DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13014.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
Hi to all,
While converting some applications from 3.3.1 to 4.1.12 I noticed
some little problems.
1) We used to define our own default servlet, but 4.1.x
definie its own default in conf/web.xml.
Could we change from org.apache.catalina.servlets.DefaultServlet
to our actual default
Henri Gomez wrote:
Hi to all,
While converting some applications from 3.3.1 to 4.1.12 I noticed
some little problems.
1) We used to define our own default servlet, but 4.1.x
definie its own default in conf/web.xml.
Could we change from org.apache.catalina.servlets.DefaultServlet
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13014.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
hgomez 2002/10/08 23:58:31
Modified:jk/java/org/apache/jk/common ChannelSocket.java
Log:
tcpnodelay to true by default, but could be turned off by
setting tcpnodelay=false from outside (howto in server.xml ?)
Revision ChangesPath
1.23 +3 -3
Remy Maucherat wrote:
Henri Gomez wrote:
Hi to all,
While converting some applications from 3.3.1 to 4.1.12 I noticed
some little problems.
1) We used to define our own default servlet, but 4.1.x
definie its own default in conf/web.xml.
Could we change from
[EMAIL PROTECTED] wrote:
hgomez 2002/10/08 23:58:31
Modified:jk/java/org/apache/jk/common ChannelSocket.java
Log:
tcpnodelay to true by default, but could be turned off by
Only ChannelSocket need to be updated.
Ajp14Interceptor allready called tcpnodelay(true), and
other
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13014.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
- Original Message -
From: Henri Gomez [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 08, 2002 11:33 PM
Subject: apps conversion from 3.3.1 to 4.1.12
Hi to all,
While converting some applications from 3.3.1 to 4.1.12 I noticed
some little problems.
Wot? 3.3.1 isn't
Hi,
I was wondering if I can get the Catalina class diagram to help me
understand how it works, or if it is available
online.
Thanks,
budi
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13443.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
remm2002/10/09 01:01:12
Modified:catalina/src/share/org/apache/catalina/core
ApplicationContext.java StandardWrapper.java
Added: catalina/src/share/org/apache/catalina/core
DummyRequest.java DummyResponse.java
Removed:
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13445.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13445.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
The connectors which depend on the org.apache.catalina.connector package
(including JK 1, webapp, and the old HTTP connectors) will either need
to be updated or removed. The Coyote family of connectors is well
supported and provides a suitable replacement (IMO). Coyote is the
default
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13446.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
Remy Maucherat wrote:
The connectors which depend on the org.apache.catalina.connector package
(including JK 1, webapp, and the old HTTP connectors) will either need
to be updated or removed. The Coyote family of connectors is well
supported and provides a suitable replacement (IMO).
remm2002/10/09 03:06:07
Modified:.build.xml
resources INSTALLLICENSE
Added: .CHANGELOG RELEASE-NOTES
resources welcome.bin.html welcome.main.html
Log:
- Improve release target, so that it will create a ready to upload
remm2002/10/09 03:06:34
Modified:..cvsignore
Log:
- Update .cvsignore.
Revision ChangesPath
1.3 +1 -0 jakarta-tomcat-5/.cvsignore
Index: .cvsignore
===
RCS file:
remm2002/10/09 03:07:48
Modified:.build.xml
Log:
- No reason to clean the release folder.
Revision ChangesPath
1.39 +0 -2 jakarta-tomcat-5/build.xml
Index: build.xml
===
RCS
ballot
[X] Remove deprecated org.apache.catalina.connector components from the
j-t-catalina module
[ ] Leave them in
/ballot
IAS
Jakarta-Seoul Project Coordinator
http://jakarta.apache-korea.org
-Original Message-
From: Remy Maucherat [mailto:[EMAIL PROTECTED]]
Sent: Wednesday,
This email is autogenerated from the output from:
http://jakarta.apache.org/builds/gump/2002-10-09/jakarta-tomcat-util.html
Buildfile: build.xml
detect:
build-prepare:
[mkdir] Created
ballot
[ ] Remove deprecated org.apache.catalina.connector
components from the
j-t-catalina module
[X ] Leave them in
/ballot
Atleast untill all the excessive log messages are removed from the
coyote connectors (ie the socket error messages) or there is a way to
disable them (ie give
This is likely the protection against reading anything outside the
webapp root (see the allowLinking of FileDirContext), although I don't
know how the digester will try to load the included file.
Digester code is derived from XmlMapper which is able to locate entities
in ../../../
I wonder if a release of commons-daemon is planned.
JF ?
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Henri Gomez wrote:
I wonder if a release of commons-daemon is planned.
No, because promoting it to commons proper got vetoed.
At the moment, it looks like a split between daemon and launcher will
happen.
(like Costin, I'd really like to get rid of the Java code in daemon -
the o.a.c.daemon
remm2002/10/09 05:20:40
Modified:.build.xml tomcat.nsi
resources INSTALLLICENSE
Log:
- Cleanups and small fixes.
Revision ChangesPath
1.40 +1 -1 jakarta-tomcat-5/build.xml
Index: build.xml
ballot
[X] Remove deprecated org.apache.catalina.connector components from the
j-t-catalina module
[ ] Leave them in
/ballot
Cheers
Jean-frederic
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
remm2002/10/09 05:40:53
Modified:catalina/src/share/org/apache/catalina/core
StandardWrapperValve.java
Log:
- The decoded URI should be used there.
Revision ChangesPath
1.5 +15 -10
Henri Gomez wrote:
I wonder if a release of commons-daemon is planned.
JF ?
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
I am using it in a product named openIS.
The FSC QA are still complaining about small
remm2002/10/09 05:42:51
Modified:catalina/src/share/org/apache/catalina/valves
ErrorReportValve.java
Log:
- Port patch.
Revision ChangesPath
1.3 +6 -9
remm2002/10/09 05:52:40
Modified:catalina/src/share/org/apache/catalina/core
StandardWrapperValve.java
Log:
- Oops, not the right object.
Revision ChangesPath
1.6 +5 -5
mturk 2002/10/09 06:01:29
Modified:jk/xdocs/jk2 confighowto.xml
Log:
Add the JNI Minimum configuration.
Revision ChangesPath
1.2 +57 -1 jakarta-tomcat-connectors/jk/xdocs/jk2/confighowto.xml
Index: confighowto.xml
Remy Maucherat wrote:
Henri Gomez wrote:
I wonder if a release of commons-daemon is planned.
No, because promoting it to commons proper got vetoed.
And the reasons why have not been changed... I had no time to write the needed
code (and I was on holidays at the time of the veto: it was
ballot
[ X ] Remove deprecated org.apache.catalina.connector components from
the j-t-catalina module
[ ] Leave them in
/ballot
-- Jeanfrancois
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
jean-frederic clere wrote:
Hi,
I am willing to use the administration tools of Tomcat but I am
wondering where the administration-howto.html is located.
If it is not existing I will create one similar to the existing
manager-howto.xml.
Any comments?
I know that Amy has been
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13456.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
ballot
[X] Remove deprecated org.apache.catalina.connector
components from the
j-t-catalina module
[ ] Leave them in
/ballot
Saludos,
Ignacio J. Ortega
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13365.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13456.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
bobh2002/10/09 08:03:21
Modified:util/java/org/apache/tomcat/util/net/jsse JSSESupport.java
Log:
- make gump happy by getting rid of 1.4 only class java.net.SocketTimeoutException
Revision ChangesPath
1.3 +3 -3
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13014.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
Remy Maucherat wrote:
Henri Gomez wrote:
This is likely the protection against reading anything outside the
webapp root (see the allowLinking of FileDirContext), although I
don't know how the digester will try to load the included file.
Digester code is derived from XmlMapper which is
I can't think of anything more boring and tedious (bug fixing?) but I am
willing to help. Maybe we should divide up the classes.
Cheers,
-bob
On Tue, 2002-10-08 at 16:36, Jean-Francois Arcand wrote:
Hi,
I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I
would
On Wed, 9 Oct 2002, Henri Gomez wrote:
Date: Wed, 09 Oct 2002 17:39:00 +0200
From: Henri Gomez [EMAIL PROTECTED]
Reply-To: Tomcat Developers List [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Subject: Re: apps conversion from 3.3.1 to 4.1.12
Remy Maucherat wrote:
Henri Gomez wrote:
Remy Maucherat wrote:
Henri Gomez wrote:
This is likely the protection against reading anything outside the
webapp root (see the allowLinking of FileDirContext), although I
don't know how the digester will try to load the included file.
Digester code is derived
org.apache.naming.resources.DirContextURLConnection.getInputStream(DirContextURLConnection.java:344)
at java.net.URL.openStream(URL.java:793)
Well, that's exactly the same. Where do you think that weird URL
connection goes ?? (hint: to the aforementioned FileDirContext, through
Haven't looked at the code, but here's a couple of thoughts that might
help:
If your path above (../../../settings.xml) is attempting to go above
the context root of the webapp, it's pretty much guaranteed to fail
because of the security restrictions. Undoing that restriction would just
On Wed, 9 Oct 2002, Henri Gomez wrote:
Date: Wed, 09 Oct 2002 18:13:10 +0200
From: Henri Gomez [EMAIL PROTECTED]
Reply-To: Tomcat Developers List [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Subject: Re: apps conversion from 3.3.1 to 4.1.12
Haven't looked at the
I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I
would like to collect as more as information as where you think I should
look at (code, security hole, etc.). I'm planning to do the audit using
the default SecurityManager. Rigth now, I have started looking at:
ballot
[X ] Remove deprecated org.apache.catalina.connector components from the
j-t-catalina module
[ ] Leave them in
/ballot
As long as it won't break builds of 4.1 :-)
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Hi,
with Tomcat 4.1.12, Xerces 2.2 is throwing the following exception:
org.xml.sax.SAXParseException: The string -- is not permitted within
comments.
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
This is a bug in the org.apache.struts.digester.Digester class. If
Jean-Francois Arcand wrote:
Hi,
with Tomcat 4.1.12, Xerces 2.2 is throwing the following exception:
org.xml.sax.SAXParseException: The string -- is not permitted within
comments.
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
This is a bug in the
luehe 2002/10/09 09:47:31
Modified:jasper2/src/share/org/apache/jasper/xmlparser
ParserUtils.java
Log:
Removed dead code
Revision ChangesPath
1.5 +1 -96
luehe 2002/10/09 09:55:14
Removed: jasper2/src/share/org/apache/jasper/util StringManager.java
Log:
Removed redundant org.apache.jasper.util.StringManager
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
remm2002/10/09 09:56:17
Modified:http11/src/java/org/apache/coyote/http11 Constants.java
Log:
- Increase a little bit buffer sizes.
Revision ChangesPath
1.10 +1 -1
jakarta-tomcat-connectors/http11/src/java/org/apache/coyote/http11/Constants.java
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13223.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
mturk 2002/10/09 10:08:10
Modified:jk/native2/common jk_uriMap.c
Log:
Fix the hostMap checking hostname:port then hostname
Revision ChangesPath
1.51 +21 -14jakarta-tomcat-connectors/jk/native2/common/jk_uriMap.c
Index: jk_uriMap.c
mturk 2002/10/09 10:10:24
Modified:jk/native2/server/apache13 mod_jk2.c
Log:
Skip the checking of default hostname and port. Using
that scheme the same behaviour is on all web servers.
Revision ChangesPath
1.25 +4 -8
mturk 2002/10/09 10:10:52
Modified:jk/native2/server/apache2 mod_jk2.c
Log:
Skip the checking of default hostname and port. Using
that scheme the same behaviour is on all web servers.
Revision ChangesPath
1.54 +3 -7
mturk 2002/10/09 10:11:22
Modified:jk/native2/server/isapi jk_isapi_plugin.c
Log:
Skip the checking of default hostname and port. Using
that scheme the same behaviour is on all web servers.
Revision ChangesPath
1.50 +5 -6
I'm not sure about this. AFAIK on RedHat and Mandrake ( and probably
any other distro ) there are tools that are modifying config
files ( in etc ). I don't know how the FHS can request 'read only'
status.
jk2.properties saving can be disabled. Right now the feature is not
completely implemented
Remy Maucherat wrote:
ballot
[X] Remove deprecated org.apache.catalina.connector components from the
j-t-catalina module
[ ] Leave them in
/ballot
--
Costin
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Remy Maucherat wrote:
Henri Gomez wrote:
I wonder if a release of commons-daemon is planned.
No, because promoting it to commons proper got vetoed.
At the moment, it looks like a split between daemon and launcher will
happen.
For the record - nobody can 'veto' a promotion to commons
or
kinman 2002/10/09 10:38:49
Modified:jsr152/src/share/dtd jsp_2_0.xsd
jsr152/src/share/javax/servlet/jsp/el Expression.java
jsr154/src/share/dtd jsp_2_0.xsd
Log:
- Patch by Mark Roth
jsr152/src/share/javax/serlvet/jsp/el/Expression.java
-
ballot
[X] Remove deprecated org.apache.catalina.connector components from the
j-t-catalina module
[ ] Leave them in
/ballot
Amy
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
kinman 2002/10/09 10:41:13
Modified:jasper2/src/share/org/apache/jasper/compiler Compiler.java
Generator.java JspConfig.java PageInfo.java
TagFileProcessor.java Validator.java
Log:
- Modified because of spec changes syntax and
Glenn Nielsen wrote:
jean-frederic clere wrote:
Hi,
I am willing to use the administration tools of Tomcat but I am
wondering where the administration-howto.html is located.
If it is not existing I will create one similar to the existing
manager-howto.xml.
Any comments?
I
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13084.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
Hi,
I noticed that is pratically impossible to retrieve a JNDI resource
outside a webapp.If I need to access my resourse in some classes
istantiated outside a single webapp, I always get an exception.
Name jdbc/myDS is not bound in this Context
I read the docs. If I understand well, the
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13466.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
luehe 2002/10/09 11:25:39
Modified:jasper2/src/share/org/apache/jasper/compiler JspConfig.java
TagLibraryInfoImpl.java TldLocationsCache.java
jasper2/src/share/org/apache/jasper/xmlparser
ParserUtils.java
Log:
Removed
I also have been surfing the web to find out how to implement
an applet-to-servlet communication link over a persistent http connection.
There is a working implementation available for download at
http://www.ustobe.com/
After clicking on the 'news' item in the menu, there are links
available to
I am running apache 1.3 with mod_jk, my apache has apxs.
I compiled and installed mod_jk from source, tag TOMCAT_4_1_12,
configured it using the following options:
./configure --with-gnu-ld --with-apxs=/myapxpath/bin/apxs --enable-EAPI
--with-java-home=/usr/java/jdk1.3.1
ran make
installed
FYI, Just to start off, I am going to review these classes. If
someone else also reviews them, thats probably a good thing...
# classes, package name
17 o.a.c.deploy
9 o.a.c.users
44 o.a.c.*
34 o.a.jk.*
15 j.s.http
Briefly, I am going to look for
- How/if a ClassLoader is used
- privilege
Hi,
I would like to make the hostMap cache for hostname:port combination.
Right now we doing hostMap over and over again for each request, so I
would like to make a table that will save the once found hostEnv for
requested hostname:port combination, skipping hostMap when already
resolved.
Any
AFAIK, the most important check is doPriviledged(). What we need
to look for is if any of those blocks could be used by
untrusted code to do something.
The second very important check is the facades - making sure
untrusted code can't get access to the real objects.
We should also make sure
ballot
[X] Remove deprecated org.apache.catalina.connector components from the
j-t-catalina module
[ ] Leave them in
/ballot
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13467.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
+1
One question - do you think it's a good idea to extend the jk2_map
to do the full mapping ? ( actually, all the code is there, but
it's not used ).
By full mapping I mean setting/sending the 'servletPath', 'pathInfo',
'wrapperName' and all the extra information that is needed - and
This is just FYI, in case you don't know all this already.
I'm sure some of you are already using axis. One thing it
would be worth looking at is the basic architecture they use
for request processing.
I think the model they're using is more powerfull than both
3.3 Interceptor and 4.0 Valve,
Costin Manolache wrote:
AFAIK, the most important check is doPriviledged(). What we need
to look for is if any of those blocks could be used by
untrusted code to do something.
The second very important check is the facades - making sure
untrusted code can't get access to the real
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11730.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13419.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11678.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
luehe 2002/10/09 13:21:52
Modified:jasper2/src/share/org/apache/jasper/resources
messages.properties messages_es.properties
messages_ja.properties
jasper2/src/share/org/apache/jasper/runtime
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13206.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=11678.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
A security vulnerability has been confirmed to exist in Apache Tomcat
4.0.x releases (including Tomcat 4.0.5), which allows to use a specially
crafted URL to return the unprocessed source of a JSP page, or, under
special circumstances, a static resource which would otherwise have been
protected
kinman 2002/10/09 14:31:24
Modified:jsr152/examples/WEB-INF web.xml
jsr152/examples/jsp2/misc config.jsp config.txt
Log:
- Modified the examples to use el-ignore and scripting-invalid
Revision ChangesPath
1.4 +2 -2
luehe 2002/10/09 14:59:08
Modified:jasper2/src/share/org/apache/jasper/resources Tag:
tomcat_4_branch messages.properties
messages_es.properties messages_ja.properties
jasper2/src/share/org/apache/jasper/runtime Tag:
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13392.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
luehe 2002/10/09 15:46:41
Modified:jasper2/src/share/org/apache/jasper/compiler JspUtil.java
Log:
Removed redundant methods
Revision ChangesPath
1.18 +3 -87
jakarta-tomcat-jasper/jasper2/src/share/org/apache/jasper/compiler/JspUtil.java
Index:
luehe 2002/10/09 17:49:21
Modified:jasper2/src/share/org/apache/jasper JspC.java
JspCompilationContext.java
jasper2/src/share/org/apache/jasper/compiler JspReader.java
Log:
Changed visibility of o.a.j.c.JspReader to package scope, and the
Quoting Eugene Gluzberg [EMAIL PROTECTED]:
Please help. How can i trace this further? How do i get apache to
generate a core file so i can see where in apache code this is? Any
pointers for help here at all?
Have a look at this: http://httpd.apache.org/dev/debugging.html
Bojan
--
To
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13477.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
The more who review/audit tomcat for security, the better. :-)
Comments intermixed below.
Jean-Francois Arcand wrote:
Hi,
I'm looking to do a Security Audit on the current Tomcat 5.0 codebase. I
would like to collect as more as information as where you think I should
look at (code,
If this reference is in your web.xml file, then my suggestion is already
being done. To test it, try temporarily copying the settings.xml file
into the WEB-INF directory and changing the relative URL appropriately.
Putting the file in WEB-INF works, even if I use ../settings, ie
directly in
98 matches
Mail list logo