svn commit: r1749419 - in /tomcat/tc7.0.x/trunk: java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java webapps/docs/changelog.xml

2016-06-20 Thread kfujino 
Author: kfujino
Date: Tue Jun 21 04:57:07 2016
New Revision: 1749419

URL: http://svn.apache.org/viewvc?rev=1749419=rev
Log:
Add log message when the ping has timed-out.

Modified:

tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java?rev=1749419=1749418=1749419=diff
==
--- 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java
 (original)
+++ 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java
 Tue Jun 21 04:57:07 2016
@@ -313,6 +313,8 @@ public abstract class AbstractReplicated
 for (Member member : members) {
 long access = mapMembers.get(member).longValue();
 if ( (now - access) > timeout ) {
+log.warn("Member[" + member + "] in the Map[" + mapname
++ "] has timed-out in the ping processing.");
 memberDisappeared(member);
 }
 }

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1749419=1749418=1749419=diff
==
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Tue Jun 21 04:57:07 2016
@@ -79,6 +79,13 @@
   
 
   
+  
+
+  
+Add log message when the ping has timed-out. (kfujino)
+  
+
+  
 
 
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1749418 - in /tomcat/tc8.0.x/trunk: java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java java/org/apache/catalina/tribes/tipis/LocalStrings.properties webapps/docs/changelog.x

2016-06-20 Thread kfujino 
Author: kfujino
Date: Tue Jun 21 04:55:56 2016
New Revision: 1749418

URL: http://svn.apache.org/viewvc?rev=1749418=rev
Log:
Add log message when the ping has timed-out.

Modified:

tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java

tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java?rev=1749418=1749417=1749418=diff
==
--- 
tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java
 (original)
+++ 
tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java
 Tue Jun 21 04:55:56 2016
@@ -306,6 +306,7 @@ public abstract class AbstractReplicated
 for (Member member : members) {
 long access = mapMembers.get(member).longValue();
 if ( (now - access) > timeout ) {
+
log.warn(sm.getString("abstractReplicatedMap.ping.timeout", member, mapname));
 memberDisappeared(member);
 }
 }

Modified: 
tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties?rev=1749418=1749417=1749418=diff
==
--- 
tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties
 (original)
+++ 
tomcat/tc8.0.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties
 Tue Jun 21 04:55:56 2016
@@ -38,6 +38,7 @@ abstractReplicatedMap.mapMemberAdded.nul
 abstractReplicatedMap.mapMemberAdded.added=Map member added:{0}
 abstractReplicatedMap.leftOver.ignored=Message[{0}] is ignored.
 abstractReplicatedMap.mapMember.unavailable=Member[{0}] is not available yet.
+abstractReplicatedMap.ping.timeout=Member[{0}] in the Map[{1}] has timed-out 
in the ping processing.
 mapMessage.deserialize.error.key=Deserialization error of the MapMessage.key
 mapMessage.deserialize.error.value=Deserialization error of the 
MapMessage.value
 lazyReplicatedMap.unableReplicate.backup=Unable to replicate backup key:{0} to 
backup:{1}. Reason:{2}

Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1749418=1749417=1749418=diff
==
--- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Tue Jun 21 04:55:56 2016
@@ -77,6 +77,13 @@
   
 
   
+  
+
+  
+Add log message when the ping has timed-out. (kfujino)
+  
+
+  
   
 
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1749417 - in /tomcat/tc8.5.x/trunk: java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java java/org/apache/catalina/tribes/tipis/LocalStrings.properties webapps/docs/changelog.x

2016-06-20 Thread kfujino 
Author: kfujino
Date: Tue Jun 21 04:54:56 2016
New Revision: 1749417

URL: http://svn.apache.org/viewvc?rev=1749417=rev
Log:
Add log message when the ping has timed-out.

Modified:

tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java

tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java?rev=1749417=1749416=1749417=diff
==
--- 
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java
 (original)
+++ 
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java
 Tue Jun 21 04:54:56 2016
@@ -307,6 +307,7 @@ public abstract class AbstractReplicated
 for (Member member : members) {
 long access = mapMembers.get(member).longValue();
 if ( (now - access) > timeout ) {
+
log.warn(sm.getString("abstractReplicatedMap.ping.timeout", member, mapname));
 memberDisappeared(member);
 }
 }

Modified: 
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties?rev=1749417=1749416=1749417=diff
==
--- 
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties
 (original)
+++ 
tomcat/tc8.5.x/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties
 Tue Jun 21 04:54:56 2016
@@ -38,6 +38,7 @@ abstractReplicatedMap.mapMemberAdded.nul
 abstractReplicatedMap.mapMemberAdded.added=Map member added:{0}
 abstractReplicatedMap.leftOver.ignored=Message[{0}] is ignored.
 abstractReplicatedMap.mapMember.unavailable=Member[{0}] is not available yet.
+abstractReplicatedMap.ping.timeout=Member[{0}] in the Map[{1}] has timed-out 
in the ping processing.
 mapMessage.deserialize.error.key=Deserialization error of the MapMessage.key
 mapMessage.deserialize.error.value=Deserialization error of the 
MapMessage.value
 lazyReplicatedMap.unableReplicate.backup=Unable to replicate backup key:{0} to 
backup:{1}. Reason:{2}

Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1749417=1749416=1749417=diff
==
--- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Tue Jun 21 04:54:56 2016
@@ -94,6 +94,13 @@
   
 
   
+  
+
+  
+Add log message when the ping has timed-out. (kfujino)
+  
+
+  
   
 
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1749416 - in /tomcat/trunk: java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java java/org/apache/catalina/tribes/tipis/LocalStrings.properties webapps/docs/changelog.xml

2016-06-20 Thread kfujino 
Author: kfujino
Date: Tue Jun 21 04:53:43 2016
New Revision: 1749416

URL: http://svn.apache.org/viewvc?rev=1749416=rev
Log:
Add log message when the ping has timed-out.

Modified:

tomcat/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java
tomcat/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties
tomcat/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java?rev=1749416=1749415=1749416=diff
==
--- 
tomcat/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java 
(original)
+++ 
tomcat/trunk/java/org/apache/catalina/tribes/tipis/AbstractReplicatedMap.java 
Tue Jun 21 04:53:43 2016
@@ -307,6 +307,7 @@ public abstract class AbstractReplicated
 for (Member member : members) {
 long access = mapMembers.get(member).longValue();
 if ( (now - access) > timeout ) {
+
log.warn(sm.getString("abstractReplicatedMap.ping.timeout", member, mapname));
 memberDisappeared(member);
 }
 }

Modified: 
tomcat/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties?rev=1749416=1749415=1749416=diff
==
--- tomcat/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/catalina/tribes/tipis/LocalStrings.properties 
Tue Jun 21 04:53:43 2016
@@ -38,6 +38,7 @@ abstractReplicatedMap.mapMemberAdded.nul
 abstractReplicatedMap.mapMemberAdded.added=Map member added:{0}
 abstractReplicatedMap.leftOver.ignored=Message[{0}] is ignored.
 abstractReplicatedMap.mapMember.unavailable=Member[{0}] is not available yet.
+abstractReplicatedMap.ping.timeout=Member[{0}] in the Map[{1}] has timed-out 
in the ping processing.
 mapMessage.deserialize.error.key=Deserialization error of the MapMessage.key
 mapMessage.deserialize.error.value=Deserialization error of the 
MapMessage.value
 lazyReplicatedMap.unableReplicate.backup=Unable to replicate backup key:{0} to 
backup:{1}. Reason:{2}

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1749416=1749415=1749416=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Jun 21 04:53:43 2016
@@ -97,6 +97,13 @@
   
 
   
+  
+
+  
+Add log message when the ping has timed-out. (kfujino)
+  
+
+  
   
 
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Timescale for 8.0.x EOL

2016-06-20 Thread Keiichi Fujino 
2016-06-20 19:12 GMT+09:00 Mark Thomas :
>
>
> Since it seems there is some interest in maintaining 8.0.x beyond
> September, how about we announce that:
> - the monthly release cycle for 8.0.x will end in September
> - new features and bug fixes are unlikely to be back-ported from that
>   point
> - security fixes will probably be back-ported
> - further releases will depend on circumstances but are unlikely to be
>   more frequent that 6 monthly
>
>
+1


> Mark
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
> --
> Keiichi.Fujino
> 
> 
>

buildbot failure in on tomcat-trunk

2016-06-20 Thread buildbot 
The Buildbot has detected a new failure on builder tomcat-trunk while building 
. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/1457

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-commit' 
triggered this build
Build Source Stamp: [branch tomcat/trunk] 1749373
Blamelist: markt

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59233] support unlimited SSL certificates stored in database or file system without server restart

2016-06-20 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59233

--- Comment #1 from Mark Thomas  ---
Tomcat doesn't want to get into the details of where the meta-data is stored.

It is already possible to add virtual hosts dynamically. What isn't currently
possible is adding an SSLHostConfig to an Endpoint. That doesn't look too
tricky. I'll take a look.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59737] Tomcat endpoints are becoming extremely unresponsive

2016-06-20 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59737

Mark Thomas  changed:

   What|Removed |Added

 Status|REOPENED|RESOLVED
 Resolution|--- |INVALID

--- Comment #3 from Mark Thomas  ---
Again, please use the users' mailing list.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59737] Tomcat endpoints are becoming extremely unresponsive

2016-06-20 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59737

Craig Lynch  changed:

   What|Removed |Added

 Status|RESOLVED|REOPENED
 Resolution|INVALID |---

--- Comment #2 from Craig Lynch  ---
Could you please elaborate? The only items in the stacktrace are either in
Tomcat or java concurrency code. What appears to be happening ins Tomcat is
trying to release a lock that's already been released. It seems unlikely that
there's a configuration I could be setting that would cause Tomcat to try to do
that.

I've actually been working on this problem for well over a month now, and I do
have more information that points towards Tomcat -- the TaskQueue builds up
large lists of runnables when the sites are in the bad state, and I'm able to
reproduce very similar issues by making the queue behave badly in different
ways.

As I mentioned, I'm happy to provide additional information, I'm just not sure
what's useful to the project.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 54664] [1.1.27 branch] Poll.remove incorrectly reports APR_SUCCESS instead of APR_NOTFOUND for socket without poll

2016-06-20 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=54664

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #1 from Mark Thomas  ---
This was fixed in r1525525 and was included in 1.1.29 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: r1731030 and 1731035 release timeline

2016-06-20 Thread Peter Robbins 
Thanks, I’ll see if we can just move to 8.5.x. Seems like that’ll be better 
long-term by a good margin.

Peter

On 6/20/16, 7:35 AM, "Mark Thomas"  wrote:

On 16/06/2016 20:37, Peter Robbins wrote:
> Hi there,
> 
> I’ve run into the WebappClassLoader jar scanning memory leak resolved
> by r1731030 and r1731035 in Tomcat 7 trunk. It appears those changes
> made it separately into both 8.0.36 and 8.5.3, but are missing from
> 7.0.69 and 7.0.70. Any idea on the timeline of when those would be
> released in 7.x?

For the benefit of the archives, this is not a leak. There is increased
memory usage but that usage is a) bounded and b) released when the
application is unloaded.

The current 7.0.x implementation loads the binary content for every
class into memory as part of the scanning process. As classes are
loaded, the binary content is dropped and the newly created class added.

For applications that use most of the classes they ship with, the result
is a rapid step in the memory requirements when the application starts
rather than a gradual rise over time and the end result marginally
increased memory usage.

For applications that use few of the classes they ship with, the result
is also a rapid step in the memory requirements when the application
starts rather than a gradual rise over time but the end result is
significantly increased memory usage.

I've reviewed the code and the changes in r1731030 and r1731035 are
heavily dependent on the WebResources refactoring that took place for
8.0.x and is not present in 7.0.x. This makes implementing a fix for
this issue significantly more difficult in 7.0.x. Given the general
fragility of resource loading in 7.0.x (itself a significant factor in
introducing the WebResources refactoring) I'm currently leaning more
towards recommending workarounds for this issue rather than implementing
code fixes.

Those workarounds boil down to minimising the number of JARs scanned and
are covered in the JAR scanning section of [1].

I plan to spend some more time looking at options for fixing this in the
code, but my recommendation would be to look at an upgrade to 8.5.x or
to minimise the amount of JAR scanning performed if this is an issue for
you.

Mark

[1] http://wiki.apache.org/tomcat/HowTo/FasterStartUp

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59716] Allow JNDI configuration of CorsFilter

2016-06-20 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59716

--- Comment #2 from Lucas Theisen  ---
Fair enough...  I just find it easier to have all my application config in one
place (GlobalNamingResources), rather than multiple (setenv.sh and
GlobalNamingResources).  In any case, your suggestion would satisfy my
requirement to have a single build be configurable differently per environment,
so feel free to close this ticket.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59716] Allow JNDI configuration of CorsFilter

2016-06-20 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59716

Mark Thomas  changed:

   What|Removed |Added

 OS||All
   Severity|normal  |enhancement

--- Comment #1 from Mark Thomas  ---
Moving to an enhancement request.

Tomcat typically handles this via property replacement [1].

[1] http://tomcat.apache.org/tomcat-9.0-doc/config/index.html

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59708] LockOutRealm Details

2016-06-20 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59708

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |FIXED

--- Comment #3 from Mark Thomas  ---
This has been fixed the trunk for all currently supported versions and will be
included in:
- 9.0.0.M9 onwards
- 8.5.4 omwards
- 8.0.37 onwards
- 7.0.71 onwards
- 6.0.46 onwards

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1749379 - in /tomcat/tc6.0.x/trunk: ./ java/org/apache/catalina/realm/LockOutRealm.java webapps/docs/changelog.xml webapps/docs/config/realm.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 18:47:47 2016
New Revision: 1749379

URL: http://svn.apache.org/viewvc?rev=1749379=rev
Log:
Modify the lock out logic. Valid authentication attempts during the lock out 
period will no longer reset the lock out timer to zero. 

Modified:
tomcat/tc6.0.x/trunk/   (props changed)
tomcat/tc6.0.x/trunk/java/org/apache/catalina/realm/LockOutRealm.java
tomcat/tc6.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc6.0.x/trunk/webapps/docs/config/realm.xml

Propchange: tomcat/tc6.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 20 18:47:47 2016
@@ -1,4 +1,4 @@
-/tomcat/tc7.0.x/trunk:1190476,1224802,1243045,1298635,1304471,1311997,1312007,1331772,1333164,1333176,1348992,1354866,1371298,1371302,1371620,1402110,1409014,1413553,1413557,1413563,1430083,1438415,1446641-1446660,1447013,1453106,1453119,1484919,1486877,1500065,1503852,1505844,1513151,1521040,1526470,1536524,1539176-1539177,1544469,1544473,1552805,1558894,1558917,1561368,1561382,1561386,1561552,1561561,1561636,1561641,1561643,1561737,1562748,1564317,1568922,1570163,1577328,1577464-1577465,1578814,1586659,1586897,1586960,1588199,1588997,1589740,1589851,1589997,1590019,1590028,1590337,1590492,1590651,1590838,1590845,1590848,1590912,1593262,1593288,1593371,1593835,1594230,1595174,1595366,1600956,1601333,1601856,1601909,1609079,1609606,1617364,1617374,1617433,1617457-1617458,1624249,1626579,1627420,1627469,1632586,1637686,1637711,1640675,1642045,1643515,1643540,1643572,1643585-1643586,1643642,1643647,1644019,1648817,1656301,1658815,1659523,1659564,1664001,1664176,1665087,1666968,1666989
 
,1668541,1668635,1669802,1676557,1681183,1681841,1681865,1681867,1685829,1693109,1694293,1694433,1694875,1696381,1701945,1710353,1712656,1713873,1714000,1714005,1714540,1715213,1716221,1716417,1717107,1717210,1717212,1720236,1720398,1720443,1720464,1721814,1721883,1722645,1722801,1723151,1724435,1724553,1724675,1724797,1724806,1725931,1726631,1726808,1726813,1726815,1726817,1726819,1726917,1726919,1726922-1726924,1727031,1727034,1727043,1727158,1727672,1727903,1728450,1729363,1731010,1731119,1731956,1731978,1732362,1732674-1732675,1733942,1734116,1734134,1734532,1737249,1737253,1737968,1738049,1738186,1739778,1741178,1741184,1741193,1741211,1741218,1741228,1741235,1742281,1743121,1743142,1743649,1744061,1744129,1744155,1744241,1744383,1744689,1745230,1746942,1746994
+/tomcat/tc7.0.x/trunk:1190476,1224802,1243045,1298635,1304471,1311997,1312007,1331772,1333164,1333176,1348992,1354866,1371298,1371302,1371620,1402110,1409014,1413553,1413557,1413563,1430083,1438415,1446641-1446660,1447013,1453106,1453119,1484919,1486877,1500065,1503852,1505844,1513151,1521040,1526470,1536524,1539176-1539177,1544469,1544473,1552805,1558894,1558917,1561368,1561382,1561386,1561552,1561561,1561636,1561641,1561643,1561737,1562748,1564317,1568922,1570163,1577328,1577464-1577465,1578814,1586659,1586897,1586960,1588199,1588997,1589740,1589851,1589997,1590019,1590028,1590337,1590492,1590651,1590838,1590845,1590848,1590912,1593262,1593288,1593371,1593835,1594230,1595174,1595366,1600956,1601333,1601856,1601909,1609079,1609606,1617364,1617374,1617433,1617457-1617458,1624249,1626579,1627420,1627469,1632586,1637686,1637711,1640675,1642045,1643515,1643540,1643572,1643585-1643586,1643642,1643647,1644019,1648817,1656301,1658815,1659523,1659564,1664001,1664176,1665087,1666968,1666989
 
,1668541,1668635,1669802,1676557,1681183,1681841,1681865,1681867,1685829,1693109,1694293,1694433,1694875,1696381,1701945,1710353,1712656,1713873,1714000,1714005,1714540,1715213,1716221,1716417,1717107,1717210,1717212,1720236,1720398,1720443,1720464,1721814,1721883,1722645,1722801,1723151,1724435,1724553,1724675,1724797,1724806,1725931,1726631,1726808,1726813,1726815,1726817,1726819,1726917,1726919,1726922-1726924,1727031,1727034,1727043,1727158,1727672,1727903,1728450,1729363,1731010,1731119,1731956,1731978,1732362,1732674-1732675,1733942,1734116,1734134,1734532,1737249,1737253,1737968,1738049,1738186,1739778,1741178,1741184,1741193,1741211,1741218,1741228,1741235,1742281,1743121,1743142,1743649,1744061,1744129,1744155,1744241,1744383,1744689,1745230,1746942,1746994,1749377

svn commit: r1749378 - /tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 18:43:38 2016
New Revision: 1749378

URL: http://svn.apache.org/viewvc?rev=1749378=rev
Log:
Revert unintended change included in r1749377

Modified:
tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml

Modified: tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml?rev=1749378=1749377=1749378=diff
==
--- tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml Mon Jun 20 18:43:38 
2016
@@ -20,7 +20,7 @@
   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
   http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd;
   version="3.0"
-  metadata-complete="false">
+  metadata-complete="true">
 
 
   Servlet and JSP Examples.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1749377 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/realm/LockOutRealm.java webapps/docs/changelog.xml webapps/docs/config/realm.xml webapps/examples/WEB-INF/web.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 18:36:29 2016
New Revision: 1749377

URL: http://svn.apache.org/viewvc?rev=1749377=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59708
Modify the lock out logic. Valid authentication attempts during the lock out 
period will no longer reset the lock out timer to zero. 

Modified:
tomcat/tc7.0.x/trunk/   (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/realm/LockOutRealm.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/config/realm.xml
tomcat/tc7.0.x/trunk/webapps/examples/WEB-INF/web.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 20 18:36:29 2016
@@ -1,3 +1,3 @@
 
/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553
 
-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702739,1702742,1702
 
744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1725974,1726171-1
 
726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750
-/tomcat/tc8.5.x/trunk:1735579,1736839,1737199,1737966,1738042,1738044,1738162,1738165,1738178,1739157,1739173,1739177,1739476,1740132,1740521,1740536,1740804,1740811,1740981,1741165,1741174,1741182,1741191,1741203,1741209,1741226,1741233,1741410,1742277,1743118,1743126,1743139-1743140,1743718,1743722,1743724,1744059,1744127,1744151,1744232,1744377,1744687,1744698,1744706,1745228,1746940,1748548,1748716,1749288

svn commit: r1749376 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/realm/LockOutRealm.java webapps/docs/changelog.xml webapps/docs/config/realm.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 18:25:54 2016
New Revision: 1749376

URL: http://svn.apache.org/viewvc?rev=1749376=rev
Log:
Modify the lock out logic. Valid authentication attempts during the lock out 
period will no longer reset the lock out timer to zero. 

Modified:
tomcat/tc8.0.x/trunk/   (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/catalina/realm/LockOutRealm.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.0.x/trunk/webapps/docs/config/realm.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 20 18:25:54 2016
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 
666387,1666494,1666496,1666552,1666569,1666579,137,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452

svn commit: r1749375 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/realm/LockOutRealm.java webapps/docs/changelog.xml webapps/docs/config/realm.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 18:23:01 2016
New Revision: 1749375

URL: http://svn.apache.org/viewvc?rev=1749375=rev
Log:
Modify the lock out logic. Valid authentication attempts during the lock out 
period will no longer reset the lock out timer to zero. 

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/LockOutRealm.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.5.x/trunk/webapps/docs/config/realm.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 20 18:23:01 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747
 
993,1748001,1748253,1748452,1748547,1748676,1748715,1749287,1749296,1749328,1749373
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747
 
993,1748001,1748253,1748452,1748547,1748629,1748676,1748715,1749287,1749296,1749328,1749373

Modified: tomcat/tc8.5.x/trunk/java/org/apache/catalina/realm/LockOutRealm.java
URL:

[Bug 59737] Tomcat endpoints are becoming extremely unresponsive

2016-06-20 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59737

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |INVALID
 Status|NEW |RESOLVED

--- Comment #1 from Mark Thomas  ---
There is nothing here that indicates a Tomcat bug. You get a better response if
you post this to the users' mailing list.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59737] New: Tomcat endpoints are becoming extremely unresponsive

2016-06-20 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59737

Bug ID: 59737
   Summary: Tomcat endpoints are becoming extremely unresponsive
   Product: Tomcat 8
   Version: 8.0.35
  Hardware: PC
OS: Windows NT
Status: NEW
  Severity: blocker
  Priority: P2
 Component: Connectors
  Assignee: dev@tomcat.apache.org
  Reporter: rcraigly...@gmail.com

We run embedded tomcat on version 8, and for some reason are consistently
seeing extreme slowness across all Tomcat endpoints at very consistent
intervals of three hours. Once a site gets into the slow state, it is never
able to recover, and stays unresponsive (requests take tens of minutes to
hours) until the service is manually restarted.

There are no resource issues that I've been able to detect (heap seems fine, no
apparent memory leaks, cpu is fine, network/db connections aren't exhausted,
etc). Tomcat does seem to receive the requests, but for some reason does not
seem to be processing them.

There is an exception that occurs right around the time the service goes into a
bad state, which is the reason I believe this to be a Tomcat issue. The stack
trace is as follows:

Exception in thread "mc-26" java.lang.IllegalMonitorStateException

at java.util.concurrent.locks.ReentrantLock$Sync.tryRelease(Unknown Source)

at java.util.concurrent.locks.AbstractQueuedSynchronizer.release(Unknown
Source)

at java.util.concurrent.locks.ReentrantLock.unlock(Unknown Source)

at java.util.concurrent.LinkedBlockingQueue.take(Unknown Source)

at org.apache.tomcat.util.threads.TaskQueue.take(TaskQueue.java:103)

at org.apache.tomcat.util.threads.TaskQueue.take(TaskQueue.java:31)

at java.util.concurrent.ThreadPoolExecutor.getTask(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at
org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)

at java.lang.Thread.run(Unknown Source)

Having done some additional testing, I can elaborate on the state of things
when this exception occurs:
 * The ReentrantLock that is throwing the exception is meant to throw the
IllegalMonitorStateException when a thread other than the thread that created
the lock tries to release it. Interestingly, when tryRelease() is called, the
owning thread is actually null, which means that the lock isn't currently taken
or owned by anyone.

 * The lock's state is 0, which is consistent with the lock's owning thread
being null.

 * The tryRelease funtion takes an int argument "releases", which is 1 (you'd
find that in the stacktrace anyway, since it's passed in as a constant further
up, but mentioning it might save some time).

I realize that the LinkedBlockingQueue and ReentrantLock are java core
concurrency libraries, but it seems like Tomcat is getting into a bad state
once the error occurs, and is unable to exit the bad state. The executing
thread that gets this exception dies, and almost all other threads end up
staying almost all the time in an unsafe parked state. The
IllegalMonitorStateException also generally occurs in several threads after
it's shown up for the first time.

I'm not sure how to describe how to reproduce this issue, other than saying
that everyone at my company with our service installed experiences it very
reliably every three hours. We've been thus far unable to determine what causes
it, however. My personal theory is that somehow the TaskQueue is getting into a
state where it can only rarely give tasks to the executor threads, but I don't
know what causes things to enter that state. From what we can tell, it does
seem to be related to our Jersey endpoints.

If you need any additional information, just let me know and I'll be happy to
provide anything that might be useful. I've been getting most of my information
from thread/heap dumps as well as modifying local versions of Tomcat to provide
additional logging. 

Most of our services are running Tomcat 8.0.32, but seem to still exhibit the
problem on versions at least as early as 8.0.15 and as late as 8.0.34.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1749374 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 18:15:56 2016
New Revision: 1749374

URL: http://svn.apache.org/viewvc?rev=1749374=rev
Log:
Refactor key store creation to make it easier for users to insert certificate 
stores and trust stores programmatically.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties

tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/LocalStrings_es.properties
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java

tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java
tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java

tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties

tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings_es.properties
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 20 18:15:56 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747
 993,1748001,1748253,1748452,1748547,1748676,1748715,1749287,1749296,1749328
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501

svn commit: r1749373 - in /tomcat/trunk: java/org/apache/tomcat/util/net/ java/org/apache/tomcat/util/net/jsse/ webapps/docs/

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 18:13:07 2016
New Revision: 1749373

URL: http://svn.apache.org/viewvc?rev=1749373=rev
Log:
Refactor key store creation to make it easier for users to insert certificate 
stores and trust stores programmatically.

Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings_es.properties
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfigCertificate.java
tomcat/trunk/java/org/apache/tomcat/util/net/SSLUtilBase.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSEUtil.java
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings.properties
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/LocalStrings_es.properties
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties?rev=1749373=1749372=1749373=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings.properties Mon 
Jun 20 18:13:07 2016
@@ -104,6 +104,9 @@ channel.nio.ssl.expandNetOutBuffer=Expan
 channel.nio.ssl.sniDefault=Unable to buffer enough data to determine requested 
SNI host name. Using default
 channel.nio.ssl.sniHostName=The SNI host name extracted for this connection 
was [{0}]
 
+jsse.invalid_truststore_password=The provided trust store password could not 
be used to unlock and/or validate the trust store. Retrying to access the trust 
store with a null password which will skip validation.
+jsse.keystore_load_failed=Failed to load keystore type [{0}] with path [{1}] 
due to [{2}]
+
 sniExtractor.clientHelloTooBig=The ClientHello was not presented in a single 
TLS record so no SNI information could be extracted
 
 socket.closed=The socket associated with this connection has been closed.

Modified: 
tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings_es.properties
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings_es.properties?rev=1749373=1749372=1749373=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings_es.properties 
(original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/LocalStrings_es.properties Mon 
Jun 20 18:13:07 2016
@@ -34,3 +34,6 @@ endpoint.debug.channelCloseFail = No pue
 endpoint.debug.socketCloseFail = No pude cerrar el enchufe (socket)
 endpoint.apr.noSslCertFile = El atribiuto del conector SSLCertificateFile debe 
de ser definido al usar SSL con APR
 endpoint.apr.invalidSslProtocol = Se ha proporcionado un valor inv\u00E1lido 
[{0}] para el atributo SSLProtocol
+
+jsse.invalid_truststore_password = La clave del almac\u00E9n de confianza 
suministrada no se pudo usar para desbloquear y/o validar el almac\u00E9n de 
confianza. Reintentando acceder el almac\u00E9n de confianza con una clave nula 
que se saltar\u00E1 la validaci\u00F3n.
+jsse.keystore_load_failed = No pude cargar almac\u00E9n de claves de tipo 
[{0}] con ruta [{1}] debido a [{2}]

Modified: tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java?rev=1749373=1749372=1749373=diff
==
--- tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java (original)
+++ tomcat/trunk/java/org/apache/tomcat/util/net/SSLHostConfig.java Mon Jun 20 
18:13:07 2016
@@ -17,6 +17,9 @@
 package org.apache.tomcat.util.net;
 
 import java.io.File;
+import java.io.IOException;
+import java.security.KeyStore;
+import java.security.UnrecoverableKeyException;
 import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedHashSet;
@@ -96,6 +99,7 @@ public class SSLHostConfig {
 private String truststorePassword = 
System.getProperty("javax.net.ssl.trustStorePassword");
 private String truststoreProvider = 
System.getProperty("javax.net.ssl.trustStoreProvider");
 private String truststoreType = 
System.getProperty("javax.net.ssl.trustStoreType");
+private KeyStore truststore = null;
 // OpenSSL
 private String certificateRevocationListPath;
 private String caCertificateFile;
@@ -583,6 +587,38 @@ public class SSLHostConfig {
 }
 
 
+public void setTrustStore(KeyStore truststore) {
+this.truststore = truststore;
+}
+
+
+public KeyStore getTruststore() throws IOException {
+KeyStore result = truststore;
+if (result == null) {
+if (truststoreFile != null){
+try {
+result =

[GitHub] tomcat pull request #32: added small change

2016-06-20 Thread joelschwabe 
Github user joelschwabe closed the pull request at:

https://github.com/apache/tomcat/pull/32


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat pull request #32: added small change

2016-06-20 Thread joelschwabe 
GitHub user joelschwabe opened a pull request:

https://github.com/apache/tomcat/pull/32

added small change

pulled small change from branch into master

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/joelschwabe/tomcat smallChange

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/tomcat/pull/32.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #32


commit 8772a4993268cd77357221008653548f5c5f430f
Author: Joel Schwabe 
Date:   2016-06-20T16:28:42Z

added small change




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

buildbot success in on tomcat-8-trunk

2016-06-20 Thread buildbot 
The Buildbot has detected a restored build on builder tomcat-8-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-8-trunk/builds/661

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' 
triggered this build
Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1749330
Blamelist: markt

Build succeeded!

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59735] Tomcat 8.5 breaks memcached-session-manager

2016-06-20 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59735

Mark Thomas  changed:

   What|Removed |Added

 Status|NEW |RESOLVED
 Resolution|--- |WONTFIX

--- Comment #1 from Mark Thomas  ---
The intention is to look at any problems on a case by case bases.

In this case, the change is security related (CVE-2016-0714) and the new method
is available in the latest release of all supported Tomcat versions so I'm
leaning towards not adding this back in 8.5.x. However, if this creates
problems for memcached, please feel free to re-open this issue and we can take
another look.

Note that the method was also removed in 9.0.x and will not be restored there.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Timescale for 8.0.x EOL

2016-06-20 Thread Rainer Jung 

Am 20.06.2016 um 12:12 schrieb Mark Thomas:

On 15/06/2016 08:02, jean-frederic clere wrote:

On 06/14/2016 02:05 PM, Rémy Maucherat wrote:

2016-06-14 10:31 GMT+02:00 Mark Thomas :


On 14/06/2016 09:00, Emmanuel Bourg wrote:

Le 13/06/2016 à 17:47, Mark Thomas a écrit :

Now we have a stable release of 8.5.x, I'd like to finialise the end of
life date for 8.0.x so we can publish it.

We originally said we'd do parallel releases for 6 months. That gives an
EOL date of 30 September 2016 for 8.0.x which seems reasonable to me.

Any objections to that date or suggestions for a better one?


Hi,

Just a word with my Debian maintainer hat on, Tomcat 8.0.x was shipped
with Debian 8 Jessie with the expectation it would be supported during
the lifetime of this release (until May 2018). I'm currently maintaining
with other volunteers a stable version based on 8.0.14 (with backported
security patches). Canonical does a similar job for Ubuntu 16.04 LTS
based on Tomcat 8.0.32.

The early EOL of 8.0.x is impractical because, at least in Debian, major
updates like the switch to 8.5 aren't allowed for the stable

distribution.


I understand you can't maintain so many branches for a long time, but if
Tomcat 8.0.x could be security supported at least until the Debian 9
release (~April/May 2017) it would allow users following the stable
distribution to remain on a supported version of Tomcat (Debian 9 will
include Tomcat 8.5).


That is unlikely unless someone volunteers for that task.



Yes JF or myself could volunteer to do some additional limited 8.0
releases, but we'll see how it goes in practice.


We have to provide long term support for our customers, one way is to
keep 8.0.x alive here so the community can benefit our efforts.


Since it seems there is some interest in maintaining 8.0.x beyond
September, how about we announce that:
- the monthly release cycle for 8.0.x will end in September
- new features and bug fixes are unlikely to be back-ported from that
  point
- security fixes will probably be back-ported
- further releases will depend on circumstances but are unlikely to be
  more frequent that 6 monthly


Maybe we don't need to be too specific on the expected interval (just 
dropping "but are unlikely to be more frequent that 6 monthly").


But I'm +1 with and without this variation.

Regards,

Rainer


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1749330 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 13:08:51 2016
New Revision: 1749330

URL: http://svn.apache.org/viewvc?rev=1749330=rev
Log:
Do not attempt to start web resources during a web application's initialisation 
phase since the web application is not fully configured at that point and the 
web resources may not be correctly configured.
Follow-up to 
https://lists.apache.org/thread.html/8c27e780a079a15169c915a8481ef129e6fc2322d548075d00753a5c@%3Cusers.tomcat.apache.org%3E

Modified:
tomcat/tc8.0.x/trunk/   (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 20 13:08:51 2016
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 
666387,1666494,1666496,1666552,1666569,1666579,137,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452

svn commit: r1749329 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 13:08:19 2016
New Revision: 1749329

URL: http://svn.apache.org/viewvc?rev=1749329=rev
Log:
Do not attempt to start web resources during a web application's initialisation 
phase since the web application is not fully configured at that point and the 
web resources may not be correctly configured.
Follow-up to 
https://lists.apache.org/thread.html/8c27e780a079a15169c915a8481ef129e6fc2322d548075d00753a5c@%3Cusers.tomcat.apache.org%3E

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 20 13:08:19 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747
 993,1748001,1748253,1748452,1748547,1748676,1748715,1749287,1749296
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747
 993,1748001,1748253,1748452,1748547,1748676,1748715,1749287,1749296,1749328

[Bug 59735] New: Tomcat 8.5 breaks memcached-session-manager

2016-06-20 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59735

Bug ID: 59735
   Summary: Tomcat 8.5 breaks memcached-session-manager
   Product: Tomcat 8
   Version: 8.5.2
  Hardware: All
OS: All
Status: NEW
  Severity: normal
  Priority: P2
 Component: Catalina
  Assignee: dev@tomcat.apache.org
  Reporter: joakim.edenh...@gmail.com

The removal of deprecated methods in
org.apache.catalina.session.StandardSession breaks memcached-session-manager.
At the very least, the method exclude(String) is needed. Others may be needed
as well, I have not investigated what happens when exclude is restored.

I have captured this stack trace:
20-Jun-2016 10:37:59.616 INFO
[ContainerBackgroundProcessor[StandardEngine[Catalina].StandardHost[localhost].StandardContext[]]]
de.javakaffee.web.msm.MemcachedSessionService.updateExpirationInMemcached Could
not update expiration in memcached for session
CFC46B06D3867A23FECF4A4042E43771-n2
 java.lang.NoSuchMethodError:
org.apache.catalina.session.StandardSession.exclude(Ljava/lang/String;)Z
at
de.javakaffee.web.msm.MemcachedBackupSession.exclude(MemcachedBackupSession.java:597)
at
de.javakaffee.web.msm.JavaSerializationTranscoder.writeAttributes(JavaSerializationTranscoder.java:121)
at
de.javakaffee.web.msm.JavaSerializationTranscoder.serializeAttributes(JavaSerializationTranscoder.java:100)
at
de.javakaffee.web.msm.TranscoderService.serializeAttributes(TranscoderService.java:151)
at
de.javakaffee.web.msm.BackupSessionService.updateExpiration(BackupSessionService.java:132)
at
de.javakaffee.web.msm.MemcachedSessionService.updateExpirationInMemcached(MemcachedSessionService.java:1606)
at
de.javakaffee.web.msm.MemcachedBackupSessionManager.backgroundProcess(MemcachedBackupSessionManager.java:575)
at
org.apache.catalina.core.StandardContext.backgroundProcess(StandardContext.java:5543)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1374)
at
org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1346)
at java.lang.Thread.run(Thread.java:745)

I am filing this bug report because the following commit message mentions the
possibility of postponing removal of methods until Tomcat 9. If this problem is
insufficient reason to restore necessary methods, I will open a bug with
memcached-session-manager instead of this.

https://github.com/apache/tomcat80/commit/a5fe49b5f5003d9da41b2ce4cd4a1065f2214a49


Steps to reproduce:
1) Install and start memcached.
2) Install Tomcat 8.5.3
3) Place memcached-session-manager-1.9.3.jar and
memcached-session-manager-tc8-1.9.3.jar in $CATALINA_HOME/lib
4) Configure memcached-session-manager in your context.xml (substitute
localhost:11211 with your memcached host and port):

5) Visit a page which creates a new session and then wait a few seconds for the
background thread to trigger.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1749328 - in /tomcat/trunk: java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 13:05:17 2016
New Revision: 1749328

URL: http://svn.apache.org/viewvc?rev=1749328=rev
Log:
Do not attempt to start web resources during a web application's initialisation 
phase since the web application is not fully configured at that point and the 
web resources may not be correctly configured.
Follow-up to 
https://lists.apache.org/thread.html/8c27e780a079a15169c915a8481ef129e6fc2322d548075d00753a5c@%3Cusers.tomcat.apache.org%3E

Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/trunk/webapps/docs/changelog.xml

Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1749328=1749327=1749328=diff
==
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Mon Jun 20 
13:05:17 2016
@@ -4824,8 +4824,8 @@ public class StandardContext extends Con
  */
 public void resourcesStart() throws LifecycleException {
 
-// May have been started (but not fully configured) in init() so no 
need
-// to start the resources if they are already available
+// Check current status in case resources were added that had already
+// been started
 if (!resources.getState().isAvailable()) {
 resources.start();
 }
@@ -6211,10 +6211,6 @@ public class StandardContext extends Con
 namingResources.init();
 }
 
-if (resources != null) {
-resources.start();
-}
-
 // Send j2ee.object.created notification
 if (this.getObjectName() != null) {
 Notification notification = new Notification("j2ee.object.created",

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1749328=1749327=1749328=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Jun 20 13:05:17 2016
@@ -78,6 +78,12 @@
 Follow-up to 59655. Improve the documentation for 
configuring
 permitted cookie names. Patch provided by Kyohei Nakamura. (markt)
   
+  
+Do not attempt to start web resources during a web application's
+initialisation phase since the web application is not fully configured
+at that point and the web resources may not be correctly configured.
+(markt)
+  
 
   
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: r1731030 and 1731035 release timeline

2016-06-20 Thread Mark Thomas 
On 16/06/2016 20:37, Peter Robbins wrote:
> Hi there,
> 
> I’ve run into the WebappClassLoader jar scanning memory leak resolved
> by r1731030 and r1731035 in Tomcat 7 trunk. It appears those changes
> made it separately into both 8.0.36 and 8.5.3, but are missing from
> 7.0.69 and 7.0.70. Any idea on the timeline of when those would be
> released in 7.x?

For the benefit of the archives, this is not a leak. There is increased
memory usage but that usage is a) bounded and b) released when the
application is unloaded.

The current 7.0.x implementation loads the binary content for every
class into memory as part of the scanning process. As classes are
loaded, the binary content is dropped and the newly created class added.

For applications that use most of the classes they ship with, the result
is a rapid step in the memory requirements when the application starts
rather than a gradual rise over time and the end result marginally
increased memory usage.

For applications that use few of the classes they ship with, the result
is also a rapid step in the memory requirements when the application
starts rather than a gradual rise over time but the end result is
significantly increased memory usage.

I've reviewed the code and the changes in r1731030 and r1731035 are
heavily dependent on the WebResources refactoring that took place for
8.0.x and is not present in 7.0.x. This makes implementing a fix for
this issue significantly more difficult in 7.0.x. Given the general
fragility of resource loading in 7.0.x (itself a significant factor in
introducing the WebResources refactoring) I'm currently leaning more
towards recommending workarounds for this issue rather than implementing
code fixes.

Those workarounds boil down to minimising the number of JARs scanned and
are covered in the JAR scanning section of [1].

I plan to spend some more time looking at options for fixing this in the
code, but my recommendation would be to look at an upgrade to 8.5.x or
to minimise the amount of JAR scanning performed if this is an issue for
you.

Mark

[1] http://wiki.apache.org/tomcat/HowTo/FasterStartUp

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Timescale for 8.0.x EOL

2016-06-20 Thread Konstantin Kolinko 
2016-06-20 13:12 GMT+03:00 Mark Thomas :
> On 15/06/2016 08:02, jean-frederic clere wrote:
>> On 06/14/2016 02:05 PM, Rémy Maucherat wrote:
>>> 2016-06-14 10:31 GMT+02:00 Mark Thomas :
>>>
 On 14/06/2016 09:00, Emmanuel Bourg wrote:
> Le 13/06/2016 à 17:47, Mark Thomas a écrit :
>> Now we have a stable release of 8.5.x, I'd like to finialise the end of
>> life date for 8.0.x so we can publish it.
>>
>> We originally said we'd do parallel releases for 6 months. That gives an
>> EOL date of 30 September 2016 for 8.0.x which seems reasonable to me.
>>
>> Any objections to that date or suggestions for a better one?
>
> Hi,
>
> Just a word with my Debian maintainer hat on, Tomcat 8.0.x was shipped
> with Debian 8 Jessie with the expectation it would be supported during
> the lifetime of this release (until May 2018). I'm currently maintaining
> with other volunteers a stable version based on 8.0.14 (with backported
> security patches). Canonical does a similar job for Ubuntu 16.04 LTS
> based on Tomcat 8.0.32.
>
> The early EOL of 8.0.x is impractical because, at least in Debian, major
> updates like the switch to 8.5 aren't allowed for the stable
 distribution.
>
> I understand you can't maintain so many branches for a long time, but if
> Tomcat 8.0.x could be security supported at least until the Debian 9
> release (~April/May 2017) it would allow users following the stable
> distribution to remain on a supported version of Tomcat (Debian 9 will
> include Tomcat 8.5).

 That is unlikely unless someone volunteers for that task.

>>>
>>> Yes JF or myself could volunteer to do some additional limited 8.0
>>> releases, but we'll see how it goes in practice.
>>
>> We have to provide long term support for our customers, one way is to
>> keep 8.0.x alive here so the community can benefit our efforts.
>
> Since it seems there is some interest in maintaining 8.0.x beyond
> September, how about we announce that:
> - the monthly release cycle for 8.0.x will end in September
> - new features and bug fixes are unlikely to be back-ported from that
>   point
> - security fixes will probably be back-ported
> - further releases will depend on circumstances but are unlikely to be
>   more frequent that 6 monthly

+1

Generally our good practice thus far was to give a notice 1 year ahead
of EOL of a version of Tomcat. This plan is aligned with that
practice, so I like it.

"6 months" sounds too harsh. I think 3 months, or "3 - 6" months.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Timescale for 8.0.x EOL

2016-06-20 Thread Violeta Georgieva 
2016-06-20 13:12 GMT+03:00 Mark Thomas :
>
> On 15/06/2016 08:02, jean-frederic clere wrote:
> > On 06/14/2016 02:05 PM, Rémy Maucherat wrote:
> >> 2016-06-14 10:31 GMT+02:00 Mark Thomas :
> >>
> >>> On 14/06/2016 09:00, Emmanuel Bourg wrote:
>  Le 13/06/2016 à 17:47, Mark Thomas a écrit :
> > Now we have a stable release of 8.5.x, I'd like to finialise the
end of
> > life date for 8.0.x so we can publish it.
> >
> > We originally said we'd do parallel releases for 6 months. That
gives an
> > EOL date of 30 September 2016 for 8.0.x which seems reasonable to
me.
> >
> > Any objections to that date or suggestions for a better one?
> 
>  Hi,
> 
>  Just a word with my Debian maintainer hat on, Tomcat 8.0.x was
shipped
>  with Debian 8 Jessie with the expectation it would be supported
during
>  the lifetime of this release (until May 2018). I'm currently
maintaining
>  with other volunteers a stable version based on 8.0.14 (with
backported
>  security patches). Canonical does a similar job for Ubuntu 16.04 LTS
>  based on Tomcat 8.0.32.
> 
>  The early EOL of 8.0.x is impractical because, at least in Debian,
major
>  updates like the switch to 8.5 aren't allowed for the stable
> >>> distribution.
> 
>  I understand you can't maintain so many branches for a long time,
but if
>  Tomcat 8.0.x could be security supported at least until the Debian 9
>  release (~April/May 2017) it would allow users following the stable
>  distribution to remain on a supported version of Tomcat (Debian 9
will
>  include Tomcat 8.5).
> >>>
> >>> That is unlikely unless someone volunteers for that task.
> >>>
> >>
> >> Yes JF or myself could volunteer to do some additional limited 8.0
> >> releases, but we'll see how it goes in practice.
> >
> > We have to provide long term support for our customers, one way is to
> > keep 8.0.x alive here so the community can benefit our efforts.
>
> Since it seems there is some interest in maintaining 8.0.x beyond
> September, how about we announce that:
> - the monthly release cycle for 8.0.x will end in September
> - new features and bug fixes are unlikely to be back-ported from that
>   point
> - security fixes will probably be back-ported
> - further releases will depend on circumstances but are unlikely to be
>   more frequent that 6 monthly

+1

Regards,
Violeta

> Mark
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

[Bug 59655] The CookieNameValidator has issue that related to the consistency

2016-06-20 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59655

--- Comment #3 from Mark Thomas  ---
Thanks. Docs update for 9.0.x and 8.5.x. The patch will be in 9.0.0.M9 and
8.5.4 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1749297 - in /tomcat/tc8.5.x/trunk: ./ java/javax/servlet/http/Cookie.java webapps/docs/changelog.xml webapps/docs/config/systemprops.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 10:43:57 2016
New Revision: 1749297

URL: http://svn.apache.org/viewvc?rev=1749297=rev
Log:
Follow-up to https://bz.apache.org/bugzilla/show_bug.cgi?id=59655
Improve the documentation for configuring permitted cookie names
Patch provided by Kyohei Nakamura

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.5.x/trunk/webapps/docs/config/systemprops.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 20 10:43:57 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747
 993,1748001,1748253,1748452,1748547,1748676,1748715,1749287
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747
 993,1748001,1748253,1748452,1748547,1748676,1748715,1749287,1749296

Modified: tomcat/tc8.5.x/trunk/java/javax/servlet/http/Cookie.java
URL:

svn commit: r1749296 - in /tomcat/trunk: java/javax/servlet/http/Cookie.java webapps/docs/changelog.xml webapps/docs/config/systemprops.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 10:42:52 2016
New Revision: 1749296

URL: http://svn.apache.org/viewvc?rev=1749296=rev
Log:
Follow-up to https://bz.apache.org/bugzilla/show_bug.cgi?id=59655
Improve the documentation for configuring permitted cookie names
Patch provided by Kyohei Nakamura

Modified:
tomcat/trunk/java/javax/servlet/http/Cookie.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/systemprops.xml

Modified: tomcat/trunk/java/javax/servlet/http/Cookie.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/javax/servlet/http/Cookie.java?rev=1749296=1749295=1749296=diff
==
--- tomcat/trunk/java/javax/servlet/http/Cookie.java (original)
+++ tomcat/trunk/java/javax/servlet/http/Cookie.java Mon Jun 20 10:42:52 2016
@@ -48,9 +48,8 @@ import java.util.ResourceBundle;
  * cache pages that use cookies created with this class. This class does not
  * support the cache control defined with HTTP 1.1.
  * 
- * This class supports both the Version 0 (by Netscape) and Version 1 (by RFC
- * 2109) cookie specifications. By default, cookies are created using RFC6265
- * to ensure the best interoperability.
+ * This class supports both the RFC 2109 and the RFC 6265 specifications.
+ * By default, cookies are created using RFC 6265.
  */
 public class Cookie implements Cloneable, Serializable {
 

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1749296=1749295=1749296=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Jun 20 10:42:52 2016
@@ -74,6 +74,10 @@
 caused when a Servlet is mapped to /* are more significant
 than the security risk of not enabling this option by default. (markt)
   
+  
+Follow-up to 59655. Improve the documentation for 
configuring
+permitted cookie names. Patch provided by Kyohei Nakamura. (markt)
+  
 
   
   

Modified: tomcat/trunk/webapps/docs/config/systemprops.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/systemprops.xml?rev=1749296=1749295=1749296=diff
==
--- tomcat/trunk/webapps/docs/config/systemprops.xml (original)
+++ tomcat/trunk/webapps/docs/config/systemprops.xml Mon Jun 20 10:42:52 2016
@@ -340,9 +340,9 @@
 
 
If this is true then the requirements of the Servlet specification
-  that Cookie names must adhere to RFC2109 (no use of separators) will be
-  enforced. If this is false the the naming rules specified in RFC6265 will
-  be used.
+  that Cookie names must adhere to RFC2109 will be enforced. If this is
+  false the the naming rules specified in RFC6265 (allow the leading "$")
+  will be used.
   If org.apache.catalina.STRICT_SERVLET_COMPLIANCE is set 
to
   true, the default of this setting will be true,
   else the default value will be false.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Timescale for 8.0.x EOL

2016-06-20 Thread Rémy Maucherat 
2016-06-20 12:12 GMT+02:00 Mark Thomas :

> Since it seems there is some interest in maintaining 8.0.x beyond
> September, how about we announce that:
> - the monthly release cycle for 8.0.x will end in September
> - new features and bug fixes are unlikely to be back-ported from that
>   point
> - security fixes will probably be back-ported
> - further releases will depend on circumstances but are unlikely to be
>   more frequent that 6 monthly
>
> +1

Rémy

buildbot failure in on tomcat-8-trunk

2016-06-20 Thread buildbot 
The Buildbot has detected a new failure on builder tomcat-8-trunk while 
building . Full details are available at:
https://ci.apache.org/builders/tomcat-8-trunk/builds/660

Buildbot URL: https://ci.apache.org/

Buildslave for this Build: silvanus_ubuntu

Build Reason: The AnyBranchScheduler scheduler named 'on-tomcat-8-commit' 
triggered this build
Build Source Stamp: [branch tomcat/tc8.0.x/trunk] 1749289
Blamelist: markt

BUILD FAILED: failed compile_1

Sincerely,
 -The Buildbot




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Timescale for 8.0.x EOL

2016-06-20 Thread Mark Thomas 
On 15/06/2016 08:02, jean-frederic clere wrote:
> On 06/14/2016 02:05 PM, Rémy Maucherat wrote:
>> 2016-06-14 10:31 GMT+02:00 Mark Thomas :
>>
>>> On 14/06/2016 09:00, Emmanuel Bourg wrote:
 Le 13/06/2016 à 17:47, Mark Thomas a écrit :
> Now we have a stable release of 8.5.x, I'd like to finialise the end of
> life date for 8.0.x so we can publish it.
>
> We originally said we'd do parallel releases for 6 months. That gives an
> EOL date of 30 September 2016 for 8.0.x which seems reasonable to me.
>
> Any objections to that date or suggestions for a better one?

 Hi,

 Just a word with my Debian maintainer hat on, Tomcat 8.0.x was shipped
 with Debian 8 Jessie with the expectation it would be supported during
 the lifetime of this release (until May 2018). I'm currently maintaining
 with other volunteers a stable version based on 8.0.14 (with backported
 security patches). Canonical does a similar job for Ubuntu 16.04 LTS
 based on Tomcat 8.0.32.

 The early EOL of 8.0.x is impractical because, at least in Debian, major
 updates like the switch to 8.5 aren't allowed for the stable
>>> distribution.

 I understand you can't maintain so many branches for a long time, but if
 Tomcat 8.0.x could be security supported at least until the Debian 9
 release (~April/May 2017) it would allow users following the stable
 distribution to remain on a supported version of Tomcat (Debian 9 will
 include Tomcat 8.5).
>>>
>>> That is unlikely unless someone volunteers for that task.
>>>
>>
>> Yes JF or myself could volunteer to do some additional limited 8.0
>> releases, but we'll see how it goes in practice.
> 
> We have to provide long term support for our customers, one way is to
> keep 8.0.x alive here so the community can benefit our efforts.

Since it seems there is some interest in maintaining 8.0.x beyond
September, how about we announce that:
- the monthly release cycle for 8.0.x will end in September
- new features and bug fixes are unlikely to be back-ported from that
  point
- security fixes will probably be back-ported
- further releases will depend on circumstances but are unlikely to be
  more frequent that 6 monthly

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1749290 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml webapps/docs/config/context.xml webapps/docs/security-howto.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 10:02:37 2016
New Revision: 1749290

URL: http://svn.apache.org/viewvc?rev=1749290=rev
Log:
Change the default for Context.sessionCookiePathUsesTrailingSlash from true to 
false.

Modified:
tomcat/tc7.0.x/trunk/   (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc7.0.x/trunk/webapps/docs/config/context.xml
tomcat/tc7.0.x/trunk/webapps/docs/security-howto.xml

Propchange: tomcat/tc7.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 20 10:02:37 2016
@@ -1,3 +1,3 @@
 
/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988,1667553
 
-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702739,1702742,1702
 
744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1725974,1726171-1
 
726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750
-/tomcat/tc8.5.x/trunk:1735579,1736839,1737199,1737966,1738042,1738044,1738162,1738165,1738178,1739157,1739173,1739177,1739476,1740132,1740521,1740536,1740804,1740811,1740981,1741165,1741174,1741182,1741191,1741203,1741209,1741226,1741233,1741410,1742277,1743118,1743126,1743139-1743140,1743718,1743722,1743724,1744059,1744127,1744151,1744232,1744377,1744687,1744698,1744706,1745228,1746940,1748548,1748716

svn commit: r1749289 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml webapps/docs/config/context.xml webapps/docs/security-howto.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 10:00:44 2016
New Revision: 1749289

URL: http://svn.apache.org/viewvc?rev=1749289=rev
Log:
Change the default for Context.sessionCookiePathUsesTrailingSlash from true to 
false.

Modified:
tomcat/tc8.0.x/trunk/   (props changed)
tomcat/tc8.0.x/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.0.x/trunk/webapps/docs/config/context.xml
tomcat/tc8.0.x/trunk/webapps/docs/security-howto.xml

Propchange: tomcat/tc8.0.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 20 10:00:44 2016
@@ -1,2 +1,2 @@
 
/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886
 
,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657
 
592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
 
666387,1666494,1666496,1666552,1666569,1666579,137,149,1666757,1666966,1666972,1666985,1666995,1666997,1667292,1667402,1667406,1667546,1667615,1667630,1667636,1667688,1667764,1667871,1668026,1668135,1668193,1668593,1668596,1668630,1668639,1668843,1669353,1669370,1669451,1669800,1669838,1669876,1669882,1670394,1670433,1670591,1670598-1670600,1670610,1670631,1670719,1670724,1670726,1670730,1670940,1671112,1672272,1672284,1673754,1674294,1675461,1675486,1675594,1675830,1676231,1676250-1676251,1676364,1676381,1676393,1676479,1676525,1676552,1676615,1676630,1676634,1676721,1676926,1676943,1677140,1677802,1678011,1678162,1678174,1678339,1678426-1678427,1678694,1678701,1679534,1679708,1679710,1679716,1680034,1680246,1681056,1681123,1681138,1681280,1681283,1681286,1681450,1681697,1681699,1681701,1681729,1681770,1681779,1681793,1681807,1681837-1681838,1681854,1681862,1681958,1682028,1682033,1682311,1682315,1682317,1682320,1682324,1682330,1682842,1684172,1684366,1684383,1684526-168452

svn commit: r1749288 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml webapps/docs/config/context.xml webapps/docs/security-howto.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 09:59:56 2016
New Revision: 1749288

URL: http://svn.apache.org/viewvc?rev=1749288=rev
Log:
Change the default for Context.sessionCookiePathUsesTrailingSlash from true to 
false.

Modified:
tomcat/tc8.5.x/trunk/   (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml
tomcat/tc8.5.x/trunk/webapps/docs/config/context.xml
tomcat/tc8.5.x/trunk/webapps/docs/security-howto.xml

Propchange: tomcat/tc8.5.x/trunk/
--
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jun 20 09:59:56 2016
@@ -1 +1 @@
-/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747
 993,1748001,1748253,1748452,1748547,1748676,1748715
+/tomcat/trunk:1734785,1734799,1734845,1734928,1735041,1735044,1735480,1735577,1735597,1735599-1735600,1735615,1736145,1736162,1736209,1736280,1736297,1736299,1736489,1736646,1736703,1736836,1736849,1737104-1737105,1737112,1737117,1737119-1737120,1737155,1737157,1737192,1737280,1737339,1737632,1737664,1737715,1737748,1737785,1737834,1737860,1737903,1737959,1738005,1738007,1738014-1738015,1738018,1738022,1738039,1738043,1738059-1738060,1738147,1738149,1738174-1738175,1738261,1738589,1738623-1738625,1738643,1738816,1738850,1738855,1738946-1738948,1738953-1738954,1738979,1738982,1739079-1739081,1739087,1739113,1739153,1739172,1739176,1739191,1739474,1739726,1739762,1739775,1739814,1739817-1739818,1739975,1740131,1740324,1740465,1740495,1740508-1740509,1740520,1740535,1740707,1740803,1740810,1740969,1740980,1740991,1740997,1741015,1741033,1741036,1741058,1741060,1741080,1741147,1741159,1741164,1741173,1741181,1741190,1741197,1741202,1741208,1741213,1741221,1741225,1741232,1741409,1741501
 
,1741677,1741892,1741896,1741984,1742023,1742042,1742071,1742090,1742093,1742101,1742105,1742111,1742139,1742146,1742148,1742166,1742181,1742184,1742187,1742246,1742248-1742251,1742263-1742264,1742268,1742276,1742369,1742387,1742448,1742509-1742512,1742917,1742919,1742933,1742975-1742976,1742984,1742986,1743019,1743115,1743117,1743124-1743125,1743134,1743425,1743554,1743679,1743696-1743698,1743700-1743701,1744058,1744064-1744065,1744125,1744194,1744229,1744270,1744323,1744432,1744684,1744697,1744705,1744713,1744760,1744786,1745142-1745143,1745145,1745177,1745179-1745180,1745227,1745248,1745254,1745337,1745467,1745576,1745735,1745744,1746304,1746306-1746307,1746319,1746327,1746338,1746340-1746341,1746344,1746427,1746441,1746473,1746490,1746492,1746495-1746496,1746499-1746501,1746503-1746507,1746509,1746549,1746551,1746554,1746556,1746558,1746584,1746620,1746649,1746724,1746939,1746989,1747014,1747028,1747035,1747210,1747225,1747234,1747253,1747404,1747506,1747536,1747924,1747980,1747
 993,1748001,1748253,1748452,1748547,1748676,1748715,1749287

Modified: 
tomcat/tc8.5.x/trunk/java/org/apache/catalina/core/StandardContext.java
URL:

svn commit: r1749287 - in /tomcat/trunk: java/org/apache/catalina/core/StandardContext.java webapps/docs/changelog.xml webapps/docs/config/context.xml webapps/docs/security-howto.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 09:58:37 2016
New Revision: 1749287

URL: http://svn.apache.org/viewvc?rev=1749287=rev
Log:
Change the default for Context.sessionCookiePathUsesTrailingSlash from true to 
false.

Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/docs/config/context.xml
tomcat/trunk/webapps/docs/security-howto.xml

Modified: tomcat/trunk/java/org/apache/catalina/core/StandardContext.java
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/StandardContext.java?rev=1749287=1749286=1749287=diff
==
--- tomcat/trunk/java/org/apache/catalina/core/StandardContext.java (original)
+++ tomcat/trunk/java/org/apache/catalina/core/StandardContext.java Mon Jun 20 
09:58:37 2016
@@ -696,7 +696,7 @@ public class StandardContext extends Con
  * particularly IE, don't send a session cookie for context /foo with
  * requests intended for context /foobar.
  */
-private boolean sessionCookiePathUsesTrailingSlash = true;
+private boolean sessionCookiePathUsesTrailingSlash = false;
 
 
 /**

Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1749287=1749286=1749287=diff
==
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Jun 20 09:58:37 2016
@@ -67,6 +67,13 @@
 attempts during the lock out period will no longer reset the lock out
 timer to zero. (markt)
   
+  
+Change the default of the
+sessionCookiePathUsesTrailingSlash attribute of the
+Context element to false since the problems
+caused when a Servlet is mapped to /* are more significant
+than the security risk of not enabling this option by default. (markt)
+  
 
   
   

Modified: tomcat/trunk/webapps/docs/config/context.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/config/context.xml?rev=1749287=1749286=1749287=diff
==
--- tomcat/trunk/webapps/docs/config/context.xml (original)
+++ tomcat/trunk/webapps/docs/config/context.xml Mon Jun 20 09:58:37 2016
@@ -492,15 +492,23 @@
   
 
   
-Some browsers, such as IE, will send a session cookie for a context
-with a path of /foo with a request to /foobar. To prevent this, Tomcat
-will add a trailing slash to the path associated with the session 
cookie
-so, in the above example, the cookie path becomes /foo/. However, with 
a
-cookie path of /foo/, IE will no longer send the cookie with a request
-to /foo. This should not be a problem unless there is a servlet mapped
-to /*. In this case this feature will need to be disabled. The default
-value for this attribute is true. To disable this feature,
-set the attribute to false.
+Some browsers, such as Internet Explorer, Safari and Edge, will send
+a session cookie for a context with a path of /foo with a
+request to /foobar in violation of RFC6265. This could
+expose a session ID from an application deployed at /foo 
to
+an application deployed at /foobar. If the application
+deployed at /foobar is untrusted, this could create a
+security risk. However, it should be noted that RFC 6265, section 8.5
+makes clear that path alone should not be view as sufficient to prevent
+untrusted applications accessing cookies from other applications. To
+mitigate this risk, this attribute may bet ste to true and
+Tomcat will add a trailing slash to the path associated with the 
session
+cookie so, in the above example, the cookie path becomes /foo/. 
However,
+with a cookie path of /foo/, browsers will no longer send the cookie
+with a request to /foo. This should not be a problem unless there is a
+servlet mapped to /*. In this case this attribute will need to be set 
to
+false to disable this feature. The default value for this
+attribute is false.
   
 
   

Modified: tomcat/trunk/webapps/docs/security-howto.xml
URL: 
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/security-howto.xml?rev=1749287=1749286=1749287=diff
==
--- tomcat/trunk/webapps/docs/security-howto.xml (original)
+++ tomcat/trunk/webapps/docs/security-howto.xml Mon Jun 20 09:58:37 2016
@@ -348,6 +348,15 @@
   operating systems (this includes Windows) will disable a number of
   security measures and allow, among other things, direct access to the
   WEB-INF directory.
+
+  The

Re: Problems with default for sessionCookiePathUsesTrailingSlash

2016-06-20 Thread Mark Thomas 
On 15/06/2016 11:59, Rémy Maucherat wrote:
> 2016-06-15 12:31 GMT+02:00 Mark Thomas :
> 
>> Hi all,
>>
>> A problem[1] with the default for sessionCookiePathUsesTrailingSlash has
>> cropped up via $work and after some research I wanted to discuss whether
>> the default should be changed.
>>
>> The default for sessionCookiePathUsesTrailingSlash is true to work
>> around a potential security issue in a number of browsers. I did a quick
>> test before writing this e-mail and it appears that IE, Edge and Safari
>> are affected. Together they represent approximately 42% of the current
>> browser market share[2].
>>
>> The security issue is that for a cookie path of '/foo', these browsers
>> include in the cookie when sending requests to '/foobar'. Tomcat
>> therefore introduced sessionCookiePathUsesTrailingSlash which adds a '/'
>> to the cookie path so '/foo' becomes '/foo/' since no user agent will
>> include this in a request to '/foobar'.
>>
>> However, this can cause problems. To summarise [1], we have:
>> A user request for '/foo'
>> A security enforcing filter that uses cookies mapped to '/*'
>> A web application with a controller servlet mapped to '/*'
>>
>> The sequence of events is:
>> - Tomcat receives the request for '/foo'
>> - Because of the servlet mapped to '/*', Tomcat does not redirect
>>   this to '/foo/'
>> - The security filter creates a session cookie (path '/foo/')
>> - The security filter performs authentication which includes
>>   additional requests from the client to '/foo'
>> - The security filter rejects the authentication because the
>>   subsequent requests do not include the cookie because the path
>>   does not match
>>
>> RFC 6265, section 4.1.2.4 is clear that cookies with a path of '/foo'
>> should not be included with requests for '/foobar'. However that same
>> section also makes clear that cookie paths should not be relied upon for
>> security. It references RFC 6265 section 8 which provides several
>> reasons for this in addition to the broken behaviour described above.
>>
>> Given the problems caused by the current default for
>> sessionCookiePathUsesTrailingSlash and the warnings in RFC 6265
>> regarding relying on cookie paths for security, I would like to propose
>> the following changes:
>> 1. Change the default for sessionCookiePathUsesTrailingSlash to false.
>> 2. Add some explanatory notes to the documentation for
>>sessionCookiePathUsesTrailingSlash that makes clear that the setting
>>is:
>>a) intended to work around broken browser behaviour
>>b) while it closes one security hole, others are likely to remain
>>   and reference RFC 6265 section 8.
>>
>> Thoughts?
>>
> +1

OK. I'll get this done shortly.

Mark


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 59616] SSLVerifyClient="optionalNoCA" stops working between 1.1.33 and 1.2.4

2016-06-20 Thread bugzilla 
https://bz.apache.org/bugzilla/show_bug.cgi?id=59616

Mark Thomas  changed:

   What|Removed |Added

 Resolution|--- |FIXED
 Status|NEW |RESOLVED

--- Comment #6 from Mark Thomas  ---
1.1.x is not affected.
1.2.0 to 1.2.7 is affected.
This has been fixed in 1.2.x and will be included in 1.2.8 onwards.

-- 
You are receiving this mail because:
You are the assignee for the bug.

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1749280 - in /tomcat/native/trunk: native/NMAKEmakefile xdocs/miscellaneous/changelog.xml

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 09:10:04 2016
New Revision: 1749280

URL: http://svn.apache.org/viewvc?rev=1749280=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=59616
Correctly enable and disable OCSP for the Windows builds.

Modified:
tomcat/native/trunk/native/NMAKEmakefile
tomcat/native/trunk/xdocs/miscellaneous/changelog.xml

Modified: tomcat/native/trunk/native/NMAKEmakefile
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/native/NMAKEmakefile?rev=1749280=1749279=1749280=diff
==
--- tomcat/native/trunk/native/NMAKEmakefile (original)
+++ tomcat/native/trunk/native/NMAKEmakefile Mon Jun 20 09:10:04 2016
@@ -41,8 +41,8 @@ APR_LIB = libapr-1.lib
 CFLAGS = $(CFLAGS) -DAPR_DECLARE_STATIC
 APR_LIB = apr-1.lib
 !ENDIF
-!IF DEFINED(ENABLE_OCSP)
-CFLAGS = $(CFLAGS) -DHAVE_OPENSSL_OCSP
+!IF !DEFINED(ENABLE_OCSP)
+CFLAGS = $(CFLAGS) -DOPENSSL_NO_OCSP
 !ENDIF
 
 !IF !DEFINED(SRCDIR) || "$(SRCDIR)" == ""

Modified: tomcat/native/trunk/xdocs/miscellaneous/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/xdocs/miscellaneous/changelog.xml?rev=1749280=1749279=1749280=diff
==
--- tomcat/native/trunk/xdocs/miscellaneous/changelog.xml (original)
+++ tomcat/native/trunk/xdocs/miscellaneous/changelog.xml Mon Jun 20 09:10:04 
2016
@@ -36,6 +36,10 @@
 
 
   
+
+  59616: Correct the Windows build files so that OCSP is
+  correctly enabled and disabled in the respective Windows binaries. 
(markt)
+
   
 
 



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1749278 - /tomcat/native/trunk/TODO.txt

2016-06-20 Thread markt 
Author: markt
Date: Mon Jun 20 08:54:10 2016
New Revision: 1749278

URL: http://svn.apache.org/viewvc?rev=1749278=rev
Log:
Remove a completed TODO

Modified:
tomcat/native/trunk/TODO.txt

Modified: tomcat/native/trunk/TODO.txt
URL: 
http://svn.apache.org/viewvc/tomcat/native/trunk/TODO.txt?rev=1749278=1749277=1749278=diff
==
--- tomcat/native/trunk/TODO.txt (original)
+++ tomcat/native/trunk/TODO.txt Mon Jun 20 08:54:10 2016
@@ -79,8 +79,3 @@ http://git.savannah.gnu.org/gitweb/?p=co
   (at least after I extract it on Solaris).
   It's a bit strange that permissions differ between the
   tar and zip archives.
-
-- OCSP enabled Windows binary
-  - Document build
-  - Use consistent naming
-(1.1.22 used ...win32-ocsp..., 1.1.24 used ...ocsp-win32...)



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r14057 - /dev/tomcat/tomcat-7/v7.0.70/ /release/tomcat/tomcat-7/v7.0.70/

2016-06-20 Thread violetagg 
Author: violetagg
Date: Mon Jun 20 07:36:20 2016
New Revision: 14057

Log:
Release 7.0.70

Added:
release/tomcat/tomcat-7/v7.0.70/
  - copied from r14056, dev/tomcat/tomcat-7/v7.0.70/
Removed:
dev/tomcat/tomcat-7/v7.0.70/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 7.0.70

2016-06-20 Thread Violeta Georgieva 
2016-06-20 10:04 GMT+03:00 Rémy Maucherat :
>
> 2016-06-15 21:47 GMT+02:00 Violeta Georgieva :
>
> > The proposed Apache Tomcat 7.0.70 release is now available for voting.
> >
> > It can be obtained from:
> > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.70/
> > The Maven staging repo is:
> > https://repository.apache.org/content/repositories/orgapachetomcat-1088/
> > The svn tag is:
> > http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_70/
> >
> > The proposed 7.0.70 release is:
> > [ ] Broken - do not release
> > [X] Stable - go ahead and release as 7.0.70 Stable
> >
> > Although a bit late, my testing just completed.

Thanks

> Rémy

svn commit: r1749271 - /tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

2016-06-20 Thread violetagg 
Author: violetagg
Date: Mon Jun 20 07:16:22 2016
New Revision: 1749271

URL: http://svn.apache.org/viewvc?rev=1749271=rev
Log:
Update the release date for 7.0.70

Modified:
tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1749271=1749270=1749271=diff
==
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Mon Jun 20 07:16:22 2016
@@ -68,7 +68,7 @@
 
   
 
-
+
   
 
   



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 7.0.70

2016-06-20 Thread Rémy Maucherat 
2016-06-15 21:47 GMT+02:00 Violeta Georgieva :

> The proposed Apache Tomcat 7.0.70 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.70/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1088/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_70/
>
> The proposed 7.0.70 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 7.0.70 Stable
>
> Although a bit late, my testing just completed.

Rémy

Re: [RESULT][VOTE] Release Apache Tomcat 7.0.70

2016-06-20 Thread Violeta Georgieva 
Hi,

2016-06-15 22:47 GMT+03:00 Violeta Georgieva :
>
> The proposed Apache Tomcat 7.0.70 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.70/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1088/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc7.0.x/tags/TOMCAT_7_0_70/
>
> The proposed 7.0.70 release is:
> [ ] Broken - do not release
> [ ] Stable - go ahead and release as 7.0.70 Stable


+1 (binding):   violetagg, mgrigorov, fschumacher, kfujino

No other voters were cast.

The vote has passed.

I'll do the release shortly and announce it once the mirrors catch up.


> Regards,
> Violeta

[GitHub] tomcat-maven-plugin pull request #24: fix path resolution under windows

2016-06-20 Thread ptzafrir 
GitHub user ptzafrir opened a pull request:

https://github.com/apache/tomcat-maven-plugin/pull/24

fix path resolution under windows

URL translate spaces to %20 and thus is unable to resolve jar paths located 
in directory with spaces in the path (as is the case under windows).

You can merge this pull request into a Git repository by running:

$ git pull https://github.com/ptzafrir/tomcat-maven-plugin tc8.x

Alternatively you can review and apply these changes as the patch at:

https://github.com/apache/tomcat-maven-plugin/pull/24.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

This closes #24


commit 11dd14798670585e0e73ddfae4407426e57c3ccf
Author: Tzafrir Poupko 
Date:   2016-06-20T06:17:27Z

fix path resolution under windows




---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org