https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
Bug ID: 62343
Summary: CORS security: reflecting any origin header value when
configured to * is dangerous
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: All
To whom it may engage...
This is an automated request, but not an unsolicited one. For
more information please visit http://gump.apache.org/nagged.html,
and/or contact the folk at gene...@gump.apache.org.
Project tomcat-trunk-validate has an issue affecting its community integration.
To whom it may engage...
This is an automated request, but not an unsolicited one. For
more information please visit http://gump.apache.org/nagged.html,
and/or contact the folk at gene...@gump.apache.org.
Project tomcat-tc8.0.x-validate has an issue affecting its community
To whom it may engage...
This is an automated request, but not an unsolicited one. For
more information please visit http://gump.apache.org/nagged.html,
and/or contact the folk at gene...@gump.apache.org.
Project tomcat-tc7.0.x-validate has an issue affecting its community
On Mon, Apr 30, 2018, 16:48 Mark Thomas wrote:
> The current plan is to merge all of the existing branches into a single
> Git repo. This will be mirrored at GitHub under apache/tomcat. This is
> currently used for the svn mirror for trunk only.
>
> This raises the question
The current plan is to merge all of the existing branches into a single
Git repo. This will be mirrored at GitHub under apache/tomcat. This is
currently used for the svn mirror for trunk only.
This raises the question what to do with:
apache/tomcat7
apache/tomcat8
apache/tomcat85
I think there
On 30/04/18 21:11, Christopher Schultz wrote:
> Mark,
>
> On 4/30/18 1:48 PM, Apache Wiki wrote:
>> You have subscribed to a wiki page or wiki category on "Tomcat
>> Wiki" for change notification.
>
>> The "Security/Ciphers" page has been changed by markt:
>>
https://bz.apache.org/bugzilla/show_bug.cgi?id=62334
Christopher Schultz changed:
What|Removed |Added
Status|NEW
https://bz.apache.org/bugzilla/show_bug.cgi?id=62334
--- Comment #2 from Marat Abrarov ---
(In reply to Christopher Schultz from comment #1)
> Does IIS not already provide such a facility?
It looks like you are right, and it looks logical for me to handle this stuff
at web
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Mark,
On 4/30/18 1:48 PM, Apache Wiki wrote:
> You have subscribed to a wiki page or wiki category on "Tomcat
> Wiki" for change notification.
>
> The "Security/Ciphers" page has been changed by markt:
>
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "Security/Ciphers" page has been changed by markt:
https://wiki.apache.org/tomcat/Security/Ciphers?action=diff=23=24
Comment:
Update OpenSSL table
== APR with OpenSSL Results
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "Security/Ciphers" page has been changed by markt:
https://wiki.apache.org/tomcat/Security/Ciphers?action=diff=22=23
Comment:
Update JSSE+OpenSSL table
== NIO/NIO2 with
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "Security/Ciphers" page has been changed by markt:
https://wiki.apache.org/tomcat/Security/Ciphers?action=diff=21=22
Comment:
Add Java 10 for JSSE
== BIO/NIO/NIO2 with JSSE
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "Security/Ciphers" page has been changed by markt:
https://wiki.apache.org/tomcat/Security/Ciphers?action=diff=20=21
Comment:
Update versions, add Java 9 and update JSSE results
The Buildbot has detected a restored build on builder tomcat-trunk while
building . Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/3228
Buildbot URL: https://ci.apache.org/
Buildslave for this Build: silvanus_ubuntu
Build Reason: The AnyBranchScheduler
https://bz.apache.org/bugzilla/show_bug.cgi?id=62334
Christopher Schultz changed:
What|Removed |Added
OS|
Author: remm
Date: Mon Apr 30 16:00:59 2018
New Revision: 1830595
URL: http://svn.apache.org/viewvc?rev=1830595=rev
Log:
Revert r1830592 due to unexpected CI failure.
Modified:
tomcat/trunk/java/org/apache/tomcat/websocket/server/WsRemoteEndpointImplServer.java
Author: csutherl
Date: Mon Apr 30 15:59:11 2018
New Revision: 1830594
URL: http://svn.apache.org/viewvc?rev=1830594=rev
Log:
Fix typo
Modified:
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
The Buildbot has detected a new failure on builder tomcat-trunk while building
. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/3227
Buildbot URL: https://ci.apache.org/
Buildslave for this Build: silvanus_ubuntu
Build Reason: The AnyBranchScheduler
Author: remm
Date: Mon Apr 30 15:28:26 2018
New Revision: 1830592
URL: http://svn.apache.org/viewvc?rev=1830592=rev
Log:
Add async IO API use in websockets writes. Although I doubt there's an actual
benefit at the moment, the change is small and it still improves testing of the
API as the usage
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "Security/Ciphers" page has been changed by markt:
https://wiki.apache.org/tomcat/Security/Ciphers?action=diff=19=20
Comment:
Remove references to Java 5 and Tomcat 6
==
On Fri, Apr 27, 2018 at 10:03 PM Mark Thomas wrote:
> The proposed Apache Tomcat 9.0.8 release is now available for voting.
>
> The major changes compared to the 9.0.7 release are:
>
> - Implement configuration options to work-around specification
> non-compliant user agents
On 30/04/18 12:17, r...@apache.org wrote:
> Author: remm
> Date: Mon Apr 30 11:17:26 2018
> New Revision: 1830548
>
> URL: http://svn.apache.org/viewvc?rev=1830548=rev
> Log:
> Changelog format.
Tx.
Mark
>
> Modified:
> tomcat/trunk/webapps/docs/changelog.xml
>
> Modified:
Author: markt
Date: Mon Apr 30 12:13:32 2018
New Revision: 1830556
URL: http://svn.apache.org/viewvc?rev=1830556=rev
Log:
Fix indent
Modified:
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
Author: markt
Date: Mon Apr 30 12:12:31 2018
New Revision: 1830555
URL: http://svn.apache.org/viewvc?rev=1830555=rev
Log:
Remove unnecessary code
Modified:
tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java
Modified:
Author: remm
Date: Mon Apr 30 11:19:57 2018
New Revision: 1830549
URL: http://svn.apache.org/viewvc?rev=1830549=rev
Log:
Sometimes Future write will cause an ISE with NIO2 (timeout or cancel on a
channel). Not a very good idea IMO. Make things more consistent with SSL close.
Modified:
Author: remm
Date: Mon Apr 30 11:17:26 2018
New Revision: 1830548
URL: http://svn.apache.org/viewvc?rev=1830548=rev
Log:
Changelog format.
Modified:
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
Author: markt
Date: Mon Apr 30 10:57:27 2018
New Revision: 1830547
URL: http://svn.apache.org/viewvc?rev=1830547=rev
Log:
Correct a regression in the error page handling that prevented error pages from
issuing redirects or taking other action that required the response status code
to be
On 27/04/18 21:47, Mark Thomas wrote:
> The proposed 8.5.31 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.31
Unit tests pass for NIO, NIO2 and APR/native on Windows, Linux and OSX.
Mark
-
On 27/04/18 21:03, Mark Thomas wrote:
> The proposed 9.0.8 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.8
Unit tests pass for NIO, NIO2 and APR/native on Windows, Linux and OSX.
Mark
-
To
On 29/04/18 23:14, Violeta Georgieva wrote:
> On Sun, 29 Apr 2018 at 17:10, Violeta Georgieva
> wrote:
>> On Sun, 29 Apr 2018 at 6:54, Mark Thomas wrote:
>>> On 28/04/18 17:50, Violeta Georgieva wrote:
Is this file really part of that change?
>>>
All,
I am delighted to announce the schedules are now available for:
TomcatCon Berlin 13-14 June, 2018:
http://apachecon.com/euroadshow18/tomcat-schedule.html
TomcatCon Montréal 24-25 September, 2018:
http://apachecon.dukecon.org/acna/2018/#/schedule/2018-09-24
Full details, including
Author: markt
Date: Mon Apr 30 08:01:55 2018
New Revision: 1830536
URL: http://svn.apache.org/viewvc?rev=1830536=rev
Log:
Add EU Roadshow and NA to website
Modified:
tomcat/site/trunk/docs/bugreport.html
tomcat/site/trunk/docs/ci.html
tomcat/site/trunk/docs/conference.html
33 matches
Mail list logo