Re: [tomcat] 01/02: Replace Collections.sort() with List.sort()

[Igal Sapir]

On Thu, Dec 3, 2020 at 2:48 PM Martin Grigorov  wrote:

> Hi,
>
> Shall we backport these commits to 9.x and 8.5?
> It will make it easier to backport future changes in these classes.
>

+1

No need to diverge the branches unnecessarily.

Igal



>
> Martin
>
> On Fri, Dec 4, 2020, 00:06 Emmanuel Bourg  wrote:
>
> > Hi Christopher,
> >
> > Le 03/12/2020 à 21:49, Christopher Schultz a écrit :
> >
> > > I'm curious as to why this change is warranted. I'm not suggesting it's
> > > not... just wondering what the benefit is? Avoiding a pass-through
> > > method call?
> >
> > It's the shorter idiom to sort lists with Java 8+, it just improves the
> > readability. I don't think the method call avoided has any impact, the
> > actual sorting dominates the time spent anyway.
> >
> > Emmanuel Bourg
> >
> > -
> > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> > For additional commands, e-mail: dev-h...@tomcat.apache.org
> >
> >
>

Re: [VOTE] Release Apache Tomcat 8.5.61

[Igal Sapir]

On Thu, Dec 3, 2020 at 6:49 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.61 release is now available for voting.
>
> The notable changes compared to the 8.5.60 release are:
>
> - Align the behaviour of ServletContext.getRealPath(String path) with
>   the recent clarification from the Servlet specification project. If
>   the path parameter does not start with / then Tomcat processes the
>   call as if / is appended to the beginning of the provided path.
>
> - Fix a potential file descriptor leak when WebSocket connections are
>   attempted and fail. Patch provided by Maurizio Adami.
>
> - Ensure that the LoadBalancerDrainingValve uses the correct setting
>   for the secure attribute for any session cookies it creates. Based on
>   a pull request by Andreas Kurth.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.61/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1290/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.61
> 77d330abea52e4aeb039ca7eb8a766e0e1c56a71
>
> The proposed 8.5.61 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.61
>

Tested on Ubuntu 20.04 with Java 13.0.4 and TC-Native 1.2.25

Best,

Igal



>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 9.0.41

[Igal Sapir]

On Thu, Dec 3, 2020 at 5:12 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.41 release is now available for voting.
>
> The notable changes compared to the 9.0.40 release are:
>
> - Align the behaviour of ServletContext.getRealPath(String path) with
>   the recent clarification from the Servlet specification project. If
>   the path parameter does not start with / then Tomcat processes the
>   call as if / is appended to the beginning of the provided path.
>
> - Fix a potential file descriptor leak when WebSocket connections are
>   attempted and fail. Patch provided by Maurizio Adami.
>
> -  Ensure that the LoadBalancerDrainingValve uses the correct setting
>for the secure attribute for any session cookies it creates. Based on
>a pull request by Andreas Kurth.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.41/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1289/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.41
> 75d7a2069bf4360bcd8b885c6b7387d70c9cb052
>
> The proposed 9.0.41 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.41
>

Tested with Ubuntu 20.04, Java 13.0.4, and TC-Native 1.2.25

Best,

Igal



>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: [VOTE] Release Apache Tomcat 10.0.0

[Igal Sapir]

On Thu, Dec 3, 2020 at 2:50 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.0.0 release is now available for
> voting.
>
> Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to
> jakarta.*
> Applications that run on Tomcat 9 will not run on Tomcat 10 without
> changes.
>
> The notable changes compared to 10.0.0-M10 are:
>
> - Specs are now final. Tomcat passes the TCKs apart from a number of
>   expected failures that don't impact spec compliance.
>
> - The APR/Native AJP and HTTP connectors have been deprecated.
>   Tomcat Native will continue to be used to support OpenSSL use with NIO
>   and NIO2.
>
> - Align the behaviour of ServletContext.getRealPath(String path) with
>   the recent clarification from the Servlet specification project. If
>   the path parameter does not start with / then Tomcat processes the
>   call as if / is appended to the beginning of the provided path.
>
> Along with lots of other bug fixes and improvements.
>
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1287/
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.0
> 4c8b650437e2464c1c31c6598a263b3805b7a81f
>
> The proposed 10.0.0 release is:
> [ ] Broken - do not release
> [X] Beta   - go ahead and release as 10.0.0 (beta)
> [ ] Stable - go ahead and release as 10.0.0 (stable)
>

Tested on Ubuntu 20.04 with Java 13.0.4 and TC-Native 1.2.25

Best,

Igal



>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Tomcat Native Build Instructions

[Igal Sapir]

On Thu, Dec 3, 2020 at 2:31 PM Emmanuel Bourg  wrote:

> Le 03/12/2020 à 23:00, Igal Sapir a écrit :
>
> > It seems that the package is named "libapr1-dev" and I'm not sure if that
> > was a recent change or not.
> >
> > I want to update the docs but not sure if that would break non-Ubuntu
> > Debian-based builds.
> >
> > Any thoughts?
>
> libapr1.0-dev was in Debian Sid between 2004 and 2006, it has only been
> part of Debian 3.1 Sarge until its EOL in 2008. (the Ubuntu release at
> this time was 6.06 Dapper Drake, EOL in 2011)
>
> libapr1-dev has been used to build tomcat-native in Debian (and Ubuntu)
> since its first upload in 2008 [1].
>

Thanks Emmanuel!  I'm surprised that no one has complained about the docs
being misaligned so far.

Best,

Igal



>
> Emmanuel Bourg
>
> [1] https://salsa.debian.org/java-team/tomcat-native/-/commit/201da1d9
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

[tomcat] 04/05: Make the inner classes static when possible to save a reference to the enclosing class

[ebourg]

This is an automated email from the ASF dual-hosted git repository.

ebourg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 0b8b394241963e274e61c630c5ef5e9b191f2860
Author: Emmanuel Bourg 
AuthorDate: Fri Dec 4 00:48:39 2020 +0100

Make the inner classes static when possible to save a reference to the 
enclosing class
---
 java/org/apache/catalina/realm/UserDatabaseRealm.java  |  2 +-
 java/org/apache/catalina/ssi/ExpressionParseTree.java  | 10 +-
 java/org/apache/catalina/valves/rewrite/Substitution.java  | 14 +++---
 java/org/apache/tomcat/websocket/WsFrameBase.java  |  2 +-
 .../catalina/authenticator/TestFormAuthenticator.java  |  2 +-
 .../apache/catalina/valves/rewrite/TestResolverSSL.java|  2 +-
 test/org/apache/coyote/TestRequest.java|  2 +-
 test/org/apache/coyote/http2/Http2TestBase.java|  2 +-
 test/org/apache/tomcat/util/net/TestSsl.java   |  2 +-
 9 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/java/org/apache/catalina/realm/UserDatabaseRealm.java 
b/java/org/apache/catalina/realm/UserDatabaseRealm.java
index b8aac01..4d055fd 100644
--- a/java/org/apache/catalina/realm/UserDatabaseRealm.java
+++ b/java/org/apache/catalina/realm/UserDatabaseRealm.java
@@ -307,7 +307,7 @@ public class UserDatabaseRealm extends RealmBase {
 }
 
 
-private class UserDatabasePrincipal implements Principal {
+private static class UserDatabasePrincipal implements Principal {
 private final String name;
 private UserDatabasePrincipal(String name) {
 this.name = name;
diff --git a/java/org/apache/catalina/ssi/ExpressionParseTree.java 
b/java/org/apache/catalina/ssi/ExpressionParseTree.java
index f32d08b..83da544 100644
--- a/java/org/apache/catalina/ssi/ExpressionParseTree.java
+++ b/java/org/apache/catalina/ssi/ExpressionParseTree.java
@@ -213,7 +213,7 @@ public class ExpressionParseTree {
 /**
  * A node in the expression parse tree.
  */
-private abstract class Node {
+private static abstract class Node {
 /**
  * @return {@code true} if the node evaluates to true.
  */
@@ -266,7 +266,7 @@ public class ExpressionParseTree {
 /**
  * A node implementation that represents an operation.
  */
-private abstract class OppNode extends Node {
+private static abstract class OppNode extends Node {
 /**
  * The left branch.
  */
@@ -295,7 +295,7 @@ public class ExpressionParseTree {
 left = values.remove(0);
 }
 }
-private final class NotNode extends OppNode {
+private static final class NotNode extends OppNode {
 @Override
 public boolean evaluate() {
 return !left.evaluate();
@@ -322,7 +322,7 @@ public class ExpressionParseTree {
 return left + " NOT";
 }
 }
-private final class AndNode extends OppNode {
+private static final class AndNode extends OppNode {
 @Override
 public boolean evaluate() {
 if (!left.evaluate()) // Short circuit
@@ -342,7 +342,7 @@ public class ExpressionParseTree {
 return left + " " + right + " AND";
 }
 }
-private final class OrNode extends OppNode {
+private static final class OrNode extends OppNode {
 @Override
 public boolean evaluate() {
 if (left.evaluate()) // Short circuit
diff --git a/java/org/apache/catalina/valves/rewrite/Substitution.java 
b/java/org/apache/catalina/valves/rewrite/Substitution.java
index a4191eb..26fc210 100644
--- a/java/org/apache/catalina/valves/rewrite/Substitution.java
+++ b/java/org/apache/catalina/valves/rewrite/Substitution.java
@@ -25,11 +25,11 @@ import org.apache.catalina.util.URLEncoder;
 
 public class Substitution {
 
-public abstract class SubstitutionElement {
+public static abstract class SubstitutionElement {
 public abstract String evaluate(Matcher rule, Matcher cond, Resolver 
resolver);
 }
 
-public class StaticElement extends SubstitutionElement {
+public static class StaticElement extends SubstitutionElement {
 public String value;
 
 @Override
@@ -59,7 +59,7 @@ public class Substitution {
 }
 }
 
-public class RewriteCondBackReferenceElement extends SubstitutionElement {
+public static class RewriteCondBackReferenceElement extends 
SubstitutionElement {
 public int n;
 @Override
 public String evaluate(Matcher rule, Matcher cond, Resolver resolver) {
@@ -67,7 +67,7 @@ public class Substitution {
 }
 }
 
-public class ServerVariableElement extends SubstitutionElement {
+public static class ServerVariableElement extends SubstitutionElement {
 public String key;
 @Override
 public String evaluate(Matcher rule, Matcher cond, Resolver resolver) {
@@ -75,7 +75,7 @@ 

[tomcat] 03/05: Make the serialVersionUID fields private

[ebourg]

This is an automated email from the ASF dual-hosted git repository.

ebourg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 71cbf992386ac53cff22d4dee8b7836e23876d8d
Author: Emmanuel Bourg 
AuthorDate: Fri Dec 4 00:22:09 2020 +0100

Make the serialVersionUID fields private
---
 java/org/apache/tomcat/util/modeler/AttributeInfo.java| 2 +-
 java/org/apache/tomcat/util/modeler/FeatureInfo.java  | 2 +-
 java/org/apache/tomcat/util/modeler/NotificationInfo.java | 2 +-
 java/org/apache/tomcat/util/modeler/OperationInfo.java| 2 +-
 java/org/apache/tomcat/util/modeler/ParameterInfo.java| 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/java/org/apache/tomcat/util/modeler/AttributeInfo.java 
b/java/org/apache/tomcat/util/modeler/AttributeInfo.java
index 14342af..2893611 100644
--- a/java/org/apache/tomcat/util/modeler/AttributeInfo.java
+++ b/java/org/apache/tomcat/util/modeler/AttributeInfo.java
@@ -27,7 +27,7 @@ import javax.management.MBeanAttributeInfo;
  * @author Craig R. McClanahan
  */
 public class AttributeInfo extends FeatureInfo {
-static final long serialVersionUID = -2511626862303972143L;
+private static final long serialVersionUID = -2511626862303972143L;
 
 // - Instance Variables
 protected String displayName = null;
diff --git a/java/org/apache/tomcat/util/modeler/FeatureInfo.java 
b/java/org/apache/tomcat/util/modeler/FeatureInfo.java
index 7eef166..94517ca 100644
--- a/java/org/apache/tomcat/util/modeler/FeatureInfo.java
+++ b/java/org/apache/tomcat/util/modeler/FeatureInfo.java
@@ -32,7 +32,7 @@ import javax.management.MBeanFeatureInfo;
  * @author Craig R. McClanahan
  */
 public class FeatureInfo implements Serializable {
-static final long serialVersionUID = -911529176124712296L;
+private static final long serialVersionUID = -911529176124712296L;
 
 protected String description = null;
 protected String name = null;
diff --git a/java/org/apache/tomcat/util/modeler/NotificationInfo.java 
b/java/org/apache/tomcat/util/modeler/NotificationInfo.java
index 5a660b5..18f5524 100644
--- a/java/org/apache/tomcat/util/modeler/NotificationInfo.java
+++ b/java/org/apache/tomcat/util/modeler/NotificationInfo.java
@@ -30,7 +30,7 @@ import javax.management.MBeanNotificationInfo;
  */
 public class NotificationInfo extends FeatureInfo {
 
-static final long serialVersionUID = -6319885418912650856L;
+private static final long serialVersionUID = -6319885418912650856L;
 
 // - Instance Variables
 
diff --git a/java/org/apache/tomcat/util/modeler/OperationInfo.java 
b/java/org/apache/tomcat/util/modeler/OperationInfo.java
index 55f4883..6a63870 100644
--- a/java/org/apache/tomcat/util/modeler/OperationInfo.java
+++ b/java/org/apache/tomcat/util/modeler/OperationInfo.java
@@ -32,7 +32,7 @@ import javax.management.MBeanParameterInfo;
  */
 public class OperationInfo extends FeatureInfo {
 
-static final long serialVersionUID = 4418342922072614875L;
+private static final long serialVersionUID = 4418342922072614875L;
 
 // --- Constructors
 
diff --git a/java/org/apache/tomcat/util/modeler/ParameterInfo.java 
b/java/org/apache/tomcat/util/modeler/ParameterInfo.java
index 758d943..3e755b0 100644
--- a/java/org/apache/tomcat/util/modeler/ParameterInfo.java
+++ b/java/org/apache/tomcat/util/modeler/ParameterInfo.java
@@ -29,7 +29,7 @@ import javax.management.MBeanParameterInfo;
  * @author Craig R. McClanahan
  */
 public class ParameterInfo extends FeatureInfo {
-static final long serialVersionUID = 796006787664020L;
+private static final long serialVersionUID = 796006787664020L;
 // --- Constructors
 
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 05/05: No longer use Throwable.initCause() when possible

[ebourg]

This is an automated email from the ASF dual-hosted git repository.

ebourg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 9ede7c8232d24b93704dbfb76bcc4f6d72d20336
Author: Emmanuel Bourg 
AuthorDate: Fri Dec 4 01:03:07 2020 +0100

No longer use Throwable.initCause() when possible
---
 .../auth/message/config/AuthConfigFactory.java |  7 ++---
 java/org/apache/catalina/connector/Response.java   | 15 ++---
 java/org/apache/catalina/mbeans/GroupMBean.java|  8 ++---
 .../catalina/mbeans/MemoryUserDatabaseMBean.java   | 36 ++
 .../catalina/mbeans/NamingResourcesMBean.java  | 18 ---
 java/org/apache/catalina/mbeans/UserMBean.java |  8 ++---
 java/org/apache/coyote/http2/Stream.java   |  3 +-
 java/org/apache/coyote/http2/StreamProcessor.java  |  3 +-
 .../org/apache/jasper/runtime/PageContextImpl.java |  6 ++--
 .../tomcat/util/scan/StandardJarScanner.java   |  4 +--
 10 files changed, 30 insertions(+), 78 deletions(-)

diff --git a/java/jakarta/security/auth/message/config/AuthConfigFactory.java 
b/java/jakarta/security/auth/message/config/AuthConfigFactory.java
index a51c641..f08c125 100644
--- a/java/jakarta/security/auth/message/config/AuthConfigFactory.java
+++ b/java/jakarta/security/auth/message/config/AuthConfigFactory.java
@@ -79,11 +79,10 @@ public abstract class AuthConfigFactory {
 } catch (PrivilegedActionException e) {
 Exception inner = e.getException();
 if (inner instanceof InstantiationException) {
-throw (SecurityException) new 
SecurityException("AuthConfigFactory error:" +
-
inner.getCause().getMessage()).initCause(inner.getCause());
+throw new SecurityException("AuthConfigFactory error:" 
+
+inner.getCause().getMessage(), 
inner.getCause());
 } else {
-throw (SecurityException) new SecurityException(
-"AuthConfigFactory error: " + 
inner).initCause(inner);
+throw new SecurityException("AuthConfigFactory error: 
" + inner, inner);
 }
 }
 }
diff --git a/java/org/apache/catalina/connector/Response.java 
b/java/org/apache/catalina/connector/Response.java
index 9c5fea3..783772a 100644
--- a/java/org/apache/catalina/connector/Response.java
+++ b/java/org/apache/catalina/connector/Response.java
@@ -1596,10 +1596,7 @@ public class Response implements HttpServletResponse {
 redirectURLCC.append(location, 0, location.length());
 return redirectURLCC.toString();
 } catch (IOException e) {
-IllegalArgumentException iae =
-new IllegalArgumentException(location);
-iae.initCause(e);
-throw iae;
+throw new IllegalArgumentException(location, e);
 }
 
 } else if (leadingSlash || !UriUtil.hasScheme(location)) {
@@ -1629,10 +1626,7 @@ public class Response implements HttpServletResponse {
 encodedURI = AccessController.doPrivileged(
 new PrivilegedEncodeUrl(urlEncoder, 
relativePath, pos));
 } catch (PrivilegedActionException pae){
-IllegalArgumentException iae =
-new IllegalArgumentException(location);
-iae.initCause(pae.getException());
-throw iae;
+throw new IllegalArgumentException(location, 
pae.getException());
 }
 } else {
 encodedURI = urlEncoder.encodeURL(relativePath, 0, 
pos);
@@ -1645,10 +1639,7 @@ public class Response implements HttpServletResponse {
 
 normalize(redirectURLCC);
 } catch (IOException e) {
-IllegalArgumentException iae =
-new IllegalArgumentException(location);
-iae.initCause(e);
-throw iae;
+throw new IllegalArgumentException(location, e);
 }
 
 return redirectURLCC.toString();
diff --git a/java/org/apache/catalina/mbeans/GroupMBean.java 
b/java/org/apache/catalina/mbeans/GroupMBean.java
index 46a6fc8..134e50d 100644
--- a/java/org/apache/catalina/mbeans/GroupMBean.java
+++ b/java/org/apache/catalina/mbeans/GroupMBean.java
@@ -68,9 +68,7 @@ public class GroupMBean extends BaseModelMBean {
 ObjectName oname = 
MBeanUtils.createObjectName(managed.getDomain(), role);
 results.add(oname.toString());
 } catch (MalformedObjectNameException e) {
-IllegalArgumentException iae = new 

[tomcat] 02/05: Collapse identical catch blocks

[ebourg]

This is an automated email from the ASF dual-hosted git repository.

ebourg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit d03a176f94b42564ac5f6f28b587ad0e483716e2
Author: Emmanuel Bourg 
AuthorDate: Fri Dec 4 00:15:59 2020 +0100

Collapse identical catch blocks
---
 .../catalina/core/ApplicationDispatcher.java   |  4 +---
 .../catalina/core/NamingContextListener.java   |  2 --
 java/org/apache/catalina/core/StandardServer.java  |  4 +---
 .../org/apache/catalina/mbeans/ContainerMBean.java |  4 +---
 .../apache/catalina/servlets/WebdavServlet.java| 10 ++---
 .../org/apache/catalina/startup/ContextConfig.java | 25 +-
 .../group/interceptors/NonBlockingCoordinator.java |  4 +---
 .../tribes/tipis/AbstractReplicatedMap.java| 15 +++--
 .../apache/catalina/util/LifecycleMBeanBase.java   |  6 +-
 .../apache/catalina/valves/ErrorReportValve.java   |  4 +---
 .../catalina/valves/JsonErrorReportValve.java  |  4 +---
 java/org/apache/coyote/ajp/AjpProcessor.java   |  6 ++
 java/org/apache/el/parser/AstValue.java|  6 ++
 java/org/apache/jasper/compiler/JDTCompiler.java   |  5 ++---
 java/org/apache/jasper/servlet/JspServlet.java |  6 +-
 .../apache/jasper/servlet/JspServletWrapper.java   | 19 ++--
 .../dbcp/dbcp2/PoolableCallableStatement.java  |  4 +---
 .../dbcp2/datasources/InstanceKeyDataSource.java   | 10 ++---
 java/org/apache/tomcat/util/Diagnostics.java   |  8 ++-
 .../apache/catalina/core/TestAsyncContextImpl.java |  8 ++-
 .../catalina/valves/TestRequestFilterValve.java|  4 +---
 .../apache/coyote/http11/TestHttp11Processor.java  |  4 +---
 test/org/apache/el/TesterFunctions.java| 16 --
 test/org/apache/tomcat/util/net/TestCustomSsl.java | 11 +++---
 24 files changed, 42 insertions(+), 147 deletions(-)

diff --git a/java/org/apache/catalina/core/ApplicationDispatcher.java 
b/java/org/apache/catalina/core/ApplicationDispatcher.java
index a718aa9..c83656b 100644
--- a/java/org/apache/catalina/core/ApplicationDispatcher.java
+++ b/java/org/apache/catalina/core/ApplicationDispatcher.java
@@ -394,9 +394,7 @@ final class ApplicationDispatcher implements 
AsyncDispatcher, RequestDispatcher
 try {
 ServletOutputStream stream = response.getOutputStream();
 stream.close();
-} catch (IllegalStateException f) {
-// Ignore
-} catch (IOException f) {
+} catch (IllegalStateException | IOException f) {
 // Ignore
 }
 } catch (IOException e) {
diff --git a/java/org/apache/catalina/core/NamingContextListener.java 
b/java/org/apache/catalina/core/NamingContextListener.java
index 5c825bb..b0a5009 100644
--- a/java/org/apache/catalina/core/NamingContextListener.java
+++ b/java/org/apache/catalina/core/NamingContextListener.java
@@ -749,8 +749,6 @@ public class NamingContextListener implements 
LifecycleListener, PropertyChangeL
 "naming.invalidEnvEntryType", env.getName()));
 }
 }
-} catch (NumberFormatException e) {
-log.error(sm.getString("naming.invalidEnvEntryValue", 
env.getName()));
 } catch (IllegalArgumentException e) {
 log.error(sm.getString("naming.invalidEnvEntryValue", 
env.getName()));
 }
diff --git a/java/org/apache/catalina/core/StandardServer.java 
b/java/org/apache/catalina/core/StandardServer.java
index 1ac8676..fa213f7 100644
--- a/java/org/apache/catalina/core/StandardServer.java
+++ b/java/org/apache/catalina/core/StandardServer.java
@@ -1031,9 +1031,7 @@ public final class StandardServer extends 
LifecycleMBeanBase implements Server {
 f.getName().endsWith(".jar")) {
 ExtensionValidator.addSystemResource(f);
 }
-} catch (URISyntaxException e) {
-// Ignore
-} catch (IOException e) {
+} catch (URISyntaxException | IOException e) {
 // Ignore
 }
 }
diff --git a/java/org/apache/catalina/mbeans/ContainerMBean.java 
b/java/org/apache/catalina/mbeans/ContainerMBean.java
index e8bc8c1..434c09d 100644
--- a/java/org/apache/catalina/mbeans/ContainerMBean.java
+++ b/java/org/apache/catalina/mbeans/ContainerMBean.java
@@ -128,9 +128,7 @@ public class ContainerMBean extends 
BaseCatalinaMBean {
 ObjectName oname;
 try {
 oname = new ObjectName(valveName);
-} catch (MalformedObjectNameException e) {
-throw new MBeanException(e);
-} catch 

[tomcat] 01/05: Replace explicit types with <>

[ebourg]

This is an automated email from the ASF dual-hosted git repository.

ebourg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b39da50bfa564eeaf2235a110233f794c7897a81
Author: Emmanuel Bourg 
AuthorDate: Thu Dec 3 23:43:49 2020 +0100

Replace explicit types with <>
---
 java/org/apache/catalina/ha/tcp/ReplicationValve.java|  2 +-
 java/org/apache/catalina/servlets/DefaultServlet.java|  2 +-
 java/org/apache/catalina/startup/ContextConfig.java  |  2 +-
 java/org/apache/catalina/valves/rewrite/RewriteRule.java |  2 +-
 java/org/apache/catalina/webresources/StandardRoot.java  |  2 +-
 java/org/apache/coyote/AbstractProtocol.java |  2 +-
 java/org/apache/coyote/http11/AbstractHttp11Protocol.java|  2 +-
 java/org/apache/naming/NamingContext.java|  2 +-
 java/org/apache/tomcat/websocket/AsyncChannelGroupUtil.java  |  2 +-
 java/org/apache/tomcat/websocket/Constants.java  |  2 +-
 .../apache/tomcat/websocket/server/WsServerContainer.java|  2 +-
 .../loader/TestWebappClassLoaderExecutorMemoryLeak.java  |  2 +-
 .../apache/catalina/startup/TestContextConfigAnnotation.java | 12 +---
 test/org/apache/tomcat/websocket/TestUtil.java   |  4 ++--
 14 files changed, 19 insertions(+), 21 deletions(-)

diff --git a/java/org/apache/catalina/ha/tcp/ReplicationValve.java 
b/java/org/apache/catalina/ha/tcp/ReplicationValve.java
index 144dbbb..4e3fca1 100644
--- a/java/org/apache/catalina/ha/tcp/ReplicationValve.java
+++ b/java/org/apache/catalina/ha/tcp/ReplicationValve.java
@@ -325,7 +325,7 @@ public class ReplicationValve
 
log.debug(sm.getString("ReplicationValve.crossContext.add"));
 }
 //FIXME add Pool of Arraylists
-crossContextSessions.set(new ArrayList());
+crossContextSessions.set(new ArrayList<>());
 }
 getNext().invoke(request, response);
 if(context != null && cluster != null
diff --git a/java/org/apache/catalina/servlets/DefaultServlet.java 
b/java/org/apache/catalina/servlets/DefaultServlet.java
index 44032aa..6c133d9 100644
--- a/java/org/apache/catalina/servlets/DefaultServlet.java
+++ b/java/org/apache/catalina/servlets/DefaultServlet.java
@@ -150,7 +150,7 @@ public class DefaultServlet extends HttpServlet {
 /**
  * Full range marker.
  */
-protected static final Ranges FULL = new Ranges(null, new 
ArrayList());
+protected static final Ranges FULL = new Ranges(null, new ArrayList<>());
 
 private static final ContentRange IGNORE = new ContentRange(null, 0, 0, 0);
 
diff --git a/java/org/apache/catalina/startup/ContextConfig.java 
b/java/org/apache/catalina/startup/ContextConfig.java
index f47a8bd..60adf67 100644
--- a/java/org/apache/catalina/startup/ContextConfig.java
+++ b/java/org/apache/catalina/startup/ContextConfig.java
@@ -1847,7 +1847,7 @@ public class ContextConfig implements LifecycleListener {
 }
 
 for (ServletContainerInitializer sci : detectedScis) {
-initializerClassMap.put(sci, new HashSet>());
+initializerClassMap.put(sci, new HashSet<>());
 
 HandlesTypes ht;
 try {
diff --git a/java/org/apache/catalina/valves/rewrite/RewriteRule.java 
b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
index 833a12c..ca29223 100644
--- a/java/org/apache/catalina/valves/rewrite/RewriteRule.java
+++ b/java/org/apache/catalina/valves/rewrite/RewriteRule.java
@@ -63,7 +63,7 @@ public class RewriteRule {
 newEnvSubstitution.setSub(s);
 newEnvSubstitution.parse(maps);
 envSubstitution.add(newEnvSubstitution);
-envResult.add(new ThreadLocal());
+envResult.add(new ThreadLocal<>());
 }
 }
 if (isCookie()) {
diff --git a/java/org/apache/catalina/webresources/StandardRoot.java 
b/java/org/apache/catalina/webresources/StandardRoot.java
index cc401f2..0aad50e 100644
--- a/java/org/apache/catalina/webresources/StandardRoot.java
+++ b/java/org/apache/catalina/webresources/StandardRoot.java
@@ -81,7 +81,7 @@ public class StandardRoot extends LifecycleMBeanBase 
implements WebResourceRoot
 
 private boolean trackLockedFiles = false;
 private final Set trackedResources =
-Collections.newSetFromMap(new 
ConcurrentHashMap());
+Collections.newSetFromMap(new ConcurrentHashMap<>());
 
 // Constructs to make iteration over all WebResourceSets simpler
 private final List mainResources = new ArrayList<>();
diff --git a/java/org/apache/coyote/AbstractProtocol.java 
b/java/org/apache/coyote/AbstractProtocol.java
index 06c2f5e..239ae2c 100644
--- a/java/org/apache/coyote/AbstractProtocol.java
+++ b/java/org/apache/coyote/AbstractProtocol.java
@@ -87,7 +87,7 @@ public abstract class AbstractProtocol implements 

[tomcat] branch master updated (df3a323 -> 9ede7c8)

[ebourg]

This is an automated email from the ASF dual-hosted git repository.

ebourg pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


from df3a323  It is time to drop the milestone modifier
 new b39da50  Replace explicit types with <>
 new d03a176  Collapse identical catch blocks
 new 71cbf99  Make the serialVersionUID fields private
 new 0b8b394  Make the inner classes static when possible to save a 
reference to the enclosing class
 new 9ede7c8  No longer use Throwable.initCause() when possible

The 5 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../auth/message/config/AuthConfigFactory.java |  7 ++---
 java/org/apache/catalina/connector/Response.java   | 15 ++---
 .../catalina/core/ApplicationDispatcher.java   |  4 +--
 .../catalina/core/NamingContextListener.java   |  2 --
 java/org/apache/catalina/core/StandardServer.java  |  4 +--
 .../apache/catalina/ha/tcp/ReplicationValve.java   |  2 +-
 .../org/apache/catalina/mbeans/ContainerMBean.java |  4 +--
 java/org/apache/catalina/mbeans/GroupMBean.java|  8 ++---
 .../catalina/mbeans/MemoryUserDatabaseMBean.java   | 36 ++
 .../catalina/mbeans/NamingResourcesMBean.java  | 18 ---
 java/org/apache/catalina/mbeans/UserMBean.java |  8 ++---
 .../apache/catalina/realm/UserDatabaseRealm.java   |  2 +-
 .../apache/catalina/servlets/DefaultServlet.java   |  2 +-
 .../apache/catalina/servlets/WebdavServlet.java| 10 ++
 .../apache/catalina/ssi/ExpressionParseTree.java   | 10 +++---
 .../org/apache/catalina/startup/ContextConfig.java | 27 
 .../group/interceptors/NonBlockingCoordinator.java |  4 +--
 .../tribes/tipis/AbstractReplicatedMap.java| 15 ++---
 .../apache/catalina/util/LifecycleMBeanBase.java   |  6 +---
 .../apache/catalina/valves/ErrorReportValve.java   |  4 +--
 .../catalina/valves/JsonErrorReportValve.java  |  4 +--
 .../catalina/valves/rewrite/RewriteRule.java   |  2 +-
 .../catalina/valves/rewrite/Substitution.java  | 14 -
 .../apache/catalina/webresources/StandardRoot.java |  2 +-
 java/org/apache/coyote/AbstractProtocol.java   |  2 +-
 java/org/apache/coyote/ajp/AjpProcessor.java   |  6 ++--
 .../coyote/http11/AbstractHttp11Protocol.java  |  2 +-
 java/org/apache/coyote/http2/Stream.java   |  3 +-
 java/org/apache/coyote/http2/StreamProcessor.java  |  3 +-
 java/org/apache/el/parser/AstValue.java|  6 ++--
 java/org/apache/jasper/compiler/JDTCompiler.java   |  5 ++-
 .../org/apache/jasper/runtime/PageContextImpl.java |  6 ++--
 java/org/apache/jasper/servlet/JspServlet.java |  6 +---
 .../apache/jasper/servlet/JspServletWrapper.java   | 19 ++--
 java/org/apache/naming/NamingContext.java  |  2 +-
 .../dbcp/dbcp2/PoolableCallableStatement.java  |  4 +--
 .../dbcp2/datasources/InstanceKeyDataSource.java   | 10 ++
 java/org/apache/tomcat/util/Diagnostics.java   |  8 ++---
 .../apache/tomcat/util/modeler/AttributeInfo.java  |  2 +-
 .../apache/tomcat/util/modeler/FeatureInfo.java|  2 +-
 .../tomcat/util/modeler/NotificationInfo.java  |  2 +-
 .../apache/tomcat/util/modeler/OperationInfo.java  |  2 +-
 .../apache/tomcat/util/modeler/ParameterInfo.java  |  2 +-
 .../tomcat/util/scan/StandardJarScanner.java   |  4 +--
 .../tomcat/websocket/AsyncChannelGroupUtil.java|  2 +-
 java/org/apache/tomcat/websocket/Constants.java|  2 +-
 java/org/apache/tomcat/websocket/WsFrameBase.java  |  2 +-
 .../tomcat/websocket/server/WsServerContainer.java |  2 +-
 .../authenticator/TestFormAuthenticator.java   |  2 +-
 .../apache/catalina/core/TestAsyncContextImpl.java |  8 ++---
 .../TestWebappClassLoaderExecutorMemoryLeak.java   |  2 +-
 .../startup/TestContextConfigAnnotation.java   | 12 +++-
 .../catalina/valves/TestRequestFilterValve.java|  4 +--
 .../catalina/valves/rewrite/TestResolverSSL.java   |  2 +-
 test/org/apache/coyote/TestRequest.java|  2 +-
 .../apache/coyote/http11/TestHttp11Processor.java  |  4 +--
 test/org/apache/coyote/http2/Http2TestBase.java|  2 +-
 test/org/apache/el/TesterFunctions.java| 16 +++---
 test/org/apache/tomcat/util/net/TestCustomSsl.java | 11 ++-
 test/org/apache/tomcat/util/net/TestSsl.java   |  2 +-
 test/org/apache/tomcat/websocket/TestUtil.java |  4 +--
 61 files changed, 115 insertions(+), 270 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] 01/02: Replace Collections.sort() with List.sort()

[Martin Grigorov]

Hi,

Shall we backport these commits to 9.x and 8.5?
It will make it easier to backport future changes in these classes.

Martin

On Fri, Dec 4, 2020, 00:06 Emmanuel Bourg  wrote:

> Hi Christopher,
>
> Le 03/12/2020 à 21:49, Christopher Schultz a écrit :
>
> > I'm curious as to why this change is warranted. I'm not suggesting it's
> > not... just wondering what the benefit is? Avoiding a pass-through
> > method call?
>
> It's the shorter idiom to sort lists with Java 8+, it just improves the
> readability. I don't think the method call avoided has any impact, the
> actual sorting dominates the time spent anyway.
>
> Emmanuel Bourg
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

Re: Tomcat Native Build Instructions

[Emmanuel Bourg]

Le 03/12/2020 à 23:00, Igal Sapir a écrit :

> It seems that the package is named "libapr1-dev" and I'm not sure if that
> was a recent change or not.
> 
> I want to update the docs but not sure if that would break non-Ubuntu
> Debian-based builds.
> 
> Any thoughts?

libapr1.0-dev was in Debian Sid between 2004 and 2006, it has only been
part of Debian 3.1 Sarge until its EOL in 2008. (the Ubuntu release at
this time was 6.06 Dapper Drake, EOL in 2011)

libapr1-dev has been used to build tomcat-native in Debian (and Ubuntu)
since its first upload in 2008 [1].

Emmanuel Bourg

[1] https://salsa.debian.org/java-team/tomcat-native/-/commit/201da1d9

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] 01/02: Replace Collections.sort() with List.sort()

[Emmanuel Bourg]

Hi Christopher,

Le 03/12/2020 à 21:49, Christopher Schultz a écrit :

> I'm curious as to why this change is warranted. I'm not suggesting it's
> not... just wondering what the benefit is? Avoiding a pass-through
> method call?

It's the shorter idiom to sort lists with Java 8+, it just improves the
readability. I don't think the method call avoided has any impact, the
actual sorting dominates the time spent anyway.

Emmanuel Bourg

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Tomcat Native Build Instructions

[Igal Sapir]

The docs for building Tomcat Native [1] states "libapr1.0-dev" as a
prerequisite for Debian based systems, but on Ubuntu 20.04 that throws an
error:

> Package libapr1.0-dev is not available, but is referred to by another
package.
> This may mean that the package is missing, has been obsoleted, or
> is only available from another source

It seems that the package is named "libapr1-dev" and I'm not sure if that
was a recent change or not.

I want to update the docs but not sure if that would break non-Ubuntu
Debian-based builds.

Any thoughts?

Thank you,

Igal




[1] http://tomcat.apache.org/native-doc/#Requirements

Re: Objection to the deprecation of the tomcat-native/APR connector

[Mladen Turk]

On 01/12/2020 12:05, Graham Leggett wrote:

Hi all,

I object to the deprecation of the tomcat-native/APR connector.



Understand, but APR is the major problem. Tomcat Native uses
a small subset of APR (networking), and since APR will
eventually merge with apr-util (already merged in apr/trunk)
this is going to be a problem.

There are already exiting forks of tomcat-native without
using APR (with rewritten networking part), and this
solves 99% crashes, since there are no apr_pools API involved
which are incompatible with Java's Garbage Collection model.

So .. we can either refactor tomcat-native by dropping APR
and create our own network stack while preserving the API
or deprecate the entire thing.


Regards
--
^TM

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] ChristopherSchultz commented on a change in pull request #380: Fix BZ 64110 - request attr for requested ciphers and protocols

[GitBox]

ChristopherSchultz commented on a change in pull request #380:
URL: https://github.com/apache/tomcat/pull/380#discussion_r535618925



##
File path: java/org/apache/tomcat/util/net/SecureNio2Channel.java
##
@@ -70,6 +73,8 @@
 protected boolean closed;
 protected boolean closing;
 
+private Map> additionalTlsAttributes = new HashMap<>();

Review comment:
    





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] 01/02: Replace Collections.sort() with List.sort()

[Christopher Schultz]

Emmanuel,

I'm curious as to why this change is warranted. I'm not suggesting it's 
not... just wondering what the benefit is? Avoiding a pass-through 
method call?


Thanks,
-chris

On 12/1/20 19:40, ebo...@apache.org wrote:

This is an automated email from the ASF dual-hosted git repository.

ebourg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 521b3a3e481ae121d5006124611a89a4c4a1302e
Author: Emmanuel Bourg 
AuthorDate: Wed Dec 2 01:28:25 2020 +0100

 Replace Collections.sort() with List.sort()
---
  java/org/apache/catalina/manager/HTMLManagerServlet.java | 2 +-
  java/org/apache/catalina/tribes/group/AbsoluteOrder.java | 2 +-
  java/org/apache/el/stream/Stream.java| 2 +-
  3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/java/org/apache/catalina/manager/HTMLManagerServlet.java 
b/java/org/apache/catalina/manager/HTMLManagerServlet.java
index 53e1ebc..c2e5179 100644
--- a/java/org/apache/catalina/manager/HTMLManagerServlet.java
+++ b/java/org/apache/catalina/manager/HTMLManagerServlet.java
@@ -957,7 +957,7 @@ public final class HTMLManagerServlet extends 
ManagerServlet {
  orderBy = "DESC";
  }
  try {
-Collections.sort(sessions, comparator);
+sessions.sort(comparator);
  } catch (IllegalStateException ise) {
  // at least 1 of the sessions is invalidated
  req.setAttribute(APPLICATION_ERROR, "Can't sort session list: 
one session is invalidated");
diff --git a/java/org/apache/catalina/tribes/group/AbsoluteOrder.java 
b/java/org/apache/catalina/tribes/group/AbsoluteOrder.java
index 974c606..20e8b43 100644
--- a/java/org/apache/catalina/tribes/group/AbsoluteOrder.java
+++ b/java/org/apache/catalina/tribes/group/AbsoluteOrder.java
@@ -58,7 +58,7 @@ public class AbsoluteOrder {
  
  public static void absoluteOrder(List members) {

  if ( members == null || members.size() <= 1 ) return;
-java.util.Collections.sort(members, comp);
+members.sort(comp);
  }
  
  public static class AbsoluteComparator implements Comparator,

diff --git a/java/org/apache/el/stream/Stream.java 
b/java/org/apache/el/stream/Stream.java
index 274369f..c2ac84a 100644
--- a/java/org/apache/el/stream/Stream.java
+++ b/java/org/apache/el/stream/Stream.java
@@ -175,7 +175,7 @@ public class Stream {
  while (iterator.hasNext()) {
  list.add(iterator.next());
  }
-Collections.sort(list, c);
+list.sort(c);
  sorted = list.iterator();
  }
  };


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Objection to the deprecation of the tomcat-native/APR connector

[Christopher Schultz]

Graham,

On 12/1/20 12:43, Graham Leggett wrote:

On 01 Dec 2020, at 13:48, Rémy Maucherat  wrote:


You still have years to plan a migration off the APR connector as it will
only be removed in 10.1 and Tomcat 9.0 continues to be supported.

This eventual removal or APR has been discussed for years. BTW, so that you
know, there are also discussions about AJP.


I am painfully aware of the discussions on the removal of AJP.

I first encountered this problem when Atlassian arbitrarily announced
removal of support for AJP (I assume off the back of the discussion),
leaving no practical way to pass certificates across to Tomcat.

   RequestHeader Client-Certificate %{SSL_CLIENT_CERT}

Does that not work? Or does it require this:


For this reason I developed the RFC compliant secure base64url API here:

https://github.com/apache/apr/blob/trunk/include/apr_encode.h 



?


Organised the donation of and then brought the RFC compliant JSON API up to the 
required security level here:

https://github.com/apache/apr/blob/trunk/include/apr_json.h 


Added digest support to the crypto API here:

https://github.com/apache/apr-util/blob/1.7.x/include/apr_crypto.h 


Add an RFC compliant JOSE implementation here:

https://github.com/apache/apr-util/blob/1.7.x/include/apr_jose.h 


Then added the two modules mod_auth_bearer and mod_autht_jwt here (outstanding 
for want of docs):

http://apache-http-server.18135.x6.nabble.com/Patch-mod-auth-bearer-mod-autht-jwt-An-alternative-to-AJP-td5051929.html#a5051936
 


Then created the option for Tomcat to read info from JWT here:

https://github.com/minfrin/tomcat7-jwt-authenticator 



Your arm must really hurt from patting yourself on the back so hard.

Why not fix mod_proxy_http so it can "practically" send X.509 
certificates (or chains) to a Tomcat back-end. you experience with 
httpd, mod_proxy, and TLS ought to make it pretty easy to do that.



While it can be tempting to downplay the arbitrary removal of
capabilities from tomcat as “a few characters” change, or by telling
people they  have “years” to make a change, the knock-on effect of these
changes are significant and very expensive.


Yes, and the knock-on effects of continuing to support the APR connector 
are a pain in our collective behinds. Feel free to step-up and fix all 
the bugs in tcnative.



I would appreciate the help minimising the impact of these changes
before I encounter them unexpectedly in an update from a vendor.


It's not an update. It's a new release. It's practically a different 
product. Had we dropped APR and AJP in 7.0.107 or something like that, I 
would understand your argument. But we are talking about a major release.


Did you notice that we killed BIO? That was a much bigger deal than 
dropping APR.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] michael-o commented on pull request #382: Add support for unix domain sockets.

[GitBox]

michael-o commented on pull request #382:
URL: https://github.com/apache/tomcat/pull/382#issuecomment-738291588


   @minfrin Do you want to peform anymore changes or do want to me run 
verifcation on it? Do you think a test would be possible to start up and shut 
down a UDS?



This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] ChristopherSchultz commented on a change in pull request #380: Fix BZ 64110 - request attr for requested ciphers and protocols

[GitBox]

ChristopherSchultz commented on a change in pull request #380:
URL: https://github.com/apache/tomcat/pull/380#discussion_r535344046



##
File path: java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
##
@@ -202,6 +232,15 @@ public String getSNIValue() {
 }
 
 
+public List getClientRequestedProtocols() {
+if (result == ExtractorResult.COMPLETE || result == 
ExtractorResult.NOT_PRESENT) {
+return clientRequestedProtocols;
+} else {
+throw new IllegalStateException();

Review comment:
   -1 to having no detail message

##
File path: java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
##
@@ -72,7 +76,9 @@ public TLSClientHelloExtractor(ByteBuffer netInBuffer) throws 
IOException {
 int limit = netInBuffer.limit();
 ExtractorResult result = ExtractorResult.NOT_PRESENT;
 List clientRequestedCiphers = new ArrayList<>();
+List clientRequestedCipherNames = new ArrayList<>();
 List clientRequestedApplicationProtocols = new ArrayList<>();
+List clientRequestedProtocols = new ArrayList<>();

Review comment:
   Clients can only request a single protocol version. If there is a 
mismatch, the Server Hello response will propose another protocol. This will 
continue until the two agree or decide to terminate the connection. Is this 
list of protocols intended to capture that back-and-forth?
   
   Oh, wait. `supported_versions` extension and TLSv1.3. 
   https://tools.ietf.org/html/rfc8446#section-4.2.1
   
   LGTM!





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Container release starting

[Jenkins, Rodney J (Rod)]

All,

I will start the updates to Dockerhub for all of the latest TomEE versions.


Thanks,
Rod.

Re: [tomcat] branch bz-64110 created (now f98f116)

[Mark Thomas]

On 03/12/2020 19:07, ma...@apache.org wrote:
> This is an automated email from the ASF dual-hosted git repository.
> 
> markt pushed a change to branch bz-64110
> in repository https://gitbox.apache.org/repos/asf/tomcat.git.

Sorry. Pushed to wrong repo. I've removed this branch.

Mark

> 
>   at f98f116  Action review comments
> 
> This branch includes the following new commits:
> 
>  new a0e8389  Fix BZ 64110 - request attr for requested ciphers and 
> protocols
>  new f98f116  Action review comments
> 
> The 2 revisions listed above as "new" are entirely new to this
> repository and will be described in separate emails.  The revisions
> listed as "add" were already present in the repository and have only
> been added to this reference.
> 
> 
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/02: Action review comments

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch bz-64110
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit f98f1164a77a49e785e7beb7325e89c38a8a2f4d
Author: Mark Thomas 
AuthorDate: Thu Dec 3 19:06:06 2020 +

Action review comments
---
 java/org/apache/catalina/util/TLSUtil.java  | 21 +
 .../apache/tomcat/util/net/LocalStrings.properties  |  1 +
 .../apache/tomcat/util/net/SecureNio2Channel.java   |  4 ++--
 .../apache/tomcat/util/net/SecureNioChannel.java|  2 +-
 .../tomcat/util/net/TLSClientHelloExtractor.java| 10 +-
 5 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/java/org/apache/catalina/util/TLSUtil.java 
b/java/org/apache/catalina/util/TLSUtil.java
index 37ae78c..7f895dd 100644
--- a/java/org/apache/catalina/util/TLSUtil.java
+++ b/java/org/apache/catalina/util/TLSUtil.java
@@ -33,13 +33,18 @@ public class TLSUtil {
  * information, otherwise {@code false}
  */
 public static boolean isTLSRequestAttribute(String name) {
-return Globals.CERTIFICATES_ATTR.equals(name) ||
-Globals.CIPHER_SUITE_ATTR.equals(name) ||
-Globals.KEY_SIZE_ATTR.equals(name)  ||
-Globals.SSL_SESSION_ID_ATTR.equals(name) ||
-Globals.SSL_SESSION_MGR_ATTR.equals(name) ||
-SSLSupport.PROTOCOL_VERSION_KEY.equals(name) ||
-SSLSupport.REQUESTED_PROTOCOL_VERSIONS_KEY.equals(name) ||
-SSLSupport.REQUESTED_CIPHERS_KEY.equals(name);
+switch (name) {
+case Globals.CERTIFICATES_ATTR:
+case Globals.CIPHER_SUITE_ATTR:
+case Globals.KEY_SIZE_ATTR:
+case Globals.SSL_SESSION_ID_ATTR:
+case Globals.SSL_SESSION_MGR_ATTR:
+case SSLSupport.PROTOCOL_VERSION_KEY:
+case SSLSupport.REQUESTED_PROTOCOL_VERSIONS_KEY:
+case SSLSupport.REQUESTED_CIPHERS_KEY:
+return true;
+default:
+return false;
+}
 }
 }
diff --git a/java/org/apache/tomcat/util/net/LocalStrings.properties 
b/java/org/apache/tomcat/util/net/LocalStrings.properties
index 1de8916..a6bb669 100644
--- a/java/org/apache/tomcat/util/net/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/net/LocalStrings.properties
@@ -146,6 +146,7 @@ nioBlockingSelector.selectError=Error selecting key
 
 sniExtractor.clientHelloInvalid=The ClientHello message was not correctly 
formatted
 sniExtractor.clientHelloTooBig=The ClientHello was not presented in a single 
TLS record so no SNI information could be extracted
+sniExtractor.tooEarly=It is illegal to call this method before the client 
hello has been parsed
 
 socket.apr.clientAbort=The client aborted the connection.
 socket.apr.closed=The socket [{0}] associated with this connection has been 
closed.
diff --git a/java/org/apache/tomcat/util/net/SecureNio2Channel.java 
b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
index cbe3f8b..611038e 100644
--- a/java/org/apache/tomcat/util/net/SecureNio2Channel.java
+++ b/java/org/apache/tomcat/util/net/SecureNio2Channel.java
@@ -65,7 +65,7 @@ public class SecureNio2Channel extends Nio2Channel  {
 
 protected SSLEngine sslEngine;
 
-protected boolean sniComplete = false;
+protected volatile boolean sniComplete = false;
 
 private volatile boolean handshakeComplete = false;
 private volatile HandshakeStatus handshakeStatus; //gets set by handshake
@@ -73,7 +73,7 @@ public class SecureNio2Channel extends Nio2Channel  {
 protected boolean closed;
 protected boolean closing;
 
-private Map> additionalTlsAttributes = new HashMap<>();
+private final Map> additionalTlsAttributes = new 
HashMap<>();
 
 private volatile boolean unwrapBeforeRead;
 private final CompletionHandler> 
handshakeReadCompletionHandler;
diff --git a/java/org/apache/tomcat/util/net/SecureNioChannel.java 
b/java/org/apache/tomcat/util/net/SecureNioChannel.java
index 6e1fe14..1ac2061 100644
--- a/java/org/apache/tomcat/util/net/SecureNioChannel.java
+++ b/java/org/apache/tomcat/util/net/SecureNioChannel.java
@@ -71,7 +71,7 @@ public class SecureNioChannel extends NioChannel {
 protected boolean closed = false;
 protected boolean closing = false;
 
-private Map> additionalTlsAttributes = new HashMap<>();
+private final Map> additionalTlsAttributes = new 
HashMap<>();
 
 public SecureNioChannel(SocketBufferHandler bufHandler, NioEndpoint 
endpoint) {
 super(bufHandler);
diff --git a/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java 
b/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
index cb8436e..21a5924 100644
--- a/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
+++ b/java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
@@ -200,7 +200,7 @@ public class TLSClientHelloExtractor {
 if 

[tomcat] 01/02: Fix BZ 64110 - request attr for requested ciphers and protocols

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch bz-64110
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit a0e8389070b51eedb7d13b4d885b7c9f1e4b635c
Author: Mark Thomas 
AuthorDate: Wed Nov 25 18:44:11 2020 +

Fix BZ 64110 - request attr for requested ciphers and protocols

https://bz.apache.org/bugzilla/show_bug.cgi?id=64110
---
 java/org/apache/catalina/connector/Request.java|  8 +++
 java/org/apache/catalina/util/TLSUtil.java |  4 +-
 java/org/apache/coyote/AbstractProcessor.java  |  8 +++
 java/org/apache/tomcat/util/buf/HexUtils.java  | 14 
 java/org/apache/tomcat/util/net/AprSSLSupport.java | 13 
 java/org/apache/tomcat/util/net/Nio2Endpoint.java  |  7 +-
 java/org/apache/tomcat/util/net/NioEndpoint.java   |  7 +-
 .../apache/tomcat/util/net/SSLImplementation.java  | 27 +++
 java/org/apache/tomcat/util/net/SSLSupport.java| 30 
 .../apache/tomcat/util/net/SecureNio2Channel.java  | 20 ++
 .../apache/tomcat/util/net/SecureNioChannel.java   | 20 ++
 .../tomcat/util/net/TLSClientHelloExtractor.java   | 83 --
 .../tomcat/util/net/jsse/JSSEImplementation.java   | 11 ++-
 .../apache/tomcat/util/net/jsse/JSSESupport.java   | 34 -
 .../util/net/openssl/OpenSSLImplementation.java|  9 +++
 webapps/docs/changelog.xml |  5 ++
 webapps/docs/config/http.xml   |  6 ++
 17 files changed, 285 insertions(+), 21 deletions(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index e2dff97..37ed6d2 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -885,6 +885,14 @@ public class Request implements HttpServletRequest {
 if (attr != null) {
 attributes.put(SSLSupport.PROTOCOL_VERSION_KEY, attr);
 }
+attr = 
coyoteRequest.getAttribute(SSLSupport.REQUESTED_PROTOCOL_VERSIONS_KEY);
+if (attr != null) {
+attributes.put(SSLSupport.REQUESTED_PROTOCOL_VERSIONS_KEY, 
attr);
+}
+attr = 
coyoteRequest.getAttribute(SSLSupport.REQUESTED_CIPHERS_KEY);
+if (attr != null) {
+attributes.put(SSLSupport.REQUESTED_CIPHERS_KEY, attr);
+}
 attr = attributes.get(name);
 sslAttributesParsed = true;
 }
diff --git a/java/org/apache/catalina/util/TLSUtil.java 
b/java/org/apache/catalina/util/TLSUtil.java
index a739021..37ae78c 100644
--- a/java/org/apache/catalina/util/TLSUtil.java
+++ b/java/org/apache/catalina/util/TLSUtil.java
@@ -38,6 +38,8 @@ public class TLSUtil {
 Globals.KEY_SIZE_ATTR.equals(name)  ||
 Globals.SSL_SESSION_ID_ATTR.equals(name) ||
 Globals.SSL_SESSION_MGR_ATTR.equals(name) ||
-SSLSupport.PROTOCOL_VERSION_KEY.equals(name);
+SSLSupport.PROTOCOL_VERSION_KEY.equals(name) ||
+SSLSupport.REQUESTED_PROTOCOL_VERSIONS_KEY.equals(name) ||
+SSLSupport.REQUESTED_CIPHERS_KEY.equals(name);
 }
 }
diff --git a/java/org/apache/coyote/AbstractProcessor.java 
b/java/org/apache/coyote/AbstractProcessor.java
index f5787aa..7947a59 100644
--- a/java/org/apache/coyote/AbstractProcessor.java
+++ b/java/org/apache/coyote/AbstractProcessor.java
@@ -795,6 +795,14 @@ public abstract class AbstractProcessor extends 
AbstractProcessorLight implement
 if (sslO != null) {
 request.setAttribute(SSLSupport.PROTOCOL_VERSION_KEY, 
sslO);
 }
+sslO = sslSupport.getRequestedProtocols();
+if (sslO != null) {
+
request.setAttribute(SSLSupport.REQUESTED_PROTOCOL_VERSIONS_KEY, sslO);
+}
+sslO = sslSupport.getRequestedCiphers();
+if (sslO != null) {
+request.setAttribute(SSLSupport.REQUESTED_CIPHERS_KEY, 
sslO);
+}
 request.setAttribute(SSLSupport.SESSION_MGR, sslSupport);
 }
 } catch (Exception e) {
diff --git a/java/org/apache/tomcat/util/buf/HexUtils.java 
b/java/org/apache/tomcat/util/buf/HexUtils.java
index 977205e..c7bada8 100644
--- a/java/org/apache/tomcat/util/buf/HexUtils.java
+++ b/java/org/apache/tomcat/util/buf/HexUtils.java
@@ -74,6 +74,20 @@ public final class HexUtils {
 }
 
 
+public static String toHexString(char c) {
+// 2 bytes / 4 hex digits
+StringBuilder sb = new StringBuilder(4);
+
+sb.append(hex[(c & 0xf000) >> 4]);
+sb.append(hex[(c & 0x0f00)]);
+
+sb.append(hex[(c & 0xf0) >> 4]);
+sb.append(hex[(c & 0x0f)]);
+
+return sb.toString();
+}
+
+
 public static String toHexString(byte[] bytes) {
 if (null == bytes) {

[tomcat] branch bz-64110 created (now f98f116)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch bz-64110
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at f98f116  Action review comments

This branch includes the following new commits:

 new a0e8389  Fix BZ 64110 - request attr for requested ciphers and 
protocols
 new f98f116  Action review comments

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on a change in pull request #380: Fix BZ 64110 - request attr for requested ciphers and protocols

[GitBox]

markt-asf commented on a change in pull request #380:
URL: https://github.com/apache/tomcat/pull/380#discussion_r535501364



##
File path: java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
##
@@ -193,6 +214,15 @@ public String getSNIValue() {
 }
 
 
+public List getClientRequestedCipherNames() {
+if (result == ExtractorResult.COMPLETE || result == 
ExtractorResult.NOT_PRESENT) {
+return clientRequestedCipherNames;
+} else {
+throw new IllegalStateException();

Review comment:
   I'll add a message. Force push to follow shortly.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on a change in pull request #380: Fix BZ 64110 - request attr for requested ciphers and protocols

[GitBox]

markt-asf commented on a change in pull request #380:
URL: https://github.com/apache/tomcat/pull/380#discussion_r535501143



##
File path: java/org/apache/tomcat/util/net/SecureNio2Channel.java
##
@@ -70,6 +73,8 @@
 protected boolean closed;
 protected boolean closing;
 
+private Map> additionalTlsAttributes = new HashMap<>();

Review comment:
   Yes, sniComplete should be volatile.
   
   The reason to use Map> is that the attribute is exposed 
to user code so I don;t want it to be an internal Tomcat class. If we get this 
added to the spec then we could define a class for it in the spec.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on a change in pull request #380: Fix BZ 64110 - request attr for requested ciphers and protocols

[GitBox]

markt-asf commented on a change in pull request #380:
URL: https://github.com/apache/tomcat/pull/380#discussion_r535499442



##
File path: java/org/apache/tomcat/util/net/SecureNioChannel.java
##
@@ -68,6 +71,8 @@
 protected boolean closed = false;
 protected boolean closing = false;
 
+private Map> additionalTlsAttributes = new HashMap<>();

Review comment:
   Will do





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] markt-asf commented on a change in pull request #380: Fix BZ 64110 - request attr for requested ciphers and protocols

[GitBox]

markt-asf commented on a change in pull request #380:
URL: https://github.com/apache/tomcat/pull/380#discussion_r535499222



##
File path: java/org/apache/catalina/util/TLSUtil.java
##
@@ -38,6 +38,8 @@ public static boolean isTLSRequestAttribute(String name) {
 Globals.KEY_SIZE_ATTR.equals(name)  ||
 Globals.SSL_SESSION_ID_ATTR.equals(name) ||
 Globals.SSL_SESSION_MGR_ATTR.equals(name) ||
-SSLSupport.PROTOCOL_VERSION_KEY.equals(name);
+SSLSupport.PROTOCOL_VERSION_KEY.equals(name) ||
+SSLSupport.REQUESTED_PROTOCOL_VERSIONS_KEY.equals(name) ||
+SSLSupport.REQUESTED_CIPHERS_KEY.equals(name);

Review comment:
   Will do.





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[SECURITY] CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

[Mark Thomas]

CVE-2020-17527 Apache Tomcat HTTP/2 Request header mix-up

Severity: Moderate

Vendor: The Apache Software Foundation

Versions Affected:
Apache Tomcat 10.0.0-M1 to 10.0.0-M9
Apache Tomcat 9.0.0.M5 to 9.0.39
Apache Tomcat 8.5.1 to 8.5.59

Description:
While investigating Bug 64830 it was discovered that Apache Tomcat could
 re-use an HTTP request header value from the previous stream received
on an HTTP/2 connection for the request associated with the subsequent
stream. While this would most likely lead to an error and the closure of
the HTTP/2 connection, it is possible that information could leak
between requests.

Mitigation:
- Upgrade to Apache Tomcat 10.0.0-M10 or later
- Upgrade to Apache Tomcat 9.0.40 or later
- Upgrade to Apache Tomcat 8.5.60 or later

Credit:
This issue was identified by the Apache Tomcat Security Team.

References:
[1] http://tomcat.apache.org/security-10.html
[2] http://tomcat.apache.org/security-9.html
[3] http://tomcat.apache.org/security-8.html

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1884073 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml

[markt]

Author: markt
Date: Thu Dec  3 18:01:08 2020
New Revision: 1884073

URL: http://svn.apache.org/viewvc?rev=1884073=rev
Log:
Publish CVE-2020-17527

Modified:
tomcat/site/trunk/docs/security-10.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
tomcat/site/trunk/xdocs/security-10.xml
tomcat/site/trunk/xdocs/security-8.xml
tomcat/site/trunk/xdocs/security-9.xml

Modified: tomcat/site/trunk/docs/security-10.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-10.html?rev=1884073=1884072=1884073=diff
==
--- tomcat/site/trunk/docs/security-10.html (original)
+++ tomcat/site/trunk/docs/security-10.html Thu Dec  3 18:01:08 2020
@@ -2,7 +2,7 @@
 Apache Tomcat - Apache Tomcat 10 
vulnerabilitieshttp://tomcat.apache.org/;>Apache 
Tomcathttps://www.apache.org/foundation/contributing.html; target="_blank" 
class="pull-left">https://www.apache.org/images/SupportApache-small.png; class="support-asf" 
alt="Support Apache">http://www.apache.org/; target="_blank" class="pull-left">https://www.google.com/search; method="get">GOhttps://www.apache.org/events/current-event.html;>https://www.apache.org/events/current-event-234x60.png; alt="Next ASF 
event">
   Save the date!
 Apache TomcatHomeTaglibsMaven 
PluginDownloadWhich version?https://tomcat.apache.org/download-10.cgi;>Tomcat 10 
(alpha)https://tomcat.apache.org/download-90.cgi;>Tomcat 
9https://tomcat.apache.org/download-80.cgi;>Tomcat 
8https://tomcat.apache.org/download-70.cgi;>Tomcat 
7https://tomcat.apache.org/download-connectors.cgi;>Tomcat 
Connectorshttps://tomcat.apache.org/download-native.cgi;>Tomcat 
Nativehttps://tomcat.apache.org/download-taglibs.cgi;>Taglibshttps://archive.apache.org/dist/tomcat/;>ArchivesDocumentationTomcat 10.0 (alpha)Tomcat 
 >9.0Tomcat 
 >8.5Tomcat 
 >7.0Tomcat Connectorshref="./native-doc/">Tomcat Nativehref="https://cwiki.apache.org/confluence/display/TOMCAT;>Wikihref="./migration.html">Migration Guidehref="./presentations.html">Presentationshref="https://cwiki.apache.org/confluence/x/Bi8lBg;>SpecificationsProblems? href="./security.html">Security Reportshref="./findhelp.html">Find helphref="https://cwiki.apache.org/confluence/display/TOMCAT/FAQ;>FAQ href="./lists.html">Mailing ListsBug 
 >DatabaseIRCGet 
 >Involved
 OverviewSource codeBuildbothttps://cwiki.apache.org/confluence/x/vIPzBQ;>TranslationsToolsMediahttps://twitter.com/theapachetomcat;>Twitterhttps://www.youtube.com/c/ApacheTomcatOfficial;>YouTubehttps://blogs.apache.org/tomcat/;>BlogMiscWho We Arehttps://www.redbubble.com/people/comdev/works/30885254-apache-tomcat;>SwagHeritagehttp://www.apache.org;>Apache HomeResourcesContactLegalhttps://www.apache.org/foundation/contributing.html;>Support 
Apachehref="https://www.apache.org/foundation/sponsorship.html;>Sponsorship href="http://www.apache.org/foundation/thanks.html;>Thankshref="http://www.apache.org/licenses/;>License id="mainRight">Contentid="Table_of_Contents">Table of Contents
-Apache Tomcat 10.x 
vulnerabilitiesFixed 
in Apache Tomcat 10.0.0-M8Fixed in Apache Tomcat 
10.0.0-M7Fixed in 
Apache Tomcat 10.0.0-M6Fixed in Apache Tomcat 
10.0.0-M5
+Apache Tomcat 10.x 
vulnerabilitiesFixed 
in Apache Tomcat 10.0.0-M10Fixed in Apache Tomcat 
10.0.0-M8Fixed in 
Apache Tomcat 10.0.0-M7Fixed in Apache Tomcat 
10.0.0-M6Fixed in 
Apache Tomcat 10.0.0-M5
 Apache Tomcat 10.x 
vulnerabilities
 This page lists all security vulnerabilities fixed in released versions
of Apache Tomcat 10.x. Each vulnerability is given a
@@ -39,6 +39,27 @@
Tomcat Security Team. Thank you.
 
 
+  17 
November 2020 Fixed in Apache Tomcat 10.0.0-M10
+
+Moderate: HTTP/2 request header mix-up
+   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527; 
rel="nofollow">CVE-2020-17527
+
+While investigating issue https://bz.apache.org/bugzilla/show_bug.cgi?id=64830;>64830 it was 
discovered that Apache
+   Tomcat could re-use an HTTP request header value from the previous 
stream
+   received on an HTTP/2 connection for the request associated with the
+   subsequent stream. While this would most likely lead to an error and the
+   closure of the HTTP/2 connection, it is possible that information could
+   leak between requests.
+
+
+This was fixed with commit
+   https://github.com/apache/tomcat/commit/8d2fe6894d6e258a6d615d7f786acca80e6020cb;>8d2fe689.
+
+This issue was identified by the Apache Tomcat Security team on 10
+   November 2020. The issue was made public on 3 December 2020.
+
+Affects: 10.0.0-M1 to 10.0.0-M9
+
   14 
September 2020 Fixed in Apache Tomcat 10.0.0-M8
 
 Moderate: HTTP/2 request mix-up

Modified: tomcat/site/trunk/docs/security-8.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-8.html?rev=1884073=1884072=1884073=diff

Re: Objection to the deprecation of the tomcat-native/APR connector

[Christopher Schultz]

Graham,

On 12/1/20 06:05, Graham Leggett wrote:

Hi all,

I object to the deprecation of the tomcat-native/APR connector.

Most specifically, I am -1 on the following:

https://marc.info/?l=tomcat-dev=160681846808019=2

Looking at past discussion on this, the justification has been:

"It is inherently less stable. If we get the NIO code wrong, you might
see a NullPointerException. If we get the APR code wrong you might see a
JVM crash.”

Both a NullPointerException and a crash result in the same outcome -
a non working server.
I agree with Mark's response to this, and I will add that native crashes 
can have a nasty habit of turning into security vulnerabilities.


If you have 0.001% of requests failing in NIO, you have a "working 
server". If you hit a single one of those with the APR connector, you 
are suddenly 100% down.



Tomcat-native has releases in the
https://archive.apache.org/dist/tomcat/tomcat-connectors/native/
going back > 15 years to 2005, a claim of a lack of stability needs
to be quantifiable.
It's hard to get metrics on how many native crashes are being suffered, 
as Tomcat doesn't send telemetry back to the ASF. There are a bunch of 
open, unexplained native crash reports in Bugzilla filed against 
tcnative around the parts used by the APR connector. We have tried to 
make the code as safe as possible, but some things are still falling 
through the cracks.


It's easy from first-principles to decide that less native code is a net 
win for Tomcat and its users.



I also object to the removal of OpenSSL code, for the same reason.


We aren't removing that.


We are in the middle of a global pandemic. Our users do not have the
resources to suddenly divert to reengineering what is to them a
perfectly working system, to replace what exists with something else
that just works differently.


Tomcat 10 hasn't even been released as a stable product, yet. The oldest 
currently-supported version of Tomcat is Tomcat 7 which has been 
supported since its first stable release on 2011-01-14. That's nearly 10 
years of support. We are past the 10-year mark already if you include 
the pre-stable period of time starting 2010-06-29.


Exactly how long do you need to plan and execute a migration away from 
the APR connector?


I think we're all happy to accept feedback of the form "please don't 
remove this feature", but "timing" really isn't a good argument against 
this change.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.61

[Rémy Maucherat]

On Thu, Dec 3, 2020 at 3:50 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 8.5.61 release is now available for voting.
>
> The notable changes compared to the 8.5.60 release are:
>
> - Align the behaviour of ServletContext.getRealPath(String path) with
>   the recent clarification from the Servlet specification project. If
>   the path parameter does not start with / then Tomcat processes the
>   call as if / is appended to the beginning of the provided path.
>
> - Fix a potential file descriptor leak when WebSocket connections are
>   attempted and fail. Patch provided by Maurizio Adami.
>
> - Ensure that the LoadBalancerDrainingValve uses the correct setting
>   for the secure attribute for any session cookies it creates. Based on
>   a pull request by Andreas Kurth.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.61/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1290/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.61
> 77d330abea52e4aeb039ca7eb8a766e0e1c56a71
>
> The proposed 8.5.61 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 8.5.61
>
> Rémy

Re: [VOTE] Release Apache Tomcat 9.0.41

[Rémy Maucherat]

On Thu, Dec 3, 2020 at 2:12 PM Mark Thomas  wrote:

> The proposed Apache Tomcat 9.0.41 release is now available for voting.
>
> The notable changes compared to the 9.0.40 release are:
>
> - Align the behaviour of ServletContext.getRealPath(String path) with
>   the recent clarification from the Servlet specification project. If
>   the path parameter does not start with / then Tomcat processes the
>   call as if / is appended to the beginning of the provided path.
>
> - Fix a potential file descriptor leak when WebSocket connections are
>   attempted and fail. Patch provided by Maurizio Adami.
>
> -  Ensure that the LoadBalancerDrainingValve uses the correct setting
>for the secure attribute for any session cookies it creates. Based on
>a pull request by Andreas Kurth.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.41/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1289/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.41
> 75d7a2069bf4360bcd8b885c6b7387d70c9cb052
>
> The proposed 9.0.41 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 9.0.41
>
> Rémy

[GitHub] [tomcat] ChristopherSchultz commented on a change in pull request #380: Fix BZ 64110 - request attr for requested ciphers and protocols

[GitBox]

ChristopherSchultz commented on a change in pull request #380:
URL: https://github.com/apache/tomcat/pull/380#discussion_r535327550



##
File path: java/org/apache/tomcat/util/net/SecureNio2Channel.java
##
@@ -70,6 +73,8 @@
 protected boolean closed;
 protected boolean closing;
 
+private Map> additionalTlsAttributes = new HashMap<>();

Review comment:
   Is there a reason to use a Map of String-Lists here, instead of having a 
more concrete object with well-defined members? Hash maps are quick, but since 
we know the "names" of these things in advance, why not use a custom class for 
this purpose?





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[GitHub] [tomcat] ChristopherSchultz commented on a change in pull request #380: Fix BZ 64110 - request attr for requested ciphers and protocols

[GitBox]

ChristopherSchultz commented on a change in pull request #380:
URL: https://github.com/apache/tomcat/pull/380#discussion_r535319757



##
File path: java/org/apache/tomcat/util/net/TLSClientHelloExtractor.java
##
@@ -193,6 +214,15 @@ public String getSNIValue() {
 }
 
 
+public List getClientRequestedCipherNames() {
+if (result == ExtractorResult.COMPLETE || result == 
ExtractorResult.NOT_PRESENT) {
+return clientRequestedCipherNames;
+} else {
+throw new IllegalStateException();

Review comment:
   -1 to having no message





This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 8.5.61

[Mark Thomas]

The proposed Apache Tomcat 8.5.61 release is now available for voting.

The notable changes compared to the 8.5.60 release are:

- Align the behaviour of ServletContext.getRealPath(String path) with
  the recent clarification from the Servlet specification project. If
  the path parameter does not start with / then Tomcat processes the
  call as if / is appended to the beginning of the provided path.

- Fix a potential file descriptor leak when WebSocket connections are
  attempted and fail. Patch provided by Maurizio Adami.

- Ensure that the LoadBalancerDrainingValve uses the correct setting
  for the secure attribute for any session cookies it creates. Based on
  a pull request by Andreas Kurth.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.61/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1290/

The tag is:
https://github.com/apache/tomcat/tree/8.5.61
77d330abea52e4aeb039ca7eb8a766e0e1c56a71

The proposed 8.5.61 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.61

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r44827 [1/2] - in /dev/tomcat/tomcat-8/v8.5.61: ./ bin/ bin/embed/ bin/extras/ src/

[markt]

Author: markt
Date: Thu Dec  3 14:18:47 2020
New Revision: 44827

Log:
Upload 8.5.61 for voting

Added:
dev/tomcat/tomcat-8/v8.5.61/
dev/tomcat/tomcat-8/v8.5.61/KEYS
dev/tomcat/tomcat-8/v8.5.61/README.html
dev/tomcat/tomcat-8/v8.5.61/RELEASE-NOTES
dev/tomcat/tomcat-8/v8.5.61/bin/
dev/tomcat/tomcat-8/v8.5.61/bin/README.html
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-deployer.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-deployer.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-deployer.zip   (with 
props)
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-deployer.zip.asc
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-deployer.zip.sha512
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-fulldocs.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-windows-x64.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-windows-x64.zip.asc
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-windows-x64.zip.sha512
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-windows-x86.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-windows-x86.zip.asc
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61-windows-x86.zip.sha512
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61.exe   (with props)
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61.exe.asc
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61.exe.sha512
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61.tar.gz   (with props)
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61.zip   (with props)
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61.zip.asc
dev/tomcat/tomcat-8/v8.5.61/bin/apache-tomcat-8.5.61.zip.sha512
dev/tomcat/tomcat-8/v8.5.61/bin/embed/
dev/tomcat/tomcat-8/v8.5.61/bin/embed/apache-tomcat-8.5.61-embed.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.61/bin/embed/apache-tomcat-8.5.61-embed.tar.gz.asc

dev/tomcat/tomcat-8/v8.5.61/bin/embed/apache-tomcat-8.5.61-embed.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.61/bin/embed/apache-tomcat-8.5.61-embed.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.61/bin/embed/apache-tomcat-8.5.61-embed.zip.asc
dev/tomcat/tomcat-8/v8.5.61/bin/embed/apache-tomcat-8.5.61-embed.zip.sha512
dev/tomcat/tomcat-8/v8.5.61/bin/extras/
dev/tomcat/tomcat-8/v8.5.61/bin/extras/catalina-jmx-remote.jar   (with 
props)
dev/tomcat/tomcat-8/v8.5.61/bin/extras/catalina-jmx-remote.jar.asc
dev/tomcat/tomcat-8/v8.5.61/bin/extras/catalina-jmx-remote.jar.sha512
dev/tomcat/tomcat-8/v8.5.61/bin/extras/catalina-ws.jar   (with props)
dev/tomcat/tomcat-8/v8.5.61/bin/extras/catalina-ws.jar.asc
dev/tomcat/tomcat-8/v8.5.61/bin/extras/catalina-ws.jar.sha512
dev/tomcat/tomcat-8/v8.5.61/src/
dev/tomcat/tomcat-8/v8.5.61/src/apache-tomcat-8.5.61-src.tar.gz   (with 
props)
dev/tomcat/tomcat-8/v8.5.61/src/apache-tomcat-8.5.61-src.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.61/src/apache-tomcat-8.5.61-src.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.61/src/apache-tomcat-8.5.61-src.zip   (with props)
dev/tomcat/tomcat-8/v8.5.61/src/apache-tomcat-8.5.61-src.zip.asc
dev/tomcat/tomcat-8/v8.5.61/src/apache-tomcat-8.5.61-src.zip.sha512

Added: dev/tomcat/tomcat-8/v8.5.61/KEYS
==
--- dev/tomcat/tomcat-8/v8.5.61/KEYS (added)
+++ dev/tomcat/tomcat-8/v8.5.61/KEYS Thu Dec  3 14:18:47 2020
@@ -0,0 +1,676 @@
+This file contains the PGP keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+Type Bits/KeyIDDate   User ID
+pub  2048/F22C4FED 2001/07/02 Andy Armstrong 
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Version: PGPfreeware 7.0.3 for non-commercial use 
+
+mQGiBDtAWuURBADZ0KUEyUkSUiTA09e7tvEbX25STsjxrR+DNTainCls+XlkVOij
+gBv216lqge9tIsS0L6hCP4OQbFf/64qVtJssX4QXdyiZGb5wpmcj0Mz602Ew8r+N
+I0S5NvmogoYWW7BlP4r61jNxO5zrr03KaijM5r4ipJdLUxyOmM6P2jRPUwCg/5gm
+bpqiYl7pXX5FgDeB36tmD+UD/06iLqOnoiKO0vMbOk7URclhCObMNrHqxTxozMTS
+B9soYURbIeArei+plYo2n+1qB12ayybjhVu3uksXRdT9bEkyxMfslvLbIpDAG8Cz

svn commit: r44827 [2/2] - in /dev/tomcat/tomcat-8/v8.5.61: ./ bin/ bin/embed/ bin/extras/ src/

[markt]

Added: dev/tomcat/tomcat-8/v8.5.61/src/apache-tomcat-8.5.61-src.zip.asc
==
--- dev/tomcat/tomcat-8/v8.5.61/src/apache-tomcat-8.5.61-src.zip.asc (added)
+++ dev/tomcat/tomcat-8/v8.5.61/src/apache-tomcat-8.5.61-src.zip.asc Thu Dec  3 
14:18:47 2020
@@ -0,0 +1,16 @@
+-BEGIN PGP SIGNATURE-
+
+iQIzBAABCAAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAl/I8qMACgkQEMAcWi9g
+WedjbRAAtt5HufA5KoV51etkljdw/Gmww7lY13xVpzOCLAhg+gPRGv0cC8GlC4KD
+MjgDFfhPEBW5nM/gBNePhIsmNZX3Ge5i2/fuquiwMeEdcliPayKPomDxOlFxB1AJ
+gYbsg+agS7c68QPg7vm3fE3T7oih1b182RvxRFcio1413zDxo9UEgk+BdjObgLZl
+g5s21qfuM8reTyqAzjI64MO+4CrmU8LZIlVUv/Z8E4i+7Lnf3uVgoqkQg4iie5Wa
+lSvHdFVQR5e5EGObzDYy/+mdWB+LcYihcVfXpHZL+U57YO/csGtnIaWAQs6ki6Gd
+mlfXLDxFU8IVASLSB1KbDzVyQIUCYfyizKFGyFSbtQL2vJNniUQ5tyYMYl3Wgk6s
+lacu1Rry1NcztqOnQvHwgTpCggN9zewBk01oZWg5naNux6ui6TASBKYwWUhSkQ9o
+nt4mZfvdIEhBfkfxSLpOwrK9DxfYIsShQRq2LcvoVoV5UDnvtUwKzElcKrEyY7Ae
+EynyR+0slbUTutAQZVMf6RjDGQEiYM5QnubjSJRB/OyCdzWf/5CnspsrH15wifJA
+L3k5hvca61mwr9lClwW2r8xT4qRCzYqpb/xLeeTEfpGT7Ani8GFNXqm6QxA4ntpi
++pY4U12wHMzy+Rhjzz4DehS78fX1In2HGQoorI71ZHOcH8Rxg4E=
+=0vaw
+-END PGP SIGNATURE-

Added: dev/tomcat/tomcat-8/v8.5.61/src/apache-tomcat-8.5.61-src.zip.sha512
==
--- dev/tomcat/tomcat-8/v8.5.61/src/apache-tomcat-8.5.61-src.zip.sha512 (added)
+++ dev/tomcat/tomcat-8/v8.5.61/src/apache-tomcat-8.5.61-src.zip.sha512 Thu Dec 
 3 14:18:47 2020
@@ -0,0 +1 @@
+01f7076b1afa7a279b3144fed9c6e6952c6f11d8147e9b53ac6742bc8170f41d7554ffd47a6d5808aca349a65d63f8b43fee8f0e96c96585505d3f74f2d431c9
 *apache-tomcat-8.5.61-src.zip
\ No newline at end of file



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.0.0

[Rémy Maucherat]

On Thu, Dec 3, 2020 at 11:50 AM Mark Thomas  wrote:

> The proposed Apache Tomcat 10.0.0 release is now available for
> voting.
>
> Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to
> jakarta.*
> Applications that run on Tomcat 9 will not run on Tomcat 10 without
> changes.
>
> The notable changes compared to 10.0.0-M10 are:
>
> - Specs are now final. Tomcat passes the TCKs apart from a number of
>   expected failures that don't impact spec compliance.
>
> - The APR/Native AJP and HTTP connectors have been deprecated.
>   Tomcat Native will continue to be used to support OpenSSL use with NIO
>   and NIO2.
>
> - Align the behaviour of ServletContext.getRealPath(String path) with
>   the recent clarification from the Servlet specification project. If
>   the path parameter does not start with / then Tomcat processes the
>   call as if / is appended to the beginning of the provided path.
>
> Along with lots of other bug fixes and improvements.
>
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1287/
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.0
> 4c8b650437e2464c1c31c6598a263b3805b7a81f
>
> The proposed 10.0.0 release is:
> [ ] Broken - do not release
> [X] Beta   - go ahead and release as 10.0.0 (beta)
> [ ] Stable - go ahead and release as 10.0.0 (stable)
>

Hopefully no surprises ! I think Mark deserves a big round of applause for
all the extra polishing that was done.

Personally, I want to see the feedback on the Jakarta migration, and if
people are happy with something like the tool or if they really want
deploy/classload time scary magic.

Rémy


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

[tomcat] 01/01: Tag 8.5.61

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to tag 8.5.61
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 77d330abea52e4aeb039ca7eb8a766e0e1c56a71
Author: Mark Thomas 
AuthorDate: Thu Dec 3 13:59:25 2020 +

Tag 8.5.61
---
 build.properties.default   | 2 +-
 webapps/docs/changelog.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 49221fe..38fe392 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -27,7 +27,7 @@ version.major=8
 version.minor=5
 version.build=61
 version.patch=0
-version.suffix=-dev
+version.suffix=
 
 # - Source control flags -
 git.branch=8.5.x
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 60ac020..13a7f7e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -103,7 +103,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 8.5.61 created (now 77d330a)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to tag 8.5.61
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at 77d330a  (commit)
This tag includes the following new commits:

 new 77d330a  Tag 8.5.61

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 9.0.41

[Mark Thomas]

The proposed Apache Tomcat 9.0.41 release is now available for voting.

The notable changes compared to the 9.0.40 release are:

- Align the behaviour of ServletContext.getRealPath(String path) with
  the recent clarification from the Servlet specification project. If
  the path parameter does not start with / then Tomcat processes the
  call as if / is appended to the beginning of the provided path.

- Fix a potential file descriptor leak when WebSocket connections are
  attempted and fail. Patch provided by Maurizio Adami.

-  Ensure that the LoadBalancerDrainingValve uses the correct setting
   for the secure attribute for any session cookies it creates. Based on
   a pull request by Andreas Kurth.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.41/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1289/
The tag is:
https://github.com/apache/tomcat/tree/9.0.41
75d7a2069bf4360bcd8b885c6b7387d70c9cb052

The proposed 9.0.41 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 9.0.41

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.0.0

[Mark Thomas]

On 03/12/2020 10:43, Mark Thomas wrote:
> The proposed Apache Tomcat 10.0.0 release is now available for
> voting.
> 
> Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to jakarta.*
> Applications that run on Tomcat 9 will not run on Tomcat 10 without changes.
> 
> The notable changes compared to 10.0.0-M10 are:
> 
> - Specs are now final. Tomcat passes the TCKs apart from a number of
>   expected failures that don't impact spec compliance.
> 
> - The APR/Native AJP and HTTP connectors have been deprecated.
>   Tomcat Native will continue to be used to support OpenSSL use with NIO
>   and NIO2.
> 
> - Align the behaviour of ServletContext.getRealPath(String path) with
>   the recent clarification from the Servlet specification project. If
>   the path parameter does not start with / then Tomcat processes the
>   call as if / is appended to the beginning of the provided path.
> 
> Along with lots of other bug fixes and improvements.
> 
> 
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
> 
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1287/

Correction. The staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1288/

Mark

> The tag is:
> https://github.com/apache/tomcat/tree/10.0.0
> 4c8b650437e2464c1c31c6598a263b3805b7a81f
> 
> The proposed 10.0.0 release is:
> [ ] Broken - do not release
> [ ] Beta   - go ahead and release as 10.0.0 (beta)
> [ ] Stable - go ahead and release as 10.0.0 (stable)
> 
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r44818 - in /dev/tomcat/tomcat-9/v9.0.41: ./ bin/ bin/embed/ src/

[markt]

Author: markt
Date: Thu Dec  3 12:42:32 2020
New Revision: 44818

Log:
Upload 9.0.41 for voting

Added:
dev/tomcat/tomcat-9/v9.0.41/
dev/tomcat/tomcat-9/v9.0.41/KEYS
dev/tomcat/tomcat-9/v9.0.41/README.html
dev/tomcat/tomcat-9/v9.0.41/RELEASE-NOTES
dev/tomcat/tomcat-9/v9.0.41/bin/
dev/tomcat/tomcat-9/v9.0.41/bin/README.html
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-deployer.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-deployer.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-deployer.zip   (with 
props)
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-deployer.zip.asc
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-deployer.zip.sha512
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-fulldocs.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-windows-x64.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-windows-x64.zip.asc
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-windows-x64.zip.sha512
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-windows-x86.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-windows-x86.zip.asc
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41-windows-x86.zip.sha512
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41.exe   (with props)
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41.exe.asc
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41.exe.sha512
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41.tar.gz   (with props)
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41.zip   (with props)
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41.zip.asc
dev/tomcat/tomcat-9/v9.0.41/bin/apache-tomcat-9.0.41.zip.sha512
dev/tomcat/tomcat-9/v9.0.41/bin/embed/
dev/tomcat/tomcat-9/v9.0.41/bin/embed/apache-tomcat-9.0.41-embed.tar.gz   
(with props)
dev/tomcat/tomcat-9/v9.0.41/bin/embed/apache-tomcat-9.0.41-embed.tar.gz.asc

dev/tomcat/tomcat-9/v9.0.41/bin/embed/apache-tomcat-9.0.41-embed.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.41/bin/embed/apache-tomcat-9.0.41-embed.zip   
(with props)
dev/tomcat/tomcat-9/v9.0.41/bin/embed/apache-tomcat-9.0.41-embed.zip.asc
dev/tomcat/tomcat-9/v9.0.41/bin/embed/apache-tomcat-9.0.41-embed.zip.sha512
dev/tomcat/tomcat-9/v9.0.41/src/
dev/tomcat/tomcat-9/v9.0.41/src/apache-tomcat-9.0.41-src.tar.gz   (with 
props)
dev/tomcat/tomcat-9/v9.0.41/src/apache-tomcat-9.0.41-src.tar.gz.asc
dev/tomcat/tomcat-9/v9.0.41/src/apache-tomcat-9.0.41-src.tar.gz.sha512
dev/tomcat/tomcat-9/v9.0.41/src/apache-tomcat-9.0.41-src.zip   (with props)
dev/tomcat/tomcat-9/v9.0.41/src/apache-tomcat-9.0.41-src.zip.asc
dev/tomcat/tomcat-9/v9.0.41/src/apache-tomcat-9.0.41-src.zip.sha512

Added: dev/tomcat/tomcat-9/v9.0.41/KEYS
==
--- dev/tomcat/tomcat-9/v9.0.41/KEYS (added)
+++ dev/tomcat/tomcat-9/v9.0.41/KEYS Thu Dec  3 12:42:32 2020
@@ -0,0 +1,676 @@
+This file contains the PGP keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+Type Bits/KeyIDDate   User ID
+pub  2048/F22C4FED 2001/07/02 Andy Armstrong 
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Version: PGPfreeware 7.0.3 for non-commercial use 
+
+mQGiBDtAWuURBADZ0KUEyUkSUiTA09e7tvEbX25STsjxrR+DNTainCls+XlkVOij
+gBv216lqge9tIsS0L6hCP4OQbFf/64qVtJssX4QXdyiZGb5wpmcj0Mz602Ew8r+N
+I0S5NvmogoYWW7BlP4r61jNxO5zrr03KaijM5r4ipJdLUxyOmM6P2jRPUwCg/5gm
+bpqiYl7pXX5FgDeB36tmD+UD/06iLqOnoiKO0vMbOk7URclhCObMNrHqxTxozMTS
+B9soYURbIeArei+plYo2n+1qB12ayybjhVu3uksXRdT9bEkyxMfslvLbIpDAG8Cz
+gNftTbKx/MVS7cQU0II8BKo2Akr+1FZah+sD4ovK8SfkMXUQUbTeefTntsAQKyyU
+9M9tA/9on9tBiHFl0qVJht6N4GiJ2G689v7rS2giLgKjetjiCduxBXEgvUSuyQID
+nF9ATrpXjITwsRlGKFmpZiFm5oCeCXihIVH0u6q066xNW2AXkLVoJ1l1Rs2Z0lsb
+0cq3xEAcwAmYLKQvCtgDV8CYgWKVmPi+49rSuQn7Lo9l02OUbLQgQW5keSBBcm1z
+dHJvbmcgPGFuZHlAdGFnaXNoLmNvbT6JAFgEEBECABgFAjtAWuUICwMJCAcCAQoC
+GQEFGwMACgkQajrT9PIsT+1plgCfXAovWnVL3MjrTfcGlFSKw7GHCSYAoJkz
+x+r2ANe8/0e+u5ZcYtSaSry+uQINBDtAWuUQCAD2Qle3CH8IF3KiutapQvMF6PlT

[tomcat] 01/01: Tag 9.0.41

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to tag 9.0.41
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 75d7a2069bf4360bcd8b885c6b7387d70c9cb052
Author: Mark Thomas 
AuthorDate: Thu Dec 3 11:38:47 2020 +

Tag 9.0.41
---
 build.properties.default   | 2 +-
 webapps/docs/changelog.xml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 565e2b1..f3c1360 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -27,7 +27,7 @@ version.major=9
 version.minor=0
 version.build=41
 version.patch=0
-version.suffix=-dev
+version.suffix=
 
 # - Source control flags -
 git.branch=master
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 38c4f56..f11f25c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -103,7 +103,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 9.0.41 created (now 75d7a20)

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to tag 9.0.41
in repository https://gitbox.apache.org/repos/asf/tomcat.git.


  at 75d7a20  (commit)
This tag includes the following new commits:

 new 75d7a20  Tag 9.0.41

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 10.0.0

[Mark Thomas]

The proposed Apache Tomcat 10.0.0 release is now available for
voting.

Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
package for all the specification APIs has changed from javax.* to jakarta.*
Applications that run on Tomcat 9 will not run on Tomcat 10 without changes.

The notable changes compared to 10.0.0-M10 are:

- Specs are now final. Tomcat passes the TCKs apart from a number of
  expected failures that don't impact spec compliance.

- The APR/Native AJP and HTTP connectors have been deprecated.
  Tomcat Native will continue to be used to support OpenSSL use with NIO
  and NIO2.

- Align the behaviour of ServletContext.getRealPath(String path) with
  the recent clarification from the Servlet specification project. If
  the path parameter does not start with / then Tomcat processes the
  call as if / is appended to the beginning of the provided path.

Along with lots of other bug fixes and improvements.


For full details, see the changelog:
https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.0/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1287/
The tag is:
https://github.com/apache/tomcat/tree/10.0.0
4c8b650437e2464c1c31c6598a263b3805b7a81f

The proposed 10.0.0 release is:
[ ] Broken - do not release
[ ] Beta   - go ahead and release as 10.0.0 (beta)
[ ] Stable - go ahead and release as 10.0.0 (stable)

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: JDK 16 Early Access build 26 is now available

[Mark Thomas]

Hi Rory,

I saw the update. This is on my TODO list for later today.

Mark


On 03/12/2020 08:57, Rory O'Donnell wrote:
> Hi Mark,
> 
> The bug was updated, unable to reproduce , can you provide details ?
> 
> Rgds,Rory
> 
> On 30/11/2020 17:00, Rory O'Donnell wrote:
>> Hi Marc,
>>
>> Let me see what we can do.
>>
>> Rgds,Rory
>>
>> On 30/11/2020 14:47, Mark Thomas wrote:
>>> Hi Rory,
>>>
>>> I have been (slowly) working my way through the currently open issues
>>> and I found time time today to investigate this one:
>>> https://urldefense.com/v3/__https://bz.apache.org/bugzilla/show_bug.cgi?id=63802__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2ME3DDHE2Y$
>>>
>>>
>>> That led me to this OpenJDK bug:
>>> https://bugs.openjdk.java.net/browse/JDK-8238279
>>>
>>> I have spent some time looking at this and I can confirm that the
>>> OpenJDK bug is present in the latest OpenJDK 8.
>>>
>>> The issue looks to have been forgotten about. Is there anything you can
>>> do to get the right people to have a look at it? There is a simple to
>>> use reproduction case provided and if the bugs triggers it has very
>>> serious consequences for Tomcat.
>>>
>>> It would be really good to get a fix for this in Java 8.
>>>
>>> Thanks,
>>>
>>> Mark
>>>
>>>
>>> On 30/11/2020 14:02, Rory O'Donnell wrote:
 Thanks for the feedback Martin!

 On 30/11/2020 09:37, Martin Grigorov wrote:
> Hi Rory,
>
> Apache Tomcat's build and tests pass with JDK 16 b26 on Ubuntu 20.04.1
> (x86_64 & aarch64)!
>
> Regards,
> Martin
>
> On Fri, Nov 27, 2020 at 1:15 PM Rory O'Donnell
> mailto:rory.odonn...@oracle.com>> wrote:
>
>  Hi Mark,
>
>  OpenJDK 16 Early Access build 26**is now available at
> https://urldefense.com/v3/__http://jdk.java.net/16__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2MEZ3Rcy6Y$
>
> 
>
>
>
>    * These early-access , open-source builds are provided under
> the
>        o GNU General Public License, version 2, with the Classpath
>          Exception  >.
>
>    * Schedule: *JDK 16 Rampdown Phase One Starts on 2020/12/10
> [1] *
>
>    * Features [1]: Most recent Integrations:
>        o Integrated JEP 389: Foreign Linker API (Incubator)
>            > with this release.
>            + JEP 389 introduces an API that offers
> statically-typed,
>              pure-Java access to native code.
>            + This API, together with the JEP 383
>                >, will considerably
>              simplify the otherwise error-prone process of binding
> to a
>              native library.
>
>  **
>
>    * Release Notes [2]
>
>    * Changes in recent builds that maybe of interest:
>        o Build 26
>            + JDK-8202343: *Disable TLS 1.0 and 1.1*
>            + JDK-8251317:**Support for CLDR version 38**
>            + JDK-8212879: Make JVMTI TagMap table concurrent
>            + JDK-8236926: Concurrently uncommit memory in G1
>            + JDK-8243559: Removed Root Certificates with
> 1024-bit Keys
>            + JDK-8253459: Argument index of zero or
> unrepresentable by
>              int throws IllegalFormatException
>            + JDK-8256643: Terminally deprecate ThreadGroup stop,
>  destroy,
>              isDestroyed, setDaemon and isDaemon
>        o Build 25
>            + JDK-8247781: Day period support added to java.time
> formats
>            + JDK-8202471: (ann) Cannot read type annotations on
> generic
>              receiver type's type variables *[**Reported by
> ByteBuddy]*
>            + JDK-8255947: [macos] Signed macOS jpackage app
> doesn't
>              filter spurious '-psn' argument *[**Reported by
> JOSM]*
>            + JDK-8256063: Module::getPackages returns the set of
>  package
>              names in this module
>
>    * JDK 16 - topics of interest
>        o Inside Java Episode 7 “The Vector API” with John Rose and
> Paul
>          Sandoz
>            +
> https://urldefense.com/v3/__https://inside.java/2020/11/17/podcast-007/__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2MEtW5xauw$
>
> 

Re: JDK 16 Early Access build 26 is now available

[Mark Thomas]

On December 3, 2020 8:57:26 AM UTC, Rory O'Donnell  
wrote:
>Hi Mark,
>
>The bug was updated, unable to reproduce , can you provide details ?
>
>Rgds,Rory
>
>On 30/11/2020 17:00, Rory O'Donnell wrote:
>> Hi Marc,
>>
>> Let me see what we can do.
>>
>> Rgds,Rory
>>
>> On 30/11/2020 14:47, Mark Thomas wrote:
>>> Hi Rory,
>>>
>>> I have been (slowly) working my way through the currently open
>issues
>>> and I found time time today to investigate this one:
>>>
>https://urldefense.com/v3/__https://bz.apache.org/bugzilla/show_bug.cgi?id=63802__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2ME3DDHE2Y$
>
>>>
>>>
>>> That led me to this OpenJDK bug:
>>> https://bugs.openjdk.java.net/browse/JDK-8238279
>>>
>>> I have spent some time looking at this and I can confirm that the
>>> OpenJDK bug is present in the latest OpenJDK 8.
>>>
>>> The issue looks to have been forgotten about. Is there anything you
>can
>>> do to get the right people to have a look at it? There is a simple
>to
>>> use reproduction case provided and if the bugs triggers it has very
>>> serious consequences for Tomcat.
>>>
>>> It would be really good to get a fix for this in Java 8.
>>>
>>> Thanks,
>>>
>>> Mark
>>>
>>>
>>> On 30/11/2020 14:02, Rory O'Donnell wrote:
 Thanks for the feedback Martin!

 On 30/11/2020 09:37, Martin Grigorov wrote:
> Hi Rory,
>
> Apache Tomcat's build and tests pass with JDK 16 b26 on Ubuntu
>20.04.1
> (x86_64 & aarch64)!
>
> Regards,
> Martin
>
> On Fri, Nov 27, 2020 at 1:15 PM Rory O'Donnell
> mailto:rory.odonn...@oracle.com>>
>wrote:
>
>  Hi Mark,
>
>  OpenJDK 16 Early Access build 26**is now available at
>
>https://urldefense.com/v3/__http://jdk.java.net/16__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2MEZ3Rcy6Y$
>
>
>
>
>    * These early-access , open-source builds are provided
>under 
> the
>        o GNU General Public License, version 2, with the
>Classpath
>          Exception
> >.
>
>    * Schedule: *JDK 16 Rampdown Phase One Starts on 2020/12/10
>
> [1] *
>
>    * Features [1]: Most recent Integrations:
>        o Integrated JEP 389: Foreign Linker API (Incubator)
>            > with this release.
>            + JEP 389 introduces an API that offers 
> statically-typed,
>              pure-Java access to native code.
>            + This API, together with the JEP 383
>                >, will considerably
>              simplify the otherwise error-prone process of
>binding
> to a
>              native library.
>
>  **
>
>    * Release Notes [2]
>
>    * Changes in recent builds that maybe of interest:
>        o Build 26
>            + JDK-8202343: *Disable TLS 1.0 and 1.1*
>            + JDK-8251317:**Support for CLDR version 38**
>            + JDK-8212879: Make JVMTI TagMap table concurrent
>            + JDK-8236926: Concurrently uncommit memory in G1
>            + JDK-8243559: Removed Root Certificates with 
> 1024-bit Keys
>            + JDK-8253459: Argument index of zero or 
> unrepresentable by
>              int throws IllegalFormatException
>            + JDK-8256643: Terminally deprecate ThreadGroup
>stop,
>  destroy,
>              isDestroyed, setDaemon and isDaemon
>        o Build 25
>            + JDK-8247781: Day period support added to
>java.time
> formats
>            + JDK-8202471: (ann) Cannot read type annotations
>on
> generic
>              receiver type's type variables *[**Reported by
> ByteBuddy]*
>            + JDK-8255947: [macos] Signed macOS jpackage app 
> doesn't
>              filter spurious '-psn' argument *[**Reported by 
> JOSM]*
>            + JDK-8256063: Module::getPackages returns the set
>of
>  package
>              names in this module
>
>    * JDK 16 - topics of interest
>        o Inside Java Episode 7 “The Vector API” with John Rose
>and
> Paul
>          Sandoz
>            + 
>
>https://urldefense.com/v3/__https://inside.java/2020/11/17/podcast-007/__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2MEtW5xauw$
>

Re: JDK 16 Early Access build 26 is now available

[Rory O'Donnell]

Hi Mark,

The bug was updated, unable to reproduce , can you provide details ?

Rgds,Rory

On 30/11/2020 17:00, Rory O'Donnell wrote:

Hi Marc,

Let me see what we can do.

Rgds,Rory

On 30/11/2020 14:47, Mark Thomas wrote:

Hi Rory,

I have been (slowly) working my way through the currently open issues
and I found time time today to investigate this one:
https://urldefense.com/v3/__https://bz.apache.org/bugzilla/show_bug.cgi?id=63802__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2ME3DDHE2Y$ 



That led me to this OpenJDK bug:
https://bugs.openjdk.java.net/browse/JDK-8238279

I have spent some time looking at this and I can confirm that the
OpenJDK bug is present in the latest OpenJDK 8.

The issue looks to have been forgotten about. Is there anything you can
do to get the right people to have a look at it? There is a simple to
use reproduction case provided and if the bugs triggers it has very
serious consequences for Tomcat.

It would be really good to get a fix for this in Java 8.

Thanks,

Mark


On 30/11/2020 14:02, Rory O'Donnell wrote:

Thanks for the feedback Martin!

On 30/11/2020 09:37, Martin Grigorov wrote:

Hi Rory,

Apache Tomcat's build and tests pass with JDK 16 b26 on Ubuntu 20.04.1
(x86_64 & aarch64)!

Regards,
Martin

On Fri, Nov 27, 2020 at 1:15 PM Rory O'Donnell
mailto:rory.odonn...@oracle.com>> wrote:

 Hi Mark,

 OpenJDK 16 Early Access build 26**is now available at
https://urldefense.com/v3/__http://jdk.java.net/16__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2MEZ3Rcy6Y$



   * These early-access , open-source builds are provided under 
the

       o GNU General Public License, version 2, with the Classpath
         Exception >.

   * Schedule: *JDK 16 Rampdown Phase One Starts on 2020/12/10 
[1] *


   * Features [1]: Most recent Integrations:
       o Integrated JEP 389: Foreign Linker API (Incubator)
         > with this release.
           + JEP 389 introduces an API that offers 
statically-typed,

             pure-Java access to native code.
           + This API, together with the JEP 383
             >, will considerably
             simplify the otherwise error-prone process of binding
to a
             native library.

 **

   * Release Notes [2]

   * Changes in recent builds that maybe of interest:
       o Build 26
           + JDK-8202343: *Disable TLS 1.0 and 1.1*
           + JDK-8251317:**Support for CLDR version 38**
           + JDK-8212879: Make JVMTI TagMap table concurrent
           + JDK-8236926: Concurrently uncommit memory in G1
           + JDK-8243559: Removed Root Certificates with 
1024-bit Keys
           + JDK-8253459: Argument index of zero or 
unrepresentable by

             int throws IllegalFormatException
           + JDK-8256643: Terminally deprecate ThreadGroup stop,
 destroy,
             isDestroyed, setDaemon and isDaemon
       o Build 25
           + JDK-8247781: Day period support added to java.time
formats
           + JDK-8202471: (ann) Cannot read type annotations on
generic
             receiver type's type variables *[**Reported by
ByteBuddy]*
           + JDK-8255947: [macos] Signed macOS jpackage app 
doesn't
             filter spurious '-psn' argument *[**Reported by 
JOSM]*

           + JDK-8256063: Module::getPackages returns the set of
 package
             names in this module

   * JDK 16 - topics of interest
       o Inside Java Episode 7 “The Vector API” with John Rose and
Paul
         Sandoz
           + 
https://urldefense.com/v3/__https://inside.java/2020/11/17/podcast-007/__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2MEtW5xauw$



>

       o Biased locking Obsoletion update
           +
https://urldefense.com/v3/__https://inside.java/2020/11/17/biased-locking-obsoletion/__;!!GqivPVa7Brio!PccppzFjCMGwBbQzCDnWyF3kpvqgDVQZjxTwZ9Q1KyRdhCuJv1k7BsAkR2MEBDg8oxo$

svn commit: r44813 - in /dev/tomcat/tomcat-10/v10.0.0: ./ bin/ bin/embed/ src/

[markt]

Author: markt
Date: Thu Dec  3 08:10:59 2020
New Revision: 44813

Log:
UpUpload 10.0.0 for voting

Added:
dev/tomcat/tomcat-10/v10.0.0/
dev/tomcat/tomcat-10/v10.0.0/KEYS
dev/tomcat/tomcat-10/v10.0.0/README.html
dev/tomcat/tomcat-10/v10.0.0/RELEASE-NOTES
dev/tomcat/tomcat-10/v10.0.0/bin/
dev/tomcat/tomcat-10/v10.0.0/bin/README.html
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-deployer.tar.gz.asc
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-deployer.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-deployer.zip   (with 
props)
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-deployer.zip.asc
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-deployer.zip.sha512
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-fulldocs.tar.gz.asc
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-windows-x64.zip   
(with props)
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-windows-x64.zip.asc
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-windows-x64.zip.sha512
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-windows-x86.zip   
(with props)
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-windows-x86.zip.asc
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0-windows-x86.zip.sha512
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0.exe   (with props)
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0.exe.asc
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0.exe.sha512
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0.tar.gz   (with props)
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0.zip   (with props)
dev/tomcat/tomcat-10/v10.0.0/bin/apache-tomcat-10.0.0.zip.sha512
dev/tomcat/tomcat-10/v10.0.0/bin/embed/
dev/tomcat/tomcat-10/v10.0.0/bin/embed/apache-tomcat-10.0.0-embed.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.0.0/bin/embed/apache-tomcat-10.0.0-embed.tar.gz.asc

dev/tomcat/tomcat-10/v10.0.0/bin/embed/apache-tomcat-10.0.0-embed.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.0/bin/embed/apache-tomcat-10.0.0-embed.zip   
(with props)
dev/tomcat/tomcat-10/v10.0.0/bin/embed/apache-tomcat-10.0.0-embed.zip.asc
dev/tomcat/tomcat-10/v10.0.0/bin/embed/apache-tomcat-10.0.0-embed.zip.sha512
dev/tomcat/tomcat-10/v10.0.0/src/
dev/tomcat/tomcat-10/v10.0.0/src/apache-tomcat-10.0.0-src.tar.gz   (with 
props)
dev/tomcat/tomcat-10/v10.0.0/src/apache-tomcat-10.0.0-src.tar.gz.asc
dev/tomcat/tomcat-10/v10.0.0/src/apache-tomcat-10.0.0-src.tar.gz.sha512
dev/tomcat/tomcat-10/v10.0.0/src/apache-tomcat-10.0.0-src.zip   (with props)
dev/tomcat/tomcat-10/v10.0.0/src/apache-tomcat-10.0.0-src.zip.asc
dev/tomcat/tomcat-10/v10.0.0/src/apache-tomcat-10.0.0-src.zip.sha512

Added: dev/tomcat/tomcat-10/v10.0.0/KEYS
==
--- dev/tomcat/tomcat-10/v10.0.0/KEYS (added)
+++ dev/tomcat/tomcat-10/v10.0.0/KEYS Thu Dec  3 08:10:59 2020
@@ -0,0 +1,676 @@
+This file contains the PGP keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+Type Bits/KeyIDDate   User ID
+pub  2048/F22C4FED 2001/07/02 Andy Armstrong 
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Version: PGPfreeware 7.0.3 for non-commercial use 
+
+mQGiBDtAWuURBADZ0KUEyUkSUiTA09e7tvEbX25STsjxrR+DNTainCls+XlkVOij
+gBv216lqge9tIsS0L6hCP4OQbFf/64qVtJssX4QXdyiZGb5wpmcj0Mz602Ew8r+N
+I0S5NvmogoYWW7BlP4r61jNxO5zrr03KaijM5r4ipJdLUxyOmM6P2jRPUwCg/5gm
+bpqiYl7pXX5FgDeB36tmD+UD/06iLqOnoiKO0vMbOk7URclhCObMNrHqxTxozMTS
+B9soYURbIeArei+plYo2n+1qB12ayybjhVu3uksXRdT9bEkyxMfslvLbIpDAG8Cz
+gNftTbKx/MVS7cQU0II8BKo2Akr+1FZah+sD4ovK8SfkMXUQUbTeefTntsAQKyyU
+9M9tA/9on9tBiHFl0qVJht6N4GiJ2G689v7rS2giLgKjetjiCduxBXEgvUSuyQID
+nF9ATrpXjITwsRlGKFmpZiFm5oCeCXihIVH0u6q066xNW2AXkLVoJ1l1Rs2Z0lsb
+0cq3xEAcwAmYLKQvCtgDV8CYgWKVmPi+49rSuQn7Lo9l02OUbLQgQW5keSBBcm1z
+dHJvbmcgPGFuZHlAdGFnaXNoLmNvbT6JAFgEEBECABgFAjtAWuUICwMJCAcCAQoC
+GQEFGwMACgkQajrT9PIsT+1plgCfXAovWnVL3MjrTfcGlFSKw7GHCSYAoJkz
+x+r2ANe8/0e+u5ZcYtSaSry+uQINBDtAWuUQCAD2Qle3CH8IF3KiutapQvMF6PlT
+ETlPtvFuuUs4INoBp1ajFOmPQFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZ