https://bz.apache.org/bugzilla/show_bug.cgi?id=60451
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Author: markt
Date: Thu Dec 8 22:20:26 2016
New Revision: 1773307
URL: http://svn.apache.org/viewvc?rev=1773307=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60451
Correctly handle HTTP/2 header values that contain characters with unicode code
points in the range 128 to 255.
Author: markt
Date: Thu Dec 8 22:19:41 2016
New Revision: 1773306
URL: http://svn.apache.org/viewvc?rev=1773306=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=60451
Correctly handle HTTP/2 header values that contain characters with unicode code
points in the range 128 to 255.
On 08/12/2016 21:15, Victor Rodriguez wrote:
> THANKS IN ADVANCE FOR YOUR HELP!
Please stop shouting.
This question belongs on the users list.
Mark
>
> I have abc.war and I want both /abc and /xyz to work for it. I've tried
> adding aliases="/abc=abc.war,/xyz=abc.war" and
THANKS IN ADVANCE FOR YOUR HELP!
I have abc.war and I want both /abc and /xyz to work for it. I've tried
adding aliases="/abc=abc.war,/xyz=abc.war" and aliases="/abc=abc,/xyz=abc"
but neither of those worked. This is how my original context.xml looked
like.
WEB-INF/web.xml
Author: markt
Date: Thu Dec 8 20:50:30 2016
New Revision: 17334
Log:
Release 8.5.9
Added:
release/tomcat/tomcat-8/v8.5.9/
- copied from r17250, dev/tomcat/tomcat-8/v8.5.9/
Removed:
dev/tomcat/tomcat-8/v8.5.9/
-
The following votes were cast:
Binding:
+1 (stable): violetagg, remm, kfujino, fschumacher
Non-binding:
+1 (stable): ebourg, csutherl, huxing
The vote therefore passes. Thanks to everyone who contributed to this
this release
Mark
Author: markt
Date: Thu Dec 8 20:48:07 2016
New Revision: 17333
Log:
Release 9.0.0.M15
Added:
release/tomcat/tomcat-9/v9.0.0.M15/
- copied from r17237, dev/tomcat/tomcat-9/v9.0.0.M15/
Removed:
dev/tomcat/tomcat-9/v9.0.0.M15/
The following votes were cast:
Binding:
+1 (stable): markt, violetagg, remm, kfujino, fschumacher
Non-binding:
+1 (stable): huxing
The vote therefore passes. Thanks to everyone who contributed to this
this release
Mark
-
To
https://bz.apache.org/bugzilla/show_bug.cgi?id=60372
--- Comment #18 from mgrigorov ---
8.5.9 is being voted at the moment.
If everything is OK it will be available in the next few days.
--
You are receiving this mail because:
You are the assignee for the bug.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60372
--- Comment #17 from Jan Kostelansky ---
dear support
when can I expect the patch to be included in tomcat 8.5 or tomcat 9 release?
I have not found it in changelog of latest tomcat 8.5
Thank you, Jan
--
https://bz.apache.org/bugzilla/show_bug.cgi?id=60372
Violeta Georgieva changed:
What|Removed |Added
CC|
https://bz.apache.org/bugzilla/show_bug.cgi?id=60455
Violeta Georgieva changed:
What|Removed |Added
Resolution|--- |DUPLICATE
https://bz.apache.org/bugzilla/show_bug.cgi?id=60455
Bug ID: 60455
Summary: java.nio.BufferOverflowException
Product: Tomcat 9
Version: 9.0.0.M11
Hardware: PC
Status: NEW
Severity: critical
Priority: P2
Hi,
The proposed 8.5.9 release is:
[ ] Broken - do not release
[ X ] Stable - go ahead and release as <8.5.8> (should be 8.5.9)
Test case pass.
Our test web app works fine.
--
From:Mark Thomas
Time:2016 Dec 6
Le 8/12/2016 à 11:49, Mark Thomas a écrit :
> Added.
Thank you Mark.
> The commits on the security pages are meant to be just those required to
> fix the vulnerability.
>
> Back-porters may need additional commits for various reasons:
> a) prior commits that aligned the code with later
On 08/12/2016 09:54, Emmanuel Bourg wrote:
> [resending as a new message instead of a reply, sorry]
Thanks.
> I'm still working on the security backports in Debian and I have a
> question regarding CVE-2015-5345. On the Tomcat 7 security page the
> commits 1715213 and 1717212 are referenced. If
https://bz.apache.org/bugzilla/show_bug.cgi?id=60451
--- Comment #3 from Ludovic Pénet ---
Agreed. I left the bug opened because the exception raised was quite unclear to
me and having another error trace would be great.
--
You are receiving this mail because:
You are the
Author: markt
Date: Thu Dec 8 11:11:51 2016
New Revision: 1773214
URL: http://svn.apache.org/viewvc?rev=1773214=rev
Log:
Add additional commit that fix the broken config options
Modified:
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-7.xml
Modified:
Author: markt
Date: Thu Dec 8 10:58:28 2016
New Revision: 1773212
URL: http://svn.apache.org/viewvc?rev=1773212=rev
Log:
Fix typo
Modified:
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/xdocs/security-7.xml
Modified: tomcat/site/trunk/docs/security-7.html
URL:
https://bz.apache.org/bugzilla/show_bug.cgi?id=60451
--- Comment #2 from Michael Osipov <1983-01...@gmx.net> ---
This one is worth reading: http://stackoverflow.com/a/30446122/696632
--
You are receiving this mail because:
You are the assignee for the bug.
On 08/12/2016 00:37, Emmanuel Bourg wrote:
> Hi,
>
> The security pages are missing another commit, this time for
> CVE-2016-6797. The newly added validateGlobalResourceAccess method in
> ResourceLinkFactory was later modified to iterate over the classloader
> hierarchy. Without this modification
Author: markt
Date: Thu Dec 8 10:41:54 2016
New Revision: 1773211
URL: http://svn.apache.org/viewvc?rev=1773211=rev
Log:
And regression fix to CVE-2016-6796 commits
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
[resending as a new message instead of a reply, sorry]
Hi all,
I'm still working on the security backports in Debian and I have a
question regarding CVE-2015-5345. On the Tomcat 7 security page the
commits 1715213 and 1717212 are referenced. If I'm not mistaken the
commit 1716860 should also be
Hi all,
I'm still working on the security backports in Debian and I have a
question regarding CVE-2015-5345. On the Tomcat 7 security page the
commits 1715213 and 1717212 are referenced. If I'm not mistaken the
commit 1716860 should also be part of the fix, otherwise the
mapper*RedirectEnabled
On 08/12/2016 07:32, Violeta Georgieva wrote:
> 2016-12-08 3:48 GMT+02:00 Matthew Bellew :
>>
>> I have narrowed this down quite a lot. This bug is caused by the same
>> Http11Processor being pushed on to the recycledProcessors stack twice. I
>> discovered this by add a
26 matches
Mail list logo