[Bug 62343] New: CORS security: reflecting any origin header value when configured to * is dangerous

https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 Bug ID: 62343 Summary: CORS security: reflecting any origin header value when configured to * is dangerous Product: Tomcat 8 Version: 8.5.x-trunk Hardware: All

[GUMP@vmgump-vm3]: Project tomcat-trunk-validate (in module tomcat-trunk) failed

To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-trunk-validate has an issue affecting its community integration.

[GUMP@vmgump-vm3]: Project tomcat-tc8.0.x-validate (in module tomcat-8.0.x) failed

To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-tc8.0.x-validate has an issue affecting its community

[GUMP@vmgump-vm3]: Project tomcat-tc7.0.x-validate (in module tomcat-7.0.x) failed

To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-tc7.0.x-validate has an issue affecting its community

Re: [Git migration] Old git repositories

On Mon, Apr 30, 2018, 16:48 Mark Thomas wrote: > The current plan is to merge all of the existing branches into a single > Git repo. This will be mirrored at GitHub under apache/tomcat. This is > currently used for the svn mirror for trunk only. > > This raises the question

[Git migration] Old git repositories

The current plan is to merge all of the existing branches into a single Git repo. This will be mirrored at GitHub under apache/tomcat. This is currently used for the svn mirror for trunk only. This raises the question what to do with: apache/tomcat7 apache/tomcat8 apache/tomcat85 I think there

Re: [Tomcat Wiki] Update of "Security/Ciphers" by markt

On 30/04/18 21:11, Christopher Schultz wrote: > Mark, > > On 4/30/18 1:48 PM, Apache Wiki wrote: >> You have subscribed to a wiki page or wiki category on "Tomcat >> Wiki" for change notification. > >> The "Security/Ciphers" page has been changed by markt: >>

[Bug 62334] Filter by remote IP address of request for status worker of ISAPI redirector

https://bz.apache.org/bugzilla/show_bug.cgi?id=62334 Christopher Schultz changed: What|Removed |Added Status|NEW

[Bug 62334] Filter by remote IP address of request for status worker of ISAPI redirector

https://bz.apache.org/bugzilla/show_bug.cgi?id=62334 --- Comment #2 from Marat Abrarov --- (In reply to Christopher Schultz from comment #1) > Does IIS not already provide such a facility? It looks like you are right, and it looks logical for me to handle this stuff at web

Re: [Tomcat Wiki] Update of "Security/Ciphers" by markt

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 4/30/18 1:48 PM, Apache Wiki wrote: > You have subscribed to a wiki page or wiki category on "Tomcat > Wiki" for change notification. > > The "Security/Ciphers" page has been changed by markt: >

[Tomcat Wiki] Update of "Security/Ciphers" by markt

Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff=23=24 Comment: Update OpenSSL table == APR with OpenSSL Results

[Tomcat Wiki] Update of "Security/Ciphers" by markt

Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff=22=23 Comment: Update JSSE+OpenSSL table == NIO/NIO2 with

[Tomcat Wiki] Update of "Security/Ciphers" by markt

Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff=21=22 Comment: Add Java 10 for JSSE == BIO/NIO/NIO2 with JSSE

[Tomcat Wiki] Update of "Security/Ciphers" by markt

Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff=20=21 Comment: Update versions, add Java 9 and update JSSE results

buildbot success in on tomcat-trunk

The Buildbot has detected a restored build on builder tomcat-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/3228 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler

[Bug 62334] Filter by remote IP address of request for status worker of ISAPI redirector

https://bz.apache.org/bugzilla/show_bug.cgi?id=62334 Christopher Schultz changed: What|Removed |Added OS|

svn commit: r1830595 - in /tomcat/trunk: java/org/apache/tomcat/websocket/server/WsRemoteEndpointImplServer.java webapps/docs/changelog.xml

Author: remm Date: Mon Apr 30 16:00:59 2018 New Revision: 1830595 URL: http://svn.apache.org/viewvc?rev=1830595=rev Log: Revert r1830592 due to unexpected CI failure. Modified: tomcat/trunk/java/org/apache/tomcat/websocket/server/WsRemoteEndpointImplServer.java

svn commit: r1830594 - /tomcat/trunk/webapps/docs/changelog.xml

Author: csutherl Date: Mon Apr 30 15:59:11 2018 New Revision: 1830594 URL: http://svn.apache.org/viewvc?rev=1830594=rev Log: Fix typo Modified: tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/webapps/docs/changelog.xml URL:

buildbot failure in on tomcat-trunk

The Buildbot has detected a new failure on builder tomcat-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/3227 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler

svn commit: r1830592 - in /tomcat/trunk: java/org/apache/tomcat/websocket/server/WsRemoteEndpointImplServer.java webapps/docs/changelog.xml

Author: remm Date: Mon Apr 30 15:28:26 2018 New Revision: 1830592 URL: http://svn.apache.org/viewvc?rev=1830592=rev Log: Add async IO API use in websockets writes. Although I doubt there's an actual benefit at the moment, the change is small and it still improves testing of the API as the usage

[Tomcat Wiki] Update of "Security/Ciphers" by markt

Dear Wiki user, You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change notification. The "Security/Ciphers" page has been changed by markt: https://wiki.apache.org/tomcat/Security/Ciphers?action=diff=19=20 Comment: Remove references to Java 5 and Tomcat 6 ==

Re: [VOTE] Release Apache Tomcat 9.0.8

On Fri, Apr 27, 2018 at 10:03 PM Mark Thomas wrote: > The proposed Apache Tomcat 9.0.8 release is now available for voting. > > The major changes compared to the 9.0.7 release are: > > - Implement configuration options to work-around specification > non-compliant user agents

Re: svn commit: r1830548 - /tomcat/trunk/webapps/docs/changelog.xml

On 30/04/18 12:17, r...@apache.org wrote: > Author: remm > Date: Mon Apr 30 11:17:26 2018 > New Revision: 1830548 > > URL: http://svn.apache.org/viewvc?rev=1830548=rev > Log: > Changelog format. Tx. Mark > > Modified: > tomcat/trunk/webapps/docs/changelog.xml > > Modified:

svn commit: r1830556 - /tomcat/trunk/webapps/docs/changelog.xml

Author: markt Date: Mon Apr 30 12:13:32 2018 New Revision: 1830556 URL: http://svn.apache.org/viewvc?rev=1830556=rev Log: Fix indent Modified: tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/webapps/docs/changelog.xml URL:

svn commit: r1830555 - /tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java

Author: markt Date: Mon Apr 30 12:12:31 2018 New Revision: 1830555 URL: http://svn.apache.org/viewvc?rev=1830555=rev Log: Remove unnecessary code Modified: tomcat/trunk/java/org/apache/coyote/http11/Http11Processor.java Modified:

svn commit: r1830549 - in /tomcat/trunk: java/org/apache/tomcat/util/net/SecureNio2Channel.java webapps/docs/changelog.xml

Author: remm Date: Mon Apr 30 11:19:57 2018 New Revision: 1830549 URL: http://svn.apache.org/viewvc?rev=1830549=rev Log: Sometimes Future write will cause an ISE with NIO2 (timeout or cancel on a channel). Not a very good idea IMO. Make things more consistent with SSL close. Modified:

svn commit: r1830548 - /tomcat/trunk/webapps/docs/changelog.xml

Author: remm Date: Mon Apr 30 11:17:26 2018 New Revision: 1830548 URL: http://svn.apache.org/viewvc?rev=1830548=rev Log: Changelog format. Modified: tomcat/trunk/webapps/docs/changelog.xml Modified: tomcat/trunk/webapps/docs/changelog.xml URL:

svn commit: r1830547 - in /tomcat/trunk: java/org/apache/coyote/Response.java java/org/apache/coyote/http11/Http11InputBuffer.java webapps/docs/changelog.xml

Author: markt Date: Mon Apr 30 10:57:27 2018 New Revision: 1830547 URL: http://svn.apache.org/viewvc?rev=1830547=rev Log: Correct a regression in the error page handling that prevented error pages from issuing redirects or taking other action that required the response status code to be

Re: [VOTE] Release Apache Tomcat 8.5.31

On 27/04/18 21:47, Mark Thomas wrote: > The proposed 8.5.31 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.31 Unit tests pass for NIO, NIO2 and APR/native on Windows, Linux and OSX. Mark -

Re: [VOTE] Release Apache Tomcat 9.0.8

On 27/04/18 21:03, Mark Thomas wrote: > The proposed 9.0.8 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 9.0.8 Unit tests pass for NIO, NIO2 and APR/native on Windows, Linux and OSX. Mark - To

Re: svn commit: r1830251 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/tomcat/util/http/parser/HttpParser.java res/maven/mvn-pub.xml test/org/apache/tomcat/util/http/parser/TestHttpParserHost.java we

On 29/04/18 23:14, Violeta Georgieva wrote: > On Sun, 29 Apr 2018 at 17:10, Violeta Georgieva > wrote: >> On Sun, 29 Apr 2018 at 6:54, Mark Thomas wrote: >>> On 28/04/18 17:50, Violeta Georgieva wrote: Is this file really part of that change? >>>

[ANN] TomcatCon Schedules Announced

All, I am delighted to announce the schedules are now available for: TomcatCon Berlin 13-14 June, 2018: http://apachecon.com/euroadshow18/tomcat-schedule.html TomcatCon Montréal 24-25 September, 2018: http://apachecon.dukecon.org/acna/2018/#/schedule/2018-09-24 Full details, including

svn commit: r1830536 - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/

Author: markt Date: Mon Apr 30 08:01:55 2018 New Revision: 1830536 URL: http://svn.apache.org/viewvc?rev=1830536=rev Log: Add EU Roadshow and NA to website Modified: tomcat/site/trunk/docs/bugreport.html tomcat/site/trunk/docs/ci.html tomcat/site/trunk/docs/conference.html