[Bug 64409] Usage of TLS is insecure
https://bz.apache.org/bugzilla/show_bug.cgi?id=64409 --- Comment #1 from Md Mahir Asef Kabir --- Same behavior is noticed in - “java/org/apache/catalina/tribes/membership/cloud/CertificateStreamProvider.java” file. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] Mahir92 commented on pull request #255: Update TokenStreamProvider.java
Mahir92 commented on pull request #255: URL: https://github.com/apache/tomcat/pull/255#issuecomment-623232365 Hi @markt-asf , I have posted the following enhancement request in BugZilla describing the issue - https://bz.apache.org/bugzilla/show_bug.cgi?id=64409. Please let me know if that was helpful. This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64409] Usage of TLS is insecure
https://bz.apache.org/bugzilla/show_bug.cgi?id=64409 Md Mahir Asef Kabir changed: What|Removed |Added OS||All -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 64409] New: Usage of TLS is insecure
https://bz.apache.org/bugzilla/show_bug.cgi?id=64409
Bug ID: 64409
Summary: Usage of TLS is insecure
Product: Tomcat 9
Version: 9.0.x
Hardware: PC
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: mdmahiras...@vt.edu
Target Milestone: -
Vulnerability Description: In
“java/org/apache/catalina/tribes/membership/cloud/TokenStreamProvider.java”
file the following code was written in TokenStreamProvider(String token, String
caCertFile) throws Exception method -
SSLContext context = SSLContext.getInstance("TLS");
The vulnerability is, using "TLS” as the argument to SSLContext.getInstance
method.
Reason it’s vulnerable: TLS 1.0 is vulnerable to man-in-the-middle attacks. For
further reference:
https://www.comodo.com/e-commerce/ssl-certificates/tls-1-deprecation.php
Suggested Fix: Using SSLContext.getInstance("TLSv1.3").
Feedback: Please select any of the options down below to help us get an idea
about how you felt about the suggestion -
1. Liked it and will make the suggested changes
2. Liked it but happy with the existing version
3. Didn’t find the suggestion helpful
--
You are receiving this mail because:
You are the assignee for the bug.
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[GUMP@gump-vm]: Project tomcat-tc9-test-apr (in module tomcat-tc9) success, but with warnings.
To whom it may engage... This is an automated request, but not an unsolicited one. For more information please visit http://gump.apache.org/nagged.html, and/or contact the folk at gene...@gump.apache.org. Project tomcat-tc9-test-apr contains errors. The current state of this project is 'Success'. Full details are available at: http://gump-vm.apache.org/tomcat-tc9/tomcat-tc9-test-apr/index.html That said, some information snippets are provided here. The following annotations (debug/informational/warning/error messages) were provided: -ERROR- No such project [openssl-1-1-1-make-install] for property. -ERROR- Cannot resolve output/outputpath of *unknown* [openssl-1-1-1-make-install] -ERROR- Unhandled Property: test.openssl.path on: Ant on Project:tomcat-tc9-test-apr -DEBUG- Dependency on bnd exists, no need to add for property bndlib.jar. -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-tc9/output/logs-APR -INFO- Project Reports in: /srv/gump/public/workspace/tomcat-tc9/output/test-tmp-APR/logs -WARNING- No directory [/srv/gump/public/workspace/tomcat-tc9/output/test-tmp-APR/logs] The following work was performed: http://gump-vm.apache.org/tomcat-tc9/tomcat-tc9-test-apr/gump_work/build_tomcat-tc9_tomcat-tc9-test-apr.html Work Name: build_tomcat-tc9_tomcat-tc9-test-apr (Type: Build) Work ended in a state of : Success Elapsed: 49 mins 4 secs Command Line: /usr/lib/jvm/java-8-oracle/bin/java -Djava.awt.headless=true -Dbuild.sysclasspath=only -Dsun.zip.disableMemoryMapping=true org.apache.tools.ant.Main -Dgump.merge=/srv/gump/public/gump/work/merge.xml -Dbase.path=/srv/gump/public/workspace/tomcat-tc9/tomcat-build-libs -Dbnd.jar=/srv/gump/packages/bnd/bnd-4.0.0/biz.aQute.bnd-4.0.0.jar -Dsaaj-api.jar=/srv/gump/packages/saaj-api/saaj-api-1.3.5.jar -Djaxrpc-lib.jar=/srv/gump/packages/jaxrpc/geronimo-spec-jaxrpc-1.1-rc4.jar -Dtest.temp=output/test-tmp-APR -Djunit.jar=/srv/gump/public/workspace/junit/target/junit-4.14-SNAPSHOT.jar -Djava.net.preferIPv4Stack=/srv/gump/public/workspace/tomcat-tc9/true -Dobjenesis.jar=/srv/gump/public/workspace/objenesis/main/target/objenesis-3.2-SNAPSHOT.jar -Dexamples.sources.skip=true -Dcommons-daemon.jar=/srv/gump/public/workspace/commons-daemon/target/commons-daemon-1.2.3-SNAPSHOT.jar -Dtest.openssl.path=*Unset* -Dexecute.test.nio=false -Dhamcrest.jar=/srv/gump/packages/hamcrest/hamcrest-core -1.3.jar -Dbndlib.jar=/srv/gump/packages/bnd/bndlib-4.0.0/biz.aQute.bndlib-4.0.0.jar -Dexecute.test.apr=true -Dwsdl4j-lib.jar=/srv/gump/packages/wsdl4j/wsdl4j-1.6.3.jar -Dtest.reports=output/logs-APR -Dexecute.test.nio2=false -Djdt.jar=/srv/gump/packages/eclipse/plugins/R-4.13-201909161045/ecj-4.13.jar -Dtest.apr.loc=/srv/gump/public/workspace/tomcat-native-1.2-1.1.1/dest-20200503/lib -Dtest.relaxTiming=true -Dtest.excludePerformance=true -Dtest.accesslog=true -Deasymock.jar=/srv/gump/public/workspace/easymock/core/target/easymock-4.3-SNAPSHOT.jar -Dcglib.jar=/srv/gump/packages/cglib/cglib-nodep-2.2.jar test [Working Directory: /srv/gump/public/workspace/tomcat-tc9] CLASSPATH: /usr/lib/jvm/java-8-oracle/lib/tools.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/webapps/examples/WEB-INF/classes:/srv/gump/public/workspace/tomcat-tc9/output/testclasses:/srv/gump/public/workspace/ant/dist/lib/ant.jar:/srv/gump/public/workspace/ant/dist/lib/ant-launcher.jar:/srv/gump/public/workspace/ant/dist/lib/ant-jmf.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit.jar:/srv/gump/public/workspace/ant/dist/lib/ant-junit4.jar:/srv/gump/public/workspace/ant/dist/lib/ant-swing.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-resolver.jar:/srv/gump/public/workspace/ant/dist/lib/ant-apache-xalan2.jar:/srv/gump/public/workspace/xml-commons/java/build/resolver.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/bin/bootstrap.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/bin/tomcat-juli.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/lib/annotations-api.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/lib/servlet-api.jar:/srv/gump/ public/workspace/tomcat-tc9/output/build/lib/jsp-api.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/lib/el-api.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/lib/websocket-api.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/lib/jaspic-api.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/lib/catalina.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/lib/catalina-ant.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/lib/catalina-ssi.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/lib/catalina-storeconfig.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/lib/tomcat-coyote.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/lib/jasper.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/lib/jasper-el.jar:/srv/gump/public/workspace/tomcat-tc9/output/build/lib/catalina-tribes.jar:/srv/gump/public/workspace/tomcat-tc9/output/build
Bug report for Taglibs [2020/05/03]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |38193|Ass|Enh|2006-01-09|[RDC] BuiltIn Grammar support for Field | |38600|Ass|Enh|2006-02-10|[RDC] Enable RDCs to be used in X+V markup (X+RDC)| |42413|New|Enh|2007-05-14|[PATCH] Log Taglib enhancements | |46052|New|Nor|2008-10-21|SetLocaleSupport is slow to initialize when many l| |48333|New|Enh|2009-12-02|TLD generator | |57548|New|Min|2015-02-08|Auto-generate the value for org.apache.taglibs.sta| |57684|New|Min|2015-03-10|Version info should be taken from project version | |59359|New|Enh|2016-04-20|(Task) Extend validity period for signing KEY - be| |59668|New|Nor|2016-06-06|x:forEach retains the incorrect scope when used in| |61875|New|Nor|2017-12-08|Investigate whether Xalan can be removed | +-+---+---+--+--+ | Total 10 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat 9 [2020/05/03]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |57505|New|Enh|2015-01-27|Add integration tests for JspC| |57661|New|Enh|2015-03-04|Delay sending of 100 continue response until appli| |58242|New|Enh|2015-08-13|Scanning jars in classpath to get annotations in p| |58530|New|Enh|2015-10-23|Proposal for new Manager HTML GUI | |58548|Inf|Enh|2015-10-26|support certifcate transparency | |58859|New|Enh|2016-01-14|Allow to limit charsets / encodings supported by T| |59344|Ver|Enh|2016-04-18|PEM file support for JSSE | |59750|New|Enh|2016-06-24|Amend "authenticate" method with context by means | |60997|New|Enh|2017-04-17|Enhance SemaphoreValve to support denied status an| |61971|New|Enh|2018-01-06|documentation for using tomcat with systemd | |62048|New|Enh|2018-01-25|Missing logout function in Manager and Host-Manage| |62072|New|Enh|2018-02-01|Add support for request compression | |62312|New|Enh|2018-04-18|Add Proxy Authentication support to websocket clie| |62405|New|Enh|2018-05-23|Add Rereadable Request Filter | |62488|New|Enh|2018-06-25|Obtain dependencies from Maven Central where possi| |62611|Inf|Enh|2018-08-09|Compress log files after rotation | |62695|Inf|Nor|2018-09-07|Provide sha512 checksums for Tomcat releases publi| |62723|New|Enh|2018-09-14|Clarify "channelSendOptions" value in cluster docu| |62773|New|Enh|2018-09-28|Change DeltaManager to handle session deserializat| |62814|New|Enh|2018-10-10|Use readable names for cluster channel/map options| |62843|New|Enh|2018-10-22|Tomcat Russian localization | |62964|Inf|Enh|2018-11-29|Add RFC7807 conformant Problem Details for HTTP st| |63023|New|Enh|2018-12-20|Provide a way to load SecurityProviders into the s| |63049|New|Enh|2018-12-31|Add support in system properties override from com| |63237|New|Enh|2019-03-06|Consider processing mbeans-descriptors.xml at comp| |63362|New|Enh|2019-04-18|GlobalRequestProcessor statistics in MBean does no| |63389|New|Enh|2019-04-27|Enable Servlet Warmup for Containerization| |63493|New|Enh|2019-06-10|enhancement - add JMX counters to monitor authenti| |63505|New|Enh|2019-06-14|enhancement - support of stored procedures for Dat| |63545|New|Enh|2019-07-06|enhancement - add a new pattern attribute for logg| |63943|Opn|Enh|2019-11-20|Add possibility to overwrite remote port with info| |63983|Ver|Cri|2019-12-03|Jasper builds-up open files until garbage collecti| |64080|New|Enh|2020-01-16|Graceful shutdown does not occur for connected cli| |64110|New|Enh|2020-02-01|Record TLS protocol in access log for connections | |64144|New|Enh|2020-02-14|Add an option for rejecting requests that have bot| |64230|New|Enh|2020-03-15|Allow to configure session manager to skip expirin| |64394|New|Enh|2020-04-30|Windows Installer should offer an option to trust | |64395|New|Enh|2020-04-30|Windows Installer should offer an option to select| |64403|New|Nor|2020-05-01|HTTP/2 with compression does not unset Content-Len| +-+---+---+--+--+ | Total 39 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat Native [2020/05/03]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |53940|New|Enh|2012-09-27|Added support for new CRL loading after expiration| |62626|Inf|Nor|2018-08-15|Tomcat 9.0.10 APR/Native crashes | |62911|New|Enh|2018-11-15|Add support for proxying ocsp requests via ProxyH| |63199|Inf|Nor|2019-02-22|sslsocket handshake JVM crash | |63405|Inf|Nor|2019-05-06|Tomcat 7.0.91.0 EXCEPTION_ACCESS_VIOLATION - Probl| +-+---+---+--+--+ | Total5 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat Modules [2020/05/03]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |50571|Inf|Nor|2011-01-11|Tomcat 7 JDBC connection pool exception enhancemen| |51595|Inf|Nor|2011-08-01|org.apache.tomcat.jdbc.pool.jmx.ConnectionPool sho| |51879|Inf|Enh|2011-09-22|Improve access to Native Connection Methods | |52024|Inf|Enh|2011-10-13|Custom interceptor to support automatic failover o| |53199|Inf|Enh|2012-05-07|Refactor ConnectionPool to use ScheduledExecutorSe| |54437|New|Enh|2013-01-16|Update PoolProperties javadoc for ConnectState int| |54929|Inf|Nor|2013-05-05|jdbc-pool cannot be used with Java 1.5, "java.lang| |55078|New|Nor|2013-06-07|Configuring a DataSource Resource with dataSourceJ| |55662|New|Enh|2013-10-17|Add a way to set an instance of java.sql.Driver di| |56046|New|Enh|2014-01-21|org.apache.tomcat.jdbc.pool.XADataSource InitSQL p| |56088|New|Maj|2014-01-29|AbstractQueryReport$StatementProxy throws exceptio| |56310|Inf|Maj|2014-03-25|PooledConnection and XAConnection not handled corr| |56586|New|Nor|2014-06-02|initSQL should be committed if defaultAutoCommit =| |56775|New|Nor|2014-07-28|PoolCleanerTime schedule issue| |56779|New|Nor|2014-07-28|Allow multiple connection initialization statement| |56790|New|Nor|2014-07-29|Resizing pool.maxActive to a higher value at runti| |56798|New|Nor|2014-07-31|Idle eviction strategy could perform better (and i| |56804|New|Nor|2014-08-02|Use a default validationQueryTimeout other than "f| |56805|New|Nor|2014-08-02|datasource.getConnection() may be unnecessarily bl| |56837|New|Nor|2014-08-11|if validationQuery have error with timeBetweenEvic| |56970|New|Nor|2014-09-11|MaxActive vs. MaxTotal for commons-dbcp and tomcat| |57460|New|Nor|2015-01-19|[DB2]Connection broken after few hours but not rem| |57729|New|Enh|2015-03-20|Add QueryExecutionReportInterceptor to log query e| |58489|Opn|Maj|2015-10-08|QueryStatsComparator throws IllegalArgumentExcepti| |59077|New|Nor|2016-02-26|DataSourceFactory creates a neutered data source | |59569|New|Nor|2016-05-18|isWrapperFor/unwrap implementations incorrect | |59879|New|Nor|2016-07-18|StatementCache interceptor returns ResultSet objec| |60195|New|Nor|2016-10-02|No javadoc in Maven Central | |60522|New|Nor|2016-12-27|An option for setting if the transaction should be| |60524|Inf|Nor|2016-12-28|NPE in SlowQueryReport in tomcat-jdbc-7.0.68 | |60645|New|Nor|2017-01-25|StatementFinalizer is not thread-safe | |61032|New|Nor|2017-04-24|min pool size is not being respected | |61103|New|Nor|2017-05-18|StatementCache potentially caching non-functional | |61302|New|Enh|2017-07-15|Refactoring of DataSourceProxy| |61303|New|Enh|2017-07-15|Refactoring of ConnectionPool | |62432|New|Nor|2018-06-06|Memory Leak in Statement Finalizer? | |62598|New|Enh|2018-08-04|support pool with multiple JDBC data sources | |62910|Inf|Nor|2018-11-15|tomcat-jdbc global pool transaction problem | |63612|Inf|Cri|2019-07-26|PooledConnection#connectUsingDriver, Thread.curren| |63705|New|Nor|2019-08-29|The tomcat pool doesn't register all connection th| |64083|New|Nor|2020-01-17|JDBC pool keeps closed connection as available| |64107|New|Maj|2020-01-30|PreparedStatements correctly closed are not return| |64231|New|Nor|2020-03-16|Tomcat jdbc pool behaviour| +-+---+---+--+--+ | Total 43 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat 7 [2020/05/03]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |50944|Ver|Blk|2011-03-18|JSF: java.lang.NullPointerException at com.sun.fac| |55470|New|Enh|2013-08-23|Help users for ClassNotFoundExceptions during star| |55477|New|Enh|2013-08-23|Add a solution to map a realm name to a security r| |56148|New|Enh|2014-02-17|support (multiple) ocsp stapling | |56181|New|Enh|2014-02-23|RemoteIpValve & RemoteIpFilter: HttpServletRequest| |56300|New|Enh|2014-03-22|[Tribes] No useful examples, lack of documentation| |56438|New|Enh|2014-04-21|If jar scan does not find context config or TLD co| |56614|New|Enh|2014-06-12|Add a switch to ignore annotations detection on ta| |56787|New|Enh|2014-07-29|Simplified jndi name parsing | |57367|New|Enh|2014-12-18|If JAR scan experiences a stack overflow, give the| |57827|New|Enh|2015-04-17|Enable adding/removing of members via jmx in a sta| |57872|New|Enh|2015-04-29|Do not auto-switch session cookie to version=1 due| |57892|New|Enh|2015-05-05|Log once a warning if a symbolic link is ignored (| |60597|New|Enh|2017-01-17|Add ability to set cipher suites for websocket cli| |63167|New|Enh|2019-02-12|Network Requirements To Resolve No Members Active | +-+---+---+--+--+ | Total 15 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat Connectors [2020/05/03]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |46767|New|Enh|2009-02-25|mod_jk to send DECLINED in case no fail-over tomca| |47327|New|Enh|2009-06-07|Return tomcat authenticated user back to mod_jk (A| |47750|New|Maj|2009-08-27|ISAPI: Loss of worker settings when changing via j| |48830|New|Nor|2010-03-01|IIS shutdown blocked in endpoint service when serv| |49822|New|Enh|2010-08-25|Add hash lb worker method | |49903|New|Enh|2010-09-09|Make workers file reloadable | |52483|New|Enh|2012-01-18|Print JkOptions's options in log file and jkstatus| |54621|New|Enh|2013-02-28|[PATCH] custom mod_jk availability checks | |56489|New|Enh|2014-05-05|Include a directory for configuration files | |56576|New|Enh|2014-05-29|Websocket support | |57402|New|Enh|2014-12-30|Provide correlation ID between mod_jk log and acce| |57403|New|Enh|2014-12-30|Persist configuration changes made via status work| |57407|New|Enh|2014-12-31|Make session_cookie, session_path and session_cook| |57790|New|Enh|2015-04-03|Check worker names for typos | |61476|New|Enh|2017-09-01|Allow reset of an individual worker stat value| |61621|New|Enh|2017-10-15|Content-Type is forced to lowercase when it goes t| |62093|New|Enh|2018-02-09|Allow use_server_errors to apply to specific statu| |63808|Opn|Enh|2019-10-05|the fact that JkMount makes other directives ineff| +-+---+---+--+--+ | Total 18 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Bug report for Tomcat 8 [2020/05/03]
+---+ | Bugzilla Bug ID | | +-+ | | Status: UNC=Unconfirmed NEW=New ASS=Assigned| | | OPN=ReopenedVER=Verified(Skipped Closed/Resolved) | | | +-+ | | | Severity: BLK=Blocker CRI=Critical REG=Regression MAJ=Major | | | | MIN=Minor NOR=NormalENH=Enhancement TRV=Trivial | | | | +-+ | | | | Date Posted | | | | | +--+ | | | | | Description | | | | | | | |55243|New|Enh|2013-07-11|Add special search string for nested roles| |55383|New|Enh|2013-08-07|Improve markup and design of Tomcat's HTML pages | |9|New|Enh|2013-09-14|UserDatabaseRealm enhacement: may use local JNDI | |55675|New|Enh|2013-10-18|Checking and handling invalid configuration option| |55788|New|Enh|2013-11-16|TagPlugins should key on tag QName rather than imp| |56166|New|Enh|2014-02-20|Suggestions for exception handling (avoid potentia| |56398|New|Enh|2014-04-11|Support Arquillian-based unit testing | |56399|New|Enh|2014-04-11|Re-factor request/response recycling so Coyote and| |56402|New|Enh|2014-04-11|Add support for HTTP Upgrade to AJP components| |56448|New|Enh|2014-04-23|Implement a robust solution for client initiated S| |56522|Opn|Enh|2014-05-14|jasper-el 8 does not comply to EL Spec 3.0 regardi| |56546|New|Enh|2014-05-19|Improve thread trace logging in WebappClassLoader.| |56713|New|Enh|2014-07-12|Limit time that incoming request waits while webap| |56890|Inf|Maj|2014-08-26|getRealPath returns null | |57130|New|Enh|2014-10-22|Allow digest.sh to accept password from a file or | |57421|New|Enh|2015-01-07|Farming default directories | |57486|New|Enh|2015-01-23|Improve reuse of ProtectedFunctionMapper instances| |57701|New|Enh|2015-03-13|Implement "[Redeploy]" button for a web applicatio| |57830|New|Enh|2015-04-18|Add support for ProxyProtocol | |58052|Opn|Enh|2015-06-19|RewriteValve: Implement additional RewriteRule dir| |58072|New|Enh|2015-06-23|ECDH curve selection | |58837|New|Enh|2016-01-12|support "X-Content-Security-Policy" a.k.a as "CSP"| |58935|Opn|Enh|2016-01-29|Re-deploy from war without deleting context | |59232|New|Enh|2016-03-24|Make the context name of an app available via JNDI| |59423|New|Enh|2016-05-03|amend "No LoginModules configured for ..." with hi| |59758|New|Enh|2016-06-27|Add http proxy username-password credentials suppo| |60281|Ver|Nor|2016-10-20|Pathname of uploaded WAR file should not be contai| |60721|Ver|Nor|2017-02-10|Unable to find key spec if more applications use b| |60781|New|Nor|2017-02-27|Access Log Valve does not escape the same as mod_l| |60849|New|Enh|2017-03-13|Tomcat NIO Connector not able to handle SSL renego| |61668|Ver|Min|2017-10-26|Possible NullPointerException in org.apache.coyote| |61877|New|Enh|2017-12-08|use web.xml from CATALINA_HOME by default | |61917|New|Enh|2017-12-19|AddDefaultCharsetFilter only supports text/* respo| |62150|New|Enh|2018-03-01|Behavior of relative paths with RequestDispatcher | |62214|New|Enh|2018-03-22|The "userSubtree=true" and "roleSubtree=true" in J| |62245|New|Enh|2018-04-02|[Documentation] Mention contextXsltFile in Default| |63080|New|Enh|2019-01-16|Support rfc7239 Forwarded header | |63195|Inf|Enh|2019-02-21|Add easy way to test RemoteIpValve works properly | |63802|Inf|Cri|2019-10-04|epoll spin detection is missing | |63815|Inf|Nor|2019-10-08|Expansion of JAVA_OPTS in catalina.sh containing '| +-+---+---+--+--+ | Total 40 bugs | +---+ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
