On 23/01/2011 20:41, Jeremy Boynes wrote:
The only bug remaining that impact the JSTL libraries is #46052 (locale
performance on 1.6). Henri suggested releasing in its current form which
sounds reasonable. Should we release this as 1.2.0? Is this a good version
number - should we use
Author: markt
Date: Fri Mar 25 09:55:29 2011
New Revision: 1085303
URL: http://svn.apache.org/viewvc?rev=1085303view=rev
Log:
Fix string comparison - reported by Veracode
Modified:
tomcat/trunk/java/org/apache/catalina/startup/ContextConfig.java
Modified:
Author: markt
Date: Fri Mar 25 10:11:06 2011
New Revision: 1085304
URL: http://svn.apache.org/viewvc?rev=1085304view=rev
Log:
Update ignores
Modified:
tomcat/taglibs/taglibs-parent/trunk/ (props changed)
Propchange: tomcat/taglibs/taglibs-parent/trunk/
Author: markt
Date: Fri Mar 25 11:20:50 2011
New Revision: 1085323
URL: http://svn.apache.org/viewvc?rev=1085323view=rev
Log:
Remove call to System.exit() reported by Veracode and related code clean-up
Modified:
tomcat/trunk/java/org/apache/catalina/mbeans/GroupMBean.java
Author: markt
Date: Fri Mar 25 11:50:27 2011
New Revision: 1085336
URL: http://svn.apache.org/viewvc?rev=1085336view=rev
Log:
Include the seed time when calculating the time taken to create SecureRandom
instances for session ID generation, report excessive times (greater than
100ms) at INFO
Author: markt
Date: Fri Mar 25 11:53:36 2011
New Revision: 1085338
URL: http://svn.apache.org/viewvc?rev=1085338view=rev
Log:
No need to specify a default
Modified:
tomcat/trunk/java/org/apache/tomcat/util/net/jsse/JSSESocketFactory.java
Modified:
Author: markt
Date: Fri Mar 25 11:58:51 2011
New Revision: 1085340
URL: http://svn.apache.org/viewvc?rev=1085340view=rev
Log:
No need to specify a default
Modified:
tomcat/trunk/test/org/apache/tomcat/util/net/TestSsl.java
tomcat/trunk/test/org/apache/tomcat/util/net/TesterSupport.java
Author: markt
Date: Fri Mar 25 12:20:39 2011
New Revision: 1085346
URL: http://svn.apache.org/viewvc?rev=1085346view=rev
Log:
Securely seed the SecureRandom instance used for UUID generation and report
excessive creation time (greater than 100ms) at INFO level.
Added:
I received notification that Veracode had scanned Tomcat 7.0.11 today. I
thought folks would be interested in the results (committers can request
an account to get access to the full details).
Of the 33 flaws reported:
- 1 was a coding error (fixed in r1085303)
- 1 unnecessary call to
https://issues.apache.org/bugzilla/show_bug.cgi?id=50958
Volker Leidl vkhle...@gmail.com changed:
What|Removed |Added
Status|RESOLVED|REOPENED
https://issues.apache.org/bugzilla/show_bug.cgi?id=50958
Mark Thomas ma...@apache.org changed:
What|Removed |Added
Status|REOPENED|RESOLVED
On 25 March 2011 09:55, ma...@apache.org wrote:
Author: markt
Date: Fri Mar 25 09:55:29 2011
New Revision: 1085303
URL: http://svn.apache.org/viewvc?rev=1085303view=rev
Log:
Fix string comparison - reported by Veracode
Findbugs does not catch that?
Modified:
On 25 March 2011 11:20, ma...@apache.org wrote:
Author: markt
Date: Fri Mar 25 11:20:50 2011
New Revision: 1085323
URL: http://svn.apache.org/viewvc?rev=1085323view=rev
Log:
Remove call to System.exit() reported by Veracode and related code clean-up
Again, I thought Findbugs checks for
https://issues.apache.org/bugzilla/show_bug.cgi?id=50958
--- Comment #4 from Volker Leidl vkhle...@gmail.com 2011-03-25 12:50:50 EDT
---
I'm using 5.5, but that wasn't the point. Never mind, I'm obviously wasting my
time here.
--
Configure bugmail:
https://issues.apache.org/bugzilla/show_bug.cgi?id=50950
--- Comment #2 from Ronald Klop ron...@echteman.nl 2011-03-25 12:51:55 EDT ---
Created an attachment (id=26798)
-- (https://issues.apache.org/bugzilla/attachment.cgi?id=26798)
server.xml and context to reproduce the issue
If you set up a
https://issues.apache.org/bugzilla/show_bug.cgi?id=50950
Ronald Klop ron...@echteman.nl changed:
What|Removed |Added
Status|RESOLVED|REOPENED
https://issues.apache.org/bugzilla/show_bug.cgi?id=50950
--- Comment #3 from Ronald Klop ron...@echteman.nl 2011-03-25 12:53:38 EDT ---
You asked for the complete stack.
Mar 25, 2011 5:35:17 PM org.apache.catalina.ha.session.DeltaManager
requestCompleted
SEVERE: Unable to serialize delta request
That's really cool, Mark. I'm glad you're doing this.
I know we all have our doubts about scanning tools like this. But my
main issue with them is always so many false positives that it feels
hopeless. You seem to have fixed that.
Thanks,
Yoav
On Fri, Mar 25, 2011 at 8:22 AM, Mark Thomas
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685
--- Comment #21 from Mark Thomas ma...@apache.org 2011-03-25 13:59:58 EDT ---
I'm looking at this now and currently trying to figure out the additional
configuration required (JAAS, keytab, etc). Any notes you can provide that
would save me
Author: markt
Date: Fri Mar 25 18:18:35 2011
New Revision: 1085502
URL: http://svn.apache.org/viewvc?rev=1085502view=rev
Log:
Add another non-Java J2SE package. This is required for SPNEGO support.
Modified:
tomcat/trunk/res/checkstyle/org-import-control.xml
Modified:
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685
--- Comment #22 from Michael Osipov 1983-01...@gmx.net 2011-03-25 15:07:45
EDT ---
(In reply to comment #21)
I'm looking at this now and currently trying to figure out the additional
configuration required (JAAS, keytab, etc). Any notes
https://issues.apache.org/bugzilla/show_bug.cgi?id=48685
--- Comment #23 from Mark Thomas ma...@apache.org 2011-03-25 15:18:08 EDT ---
Doh. I missed the javadoc completely. My bad. I'll take a look over the weekend
and get back to you.
--
Configure bugmail:
Author: markt
Date: Fri Mar 25 21:59:07 2011
New Revision: 1085574
URL: http://svn.apache.org/viewvc?rev=1085574view=rev
Log:
Don't register Contexts that fail to start with the Mapper.
Modified:
tomcat/trunk/java/org/apache/catalina/connector/MapperListener.java
https://issues.apache.org/bugzilla/show_bug.cgi?id=50950
--- Comment #4 from Konstantin Kolinko knst.koli...@gmail.com 2011-03-25
18:45:16 EDT ---
(In reply to comment #3)
You asked for the complete stack.
The stack trace is still incomplete. What calls the last line in your comment
(below)? -
https://issues.apache.org/bugzilla/show_bug.cgi?id=50975
Summary: IIS connector times out on Transfer Encoded content,
never sending the chunked content
Product: Tomcat Connectors
Version: unspecified
Platform: PC
Status:
https://issues.apache.org/bugzilla/show_bug.cgi?id=50958
--- Comment #5 from Konstantin Kolinko knst.koli...@gmail.com 2011-03-25
18:53:19 EDT ---
It must be reminded that bugzilla is an inappropriate place to report security
issues. See
http://tomcat.apache.org/security.html
--
Configure
26 matches
Mail list logo