Author: billbarker Date: Fri Apr 3 02:29:16 2009 New Revision: 761506 URL: http://svn.apache.org/viewvc?rev=761506&view=rev Log: remove objection and votes
Modified: tomcat/tc6.0.x/trunk/STATUS.txt Modified: tomcat/tc6.0.x/trunk/STATUS.txt URL: http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/STATUS.txt?rev=761506&r1=761505&r2=761506&view=diff ============================================================================== --- tomcat/tc6.0.x/trunk/STATUS.txt (original) +++ tomcat/tc6.0.x/trunk/STATUS.txt Fri Apr 3 02:29:16 2009 @@ -68,14 +68,7 @@ http://svn.apache.org/viewvc?rev=721886&view=rev (original) http://svn.apache.org/viewvc?rev=746425&view=rev (to address Bill's concerns) http://svn.apache.org/viewvc?rev=757335&view=rev (to remove the Catalina dep) - +1: markt - 0: billbarker: Haven't tried to break it yet, but the 4th patch potentially - offers access to static fields in ELContextImpl and ELResolverImpl that could - possibly be exploited by a malicious webapp. - -1: billbarker: The 5th patch makes Jasper depend on Catalina, rendering Jasper useless - to any 3rd party that just wants a JSP compiler. Removing the Catalina dependancy - can change my vote to +1 (although, it means trusting modern JVMs to clean up after - themselves efficiently). + +1: markt, billbarker * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46351 Build script re-factoring @@ -96,7 +89,7 @@ * Use some already existing constants instead of explicit numbers in the AJP connectors. Backport of http://svn.apache.org/viewvc?rev=757706&view=rev - +1: rjung, markt + +1: rjung, markt, billbarker -1: * Allow huge request body packets for AJP13. @@ -144,11 +137,13 @@ This is not for invalidation, only for displaying idle times and making persistance decisions. +1: rjung, markt + 0: billbarker: generally agree with remm that this is too big of a change for the stable branch + but could agree to some of it if it was split into parts -1: remm: no for TC 6.0 * Fix typo in OPTIONS response http://svn.apache.org/viewvc?rev=757774&view=rev - +1: markt, rjung + +1: markt, rjung, billbarker -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46908 @@ -167,7 +162,9 @@ * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46866 http://svn.apache.org/viewvc?rev=758596&view=rev Better init of Random objects - +1: markt, rjung + +1: markt, rjung, billbarker + billbarker: This is more like a +0.5, since Random isn't that secure in the first place. + But the patch seems harmless, so I'll support itch-scraching. -1: * Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46822 --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org