by Kyohei Nakamura. (markt) + +Do not attempt to start web resources during a web application's +initialisation phase since the web application is not fully configured +at that point and the web resources may not be correctly configured. +(markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: r1731030 and 1731035 release timeline
On 16/06/2016 20:37, Peter Robbins wrote: > Hi there, > > I’ve run into the WebappClassLoader jar scanning memory leak resolved > by r1731030 and r1731035 in Tomcat 7 trunk. It appears those changes > made it separately into both 8.0.36 and 8.5.3, but are missing from > 7.0.69 and 7.0.70. Any idea on the timeline of when those would be > released in 7.x? For the benefit of the archives, this is not a leak. There is increased memory usage but that usage is a) bounded and b) released when the application is unloaded. The current 7.0.x implementation loads the binary content for every class into memory as part of the scanning process. As classes are loaded, the binary content is dropped and the newly created class added. For applications that use most of the classes they ship with, the result is a rapid step in the memory requirements when the application starts rather than a gradual rise over time and the end result marginally increased memory usage. For applications that use few of the classes they ship with, the result is also a rapid step in the memory requirements when the application starts rather than a gradual rise over time but the end result is significantly increased memory usage. I've reviewed the code and the changes in r1731030 and r1731035 are heavily dependent on the WebResources refactoring that took place for 8.0.x and is not present in 7.0.x. This makes implementing a fix for this issue significantly more difficult in 7.0.x. Given the general fragility of resource loading in 7.0.x (itself a significant factor in introducing the WebResources refactoring) I'm currently leaning more towards recommending workarounds for this issue rather than implementing code fixes. Those workarounds boil down to minimising the number of JARs scanned and are covered in the JAR scanning section of [1]. I plan to spend some more time looking at options for fixing this in the code, but my recommendation would be to look at an upgrade to 8.5.x or to minimise the amount of JAR scanning performed if this is an issue for you. Mark [1] http://wiki.apache.org/tomcat/HowTo/FasterStartUp - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Timescale for 8.0.x EOL
2016-06-20 13:12 GMT+03:00 Mark Thomas: > On 15/06/2016 08:02, jean-frederic clere wrote: >> On 06/14/2016 02:05 PM, Rémy Maucherat wrote: >>> 2016-06-14 10:31 GMT+02:00 Mark Thomas : >>> On 14/06/2016 09:00, Emmanuel Bourg wrote: > Le 13/06/2016 à 17:47, Mark Thomas a écrit : >> Now we have a stable release of 8.5.x, I'd like to finialise the end of >> life date for 8.0.x so we can publish it. >> >> We originally said we'd do parallel releases for 6 months. That gives an >> EOL date of 30 September 2016 for 8.0.x which seems reasonable to me. >> >> Any objections to that date or suggestions for a better one? > > Hi, > > Just a word with my Debian maintainer hat on, Tomcat 8.0.x was shipped > with Debian 8 Jessie with the expectation it would be supported during > the lifetime of this release (until May 2018). I'm currently maintaining > with other volunteers a stable version based on 8.0.14 (with backported > security patches). Canonical does a similar job for Ubuntu 16.04 LTS > based on Tomcat 8.0.32. > > The early EOL of 8.0.x is impractical because, at least in Debian, major > updates like the switch to 8.5 aren't allowed for the stable distribution. > > I understand you can't maintain so many branches for a long time, but if > Tomcat 8.0.x could be security supported at least until the Debian 9 > release (~April/May 2017) it would allow users following the stable > distribution to remain on a supported version of Tomcat (Debian 9 will > include Tomcat 8.5). That is unlikely unless someone volunteers for that task. >>> >>> Yes JF or myself could volunteer to do some additional limited 8.0 >>> releases, but we'll see how it goes in practice. >> >> We have to provide long term support for our customers, one way is to >> keep 8.0.x alive here so the community can benefit our efforts. > > Since it seems there is some interest in maintaining 8.0.x beyond > September, how about we announce that: > - the monthly release cycle for 8.0.x will end in September > - new features and bug fixes are unlikely to be back-ported from that > point > - security fixes will probably be back-ported > - further releases will depend on circumstances but are unlikely to be > more frequent that 6 monthly +1 Generally our good practice thus far was to give a notice 1 year ahead of EOL of a version of Tomcat. This plan is aligned with that practice, so I like it. "6 months" sounds too harsh. I think 3 months, or "3 - 6" months. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Timescale for 8.0.x EOL
2016-06-20 13:12 GMT+03:00 Mark Thomas: > > On 15/06/2016 08:02, jean-frederic clere wrote: > > On 06/14/2016 02:05 PM, Rémy Maucherat wrote: > >> 2016-06-14 10:31 GMT+02:00 Mark Thomas : > >> > >>> On 14/06/2016 09:00, Emmanuel Bourg wrote: > Le 13/06/2016 à 17:47, Mark Thomas a écrit : > > Now we have a stable release of 8.5.x, I'd like to finialise the end of > > life date for 8.0.x so we can publish it. > > > > We originally said we'd do parallel releases for 6 months. That gives an > > EOL date of 30 September 2016 for 8.0.x which seems reasonable to me. > > > > Any objections to that date or suggestions for a better one? > > Hi, > > Just a word with my Debian maintainer hat on, Tomcat 8.0.x was shipped > with Debian 8 Jessie with the expectation it would be supported during > the lifetime of this release (until May 2018). I'm currently maintaining > with other volunteers a stable version based on 8.0.14 (with backported > security patches). Canonical does a similar job for Ubuntu 16.04 LTS > based on Tomcat 8.0.32. > > The early EOL of 8.0.x is impractical because, at least in Debian, major > updates like the switch to 8.5 aren't allowed for the stable > >>> distribution. > > I understand you can't maintain so many branches for a long time, but if > Tomcat 8.0.x could be security supported at least until the Debian 9 > release (~April/May 2017) it would allow users following the stable > distribution to remain on a supported version of Tomcat (Debian 9 will > include Tomcat 8.5). > >>> > >>> That is unlikely unless someone volunteers for that task. > >>> > >> > >> Yes JF or myself could volunteer to do some additional limited 8.0 > >> releases, but we'll see how it goes in practice. > > > > We have to provide long term support for our customers, one way is to > > keep 8.0.x alive here so the community can benefit our efforts. > > Since it seems there is some interest in maintaining 8.0.x beyond > September, how about we announce that: > - the monthly release cycle for 8.0.x will end in September > - new features and bug fixes are unlikely to be back-ported from that > point > - security fixes will probably be back-ported > - further releases will depend on circumstances but are unlikely to be > more frequent that 6 monthly +1 Regards, Violeta > Mark > > > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org >
[Bug 59655] The CookieNameValidator has issue that related to the consistency
https://bz.apache.org/bugzilla/show_bug.cgi?id=59655 --- Comment #3 from Mark Thomas--- Thanks. Docs update for 9.0.x and 8.5.x. The patch will be in 9.0.0.M9 and 8.5.4 onwards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1749297 - in /tomcat/tc8.5.x/trunk: ./ java/javax/servlet/http/Cookie.java webapps/docs/changelog.xml webapps/docs/config/systemprops.xml
Author: markt Date: Mon Jun 20 10:43:57 2016 New Revision: 1749297 URL: http://svn.apache.org/viewvc?rev=1749297=rev Log: Follow-up to https://bz.apache.org/bugzilla/show_bug.cgi?id=59655 Improve the documentation for configuring permitted cookie names Patch provided by Kyohei Nakamura Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml tomcat/tc8.5.x/trunk/webapps/docs/config/systemprops.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 20 10:43:57 2016 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747 993,1748001,1748253,1748452,1748547,1748676,1748715,1749287 +/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747 993,1748001,1748253,1748452,1748547,1748676,1748715,1749287,1749296 Modified: tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java URL:
svn commit: r1749296 - in /tomcat/trunk: java/javax/servlet/http/Cookie.java webapps/docs/changelog.xml webapps/docs/config/systemprops.xml
Author: markt Date: Mon Jun 20 10:42:52 2016 New Revision: 1749296 URL: http://svn.apache.org/viewvc?rev=1749296=rev Log: Follow-up to https://bz.apache.org/bugzilla/show_bug.cgi?id=59655 Improve the documentation for configuring permitted cookie names Patch provided by Kyohei Nakamura Modified: tomcat/trunk/java/javax/servlet/http/Cookie.java tomcat/trunk/webapps/docs/changelog.xml tomcat/trunk/webapps/docs/config/systemprops.xml Modified: tomcat/trunk/java/javax/servlet/http/Cookie.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/http/Cookie.java?rev=1749296=1749295=1749296=diff == --- tomcat/trunk/java/javax/servlet/http/Cookie.java (original) +++ tomcat/trunk/java/javax/servlet/http/Cookie.java Mon Jun 20 10:42:52 2016 @@ -48,9 +48,8 @@ import java.util.ResourceBundle; * cache pages that use cookies created with this class. This class does not * support the cache control defined with HTTP 1.1. * - * This class supports both the Version 0 (by Netscape) and Version 1 (by RFC - * 2109) cookie specifications. By default, cookies are created using RFC6265 - * to ensure the best interoperability. + * This class supports both the RFC 2109 and the RFC 6265 specifications. + * By default, cookies are created using RFC 6265. */ public class Cookie implements Cloneable, Serializable { Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1749296=1749295=1749296=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Jun 20 10:42:52 2016 @@ -74,6 +74,10 @@ caused when a Servlet is mapped to /* are more significant than the security risk of not enabling this option by default. (markt) + +Follow-up to 59655. Improve the documentation for configuring +permitted cookie names. Patch provided by Kyohei Nakamura. (markt) + Modified: tomcat/trunk/webapps/docs/config/systemprops.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/systemprops.xml?rev=1749296=1749295=1749296=diff == --- tomcat/trunk/webapps/docs/config/systemprops.xml (original) +++ tomcat/trunk/webapps/docs/config/systemprops.xml Mon Jun 20 10:42:52 2016 @@ -340,9 +340,9 @@ If this is true then the requirements of the Servlet specification - that Cookie names must adhere to RFC2109 (no use of separators) will be - enforced. If this is false the the naming rules specified in RFC6265 will - be used. + that Cookie names must adhere to RFC2109 will be enforced. If this is + false the the naming rules specified in RFC6265 (allow the leading "$") + will be used. If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set to true, the default of this setting will be true, else the default value will be false. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Timescale for 8.0.x EOL
2016-06-20 12:12 GMT+02:00 Mark Thomas: > Since it seems there is some interest in maintaining 8.0.x beyond > September, how about we announce that: > - the monthly release cycle for 8.0.x will end in September > - new features and bug fixes are unlikely to be back-ported from that > point > - security fixes will probably be back-ported > - further releases will depend on circumstances but are unlikely to be > more frequent that 6 monthly > > +1 Rémy
buildbot failure in on tomcat-8-trunk
The Buildbot has detected a new failure on builder tomcat-8-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-8-trunk/builds/660 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' triggered this build Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1749289 Blamelist: markt BUILD FAILED: failed compile_1 Sincerely, -The Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Timescale for 8.0.x EOL
On 15/06/2016 08:02, jean-frederic clere wrote: > On 06/14/2016 02:05 PM, Rémy Maucherat wrote: >> 2016-06-14 10:31 GMT+02:00 Mark Thomas: >> >>> On 14/06/2016 09:00, Emmanuel Bourg wrote: Le 13/06/2016 à 17:47, Mark Thomas a écrit : > Now we have a stable release of 8.5.x, I'd like to finialise the end of > life date for 8.0.x so we can publish it. > > We originally said we'd do parallel releases for 6 months. That gives an > EOL date of 30 September 2016 for 8.0.x which seems reasonable to me. > > Any objections to that date or suggestions for a better one? Hi, Just a word with my Debian maintainer hat on, Tomcat 8.0.x was shipped with Debian 8 Jessie with the expectation it would be supported during the lifetime of this release (until May 2018). I'm currently maintaining with other volunteers a stable version based on 8.0.14 (with backported security patches). Canonical does a similar job for Ubuntu 16.04 LTS based on Tomcat 8.0.32. The early EOL of 8.0.x is impractical because, at least in Debian, major updates like the switch to 8.5 aren't allowed for the stable >>> distribution. I understand you can't maintain so many branches for a long time, but if Tomcat 8.0.x could be security supported at least until the Debian 9 release (~April/May 2017) it would allow users following the stable distribution to remain on a supported version of Tomcat (Debian 9 will include Tomcat 8.5). >>> >>> That is unlikely unless someone volunteers for that task. >>> >> >> Yes JF or myself could volunteer to do some additional limited 8.0 >> releases, but we'll see how it goes in practice. > > We have to provide long term support for our customers, one way is to > keep 8.0.x alive here so the community can benefit our efforts. Since it seems there is some interest in maintaining 8.0.x beyond September, how about we announce that: - the monthly release cycle for 8.0.x will end in September - new features and bug fixes are unlikely to be back-ported from that point - security fixes will probably be back-ported - further releases will depend on circumstances but are unlikely to be more frequent that 6 monthly Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1749290 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml webapps/docs/config/context.xml webapps/docs/security-howto.xml
Author: markt Date: Mon Jun 20 10:02:37 2016 New Revision: 1749290 URL: http://svn.apache.org/viewvc?rev=1749290=rev Log: Change the default for Context.sessionCookiePathUsesTrailingSlash from true to false. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/StandardContext.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml tomcat/tc7.0.x/trunk/webapps/docs/config/context.xml tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 20 10:02:37 2016 @@ -1,3 +1,3 @@ /tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553 -1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702739,1702742,1702 744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1725974,1726171-1 726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750 -/tomcat/tc8.5.x/trunk:1735579,1736839,1737199,1737966,1738042,1738044,1738162,1738165,1738178,1739157,1739173,1739177,1739476,1740132,1740521,1740536,1740804,1740811,1740981,1741165,1741174,1741182,1741191,1741203,1741209,1741226,1741233,1741410,1742277,1743118,1743126,1743139-1743140,1743718,1743722,1743724,1744059,1744127,1744151,1744232,1744377,1744687,1744698,1744706,1745228,1746940,1748548,1748716
svn commit: r1749289 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml webapps/docs/config/context.xml webapps/docs/security-howto.xml
Author: markt Date: Mon Jun 20 10:00:44 2016 New Revision: 1749289 URL: http://svn.apache.org/viewvc?rev=1749289=rev Log: Change the default for Context.sessionCookiePathUsesTrailingSlash from true to false. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/catalina/core/StandardContext.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml tomcat/tc8.0.x/trunk/webapps/docs/config/context.xml tomcat/tc8.0.x/trunk/webapps/docs/security-howto.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 20 10:00:44 2016 @@ -1,2 +1,2 @@ /tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002 -/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886 ,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657 592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1 666387,1666494,1666496,1666552,1666569,1666579,137,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452
svn commit: r1749288 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml webapps/docs/config/context.xml webapps/docs/security-howto.xml
Author: markt Date: Mon Jun 20 09:59:56 2016 New Revision: 1749288 URL: http://svn.apache.org/viewvc?rev=1749288=rev Log: Change the default for Context.sessionCookiePathUsesTrailingSlash from true to false. Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/catalina/core/StandardContext.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml tomcat/tc8.5.x/trunk/webapps/docs/config/context.xml tomcat/tc8.5.x/trunk/webapps/docs/security-howto.xml Propchange: tomcat/tc8.5.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Mon Jun 20 09:59:56 2016 @@ -1 +1 @@ -/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747 993,1748001,1748253,1748452,1748547,1748676,1748715 +/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501 ,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747 993,1748001,1748253,1748452,1748547,1748676,1748715,1749287 Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/core/StandardContext.java URL:
svn commit: r1749287 - in /tomcat/trunk: java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml webapps/docs/config/context.xml webapps/docs/security-howto.xml
Author: markt Date: Mon Jun 20 09:58:37 2016 New Revision: 1749287 URL: http://svn.apache.org/viewvc?rev=1749287=rev Log: Change the default for Context.sessionCookiePathUsesTrailingSlash from true to false. Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java tomcat/trunk/webapps/docs/changelog.xml tomcat/trunk/webapps/docs/config/context.xml tomcat/trunk/webapps/docs/security-howto.xml Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1749287=1749286=1749287=diff == --- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original) +++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Mon Jun 20 09:58:37 2016 @@ -696,7 +696,7 @@ public class StandardContext extends Con * particularly IE, don't send a session cookie for context /foo with * requests intended for context /foobar. */ -private boolean sessionCookiePathUsesTrailingSlash = true; +private boolean sessionCookiePathUsesTrailingSlash = false; /** Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1749287=1749286=1749287=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Mon Jun 20 09:58:37 2016 @@ -67,6 +67,13 @@ attempts during the lock out period will no longer reset the lock out timer to zero. (markt) + +Change the default of the +sessionCookiePathUsesTrailingSlash attribute of the +Context element to false since the problems +caused when a Servlet is mapped to /* are more significant +than the security risk of not enabling this option by default. (markt) + Modified: tomcat/trunk/webapps/docs/config/context.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/context.xml?rev=1749287=1749286=1749287=diff == --- tomcat/trunk/webapps/docs/config/context.xml (original) +++ tomcat/trunk/webapps/docs/config/context.xml Mon Jun 20 09:58:37 2016 @@ -492,15 +492,23 @@ -Some browsers, such as IE, will send a session cookie for a context -with a path of /foo with a request to /foobar. To prevent this, Tomcat -will add a trailing slash to the path associated with the session cookie -so, in the above example, the cookie path becomes /foo/. However, with a -cookie path of /foo/, IE will no longer send the cookie with a request -to /foo. This should not be a problem unless there is a servlet mapped -to /*. In this case this feature will need to be disabled. The default -value for this attribute is true. To disable this feature, -set the attribute to false. +Some browsers, such as Internet Explorer, Safari and Edge, will send +a session cookie for a context with a path of /foo with a +request to /foobar in violation of RFC6265. This could +expose a session ID from an application deployed at /foo to +an application deployed at /foobar. If the application +deployed at /foobar is untrusted, this could create a +security risk. However, it should be noted that RFC 6265, section 8.5 +makes clear that path alone should not be view as sufficient to prevent +untrusted applications accessing cookies from other applications. To +mitigate this risk, this attribute may bet ste to true and +Tomcat will add a trailing slash to the path associated with the session +cookie so, in the above example, the cookie path becomes /foo/. However, +with a cookie path of /foo/, browsers will no longer send the cookie +with a request to /foo. This should not be a problem unless there is a +servlet mapped to /*. In this case this attribute will need to be set to +false to disable this feature. The default value for this +attribute is false. Modified: tomcat/trunk/webapps/docs/security-howto.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1749287=1749286=1749287=diff == --- tomcat/trunk/webapps/docs/security-howto.xml (original) +++ tomcat/trunk/webapps/docs/security-howto.xml Mon Jun 20 09:58:37 2016 @@ -348,6 +348,15 @@ operating systems (this includes Windows) will disable a number of security measures and allow, among other things, direct access to the WEB-INF directory. + + The
Re: Problems with default for sessionCookiePathUsesTrailingSlash
On 15/06/2016 11:59, Rémy Maucherat wrote: > 2016-06-15 12:31 GMT+02:00 Mark Thomas: > >> Hi all, >> >> A problem[1] with the default for sessionCookiePathUsesTrailingSlash has >> cropped up via $work and after some research I wanted to discuss whether >> the default should be changed. >> >> The default for sessionCookiePathUsesTrailingSlash is true to work >> around a potential security issue in a number of browsers. I did a quick >> test before writing this e-mail and it appears that IE, Edge and Safari >> are affected. Together they represent approximately 42% of the current >> browser market share[2]. >> >> The security issue is that for a cookie path of '/foo', these browsers >> include in the cookie when sending requests to '/foobar'. Tomcat >> therefore introduced sessionCookiePathUsesTrailingSlash which adds a '/' >> to the cookie path so '/foo' becomes '/foo/' since no user agent will >> include this in a request to '/foobar'. >> >> However, this can cause problems. To summarise [1], we have: >> A user request for '/foo' >> A security enforcing filter that uses cookies mapped to '/*' >> A web application with a controller servlet mapped to '/*' >> >> The sequence of events is: >> - Tomcat receives the request for '/foo' >> - Because of the servlet mapped to '/*', Tomcat does not redirect >> this to '/foo/' >> - The security filter creates a session cookie (path '/foo/') >> - The security filter performs authentication which includes >> additional requests from the client to '/foo' >> - The security filter rejects the authentication because the >> subsequent requests do not include the cookie because the path >> does not match >> >> RFC 6265, section 4.1.2.4 is clear that cookies with a path of '/foo' >> should not be included with requests for '/foobar'. However that same >> section also makes clear that cookie paths should not be relied upon for >> security. It references RFC 6265 section 8 which provides several >> reasons for this in addition to the broken behaviour described above. >> >> Given the problems caused by the current default for >> sessionCookiePathUsesTrailingSlash and the warnings in RFC 6265 >> regarding relying on cookie paths for security, I would like to propose >> the following changes: >> 1. Change the default for sessionCookiePathUsesTrailingSlash to false. >> 2. Add some explanatory notes to the documentation for >>sessionCookiePathUsesTrailingSlash that makes clear that the setting >>is: >>a) intended to work around broken browser behaviour >>b) while it closes one security hole, others are likely to remain >> and reference RFC 6265 section 8. >> >> Thoughts? >> > +1 OK. I'll get this done shortly. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 59616] SSLVerifyClient="optionalNoCA" stops working between 1.1.33 and 1.2.4
https://bz.apache.org/bugzilla/show_bug.cgi?id=59616 Mark Thomaschanged: What|Removed |Added Resolution|--- |FIXED Status|NEW |RESOLVED --- Comment #6 from Mark Thomas --- 1.1.x is not affected. 1.2.0 to 1.2.7 is affected. This has been fixed in 1.2.x and will be included in 1.2.8 onwards. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1749280 - in /tomcat/native/trunk: native/NMAKEmakefile xdocs/miscellaneous/changelog.xml
Author: markt Date: Mon Jun 20 09:10:04 2016 New Revision: 1749280 URL: http://svn.apache.org/viewvc?rev=1749280=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59616 Correctly enable and disable OCSP for the Windows builds. Modified: tomcat/native/trunk/native/NMAKEmakefile tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Modified: tomcat/native/trunk/native/NMAKEmakefile URL: http://svn.apache.org/viewvc/tomcat/native/trunk/native/NMAKEmakefile?rev=1749280=1749279=1749280=diff == --- tomcat/native/trunk/native/NMAKEmakefile (original) +++ tomcat/native/trunk/native/NMAKEmakefile Mon Jun 20 09:10:04 2016 @@ -41,8 +41,8 @@ APR_LIB = libapr-1.lib CFLAGS = $(CFLAGS) -DAPR_DECLARE_STATIC APR_LIB = apr-1.lib !ENDIF -!IF DEFINED(ENABLE_OCSP) -CFLAGS = $(CFLAGS) -DHAVE_OPENSSL_OCSP +!IF !DEFINED(ENABLE_OCSP) +CFLAGS = $(CFLAGS) -DOPENSSL_NO_OCSP !ENDIF !IF !DEFINED(SRCDIR) || "$(SRCDIR)" == "" Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1749280=1749279=1749280=diff == --- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original) +++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Mon Jun 20 09:10:04 2016 @@ -36,6 +36,10 @@ + + 59616: Correct the Windows build files so that OCSP is + correctly enabled and disabled in the respective Windows binaries. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1749278 - /tomcat/native/trunk/TODO.txt
Author: markt Date: Mon Jun 20 08:54:10 2016 New Revision: 1749278 URL: http://svn.apache.org/viewvc?rev=1749278=rev Log: Remove a completed TODO Modified: tomcat/native/trunk/TODO.txt Modified: tomcat/native/trunk/TODO.txt URL: http://svn.apache.org/viewvc/tomcat/native/trunk/TODO.txt?rev=1749278=1749277=1749278=diff == --- tomcat/native/trunk/TODO.txt (original) +++ tomcat/native/trunk/TODO.txt Mon Jun 20 08:54:10 2016 @@ -79,8 +79,3 @@ http://git.savannah.gnu.org/gitweb/?p=co (at least after I extract it on Solaris). It's a bit strange that permissions differ between the tar and zip archives. - -- OCSP enabled Windows binary - - Document build - - Use consistent naming -(1.1.22 used ...win32-ocsp..., 1.1.24 used ...ocsp-win32...) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r14057 - /dev/tomcat/tomcat-7/v7.0.70/ /release/tomcat/tomcat-7/v7.0.70/
Author: violetagg Date: Mon Jun 20 07:36:20 2016 New Revision: 14057 Log: Release 7.0.70 Added: release/tomcat/tomcat-7/v7.0.70/ - copied from r14056, dev/tomcat/tomcat-7/v7.0.70/ Removed: dev/tomcat/tomcat-7/v7.0.70/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.70
2016-06-20 10:04 GMT+03:00 Rémy Maucherat: > > 2016-06-15 21:47 GMT+02:00 Violeta Georgieva : > > > The proposed Apache Tomcat 7.0.70 release is now available for voting. > > > > It can be obtained from: > > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.70/ > > The Maven staging repo is: > > https://repository.apache.org/content/repositories/orgapachetomcat-1088/ > > The svn tag is: > > http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_70/ > > > > The proposed 7.0.70 release is: > > [ ] Broken - do not release > > [X] Stable - go ahead and release as 7.0.70 Stable > > > > Although a bit late, my testing just completed. Thanks > Rémy
svn commit: r1749271 - /tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
Author: violetagg Date: Mon Jun 20 07:16:22 2016 New Revision: 1749271 URL: http://svn.apache.org/viewvc?rev=1749271=rev Log: Update the release date for 7.0.70 Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1749271=1749270=1749271=diff == --- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Jun 20 07:16:22 2016 @@ -68,7 +68,7 @@ - + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 7.0.70
2016-06-15 21:47 GMT+02:00 Violeta Georgieva: > The proposed Apache Tomcat 7.0.70 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.70/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1088/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_70/ > > The proposed 7.0.70 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 7.0.70 Stable > > Although a bit late, my testing just completed. Rémy
Re: [RESULT][VOTE] Release Apache Tomcat 7.0.70
Hi, 2016-06-15 22:47 GMT+03:00 Violeta Georgieva: > > The proposed Apache Tomcat 7.0.70 release is now available for voting. > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.70/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1088/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_70/ > > The proposed 7.0.70 release is: > [ ] Broken - do not release > [ ] Stable - go ahead and release as 7.0.70 Stable +1 (binding): violetagg, mgrigorov, fschumacher, kfujino No other voters were cast. The vote has passed. I'll do the release shortly and announce it once the mirrors catch up. > Regards, > Violeta
[GitHub] tomcat-maven-plugin pull request #24: fix path resolution under windows
GitHub user ptzafrir opened a pull request: https://github.com/apache/tomcat-maven-plugin/pull/24 fix path resolution under windows URL translate spaces to %20 and thus is unable to resolve jar paths located in directory with spaces in the path (as is the case under windows). You can merge this pull request into a Git repository by running: $ git pull https://github.com/ptzafrir/tomcat-maven-plugin tc8.x Alternatively you can review and apply these changes as the patch at: https://github.com/apache/tomcat-maven-plugin/pull/24.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #24 commit 11dd14798670585e0e73ddfae4407426e57c3ccf Author: Tzafrir PoupkoDate: 2016-06-20T06:17:27Z fix path resolution under windows --- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. --- - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org