[Bug 66471] New: JSessionId secure attribute missing with RemoteIpFilter and X-Forwarded-Proto set to https
https://bz.apache.org/bugzilla/show_bug.cgi?id=66471 Bug ID: 66471 Summary: JSessionId secure attribute missing with RemoteIpFilter and X-Forwarded-Proto set to https Product: Tomcat 9 Version: 9.0.68 Hardware: PC Status: NEW Severity: critical Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: reto.we...@axonivy.com Target Milestone: - I use the org.apache.catalina.filters.RemoteIpFilter Filter behind a NGINX reverse proxy. On the NGINX I set the http header X-Forwarded-Proto to https. If I now make a request with a Browser to the reverse proxy the JSESSIONID cookie I get back is missing the secure attribute. I have debugged the RemoteIpFilter, the isSecure flag of the wrapper request it creates, is correctly set to true. Unfortunately, the method getSession() or getSession(Boolean) is forwarded to the wrapped original request were the isSecure Flag is still not set. Therefore, the JSESSIONID cookie is missing the secure flag. See org.apache.catalina.connector.Request method doGetSession and org.apache.catalina.core.ApplicationSessionCookieConfig method createSessionCookie. As workaround org.apache.catalina.valves.RemoteIpValve can be used, which seems to handle this correct. Also, the secure flag can be enforced by setting it in the web.xml. However, I would like to use RemoteIpFilter because it has some advantages over the RemoteIpValve or statically setting it in the web.xml. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated: Use filtersets for IDE config libs and versioning
This is an automated email from the ASF dual-hosted git repository. lihan pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git The following commit(s) were added to refs/heads/main by this push: new bc8a3870c5 Use filtersets for IDE config libs and versioning bc8a3870c5 is described below commit bc8a3870c5c4b0f9b1fc0a220b9c391986d43783 Author: Bailey Brownie AuthorDate: Mon Feb 6 21:39:39 2023 -0500 Use filtersets for IDE config libs and versioning --- build.xml | 35 +- res/ide-support/eclipse/eclipse.classpath | 20 ++--- .../eclipse/org.eclipse.jdt.core.prefs.properties | 6 ++-- res/ide-support/idea/misc.xml | 2 +- res/ide-support/idea/tomcat.iml| 20 ++--- .../netbeans/nb-tomcat-build.properties| 2 +- res/ide-support/netbeans/nb-tomcat.xml | 2 +- res/ide-support/netbeans/project.xml | 16 +- webapps/docs/building.xml | 13 9 files changed, 61 insertions(+), 55 deletions(-) diff --git a/build.xml b/build.xml index aba58136b3..fb67c70d7c 100644 --- a/build.xml +++ b/build.xml @@ -244,6 +244,20 @@ + + + + + + + + + + + + + + @@ -3759,11 +3773,16 @@ asf.ldap.username=${release.asfusername} - + + + + - - + + + + Eclipse project files created. Read the Building page on the Apache Tomcat documentation site for details on how to configure your Eclipse workspace. @@ -3777,13 +3796,11 @@ Read the Building page on the Apache Tomcat documentation site for details on ho + + -IntelliJ IDEA project directory created. Please create PATH VARIABLES for - - ANT_HOME = ${ant.home} - TOMCAT_BUILD_LIBS = ${base.path} - +IntelliJ IDEA project directory created. @@ -3819,6 +3836,8 @@ Use the "ide-netbeans-replace" target if you wish to overwrite them. + + NetBeans project files created. Read the Building page on the Apache Tomcat documentation site for details on how to customise your NetBeans project. diff --git a/res/ide-support/eclipse/eclipse.classpath b/res/ide-support/eclipse/eclipse.classpath index 5c1bcdd282..a98e9c610a 100644 --- a/res/ide-support/eclipse/eclipse.classpath +++ b/res/ide-support/eclipse/eclipse.classpath @@ -19,16 +19,16 @@ - + - - - - - - - - - + + + + + + + + + diff --git a/res/ide-support/eclipse/org.eclipse.jdt.core.prefs.properties b/res/ide-support/eclipse/org.eclipse.jdt.core.prefs.properties index c7fcfab4bb..0e28ec4353 100644 --- a/res/ide-support/eclipse/org.eclipse.jdt.core.prefs.properties +++ b/res/ide-support/eclipse/org.eclipse.jdt.core.prefs.properties @@ -15,6 +15,6 @@ # limitations under the License. # - eclipse.preferences.version=1 -org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8 -org.eclipse.jdt.core.compiler.compliance=1.8 -org.eclipse.jdt.core.compiler.source=1.8 +org.eclipse.jdt.core.compiler.codegen.targetPlatform=@BUILD_JAVA_VERSION@ +org.eclipse.jdt.core.compiler.compliance=@MIN_JAVA_VERSION@ +org.eclipse.jdt.core.compiler.source=@BUILD_JAVA_VERSION@ diff --git a/res/ide-support/idea/misc.xml b/res/ide-support/idea/misc.xml index 2f3538ae29..0f6a7a25c6 100644 --- a/res/ide-support/idea/misc.xml +++ b/res/ide-support/idea/misc.xml @@ -16,7 +16,7 @@ limitations under the License. --> - + \ No newline at end of file diff --git a/res/ide-support/idea/tomcat.iml b/res/ide-support/idea/tomcat.iml index 07b6c5a32b..08e6c05f7a 100644 --- a/res/ide-support/idea/tomcat.iml +++ b/res/ide-support/idea/tomcat.iml @@ -30,7 +30,7 @@ - + @@ -41,7 +41,7 @@ - + @@ -50,7 +50,7 @@ - + @@ -59,7 +59,7 @@ - + @@ -68,7 +68,7 @@ - + @@ -77,7 +77,7 @@ - + @@ -86,7 +86,7 @@ - + @@ -95,7 +95,7 @@ - + @@ -104,7 +104,7 @@ - + @@ -113,7 +113,7 @@ - +
[GitHub] [tomcat] aooohan merged pull request #584: Use filtersets for IDE config libs and versioning
aooohan merged PR #584: URL: https://github.com/apache/tomcat/pull/584 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[VOTE] Release Apache Tomcat Native 1.2.36
Version 1.2.36 includes the following changes compared to 1.2.35 - The windows binaries in this release have been built with OpenSSL 1.1.1t and APR 1.7.2 The proposed release artefacts can be found at [1], and the build was done using tag [2]. The Apache Tomcat Native 1.2.36 release is [ ] Stable, go ahead and release [ ] Broken because of ... Thanks, Mark [1] https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/1.2.36 [2] https://gitbox.apache.org/repos/asf?p=tomcat-native.git;a=commit;h=e6225d0d07dc8d89df7c49a10c67b46575e1a755 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r59974 - in /dev/tomcat/tomcat-connectors/native/1.2.36: ./ binaries/ source/
Author: markt Date: Wed Feb 8 16:41:50 2023 New Revision: 59974 Log: Upload 1.2.36 for voting Added: dev/tomcat/tomcat-connectors/native/1.2.36/ dev/tomcat/tomcat-connectors/native/1.2.36/binaries/ dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-ocsp-win32-bin.zip (with props) dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-ocsp-win32-bin.zip.asc dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-ocsp-win32-bin.zip.sha512 dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-win32-bin.zip (with props) dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-win32-bin.zip.asc dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-win32-bin.zip.sha512 dev/tomcat/tomcat-connectors/native/1.2.36/source/ dev/tomcat/tomcat-connectors/native/1.2.36/source/tomcat-native-1.2.36-src.tar.gz (with props) dev/tomcat/tomcat-connectors/native/1.2.36/source/tomcat-native-1.2.36-src.tar.gz.asc dev/tomcat/tomcat-connectors/native/1.2.36/source/tomcat-native-1.2.36-src.tar.gz.sha512 dev/tomcat/tomcat-connectors/native/1.2.36/source/tomcat-native-1.2.36-win32-src.zip (with props) dev/tomcat/tomcat-connectors/native/1.2.36/source/tomcat-native-1.2.36-win32-src.zip.asc dev/tomcat/tomcat-connectors/native/1.2.36/source/tomcat-native-1.2.36-win32-src.zip.sha512 Added: dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-ocsp-win32-bin.zip == Binary file - no diff available. Propchange: dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-ocsp-win32-bin.zip -- svn:executable = * Propchange: dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-ocsp-win32-bin.zip -- svn:mime-type = application/octet-stream Added: dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-ocsp-win32-bin.zip.asc == --- dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-ocsp-win32-bin.zip.asc (added) +++ dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-ocsp-win32-bin.zip.asc Wed Feb 8 16:41:50 2023 @@ -0,0 +1,17 @@ +-BEGIN PGP SIGNATURE- +Comment: GPGTools - http://gpgtools.org + +iQIzBAABCgAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAmPj0KEACgkQEMAcWi9g +WedNsxAA9MP2IBIHlroovo+8ckV/3MghIZVUOZCbnufrRExF/OnXJUDQ1PI3dS1E +zXy9WAqCRcP95+Rmre97exoW+ZW3GdNiaQ32r+IsIgjTc7OcxAMm7/QM8XyxloWh +6cUTs71OpiIHt1zNWG2Kt/rEOA1q/IiovlQGczO88StrvO9uqD06HnvN9Hrw2gDD +eizrSeMRauLiWhOZZHpgMi/T/ifabu4w0AQ0LQU6rCeFLXWtRur7ehpvexSOi3Eu +zvkwvhybQ7dD7VyyZJS343sAy1YvwQwpXChkrfZYXdWPFRWIrhc+AjRboTNflb9i +TfGbGTREfQxyspIN/aeuDjzkceIV9n6Jo3MTN8CJaWZT1553iYhES/3WNk8wn9eJ +3Zi6FNgaFrWPxAdB45qKKaAVvlPESD1fsg5eGQ63c6z/eMVJga6sYl5Dku7Xf6bA +ciK/mVW90mr6VZEs5+P3MFHDFGOG0qzPtviINo0xE4Sr7dsbCfRjrFehBP/k8M75 +kOknSexTOxPr9iQNUcM/OiRwL4XuvcrQmA+Axyld7WeHmDinjKmlVgSM3J3nidsy +BN+OFqZRxbkkxd+3hLVTArwI3E1OW4Q/EJxP72voIXbSqGOPWFgJ70aNLrJxc0Bi +7uU3O1kmI1KREZhTJllvHQDwjjwTZtzbZ0ZZYR8p3NGvdDLp3As= +=oOZ0 +-END PGP SIGNATURE- Added: dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-ocsp-win32-bin.zip.sha512 == --- dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-ocsp-win32-bin.zip.sha512 (added) +++ dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-ocsp-win32-bin.zip.sha512 Wed Feb 8 16:41:50 2023 @@ -0,0 +1 @@ +5b04f5668621308cd57a75c03dd5a6b1ab660fa5abd85bc16f915e23f778d670423ca4876816e8910d7cf3d5663aabe8d34a1afa7c9e0d08a37f7510f8263ac5 *tomcat-native-1.2.36-openssl-1.1.1t-ocsp-win32-bin.zip \ No newline at end of file Added: dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-win32-bin.zip == Binary file - no diff available. Propchange: dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-win32-bin.zip -- svn:executable = * Propchange: dev/tomcat/tomcat-connectors/native/1.2.36/binaries/tomcat-native-1.2.36-openssl-1.1.1t-win32-bin.zip -- svn:mime-type =
[tomcat-native] 01/01: Tag 1.2.36
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to tag 1.2.36 in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit e6225d0d07dc8d89df7c49a10c67b46575e1a755 Author: Mark Thomas AuthorDate: Wed Feb 8 15:52:13 2023 + Tag 1.2.36 --- build.properties.default | 2 +- native/include/tcn_version.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.properties.default b/build.properties.default index 39463d665..394e3db2a 100644 --- a/build.properties.default +++ b/build.properties.default @@ -20,7 +20,7 @@ version.major=1 version.minor=2 version.build=36 version.patch=0 -version.suffix=-dev +version.suffix= # - Default Base Path for Dependent Packages - # Please note this path must be absolute, not relative, diff --git a/native/include/tcn_version.h b/native/include/tcn_version.h index 3b0dd02c1..d0d7dd648 100644 --- a/native/include/tcn_version.h +++ b/native/include/tcn_version.h @@ -69,7 +69,7 @@ extern "C" { * This symbol is defined for internal, "development" copies of TCN. This * symbol will be #undef'd for releases. */ -#define TCN_IS_DEV_VERSION 1 +#define TCN_IS_DEV_VERSION 0 /** The formatted string of APU's version */ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] tag 1.2.36 created (now e6225d0d0)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to tag 1.2.36 in repository https://gitbox.apache.org/repos/asf/tomcat-native.git at e6225d0d0 (commit) This tag includes the following new commits: new e6225d0d0 Tag 1.2.36 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch 1.2.x updated: Align Java code with 9.0.x
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 1.2.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.2.x by this push: new 886f3ad6c Align Java code with 9.0.x 886f3ad6c is described below commit 886f3ad6c20d9303a3f30a8564632d078c49f0cd Author: Mark Thomas AuthorDate: Wed Feb 8 15:50:14 2023 + Align Java code with 9.0.x --- java/org/apache/tomcat/jni/Address.java| 3 +- java/org/apache/tomcat/jni/BIOCallback.java| 3 +- java/org/apache/tomcat/jni/Directory.java | 3 +- java/org/apache/tomcat/jni/Error.java | 3 +- java/org/apache/tomcat/jni/File.java | 139 ++--- java/org/apache/tomcat/jni/FileInfo.java | 12 +- java/org/apache/tomcat/jni/Global.java | 3 +- java/org/apache/tomcat/jni/Library.java| 4 - .../apache/tomcat/jni/LibraryNotFoundError.java| 1 - java/org/apache/tomcat/jni/Lock.java | 23 ++-- java/org/apache/tomcat/jni/Mmap.java | 3 +- java/org/apache/tomcat/jni/Multicast.java | 3 +- java/org/apache/tomcat/jni/OS.java | 3 +- java/org/apache/tomcat/jni/PasswordCallback.java | 3 +- java/org/apache/tomcat/jni/Poll.java | 21 ++-- java/org/apache/tomcat/jni/PoolCallback.java | 3 +- java/org/apache/tomcat/jni/Proc.java | 44 --- java/org/apache/tomcat/jni/ProcErrorCallback.java | 3 +- java/org/apache/tomcat/jni/Procattr.java | 3 +- java/org/apache/tomcat/jni/Registry.java | 3 +- java/org/apache/tomcat/jni/SSL.java| 4 - java/org/apache/tomcat/jni/SSLConf.java| 2 - java/org/apache/tomcat/jni/SSLContext.java | 6 +- java/org/apache/tomcat/jni/SSLSocket.java | 3 +- java/org/apache/tomcat/jni/Shm.java| 3 +- java/org/apache/tomcat/jni/Sockaddr.java | 8 +- java/org/apache/tomcat/jni/Socket.java | 65 ++ java/org/apache/tomcat/jni/Status.java | 6 +- java/org/apache/tomcat/jni/Stdlib.java | 3 +- java/org/apache/tomcat/jni/Thread.java | 3 +- java/org/apache/tomcat/jni/Time.java | 3 +- java/org/apache/tomcat/jni/User.java | 3 +- 32 files changed, 243 insertions(+), 149 deletions(-) diff --git a/java/org/apache/tomcat/jni/Address.java b/java/org/apache/tomcat/jni/Address.java index acac8008a..a245f21f4 100644 --- a/java/org/apache/tomcat/jni/Address.java +++ b/java/org/apache/tomcat/jni/Address.java @@ -16,7 +16,8 @@ */ package org.apache.tomcat.jni; -/** Address +/** + * Address * * @author Mladen Turk * diff --git a/java/org/apache/tomcat/jni/BIOCallback.java b/java/org/apache/tomcat/jni/BIOCallback.java index ea9ccff67..24736da84 100644 --- a/java/org/apache/tomcat/jni/BIOCallback.java +++ b/java/org/apache/tomcat/jni/BIOCallback.java @@ -16,7 +16,8 @@ */ package org.apache.tomcat.jni; -/** Open SSL BIO Callback Interface +/** + * Open SSL BIO Callback Interface * * @author Mladen Turk * diff --git a/java/org/apache/tomcat/jni/Directory.java b/java/org/apache/tomcat/jni/Directory.java index 473b87b71..353483ae0 100644 --- a/java/org/apache/tomcat/jni/Directory.java +++ b/java/org/apache/tomcat/jni/Directory.java @@ -16,7 +16,8 @@ */ package org.apache.tomcat.jni; -/** Directory +/** + * Directory * * @author Mladen Turk * diff --git a/java/org/apache/tomcat/jni/Error.java b/java/org/apache/tomcat/jni/Error.java index a72cc15d5..dc312d5d8 100644 --- a/java/org/apache/tomcat/jni/Error.java +++ b/java/org/apache/tomcat/jni/Error.java @@ -16,7 +16,8 @@ */ package org.apache.tomcat.jni; -/** Error +/** + * Error * * @author Mladen Turk * diff --git a/java/org/apache/tomcat/jni/File.java b/java/org/apache/tomcat/jni/File.java index 3e0c3b1bc..4ba2e16de 100644 --- a/java/org/apache/tomcat/jni/File.java +++ b/java/org/apache/tomcat/jni/File.java @@ -18,7 +18,8 @@ package org.apache.tomcat.jni; /* Import needed classes */ import java.nio.ByteBuffer; -/** File +/** + * File * * @author Mladen Turk * @@ -48,21 +49,25 @@ public class File { public static final int APR_FOPEN_BUFFERED = 0x00080; /** Delete the file after close */ public static final int APR_FOPEN_DELONCLOSE = 0x00100; -/** Platform dependent tag to open the file for +/** + * Platform dependent tag to open the file for * use across multiple threads */ public static final int APR_FOPEN_XTHREAD = 0x00200; -/** Platform dependent support for higher level locked read/write +/** + * Platform dependent support for higher level locked read/write * access to support writes across process/machines */ public static final int
[VOTE] Release Apache Tomcat Native 2.0.3
The key differences of version 2.0.3 compared to 2.0.2 are: - The windows binaries in this release have been built with OpenSSL 3.0.8 and APR 1.7.2 The 2.0.x branch is primarily intended for use with Tomcat 10.1.x but can be used with earlier versions as long as the APR/native connector is not used. The proposed release artefacts can be found at [1], and the build was done using tag [2]. The Apache Tomcat Native 2.0.3 release is [ ] Stable, go ahead and release [ ] Broken because of ... Thanks, Mark [1] https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/2.0.3 [2] https://gitbox.apache.org/repos/asf?p=tomcat-native.git;a=commit;h=2b617703217b2f94fc51afc0ad30e325f69853a2 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r59971 - in /dev/tomcat/tomcat-connectors/native/2.0.3: ./ binaries/ source/
Author: markt Date: Wed Feb 8 15:40:21 2023 New Revision: 59971 Log: Upload Tomcat Native 2.0.3 for voting Added: dev/tomcat/tomcat-connectors/native/2.0.3/ dev/tomcat/tomcat-connectors/native/2.0.3/binaries/ dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-ocsp-win32-bin.zip (with props) dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-ocsp-win32-bin.zip.asc dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-ocsp-win32-bin.zip.sha512 dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-win32-bin.zip (with props) dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-win32-bin.zip.asc dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-win32-bin.zip.sha512 dev/tomcat/tomcat-connectors/native/2.0.3/source/ dev/tomcat/tomcat-connectors/native/2.0.3/source/tomcat-native-2.0.3-src.tar.gz (with props) dev/tomcat/tomcat-connectors/native/2.0.3/source/tomcat-native-2.0.3-src.tar.gz.asc dev/tomcat/tomcat-connectors/native/2.0.3/source/tomcat-native-2.0.3-src.tar.gz.sha512 dev/tomcat/tomcat-connectors/native/2.0.3/source/tomcat-native-2.0.3-win32-src.zip (with props) dev/tomcat/tomcat-connectors/native/2.0.3/source/tomcat-native-2.0.3-win32-src.zip.asc dev/tomcat/tomcat-connectors/native/2.0.3/source/tomcat-native-2.0.3-win32-src.zip.sha512 Added: dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-ocsp-win32-bin.zip == Binary file - no diff available. Propchange: dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-ocsp-win32-bin.zip -- svn:executable = * Propchange: dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-ocsp-win32-bin.zip -- svn:mime-type = application/octet-stream Added: dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-ocsp-win32-bin.zip.asc == --- dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-ocsp-win32-bin.zip.asc (added) +++ dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-ocsp-win32-bin.zip.asc Wed Feb 8 15:40:21 2023 @@ -0,0 +1,17 @@ +-BEGIN PGP SIGNATURE- +Comment: GPGTools - http://gpgtools.org + +iQIzBAABCgAdFiEEqcXfTSLpmZjZh1pREMAcWi9gWecFAmPjwjAACgkQEMAcWi9g +WeeE5A/+NwDBXGwdUkT0J4JGT2AmEJQXrOKqUZQQjMTAsHnE0kv9GvKIUobhdKnh +QYxyGz+113uzun+Mbltt0FiriGDavQfh249Psib48Xnm8nPKhxWqnojkmvMc+45j +WYHKl8Mpc9kXm9Ip5wO4p3T97F1IRhMghJUUKLNQ2kicCg7Obpoj/vV17cNJ8Ecl +b02mKqPp36DsnDM7SOpjULzMud2pcFcYGsvhDYiOhnyydu/mK1S/XppHksJjeKaI +DSskaBxYCdF+/WtHFR4GOqrp2AVCyu7Z6WtvV4t+S9L1L+i0Vh0t+e1DnevfFcu3 +VvFZGpi6Rv4Y3IYXrxwvlNpyzyzVQgLP4RaddnNqfT4A53L7zjFDUZsiM8HnAYQv +vll8HJmOYLuECFOQVFx+PcheJ3YUQrw0Yx0Y2+DaCA0YYZTgliMENbVQlpG1PNB5 +lokY6l046xdBjiv7Q7BnO9B4Bfa9P06xYEM+5+O/ICDxyiAL77tHRcKF51M5/pbJ +CbPhO+T+3VX8wvu2/YFnGrR4GOzpTXzOXhydbkWfoO2HipSFT3gCi8FYBArH2fn+ +KRDjBd4fgrNxMb2vSp6qt4i3BORt7hSrd6kx28DMsl+EKbGa56RHc5PtMkKU6RNV +StuuTtPOsfHgA8uZrkEI+fC4+pehUhmHnRT5b18+vkF+MvHAGFw= +=1bka +-END PGP SIGNATURE- Added: dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-ocsp-win32-bin.zip.sha512 == --- dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-ocsp-win32-bin.zip.sha512 (added) +++ dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-ocsp-win32-bin.zip.sha512 Wed Feb 8 15:40:21 2023 @@ -0,0 +1 @@ +f5c5e06725c6383f28be08eeb3f05d445df345c5aa518ad589acb69a1f570823f9e145ad3966711c83d3e6a2e20d9c7007b1bc2bbd6986bfbfe7648793277f94 *tomcat-native-2.0.3-openssl-3.0.8-ocsp-win32-bin.zip \ No newline at end of file Added: dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-win32-bin.zip == Binary file - no diff available. Propchange: dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-win32-bin.zip -- svn:executable = * Propchange: dev/tomcat/tomcat-connectors/native/2.0.3/binaries/tomcat-native-2.0.3-openssl-3.0.8-win32-bin.zip -- svn:mime-type = application/octet-stream Added:
[tomcat-native] tag 2.0.3 created (now 2b6177032)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to tag 2.0.3 in repository https://gitbox.apache.org/repos/asf/tomcat-native.git at 2b6177032 (commit) This tag includes the following new commits: new 2b6177032 Tag 2.0.3 The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] 01/01: Tag 2.0.3
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to tag 2.0.3 in repository https://gitbox.apache.org/repos/asf/tomcat-native.git commit 2b617703217b2f94fc51afc0ad30e325f69853a2 Author: Mark Thomas AuthorDate: Wed Feb 8 14:24:41 2023 + Tag 2.0.3 --- build.properties.default | 2 +- native/include/tcn_version.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/build.properties.default b/build.properties.default index 83251ee0d..b4b9cc31f 100644 --- a/build.properties.default +++ b/build.properties.default @@ -20,7 +20,7 @@ version.major=2 version.minor=0 version.build=3 version.patch=0 -version.suffix=-dev +version.suffix= # - Default Base Path for Dependent Packages - # Please note this path must be absolute, not relative, diff --git a/native/include/tcn_version.h b/native/include/tcn_version.h index 9fcaee1eb..a9b169dea 100644 --- a/native/include/tcn_version.h +++ b/native/include/tcn_version.h @@ -69,7 +69,7 @@ extern "C" { * This symbol is defined for internal, "development" copies of TCN. This * symbol will be #undef'd for releases. */ -#define TCN_IS_DEV_VERSION 1 +#define TCN_IS_DEV_VERSION 0 /** The formatted string of APU's version */ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: Align java soucre with 10.1.x/11.0.x
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 4618af162 Align java soucre with 10.1.x/11.0.x 4618af162 is described below commit 4618af162c60279925e778cb496eef85edb21f30 Author: Mark Thomas AuthorDate: Wed Feb 8 14:21:39 2023 + Align java soucre with 10.1.x/11.0.x --- java/org/apache/tomcat/jni/Library.java | 4 java/org/apache/tomcat/jni/LibraryNotFoundError.java | 1 - java/org/apache/tomcat/jni/SSL.java | 4 java/org/apache/tomcat/jni/SSLConf.java | 2 -- java/org/apache/tomcat/jni/SSLContext.java | 6 +- 5 files changed, 1 insertion(+), 16 deletions(-) diff --git a/java/org/apache/tomcat/jni/Library.java b/java/org/apache/tomcat/jni/Library.java index 4461724a5..f22c32cb8 100644 --- a/java/org/apache/tomcat/jni/Library.java +++ b/java/org/apache/tomcat/jni/Library.java @@ -18,10 +18,6 @@ package org.apache.tomcat.jni; import java.io.File; -/** Library - * - * @author Mladen Turk - */ public final class Library { /* Default library names */ diff --git a/java/org/apache/tomcat/jni/LibraryNotFoundError.java b/java/org/apache/tomcat/jni/LibraryNotFoundError.java index ab8a030e8..ede1ee108 100644 --- a/java/org/apache/tomcat/jni/LibraryNotFoundError.java +++ b/java/org/apache/tomcat/jni/LibraryNotFoundError.java @@ -23,7 +23,6 @@ public class LibraryNotFoundError extends UnsatisfiedLinkError { private final String libraryNames; /** - * * @param libraryNames A list of the file names of the native libraries that * failed to load * @param errors A list of the error messages received when trying to load diff --git a/java/org/apache/tomcat/jni/SSL.java b/java/org/apache/tomcat/jni/SSL.java index 64a601e1f..a27610746 100644 --- a/java/org/apache/tomcat/jni/SSL.java +++ b/java/org/apache/tomcat/jni/SSL.java @@ -16,10 +16,6 @@ */ package org.apache.tomcat.jni; -/** SSL - * - * @author Mladen Turk - */ public final class SSL { /* diff --git a/java/org/apache/tomcat/jni/SSLConf.java b/java/org/apache/tomcat/jni/SSLConf.java index db855fc05..2e429a5cd 100644 --- a/java/org/apache/tomcat/jni/SSLConf.java +++ b/java/org/apache/tomcat/jni/SSLConf.java @@ -16,8 +16,6 @@ */ package org.apache.tomcat.jni; -/** SSL Conf - */ public final class SSLConf { /** diff --git a/java/org/apache/tomcat/jni/SSLContext.java b/java/org/apache/tomcat/jni/SSLContext.java index 0f047c5f9..b26324f32 100644 --- a/java/org/apache/tomcat/jni/SSLContext.java +++ b/java/org/apache/tomcat/jni/SSLContext.java @@ -20,10 +20,6 @@ import java.util.Locale; import java.util.Map; import java.util.concurrent.ConcurrentHashMap; -/** SSL Context - * - * @author Mladen Turk - */ public final class SSLContext { public static final byte[] DEFAULT_SESSION_ID_CONTEXT = @@ -167,7 +163,7 @@ public final class SSLContext { * Point setCertificateFile at a PEM encoded certificate. If * the certificate is encrypted, then you will be prompted for a * pass phrase. Note that a kill -HUP will prompt again. A test - * certificate can be generated with `make certificate' under + * certificate can be generated with 'make certificate' under * built time. Keep in mind that if you've both a RSA and a DSA * certificate you can configure both in parallel (to also allow * the use of DSA ciphers, etc.) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch 1.2.x updated: Update OpenSSL recommended version
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 1.2.x in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/1.2.x by this push: new dbd138d6b Update OpenSSL recommended version dbd138d6b is described below commit dbd138d6bf293e97485fad9794ed7c10631dc0e5 Author: Mark Thomas AuthorDate: Wed Feb 8 14:07:13 2023 + Update OpenSSL recommended version --- native/srclib/VERSIONS| 2 +- xdocs/miscellaneous/changelog.xml | 5 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/native/srclib/VERSIONS b/native/srclib/VERSIONS index c44cddae2..75333036c 100644 --- a/native/srclib/VERSIONS +++ b/native/srclib/VERSIONS @@ -5,7 +5,7 @@ The current minimum versions are: The following version of the libraries are recommended: - APR 1.7.2 or later, http://apr.apache.org -- OpenSSL 1.1.1q or later, http://www.openssl.org +- OpenSSL 1.1.1t or later, http://www.openssl.org Older versions should also work but are not as thoroughly tested by the Tomcat Native team diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index a9370be9a..9f2b85eb0 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -33,7 +33,10 @@ - Update the recommended minimum version of APR to 1.7.1. (markt) + Update the recommended minimum version of APR to 1.7.2. (markt) + + + Update the recommended minimum version of OpenSSL to 1.1.1t. (markt) - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat-native] branch main updated: Update OpenSSL recommended version
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat-native.git The following commit(s) were added to refs/heads/main by this push: new 54a7d97d1 Update OpenSSL recommended version 54a7d97d1 is described below commit 54a7d97d14b564de49b7887d47a22534c9cc14c2 Author: Mark Thomas AuthorDate: Wed Feb 8 14:05:42 2023 + Update OpenSSL recommended version --- native/srclib/VERSIONS| 2 +- xdocs/miscellaneous/changelog.xml | 7 ++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/native/srclib/VERSIONS b/native/srclib/VERSIONS index b722c9159..372e6826a 100644 --- a/native/srclib/VERSIONS +++ b/native/srclib/VERSIONS @@ -5,7 +5,7 @@ The current minimum versions are: The following version of the libraries are recommended: - APR 1.7.2 or later, http://apr.apache.org -- OpenSSL 3.0.7 or later, http://www.openssl.org +- OpenSSL 3.0.8 or later, http://www.openssl.org Older versions should also work but are not as thoroughly tested by the Tomcat Native team diff --git a/xdocs/miscellaneous/changelog.xml b/xdocs/miscellaneous/changelog.xml index ebdb52be2..d46731e90 100644 --- a/xdocs/miscellaneous/changelog.xml +++ b/xdocs/miscellaneous/changelog.xml @@ -32,9 +32,14 @@ + + + Update the recommended minimum version of APR to 1.7.2. (markt) + - Update the recommended minimum version of APR to 1.7.1. (markt) + Update the recommended minimum version of OpenSSL to 3.0.8. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66470] Tomcat missing ip range for internalProxies
https://bz.apache.org/bugzilla/show_bug.cgi?id=66470 sgloxhuber changed: What|Removed |Added CC||simon.gloxhu...@n4.de -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66470] Tomcat missing ip range for internalProxies
https://bz.apache.org/bugzilla/show_bug.cgi?id=66470 Andy Wilkinson changed: What|Removed |Added CC||wilkins...@vmware.com -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66470] Tomcat missing ip range for internalProxies
https://bz.apache.org/bugzilla/show_bug.cgi?id=66470 --- Comment #1 from sgloxhuber --- https://github.com/apache/tomcat/blob/11.0.0-M2/java/org/apache/catalina/valves/RemoteIpValve.java in line 399 is the definition of the ip range -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[Bug 66470] New: Tomcat missing ip range for internalProxies
https://bz.apache.org/bugzilla/show_bug.cgi?id=66470 Bug ID: 66470 Summary: Tomcat missing ip range for internalProxies Product: Tomcat 11 Version: unspecified Hardware: PC OS: Linux Status: NEW Severity: critical Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: simon.gloxhu...@n4.de Target Milestone: --- SETUP: We implemented a solution in Spring Boot to allow additional origins for requests to handle CORS correctly. Because of that we override a bean in the security config: ``` @Bean public CorsConfigurationSource corsConfigurationSource() { UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource(); CorsConfiguration config = new CorsConfiguration(); config.setAllowCredentials(true); config.addAllowedOrigin(origin); List header = List.of("*"); config.setAllowedHeaders(header); config.setAllowedMethods(header); source.registerCorsConfiguration("/**", config) } ``` The spring boot application runs in a kubernetes cluster by different providers. On many cluster provider we have no problems with the implemenation but on the provider Scaleway we get for Request a Http Code 403 Forbidden and the message "Invalid CORS Request" as Reponse. PROBLEM: The problem is spring boot internal tomcat. It using the configuration option server.tomcat.remoteip.internal-proxies in the application properties. The default is RFC 1918 IP Range of private networks, which used for localhost (ipv4 and ipv6). But the RFC 6598 as shared address space is not included in the list. --> The area 100.64.0.0/10, which is defined as shared address space, is not included in the list. However, Scaleway (and almost certainly many other providers) use this area internally in the cluster, as the area cannot be routed by definition and thus provides at least as much security as the private IP address areas. The result is that tomcat blocks the request by this IP. https://www.rfc-editor.org/rfc/rfc1918 https://www.rfc-editor.org/rfc/rfc6598 SOLUTION: We fixed the problem temporally by changing the default behaviour of the tomcat and added the ip range https://docs.spring.io/spring-boot/docs/current/reference/html/howto.html#howto.webserver.use-behind-a-proxy-server.tomcat ``` tomcat: basedir: /tmp max-swallow-size: -1 remoteip: internal-proxies: "10\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|192\\.168\\.\\d{1,3}\\.\\d{1,3}|169\\.254\\.\\d{1,3}\\.\\d{1,3}|127\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}|172\\.1[6-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.2[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|172\\.3[0-1]{1}\\.\\d{1,3}\\.\\d{1,3}|100\\.6[4-9]{1}\\.\\d{1,3}\\.\\d{1,3}|100\\.[7-9]{1}[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|100\\.1[0-1]{1}[0-9]{1}\\.\\d{1,3}\\.\\d{1,3}|100\\.12[0-7]{1}\\.\\d{1,3}\\.\\d{1,3}|0:0:0:0:0:0:0:1|::1" ``` -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org