On 21/11/2015 16:28, Felix Schumacher wrote: > Am 21.11.2015 um 17:06 schrieb Felix Schumacher: >> Am 21.11.2015 um 17:02 schrieb Felix Schumacher: >>> Am 20.11.2015 um 11:00 schrieb Mark Thomas: >>>> The proposed Apache Tomcat 8.0.29 release is now available for voting. >>>> >>>> The main changes since 8.0.28 are: >>>> >>>> - Add an option to control (per context) quoting of EL expressions in >>>> JSP attributes >>>> >>>> - Correct a regression in the fix for 56777 that added support for >>>> URIs in config file locations >>>> >>>> - Add a new RestCsrfPreventionFilter that provides basic CSRF >>>> protection for REST APIs >>>> >>>> - Use instance manager for WebSocket server endpoint instances >>>> >>>> >>>> It can be obtained from: >>>> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.0.29/ >>>> The Maven staging repo is: >>>> https://repository.apache.org/content/repositories/orgapachetomcat-1055/ >>>> >>>> The svn tag is: >>>> http://svn.apache.org/repos/asf/tomcat/tc8.0.x/tags/TOMCAT_8_0_29/ >>>> >>>> The proposed 8.0.29 release is: >>>> [ ] Broken - do not release >>>> [ ] Stable - go ahead and release as 8.0.29 >>> On my ubuntu 14.04.03 with java 7 (OpenJDK Runtime Environment >>> (IcedTea 2.6.1) (7u85-2.6.1-5ubuntu0.14.04.1)) a few tests are >>> failing, that I haven't noticed before. Those are in >>> TestNonLoginAndBasicAuthenticator. >>> >>> Testcase: testBasicLoginRejectProtectedWithSession took 0,102 sec >>> >-------Caused an ERROR >>> Illegal character(s) in message header field: Cookie: >>> java.lang.IllegalArgumentException: Illegal character(s) in message >>> header field: Cookie: >>> >-------at >>> sun.net.www.protocol.http.HttpURLConnection.checkMessageHeader(HttpURLConnection.java:465) >>> >>> >-------at >>> sun.net.www.protocol.http.HttpURLConnection.isExternalMessageHeaderAllowed(HttpURLConnection.java:435) >>> >>> >-------at >>> sun.net.www.protocol.http.HttpURLConnection.setRequestProperty(HttpURLConnection.java:2767) >>> >>> >-------at >>> org.apache.catalina.startup.TomcatBaseTest.methodUrl(TomcatBaseTest.java:662) >>> >>> >-------at >>> org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:640) >>> >>> >-------at >>> org.apache.catalina.startup.TomcatBaseTest.getUrl(TomcatBaseTest.java:634) >>> >>> >-------at >>> org.apache.catalina.authenticator.TestNonLoginAndBasicAuthenticator.doTestNonLogin(TestNonLoginAndBasicAuthenticator.java:364) >>> >>> >-------at >>> org.apache.catalina.authenticator.TestNonLoginAndBasicAuthenticator.testBasicLoginRejectProtectedWithSession(TestNonLoginAndBasicAuthenticator.java:348) >>> >>> >>> A quick check with older tomcat versions showed the same errors. So I >>> believe, that the jre got stricter about the values in cookie names >>> (: at the end of Cookie). >>> >>> If I remove the ":" from the "Cookie" name in the tests will run >>> without warning. Any reason to add ":" in line 360 and 383 in >>> test/org/apache/catalina/authenticator/TestNonLoginAndBasicAuthenticator.java? >>> >> Now I have found, that this was already discussed in the vote for >> native 1.2.1. But it seems, that there was no solution found. Any >> other news on this? >> >> https://www.mail-archive.com/dev@tomcat.apache.org/msg102070.html > While debugging this issue in eclipse, I found that checkMessageHeader > is explicitly checking for ":" (and "\n") in the key and throwing an > exception, when one is found. > > So I believe the ":" is not allowed (anymore).
The ":" can be removed. It looks like it is there in error. (It is also in trunk and probably 7.0.x as well). Mark --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
