[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61210

--- Comment #2 from Mark Thomas  ---
I was thinking add a privileged block that tested if the file existed and don't
trigger the warning if it doesn't. Note I haven't dug into the code to see hwo
easy this would be yet.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1799636 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

[kkolinko]

Author: kkolinko
Date: Thu Jun 22 22:42:13 2017
New Revision: 1799636

URL: http://svn.apache.org/viewvc?rev=1799636=rev
Log:
Fix a typo in announcement for CVE-2017-5664.

Modified:
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-7.xml
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml

Modified: tomcat/site/trunk/docs/security-7.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1799636=1799635=1799636=diff
==
--- tomcat/site/trunk/docs/security-7.html (original)
+++ tomcat/site/trunk/docs/security-7.html Thu Jun 22 22:42:13 2017
@@ -391,7 +391,7 @@
 

 If the error page is a static file, expected behaviour is to serve content
-  of the file as if processing a GET request, regardless of the actual HTT
+  of the file as if processing a GET request, regardless of the actual HTTP
   method. Tomcat's Default Servlet did not do this. Depending on the
   original request this could lead to unexpected and undesirable results 
for
   static error pages including, if the DefaultServlet is configured to

Modified: tomcat/site/trunk/docs/security-8.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1799636=1799635=1799636=diff
==
--- tomcat/site/trunk/docs/security-8.html (original)
+++ tomcat/site/trunk/docs/security-8.html Thu Jun 22 22:42:13 2017
@@ -355,7 +355,7 @@
 

 If the error page is a static file, expected behaviour is to serve content
-  of the file as if processing a GET request, regardless of the actual HTT
+  of the file as if processing a GET request, regardless of the actual HTTP
   method. Tomcat's Default Servlet did not do this. Depending on the
   original request this could lead to unexpected and undesirable results 
for
   static error pages including, if the DefaultServlet is configured to
@@ -413,7 +413,7 @@
 

 If the error page is a static file, expected behaviour is to serve content
-  of the file as if processing a GET request, regardless of the actual HTT
+  of the file as if processing a GET request, regardless of the actual HTTP
   method. Tomcat's Default Servlet did not do this. Depending on the
   original request this could lead to unexpected and undesirable results 
for
   static error pages including, if the DefaultServlet is configured to

Modified: tomcat/site/trunk/docs/security-9.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-9.html?rev=1799636=1799635=1799636=diff
==
--- tomcat/site/trunk/docs/security-9.html (original)
+++ tomcat/site/trunk/docs/security-9.html Thu Jun 22 22:42:13 2017
@@ -310,7 +310,7 @@
 

 If the error page is a static file, expected behaviour is to serve content
-  of the file as if processing a GET request, regardless of the actual HTT
+  of the file as if processing a GET request, regardless of the actual HTTP
   method. Tomcat's Default Servlet did not do this. Depending on the
   original request this could lead to unexpected and undesirable results 
for
   static error pages including, if the DefaultServlet is configured to

Modified: tomcat/site/trunk/xdocs/security-7.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1799636=1799635=1799636=diff
==
--- tomcat/site/trunk/xdocs/security-7.xml (original)
+++ tomcat/site/trunk/xdocs/security-7.xml Thu Jun 22 22:42:13 2017
@@ -62,7 +62,7 @@
original HTTP method.
 
If the error page is a static file, expected behaviour is to serve 
content
-  of the file as if processing a GET request, regardless of the actual HTT
+  of the file as if processing a GET request, regardless of the actual HTTP
   method. Tomcat's Default Servlet did not do this. Depending on the
   original request this could lead to unexpected and undesirable results 
for
   static error pages including, if the DefaultServlet is configured to

Modified: tomcat/site/trunk/xdocs/security-8.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-8.xml?rev=1799636=1799635=1799636=diff
==
--- tomcat/site/trunk/xdocs/security-8.xml (original)
+++ tomcat/site/trunk/xdocs/security-8.xml Thu Jun 22 22:42:13 2017
@@ -62,7 +62,7 @@
original HTTP method.
 
If the error page is a static file, expected behaviour is to serve 
content
-  of the file as if processing a GET request, regardless of the actual HTT
+  of the file as if processing a GET 

[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61210

Konstantin Kolinko  changed:

   What|Removed |Added

Version|8.5.x-trunk |8.5.15

--- Comment #1 from Konstantin Kolinko  ---
1. From your logs, you are running Tomcat 8.5.15. I am changing the Version
field to match that.

2. Generally, this is a feature.
The message text tells one to look into the catalina.policy file,
and there is a comment there that explains the issue. 

"// Note: To enable per context logging configuration" ...

https://svn.apache.org/viewvc/tomcat/tc8.5.x/tags/TOMCAT_8_5_15/conf/catalina.policy?view=markup#l93


Any ideas how to improve users' experience here?

Allowing to read some random logging.properties files is not an option,
as it is insecure.




- An idea:
Add an explanation of this issue to Documentation and change message text to
tell users to read that documentation page as well.

http://tomcat.apache.org/tomcat-8.5-doc/security-manager-howto.html

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60963] Optimize class loading for unpackWARs=false case

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=60963

--- Comment #20 from Thomas Maslen  ---
Just kibitzing, and likely way off base, but:  I've been fairly impressed by
the Spring Boot Loader code for handling JARs in (uncompressed) WARs, not sure
whether it could make itself useful here.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61210] When using the Security Manager, Tomcat prints warning about a non-existent file

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61210

Coty Sutherland  changed:

   What|Removed |Added

  Component|Util|JULI

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 61210] New: When using the Security Manager, Tomcat prints warning about a non-existent file

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61210

Bug ID: 61210
   Summary: When using the Security Manager, Tomcat prints warning
about a non-existent file
   Product: Tomcat 8
   Version: 8.5.x-trunk
  Hardware: PC
OS: Linux
Status: NEW
  Severity: normal
  Priority: P2
 Component: Util
  Assignee: dev@tomcat.apache.org
  Reporter: csuth...@redhat.com
  Target Milestone: 

I noticed that when using the Security Manager in Tomcat you always see the
following warning messages on startup (one for every application that's
deployed):

~~~
WARNING [localhost-startStop-1]
org.apache.juli.ClassLoaderLogManager.readConfiguration Reading
/apache-tomcat-8.5.15/webapps/ROOT/WEB-INF/classes/logging.properties is not
permitted. See "per context logging" in the default catalina.policy file.
WARNING [localhost-startStop-1]
org.apache.juli.ClassLoaderLogManager.readConfiguration Reading
/apache-tomcat-8.5.15/webapps/examples/WEB-INF/classes/logging.properties is
not permitted. See "per context logging" in the default catalina.policy file.
WARNING [localhost-startStop-1]
org.apache.juli.ClassLoaderLogManager.readConfiguration Reading
/apache-tomcat-8.5.15/webapps/docs/WEB-INF/classes/logging.properties is not
permitted. See "per context logging" in the default catalina.policy file.
~~~

While the message is technically accurate (reading the file is prohibited), it
isn't pertinent to the user because the file may not (doesn't in this case)
exist in any of these three applications. Is it possible to check that the file
exists at this point so that we can only print the message when it's present?
Do so would remove an extra warning (that may not be applicable) from the log
file and give users a clean vanilla log to start with.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.0.M22

[Coty Sutherland]

On Wed, Jun 21, 2017 at 10:18 AM, Mark Thomas  wrote:
> The proposed Apache Tomcat 9.0.0.M22 release is now available for voting.
>
> This is a milestone release for the 9.0.x branch. It should be
> noted that, as a milestone release:
> - Servlet 4.0 is not finalised
> - The EGs have not started work on JSP 2.4, EL 3.1 or WebSocket 1.2/2.0
>
> The major changes compared to the 9.0.0.M21 release are:
>
> - Add a new JULI FileHandler configuration for specifying the maximum
>   number of days to keep the log files. By default the log files will be
>   kept 90 days.
>
> - Update the Servlet 4.0 implementation to add support for setting
>   trailer fields for HTTP responses.
>
> - When pre-compiling with JspC, report all compilation errors rather
>   than stopping after the first error.
>
> Along with lots of other bug fixes and improvements
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M22/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1137/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_0_M22/
>
> The proposed 9.0.0.M22 release is:
> [ ] Broken - do not release
> [x] Alpha - go ahead and release as 9.0.0.M22

+1

>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.16

[Coty Sutherland]

On Wed, Jun 21, 2017 at 5:37 PM, Mark Thomas  wrote:
> The proposed Apache Tomcat 8.5.16 release is now available for voting.
>
> The major changes compared to the 8.5.16 release are:
>
> - Add a new JULI FileHandler configuration for specifying the maximum
>   number of days to keep the log files. By default the log files will be
>   kept 90 days.
>
> - Improvements to enable the Manager and HostManager to work in the
>   default configuration when working under a security manager
>
> - Introduce new API o.a.tomcat.websocket.WsSession#suspend/
>   o.a.tomcat.websocket.WsSession#resume that can be used to
>   suspend/resume reading of the incoming messages.
>
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.16/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1138/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_16/
>
> The proposed 8.5.16 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.16

+1, looks good to me

>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tomcat /examples ServerPush

[Coty Sutherland]

On Thu, Jun 22, 2017 at 4:05 PM, Violeta Georgieva  wrote:
> Hi,
>
> 2017-06-22 22:55 GMT+03:00 Coty Sutherland :
>>
>> Hi,
>>
>> I was just looking at the 8.5.16 examples and noticed that we had a
>> ServerPush example on there. I attempted to use it and got back a
>> response that I didn't quite get :(
>>
>> /examples/servlets/serverpush/simpleimage
>> "Server push requests are not supported by this protocol."
>
> Do you request it with localhost:8443 or with localhost:8080?

It was http (8080), but then I was alerted to the fact that ServerPush
requires http/2 (SSL) to work...so the response makes sense to me now.
If I were a inexperienced new user though, maybe seeing something
saying 'this requires http/2' would save me some headache.

> Violeta
>
>>
>> I assume that ServerPush only works on streaming protocols, right? If
>> so, can we put that qualifier on the response so that users know
>> immediately without having to look at how the processor works? Or do
>> we really care much since its a 'early preview'?
>>
>>
>>
>> Thanks,
>> Coty
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Tomcat /examples ServerPush

[Violeta Georgieva]

Hi,

2017-06-22 22:55 GMT+03:00 Coty Sutherland :
>
> Hi,
>
> I was just looking at the 8.5.16 examples and noticed that we had a
> ServerPush example on there. I attempted to use it and got back a
> response that I didn't quite get :(
>
> /examples/servlets/serverpush/simpleimage
> "Server push requests are not supported by this protocol."

Do you request it with localhost:8443 or with localhost:8080?

Violeta

>
> I assume that ServerPush only works on streaming protocols, right? If
> so, can we put that qualifier on the response so that users know
> immediately without having to look at how the processor works? Or do
> we really care much since its a 'early preview'?
>
>
>
> Thanks,
> Coty
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

Tomcat /examples ServerPush

[Coty Sutherland]

Hi,

I was just looking at the 8.5.16 examples and noticed that we had a
ServerPush example on there. I attempted to use it and got back a
response that I didn't quite get :(

/examples/servlets/serverpush/simpleimage
"Server push requests are not supported by this protocol."

I assume that ServerPush only works on streaming protocols, right? If
so, can we put that qualifier on the response so that users know
immediately without having to look at how the processor works? Or do
we really care much since its a 'early preview'?



Thanks,
Coty

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[Bug 60461] SIGSEGV in SSLSocket.getInfos

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=60461

--- Comment #36 from Remy Maucherat  ---
Created attachment 35069
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=35069=edit
APR SSL support sync

For APR, here is what the patch would look like. Please test it if you can.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] 8.0.x EOL - 30 June 2018

[Coty Sutherland]

On Thu, Jun 22, 2017 at 11:18 AM, Mark Thomas  wrote:
> We had a couple of threads discussing this. I think it is time for a vote.
>
> [x] +1 We should announce 8.0.x EOL for 30 June 2018

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] 8.0.x EOL - 30 June 2018

[Rémy Maucherat]

2017-06-22 10:18 GMT-05:00 Mark Thomas :

> We had a couple of threads discussing this. I think it is time for a vote.
>
> [X] +1 We should announce 8.0.x EOL for 30 June 2018
> [ ] -1 We should announce 8.0.x EOL for [insert date here]
> [ ] -1 We should not announce 8.0.x EOL at this time
>
> Rémy

Re: [VOTE] 8.0.x EOL - 30 June 2018

[Emmanuel Bourg]

Le 22/06/2017 à 17:18, Mark Thomas a écrit :

> [X] -1 We should not announce 8.0.x EOL at this time

I'd prefer security only releases for Tomcat 8.0.x beyond 30 June 2018
(or even sooner).

Emmanuel Bourg

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] 8.0.x EOL - 30 June 2018

[Felix Schumacher]

Am 22. Juni 2017 17:18:14 MESZ schrieb Mark Thomas :
>We had a couple of threads discussing this. I think it is time for a
>vote.
>
>[x] +1 We should announce 8.0.x EOL for 30 June 2018
>[ ] -1 We should announce 8.0.x EOL for [insert date here]
>[ ] -1 We should not announce 8.0.x EOL at this time
>

Felix

>Thanks,
>
>Mark
>
>-
>To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: dev-h...@tomcat.apache.org

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] 8.0.x EOL - 30 June 2018

[Violeta Georgieva]

2017-06-22 18:18 GMT+03:00 Mark Thomas :
>
> We had a couple of threads discussing this. I think it is time for a vote.
>
> [X] +1 We should announce 8.0.x EOL for 30 June 2018
> [ ] -1 We should announce 8.0.x EOL for [insert date here]
> [ ] -1 We should not announce 8.0.x EOL at this time
>

Regards,
Violeta

>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

Re: [VOTE] 8.0.x EOL - 30 June 2018

[Martin Grigorov]

On Thu, Jun 22, 2017 at 5:18 PM, Mark Thomas  wrote:

> We had a couple of threads discussing this. I think it is time for a vote.
>
> [ X ] +1 We should announce 8.0.x EOL for 30 June 2018
> [ ] -1 We should announce 8.0.x EOL for [insert date here]
> [ ] -1 We should not announce 8.0.x EOL at this time
>
> Thanks,
>
> Mark
>
>
Regards,
Martin


> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

[VOTE] 8.0.x EOL - 30 June 2018

[Mark Thomas]

We had a couple of threads discussing this. I think it is time for a vote.

[ ] +1 We should announce 8.0.x EOL for 30 June 2018
[ ] -1 We should announce 8.0.x EOL for [insert date here]
[ ] -1 We should not announce 8.0.x EOL at this time

Thanks,

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] tomcat pull request #56: Convert Cluster Manager human-readable channelSendO...

[asfgit]

Github user asfgit closed the pull request at:

https://github.com/apache/tomcat/pull/56


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.0.M22

[Violeta Georgieva]

Hi,

2017-06-21 17:18 GMT+03:00 Mark Thomas :
>
> The proposed Apache Tomcat 9.0.0.M22 release is now available for voting.
>
> This is a milestone release for the 9.0.x branch. It should be
> noted that, as a milestone release:
> - Servlet 4.0 is not finalised
> - The EGs have not started work on JSP 2.4, EL 3.1 or WebSocket 1.2/2.0
>
> The major changes compared to the 9.0.0.M21 release are:
>
> - Add a new JULI FileHandler configuration for specifying the maximum
>   number of days to keep the log files. By default the log files will be
>   kept 90 days.
>
> - Update the Servlet 4.0 implementation to add support for setting
>   trailer fields for HTTP responses.
>
> - When pre-compiling with JspC, report all compilation errors rather
>   than stopping after the first error.
>
> Along with lots of other bug fixes and improvements
>
> For full details, see the changelog:
> http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M22/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1137/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_0_M22/
>
> The proposed 9.0.0.M22 release is:
> [ ] Broken - do not release
> [X] Alpha - go ahead and release as 9.0.0.M22

+1

Regards,
Violeta

>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

Need a help to begin.

[Kasun Prabath Amarasinghe]

I'm a computer Engineering undergraduate student. I would like to
contribute to open source projects. But I don't know where to start and how
to start.Can anyone guide me to start.

Re: [VOTE] Release Apache Tomcat 8.5.16

[Violeta Georgieva]

Hi Mark,

2017-06-22 0:37 GMT+03:00 Mark Thomas :
>
> The proposed Apache Tomcat 8.5.16 release is now available for voting.
>
> The major changes compared to the 8.5.16 release are:
>
> - Add a new JULI FileHandler configuration for specifying the maximum
>   number of days to keep the log files. By default the log files will be
>   kept 90 days.

The default: 90 days is applicable only for Tomcat 9.
For Tomcat 8.5/8.0/7.0 the default is forever.

>
> - Improvements to enable the Manager and HostManager to work in the
>   default configuration when working under a security manager
>
> - Introduce new API o.a.tomcat.websocket.WsSession#suspend/
>   o.a.tomcat.websocket.WsSession#resume that can be used to
>   suspend/resume reading of the incoming messages.
>
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.16/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1138/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_16/
>
> The proposed 8.5.16 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.16

+1 my tests passed

Regards,
Violeta

>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

[Bug 61205] unable to stop tomcat service using bootstrap.stopService()

[bugzilla]

https://bz.apache.org/bugzilla/show_bug.cgi?id=61205

Chuck Caldarale  changed:

   What|Removed |Added

 Resolution|--- |INVALID
 Status|REOPENED|RESOLVED

--- Comment #3 from Chuck Caldarale  ---
Do not reopen bugzilla entries without evidence of a Tomcat problem.  The users
mailing list is linked to from the Tomcat home page, on the left side under
Problems.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.16

[Mark Thomas]

On 22/06/17 07:38, Violeta Georgieva wrote:
> Hi Mark,
> 
> 2017-06-22 0:37 GMT+03:00 Mark Thomas :
>>
>> The proposed Apache Tomcat 8.5.16 release is now available for voting.
>>
>> The major changes compared to the 8.5.16 release are:
>>
>> - Add a new JULI FileHandler configuration for specifying the maximum
>>   number of days to keep the log files. By default the log files will be
>>   kept 90 days.
>>
>> - Improvements to enable the Manager and HostManager to work in the
>>   default configuration when working under a security manager
>>
>> - Introduce new API o.a.tomcat.websocket.WsSession#suspend/
>>   o.a.tomcat.websocket.WsSession#resume that can be used to
>>   suspend/resume reading of the incoming messages.
>>
>>
>> It can be obtained from:
>> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.16/
> 
> .asc files are not available for
> - apache-tomcat-8.5.16.tar.gz
> - apache-tomcat-8.5.16.zip

Odd. The build process didn't create them. That has happened before. I
couldn't figure out why then either. I'll take another look.

Meanwhile, I've uploaded the signatures.

Thanks for the heads up.

Mark


> 
> Violeta
> 
>> The Maven staging repo is:
>> https://repository.apache.org/content/repositories/orgapachetomcat-1138/
>> The svn tag is:
>> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_16/
>>
>> The proposed 8.5.16 release is:
>> [ ] Broken - do not release
>> [ ] Stable - go ahead and release as 8.5.16
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>
> 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r20153 - in /dev/tomcat/tomcat-8/v8.5.16/bin: apache-tomcat-8.5.16.tar.gz.asc apache-tomcat-8.5.16.zip.asc

[markt]

Author: markt
Date: Thu Jun 22 09:15:25 2017
New Revision: 20153

Log:
Add missing signatures

Added:
dev/tomcat/tomcat-8/v8.5.16/bin/apache-tomcat-8.5.16.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.16/bin/apache-tomcat-8.5.16.zip.asc

Added: dev/tomcat/tomcat-8/v8.5.16/bin/apache-tomcat-8.5.16.tar.gz.asc
==
--- dev/tomcat/tomcat-8/v8.5.16/bin/apache-tomcat-8.5.16.tar.gz.asc (added)
+++ dev/tomcat/tomcat-8/v8.5.16/bin/apache-tomcat-8.5.16.tar.gz.asc Thu Jun 22 
09:15:25 2017
@@ -0,0 +1,17 @@
+-BEGIN PGP SIGNATURE-
+Version: GnuPG v2
+
+iQIcBAABCAAGBQJZS4qTAAoJEBDAHFovYFnn/pQP/3QZFkK1dDu48isJa4vG1Byz
+vUCj3/J3f0AbzsRPuO/N21MrqgN0rmcMHYKZJ+e5TfVYW6lssyIPxOQEtG30HDFK
+INvB1sttSwFU8tSDxzK5EcOzP8Dm+v4eT433+0XsESiRqJwjNBbqteF72GNOQI93
+JzQ+JPUr7Fz/ATC/L/l2OzVtBfxGcp44RW7V1hwvAjSJt+JNQdrW6v1Ni1bP9NPo
+N8B698+Q103EO9A0cJ5r2S0Y0XjF5hNloY0crCx/97qUruFoIYUdo1HQ71vJKWR5
+gJeve4HhLFfvAeFckfLTvjrkeUD9eTosSv/NFedvX3wbRU4sfa1Qb7E8gJW0R+uB
+nj9TQhHYbXHw2AlO7W88p+FESeCLBl/KufppZn+yUVaQLe+r9VkTI++tHo5G9fnM
+yUeqbSQ/Bd2HnDLMNpi1acARhH5dbWmkfkC2lpOZUlz/3ATGdAGigcpfuFKp1Sv4
+GbDMVs9FCVxBHScvYj//lpPjxIRDLIs75sMyViXO4EAzgeLShQufMTQs5D4s+7Ng
+zYQ/7IesFIQ/7bhrYsWnL136jbindQF4jHYL7a2LWex7EeUzDZ3R2IzAn602p1Xy
+Hg/KYJ8WgLHEzCw9VXmLG+dfM45GdRgX/HHAfuW2nb9PlcDnDndllKqGqkE4+gvM
+5uSEuUBm8XTiTkV0pzFI
+=YU2Q
+-END PGP SIGNATURE-

Added: dev/tomcat/tomcat-8/v8.5.16/bin/apache-tomcat-8.5.16.zip.asc
==
--- dev/tomcat/tomcat-8/v8.5.16/bin/apache-tomcat-8.5.16.zip.asc (added)
+++ dev/tomcat/tomcat-8/v8.5.16/bin/apache-tomcat-8.5.16.zip.asc Thu Jun 22 
09:15:25 2017
@@ -0,0 +1,17 @@
+-BEGIN PGP SIGNATURE-
+Version: GnuPG v2
+
+iQIcBAABCAAGBQJZS4qVAAoJEBDAHFovYFnnKc0QANaZQXzqw7+3ybLxGKJdfhcX
+2cjEEhD9aCPnK7bkS+DhdGDs9WQkAfwbUAoDZkOoeS+CE2zLQPrtn+sjZSuxPtI4
+KcEqlrrK+X8uYUWCwAUs/pGmtEwb0eal23CCQDIaslZblagUsPOVEsjm3yKPHhpn
+2qKUcAPmevHWlzD+PwVXlwNJa2e6J6hPYTSjE00RnGScPLGCnnh+3lFRofntZzPE
+C6V6zPuhM6AwBa4WTH6n4SZn4AE1FttXmaY+0sbQJiuCGuAOG6cEopSajXxxgH9i
+yvmtdQRDr9lxEvvBpy2jG5YYq7awqGSJH3HXlOFRCO+ObMP5GzJJufL9rVVf2yOe
+coj0mRzhUGckwvOQ/f9Xe0MOvUsay6YGVGmjKhi3LFxY9KWyYam5OvKjziUEo0kR
+Z34kMi1hURLJTCj9Z1J76sj5kHatMCV2C/5m+Dj/cid0mJMB1Vxu09f4EmG8HUtL
+lCB3aGe0c9ZLK7IOnqTZYaTTZ4VT3+UfTMIlqYix7jqKQSy1w6kjojqlNCbEfRJ0
+gqayp3szmvULi3uJ3BoGPrB0CUBYYYJMN2bj3jhgKNeqGzVH2H4aSnuso9Lfwi29
+q13OtLjMPX3H+hlQIDyD8E9QaSgPATeKlt/oi/0OvZxeEwZrhyu6mdvvLhN8KOmB
+JdL5eE9jAG0HntwNicWf
+=FZln
+-END PGP SIGNATURE-



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1799498 - in /tomcat/trunk: java/org/apache/catalina/valves/LoadBalancerDrainingValve.java test/org/apache/catalina/valves/TestLoadBalancerDrainingValve.java webapps/docs/changelog.xm

[Martin Grigorov]

Hi Chris,


On Wed, Jun 21, 2017 at 9:05 PM,  wrote:

> Author: schultz
> Date: Wed Jun 21 19:05:38 2017
> New Revision: 1799498
>
> URL: http://svn.apache.org/viewvc?rev=1799498=rev
> Log:
> Add LoadBalancerDrainingValve.
>
> Added:
> 
> tomcat/trunk/java/org/apache/catalina/valves/LoadBalancerDrainingValve.java
>  (with props)
> tomcat/trunk/test/org/apache/catalina/valves/
> TestLoadBalancerDrainingValve.java   (with props)
> Modified:
> tomcat/trunk/webapps/docs/changelog.xml
> tomcat/trunk/webapps/docs/config/valve.xml
>
> Added: tomcat/trunk/java/org/apache/catalina/valves/
> LoadBalancerDrainingValve.java
> URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/
> catalina/valves/LoadBalancerDrainingValve.java?rev=1799498=auto
> 
> ==
> --- 
> tomcat/trunk/java/org/apache/catalina/valves/LoadBalancerDrainingValve.java
> (added)
> +++ 
> tomcat/trunk/java/org/apache/catalina/valves/LoadBalancerDrainingValve.java
> Wed Jun 21 19:05:38 2017
> @@ -0,0 +1,277 @@
> +/*
> + * Licensed to the Apache Software Foundation (ASF) under one or more
> + * contributor license agreements.  See the NOTICE file distributed with
> + * this work for additional information regarding copyright ownership.
> + * The ASF licenses this file to You under the Apache License, Version 2.0
> + * (the "License"); you may not use this file except in compliance with
> + * the License.  You may obtain a copy of the License at
> + *
> + *  http://www.apache.org/licenses/LICENSE-2.0
> + *
> + * Unless required by applicable law or agreed to in writing, software
> + * distributed under the License is distributed on an "AS IS" BASIS,
> + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
> implied.
> + * See the License for the specific language governing permissions and
> + * limitations under the License.
> + */
> +package org.apache.catalina.valves;
> +
> +import java.io.IOException;
> +
> +import javax.servlet.ServletException;
> +import javax.servlet.http.Cookie;
> +import javax.servlet.http.HttpServletResponse;
> +
> +import org.apache.catalina.LifecycleException;
> +import org.apache.catalina.connector.Request;
> +import org.apache.catalina.connector.Response;
> +import org.apache.catalina.util.SessionConfig;
> +import org.apache.juli.logging.Log;
> +
> +/**
> + * A Valve to detect situations where a load-balanced node receiving a
> + * request has been deactivated by the load balancer
> (JK_LB_ACTIVATION=DIS)
> + * and the incoming request has no valid session.
> + *
> + * In these cases, the user's session cookie should be removed if it
> exists,
> + * any ";jsessionid" parameter should be removed from the request URI,
> + * and the client should be redirected to the same URI. This will cause
> the
> + * load-balanced to re-balance the client to another server.
> + *
> + * A request parameter is added to the redirect URI in order to avoid
> + * repeated redirects in the event of an error or misconfiguration.
> + *
> + * All this work is required because when the activation state of a
> node is
> + * DISABLED, the load-balancer will still send requests to the node if
> they
> + * appear to have a session on that node. Since mod_jk doesn't actually
> know
> + * whether the session id is valid, it will send the request blindly to
> + * the disabled node, which makes it take much longer to drain the node
> + * than strictly necessary.
> + *
> + * For testing purposes, a special cookie can be configured and used
> + * by a client to ignore the normal behavior of this Valve and allow
> + * a client to get a new session on a DISABLED node. See
> + * {@link #setIgnoreCookieName} and {@link #setIgnoreCookieValue}
> + * to configure those values.
> + *
> + * This Valve should be installed earlier in the Valve pipeline than
> any
> + * authentication valves, as the redirection should take place before an
> + * authentication valve would save a request to a protected resource.
> + *
> + * @see http://tomcat.apache.org/connectors-doc/generic_howto/
> loadbalancers.html
> + */
> +public class LoadBalancerDrainingValve
> +extends ValveBase
> +{
> +/**
> + * The request attribute key where the load-balancer's activation
> state
> + * can be found.
> + */
> +static final String ATTRIBUTE_KEY_JK_LB_ACTIVATION =
> "JK_LB_ACTIVATION";
>

Any objection to make this constant public and visible from outside ?
I find it useful to be able to refer the constant by name than its value
when integrating.


> +
> +/**
> + * The HTTP response code that will be used to redirect the request
> + * back to the load-balancer for re-balancing. Defaults to 307
> + * (TEMPORARY_REDIRECT).
> + *
> + * HTTP status code 305 (USE_PROXY) might be an option, here. too.
> + */
> +private int _redirectStatusCode = HttpServletResponse.SC_
> TEMPORARY_REDIRECT;
> +
> +/**
> + * 

Re: [VOTE] Release Apache Tomcat 8.5.16

[Violeta Georgieva]

Hi Mark,

2017-06-22 0:37 GMT+03:00 Mark Thomas :
>
> The proposed Apache Tomcat 8.5.16 release is now available for voting.
>
> The major changes compared to the 8.5.16 release are:
>
> - Add a new JULI FileHandler configuration for specifying the maximum
>   number of days to keep the log files. By default the log files will be
>   kept 90 days.
>
> - Improvements to enable the Manager and HostManager to work in the
>   default configuration when working under a security manager
>
> - Introduce new API o.a.tomcat.websocket.WsSession#suspend/
>   o.a.tomcat.websocket.WsSession#resume that can be used to
>   suspend/resume reading of the incoming messages.
>
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.16/

.asc files are not available for
- apache-tomcat-8.5.16.tar.gz
- apache-tomcat-8.5.16.zip

Violeta

> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1138/
> The svn tag is:
> http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_16/
>
> The proposed 8.5.16 release is:
> [ ] Broken - do not release
> [ ] Stable - go ahead and release as 8.5.16
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>