Re: [VOTE] Release Apache Tomcat 8.5.89

2023-05-09 Thread Igal Sapir 
On Tue, May 9, 2023 at 10:58 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> The proposed Apache Tomcat 8.5.89 release is now available for voting.
>
> The notable changes compared to 8.5.88 are:
>
> - Many improvements to the JSON access log valve.
>
> - Deprecate support for the HTTP Connector settings rejectIllegalHeader
> and allowHostHeaderMismatch and reject HTTP headers without names.
>
> - Add a RateLimitFilter which can be used to mitigate DoS and Brute
> Force attacks.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.89/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1436
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.89/
> da91bd19ef2cb34a96e4ad04749dfc97c941db87
>
> The proposed 8.5.89 release is:
> [ ] Broken - do not release
> [ ] Stable - go ahead and release as 8.5.88 (stable)
>
>
I get FAILED test for org.apache.catalina.mapper.TestMapperWebapps

FWIW I got that error before so I don't think that it should hold back the
release.  I would just feel much better if I could understand how it is
possible for "System cannot be resolved"?  I tried it with Java 17 and Java
8.

Full output below:

Testsuite: org.apache.catalina.mapper.TestMapperWebapps
Tests run: 5, Failures: 1, Errors: 0, Skipped: 0, Time elapsed: 6.293 sec
- Standard Output ---
ContextListener: attributeAdded('javax.websocket.server.ServerContainer',
'org.apache.tomcat.websocket.server.WsServerContainer@52dfa1ac')
-  ---
- Standard Error -
09-May-2023 14:09:53.012 INFO [main]
org.apache.catalina.startup.LoggingBaseTest.setUp Starting test case
[testWelcomeFileStrict]
09-May-2023 14:09:54.309 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio2-127.0.0.1-auto-1"]
09-May-2023 14:09:54.631 INFO [main]
org.apache.catalina.core.StandardService.startInternal Starting service
[Tomcat]
09-May-2023 14:09:54.632 INFO [main]
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
engine: [Apache Tomcat/8.5.89]
09-May-2023 14:09:54.921 INFO [localhost-startStop-1]
org.apache.catalina.startup.ContextConfig.getDefaultWebXmlFragment No
global web.xml found
09-May-2023 14:09:55.267 INFO [main]
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
["http-nio2-127.0.0.1-auto-1-39677"]
09-May-2023 14:09:56.469 INFO [main]
org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler
["http-nio2-127.0.0.1-auto-1-39677"]
09-May-2023 14:09:56.474 INFO [main]
org.apache.catalina.core.StandardService.stopInternal Stopping service
[Tomcat]
09-May-2023 14:09:56.565 INFO [main]
org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler
["http-nio2-127.0.0.1-auto-1-39677"]
09-May-2023 14:09:56.568 INFO [main]
org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler
["http-nio2-127.0.0.1-auto-1-39677"]
09-May-2023 14:09:56.584 INFO [main]
org.apache.catalina.startup.LoggingBaseTest.setUp Starting test case
[testContextRoot_Bug53339]
09-May-2023 14:09:56.600 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio2-127.0.0.1-auto-2"]
09-May-2023 14:09:56.633 INFO [main]
org.apache.catalina.core.StandardService.startInternal Starting service
[Tomcat]
09-May-2023 14:09:56.634 INFO [main]
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
engine: [Apache Tomcat/8.5.89]
09-May-2023 14:09:56.684 INFO [main]
org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler
["http-nio2-127.0.0.1-auto-2-33611"]
09-May-2023 14:09:56.690 INFO [main]
org.apache.coyote.AbstractProtocol.pause Pausing ProtocolHandler
["http-nio2-127.0.0.1-auto-2-33611"]
09-May-2023 14:09:56.694 INFO [main]
org.apache.catalina.core.StandardService.stopInternal Stopping service
[Tomcat]
09-May-2023 14:09:56.698 INFO [main]
org.apache.coyote.AbstractProtocol.stop Stopping ProtocolHandler
["http-nio2-127.0.0.1-auto-2-33611"]
09-May-2023 14:09:56.698 INFO [main]
org.apache.coyote.AbstractProtocol.destroy Destroying ProtocolHandler
["http-nio2-127.0.0.1-auto-2-33611"]
09-May-2023 14:09:56.703 INFO [main]
org.apache.catalina.startup.LoggingBaseTest.setUp Starting test case
[testContextReload_Bug56658_Bug56882]
09-May-2023 14:09:56.713 INFO [main]
org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler
["http-nio2-127.0.0.1-auto-3"]
09-May-2023 14:09:56.777 INFO [main]
org.apache.catalina.core.StandardService.startInternal Starting service
[Tomcat]
09-May-2023 14:09:56.777 INFO [main]
org.apache.catalina.core.StandardEngine.startInternal Starting Servlet
engine: [Apache Tomcat/8.5.89]
09-May-2023 14:09:56.826 INFO [localhost-startStop-1]
org.apache.catalina

Re: [VOTE] Release Apache Tomcat 8.5.89

2023-05-09 Thread Mark Thomas 

On 09/05/2023 18:38, Christopher Schultz wrote:


The proposed 8.5.89 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 8.5.88 (stable)


Same issue with the RateLimitFilter tests as the 10.1.x vote. Same fix 
addressed it.


All other tests pass on Linux Windows and MacOS (Intel and M1).

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.1.x updated: Increment version for next dev cycle

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new c3d088f24b Increment version for next dev cycle
c3d088f24b is described below

commit c3d088f24b7ee67a0c6a6c0c379625febd14b382
Author: Mark Thomas 
AuthorDate: Tue May 9 22:49:13 2023 +0100

Increment version for next dev cycle
---
 build.properties.default | 2 +-
 res/maven/mvn.properties.default | 2 +-
 webapps/docs/changelog.xml   | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/build.properties.default b/build.properties.default
index 3e9cb5d31f..8773ee65b8 100644
--- a/build.properties.default
+++ b/build.properties.default
@@ -31,7 +31,7 @@
 # - Version Control Flags -
 version.major=10
 version.minor=1
-version.build=9
+version.build=10
 version.patch=0
 version.suffix=
 version.dev=-dev
diff --git a/res/maven/mvn.properties.default b/res/maven/mvn.properties.default
index 4a11ddf5ed..f88d7de285 100644
--- a/res/maven/mvn.properties.default
+++ b/res/maven/mvn.properties.default
@@ -39,7 +39,7 @@ 
maven.asf.release.repo.url=https://repository.apache.org/service/local/staging/d
 maven.asf.release.repo.repositoryId=apache.releases.https
 
 # Release version info
-maven.asf.release.deploy.version=10.1.9
+maven.asf.release.deploy.version=10.1.10
 
 #Where do we load the libraries from
 tomcat.lib.path=../../output/build/lib
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index cc064ec5b2..03796111b0 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,9 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
+
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Add release date for 8.5.88

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 06eaaabec5 Add release date for 8.5.88
06eaaabec5 is described below

commit 06eaaabec5088c1641e6d34a0d2a273e5508366e
Author: Mark Thomas 
AuthorDate: Tue May 9 22:35:46 2023 +0100

Add release date for 8.5.88
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index acec04ac77..9ebe17b493 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -222,7 +222,7 @@
 
   
 
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 10.1.x updated: Add release date for 10.1.8

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new 6a68ab73b3 Add release date for 10.1.8
6a68ab73b3 is described below

commit 6a68ab73b355eb1c1cb18500166825a37e438b49
Author: Mark Thomas 
AuthorDate: Tue May 9 22:35:08 2023 +0100

Add release date for 10.1.8
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e0b010898a..cc064ec5b2 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -214,7 +214,7 @@
 
   
 
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Call for Presentations, Community Over Code 2023

2023-05-09 Thread Rich Bowen 
(Note: You are receiving this because you are subscribed to the dev@
list for one or more Apache Software Foundation projects.)

The Call for Presentations (CFP) for Community Over Code (formerly
Apachecon) 2023 is open at
https://communityovercode.org/call-for-presentations/, and will close
Thu, 13 Jul 2023 23:59:59 GMT.

The event will be held in Halifax, Canada, October 7-10, 2023.

We welcome submissions on any topic related to the Apache Software
Foundation, Apache projects, or the communities around those projects.
We are specifically looking for presentations in the following
catetegories:

Fintech
Search
Big Data, Storage
Big Data, Compute
Internet of Things
Groovy
Incubator
Community
Data Engineering
Performance Engineering
Geospatial
API/Microservices
Frameworks
Content Wrangling
Tomcat and httpd
Cloud and Runtime
Streaming
Sustainability


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.9

2023-05-09 Thread Igal Sapir 
On Tue, May 9, 2023 at 10:00 AM Christopher Schultz <
ch...@christopherschultz.net> wrote:

> The proposed Apache Tomcat 10.1.9 release is now available for
> voting.
>
> The notable changes compared to 10.1.8 are:
>
> - Many improvements to the JSON access log valve.
>
> - Deprecate support for the HTTP Connector settings rejectIllegalHeader
>and allowHostHeaderMismatch and reject HTTP headers without names.
>
> - Add a RateLimitFilter which can be used to mitigate DoS and Brute
>Force attacks.
>
> For full details, see the change log:
> https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html
>
> Applications that run on Tomcat 9 and earlier will not run on Tomcat 10
> without changes. Java EE applications designed for Tomcat 9 and earlier
> may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat
> will automatically convert them to Jakarta EE and copy them to the
> webapps directory.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1435
>
> The tag is:
> https://github.com/apache/tomcat/tree/10.1.9
> 5d45c1a9359c2298d7140c1ca90cb8c43809a168
>
> The proposed 10.1.9 release is:
> [ ] Broken - do not release
> [X] Stable - go ahead and release as 10.1.9
>

+1

Unit tests passed on Ubuntu 22.04 with Java 17

Igal



>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

[ANN] Apache Tomcat 11.0.0-M6 (alpha) available

2023-05-09 Thread Mark Thomas 

The Apache Tomcat team announces the immediate availability of Apache
Tomcat 11.0.0-M6 (alpha).

Apache Tomcat 11 is an open source software implementation of the
Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language,
Jakarta WebSocket, Jakarta Authentication and Jakarta Annotations
specifications.

Users of Tomcat 10 onwards should be aware that, as a result of the move
from Java EE to Jakarta EE as part of the transfer of Java EE to the
Eclipse Foundation, the primary package for all implemented APIs has
changed from javax.* to jakarta.*. This will almost certainly require
code changes to enable applications to migrate from Tomcat 9 and earlier
to Tomcat 10 and later. A migration tool is available to aid this process.

Apache Tomcat 11.0.0-M6 is a milestone release of the 11.0.x branch and 
has been made to provide users with early access to the new features in 
Apache Tomcat 11.0.x so that they may provide feedback. The notable 
changes compared to 11.0.0-M5 include:


- Various improvements to access logging.

- Remove support for the HTTP Connector settings rejectIllegalHeader and
  allowHostHeaderMismatch. These are now hard-coded to the previous
  defaults.

- Update the packaged version of the Tomcat Migration Tool for Jakarta
  EE to 1.0.7.

Please refer to the change log for the complete list of changes:
http://tomcat.apache.org/tomcat-11.0-doc/changelog.html

Downloads:
http://tomcat.apache.org/download-11.cgi

Migration guides from Apache Tomcat 8.5.x, 9.0.x and 10.1.x:
http://tomcat.apache.org/migration.html

Enjoy!

- The Apache Tomcat team

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch main updated: Add release date for 11.0.0-M6

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 9fac707f1e Add release date for 11.0.0-M6
9fac707f1e is described below

commit 9fac707f1e9e1e6a84a83a61bbb42f5bd60ebb45
Author: Mark Thomas 
AuthorDate: Tue May 9 21:23:50 2023 +0100

Add release date for 11.0.0-M6
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d46a2ac74c..96421d021a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -119,7 +119,7 @@
 
   
 
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1909706 - in /tomcat/site/trunk: docs/index.html xdocs/index.xml

2023-05-09 Thread markt 
Author: markt
Date: Tue May  9 20:22:59 2023
New Revision: 1909706

URL: http://svn.apache.org/viewvc?rev=1909706&view=rev
Log:
Correct location for 11.0.0-M6 entry

Modified:
tomcat/site/trunk/docs/index.html
tomcat/site/trunk/xdocs/index.xml

Modified: tomcat/site/trunk/docs/index.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1909706&r1=1909705&r2=1909706&view=diff
==
--- tomcat/site/trunk/docs/index.html (original)
+++ tomcat/site/trunk/docs/index.html Tue May  9 20:22:59 2023
@@ -34,31 +34,6 @@ wiki page.
 Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat
 project logo are trademarks of the Apache Software Foundation.
 
-2023-05-02 Tomcat Migration Tool for Jakarta EE 1.0.7 
Released
-
-The Apache Tomcat Project is proud to announce the release of 1.0.7 of the
-Apache Tomcat Migration Tool for Jakarta EE. This release contains a number of
-bug fixes and improvements compared to version 1.0.6.
-The notable changes in this release are:
-
-Update OSGI servlet specification versions if present in manifest file. PR
-#42 provided by Ivan Furnadjiev.
-Add configuration option, matchExcludesAgainstPathName that can be used to
-configure exclusions based on path name rather than just file name. PR 38
-provided by Réda Housni Alaoui.
-When converting directories, rename files according to the chosen profile.
-
-Work-around a known JDK bug when converting using the streaming approach.
-
-
-
-Full details of these changes, and all the other changes, are available in the
-https://github.com/apache/tomcat-jakartaee-migration/blob/main/CHANGES.md";>changelog.
-
-
-
-https://tomcat.apache.org/download-migration.cgi";>Download
-
 2023-05-09 Tomcat 11.0.0-M6 Released
 
 The Apache Tomcat Project is proud to announce the release of version 11.0.0-M6
@@ -90,6 +65,31 @@ Full details of these changes, and all t
 
 https://tomcat.apache.org/download-11.cgi";>Download
 
+2023-05-02 Tomcat Migration Tool for Jakarta EE 1.0.7 
Released
+
+The Apache Tomcat Project is proud to announce the release of 1.0.7 of the
+Apache Tomcat Migration Tool for Jakarta EE. This release contains a number of
+bug fixes and improvements compared to version 1.0.6.
+The notable changes in this release are:
+
+Update OSGI servlet specification versions if present in manifest file. PR
+#42 provided by Ivan Furnadjiev.
+Add configuration option, matchExcludesAgainstPathName that can be used to
+configure exclusions based on path name rather than just file name. PR 38
+provided by Réda Housni Alaoui.
+When converting directories, rename files according to the chosen profile.
+
+Work-around a known JDK bug when converting using the streaming approach.
+
+
+
+Full details of these changes, and all the other changes, are available in the
+https://github.com/apache/tomcat-jakartaee-migration/blob/main/CHANGES.md";>changelog.
+
+
+
+https://tomcat.apache.org/download-migration.cgi";>Download
+
 2023-04-19 Tomcat 8.5.88 Released
  
 The Apache Tomcat Project is proud to announce the release of version 8.5.88

Modified: tomcat/site/trunk/xdocs/index.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/index.xml?rev=1909706&r1=1909705&r2=1909706&view=diff
==
--- tomcat/site/trunk/xdocs/index.xml (original)
+++ tomcat/site/trunk/xdocs/index.xml Tue May  9 20:22:59 2023
@@ -55,33 +55,6 @@ project logo are trademarks of the Apach
 
 
 
-
-
-The Apache Tomcat Project is proud to announce the release of 1.0.7 of the
-Apache Tomcat Migration Tool for Jakarta EE. This release contains a number of
-bug fixes and improvements compared to version 1.0.6.
-The notable changes in this release are:
-
-Update OSGI servlet specification versions if present in manifest file. PR
-#42 provided by Ivan Furnadjiev.
-Add configuration option, matchExcludesAgainstPathName that can be used to
-configure exclusions based on path name rather than just file name. PR 38
-provided by Réda Housni Alaoui.
-When converting directories, rename files according to the chosen profile.
-
-Work-around a known JDK bug when converting using the streaming approach.
-
-
-
-Full details of these changes, and all the other changes, are available in the
-https://github.com/apache/tomcat-jakartaee-migration/blob/main/CHANGES.md";>changelog.
-
-
-
-Download
-
-
-
 
 
 The Apache Tomcat Project is proud to announce the release of version 11.0.0-M6
@@ -115,6 +88,33 @@ Full details of these changes, and all t
 
 
 
+
+
+The Apache Tomcat Project is proud to announce the release of 1.0.7 of the
+Apache Tomcat Migration Tool for Jakarta EE. This release contains a number of
+bug fixes and improvements compared to version 1.0.6.
+The notable changes in this release are:
+
+Update OSGI servlet specification versions if present in ma

svn commit: r1909705 - in /tomcat/site/trunk: docs/download-11.html docs/index.html docs/migration-11.0.html docs/oldnews.html docs/whichversion.html xdocs/download-11.xml xdocs/index.xml xdocs/migrat

2023-05-09 Thread markt 
Author: markt
Date: Tue May  9 20:21:25 2023
New Revision: 1909705

URL: http://svn.apache.org/viewvc?rev=1909705&view=rev
Log:
Update site for Tomcat 11.0.0-M6 release

Modified:
tomcat/site/trunk/docs/download-11.html
tomcat/site/trunk/docs/index.html
tomcat/site/trunk/docs/migration-11.0.html
tomcat/site/trunk/docs/oldnews.html
tomcat/site/trunk/docs/whichversion.html
tomcat/site/trunk/xdocs/download-11.xml
tomcat/site/trunk/xdocs/index.xml
tomcat/site/trunk/xdocs/migration-11.0.xml
tomcat/site/trunk/xdocs/oldnews.xml
tomcat/site/trunk/xdocs/whichversion.xml

Modified: tomcat/site/trunk/docs/download-11.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/download-11.html?rev=1909705&r1=1909704&r2=1909705&view=diff
==
--- tomcat/site/trunk/docs/download-11.html (original)
+++ tomcat/site/trunk/docs/download-11.html Tue May  9 20:21:25 2023
@@ -19,7 +19,7 @@
 
   Quick Navigation
 
-[define v]11.0.0-M5[end]
+[define v]11.0.0-M6[end]
 https://downloads.apache.org/tomcat/tomcat-11/KEYS";>KEYS |
 [v] (alpha) |
 Browse |

Modified: tomcat/site/trunk/docs/index.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/index.html?rev=1909705&r1=1909704&r2=1909705&view=diff
==
--- tomcat/site/trunk/docs/index.html (original)
+++ tomcat/site/trunk/docs/index.html Tue May  9 20:21:25 2023
@@ -59,6 +59,37 @@ Full details of these changes, and all t
 
 https://tomcat.apache.org/download-migration.cgi";>Download
 
+2023-05-09 Tomcat 11.0.0-M6 Released
+
+The Apache Tomcat Project is proud to announce the release of version 11.0.0-M6
+(alpha) of Apache Tomcat. This release is a milestone release and is targeted 
at
+Jakarta EE 11.
+Users of Tomcat 10 onwards should be aware that, as a result of the move 
from
+Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse
+Foundation, the primary package for all implemented APIs has changed from
+javax.* to jakarta.*. This will almost certainly
+require code changes to enable applications to migrate from Tomcat 9 and 
earlier
+to Tomcat 10 and later. A
+https://github.com/apache/tomcat-jakartaee-migration";>migration
+tool is available to aid this process.
+The notable changes in this release are:
+
+Various improvements to access logging.
+Remove support for the HTTP Connector settings rejectIllegalHeader and
+allowHostHeaderMismatch. These are now hard-coded to the previous
+defaults.
+Update the packaged version of the Tomcat Migration Tool for Jakarta
+EE to 1.0.7. 
+
+
+Full details of these changes, and all the other changes, are available in the
+Tomcat 11
+(alpha) changelog.
+
+
+
+https://tomcat.apache.org/download-11.cgi";>Download
+
 2023-04-19 Tomcat 8.5.88 Released
  
 The Apache Tomcat Project is proud to announce the release of version 8.5.88
@@ -93,40 +124,6 @@ reach https://tomcat.apache.org
 
 https://tomcat.apache.org/download-80.cgi";>Download
 
-2023-04-19 Tomcat 11.0.0-M5 Released
-
-The Apache Tomcat Project is proud to announce the release of version 11.0.0-M5
-(alpha) of Apache Tomcat. This release is a milestone release and is targeted 
at
-Jakarta EE 11.
-Users of Tomcat 10 onwards should be aware that, as a result of the move 
from
-Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse
-Foundation, the primary package for all implemented APIs has changed from
-javax.* to jakarta.*. This will almost certainly
-require code changes to enable applications to migrate from Tomcat 9 and 
earlier
-to Tomcat 10 and later. A
-https://github.com/apache/tomcat-jakartaee-migration";>migration
-tool is available to aid this process.
-The notable changes in this release are:
-
-Reduce the default value of maxParameterCount from 10,000 to 1,000.
-Correct a regression in the fix for bug 66442 that meant that streams
-without a response body did not decrement the active stream count when
-completing leading to ERR_HTTP2_SERVER_REFUSED_STREAM for some
-connections.
-Expand the validation of the value of the Sec-Websocket-Key header in the
-HTTP upgrade request that initiates a WebSocket connection. The value is 
not
-decoded but it is checked for the correct length and that only valid
-characters from the base64 alphabet are used. 
-
-
-Full details of these changes, and all the other changes, are available in the
-Tomcat 11
-(alpha) changelog.
-
-
-
-https://tomcat.apache.org/download-11.cgi";>Download
-
 2023-04-18 Tomcat 9.0.74 Released
 
 The Apache Tomcat Project is proud to announce the release of version 9.0.74

Modified: tomcat/site/trunk/docs/migration-11.0.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/migration-11.0.html?rev=1909705&r1=1909704&r2=1909705&view=diff
===

svn commit: r1909704 - in /tomcat/site/trunk: ./ docs/tomcat-11.0-doc/ docs/tomcat-11.0-doc/annotationapi/ docs/tomcat-11.0-doc/annotationapi/jakarta/annotation/ docs/tomcat-11.0-doc/annotationapi/jak

2023-05-09 Thread markt 
Author: markt
Date: Tue May  9 20:17:05 2023
New Revision: 1909704

URL: http://svn.apache.org/viewvc?rev=1909704&view=rev
Log:
Update docs for Tomcat 11.0.0-M6


[This commit notification would consist of 93 parts, 
which exceeds the limit of 50 ones, so it was shortened to the summary.]

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.9

2023-05-09 Thread Mark Thomas 

On 09/05/2023 21:03, Igal Sapir wrote:

On Tue, May 9, 2023 at 12:51 PM Mark Thomas  wrote:




The new rate limit tests failed in MacOs and on Windows but that is an
issue with the tests and I am in the process of fixing it.



Thanks Mark.  I look forward to seeing your patch.

It passed on my machine before I commited it but I realize that it can, and
should, be more robust.


No worries.

Anything timing related has a chance of taking longer than you'd 
reasonably expect. I've lost count of the number of tests of mine that 
broke in similar ways. I'm surprised that my MacOS machines hit the 
issue as they are usually pretty speedy but they seem happy with the 
patch so far.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.9

2023-05-09 Thread Igal Sapir 
On Tue, May 9, 2023 at 12:51 PM Mark Thomas  wrote:

> 
>
> The new rate limit tests failed in MacOs and on Windows but that is an
> issue with the tests and I am in the process of fixing it.
>

Thanks Mark.  I look forward to seeing your patch.

It passed on my machine before I commited it but I realize that it can, and
should, be more robust.

Igal



>
> Otherwise, tests passed on Linux, Windows and MacOS.
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
>

[tomcat] 01/03: Fix IDE warnings

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit bb0df62ab311d8f264d88aa7c2ec91285a68d7ac
Author: Mark Thomas 
AuthorDate: Tue May 9 20:32:29 2023 +0100

Fix IDE warnings
---
 java/org/apache/catalina/filters/RateLimitFilter.java | 10 ++
 java/org/apache/catalina/util/TimeBucketCounter.java  |  1 +
 test/org/apache/catalina/filters/TestRateLimitFilter.java |  9 -
 3 files changed, 11 insertions(+), 9 deletions(-)

diff --git a/java/org/apache/catalina/filters/RateLimitFilter.java 
b/java/org/apache/catalina/filters/RateLimitFilter.java
index 32262b8b2a..f3ded50cf0 100644
--- a/java/org/apache/catalina/filters/RateLimitFilter.java
+++ b/java/org/apache/catalina/filters/RateLimitFilter.java
@@ -200,8 +200,9 @@ public class RateLimitFilter implements Filter {
 actualRequests = (int) Math.round(bucketCounter.getRatio() * 
bucketRequests);
 
 log.info(sm.getString("rateLimitFilter.initialized",
-filterName, bucketRequests, bucketDuration, getActualRequests(),
-getActualDurationInSeconds(), (!enforce ? "Not " : "") + 
"enforcing")
+filterName, Integer.valueOf(bucketRequests), 
Integer.valueOf(bucketDuration),
+Integer.valueOf(getActualRequests()), 
Integer.valueOf(getActualDurationInSeconds()),
+(!enforce ? "Not " : "") + "enforcing")
 );
 }
 
@@ -212,13 +213,14 @@ public class RateLimitFilter implements Filter {
 String ipAddr = request.getRemoteAddr();
 int reqCount = bucketCounter.increment(ipAddr);
 
-request.setAttribute(RATE_LIMIT_ATTRIBUTE_COUNT, reqCount);
+request.setAttribute(RATE_LIMIT_ATTRIBUTE_COUNT, 
Integer.valueOf(reqCount));
 
 if (enforce && (reqCount > actualRequests)) {
 
 ((HttpServletResponse) response).sendError(statusCode, 
statusMessage);
 log.warn(sm.getString("rateLimitFilter.maxRequestsExceeded",
-filterName, reqCount, ipAddr, getActualRequests(), 
getActualDurationInSeconds())
+filterName, Integer.valueOf(reqCount), ipAddr, 
Integer.valueOf(getActualRequests()),
+Integer.valueOf(getActualDurationInSeconds()))
 );
 
 return;
diff --git a/java/org/apache/catalina/util/TimeBucketCounter.java 
b/java/org/apache/catalina/util/TimeBucketCounter.java
index 5c602c96af..d104eebf4e 100644
--- a/java/org/apache/catalina/util/TimeBucketCounter.java
+++ b/java/org/apache/catalina/util/TimeBucketCounter.java
@@ -191,6 +191,7 @@ public class TimeBucketCounter {
 this.sleeptime = sleeptime;
 }
 
+@SuppressWarnings("sync-override")
 @Override
 public void start() {
 isRunning = true;
diff --git a/test/org/apache/catalina/filters/TestRateLimitFilter.java 
b/test/org/apache/catalina/filters/TestRateLimitFilter.java
index 9f82306367..684bd3b258 100644
--- a/test/org/apache/catalina/filters/TestRateLimitFilter.java
+++ b/test/org/apache/catalina/filters/TestRateLimitFilter.java
@@ -31,7 +31,6 @@ import org.junit.Assert;
 import org.junit.Test;
 
 import org.apache.catalina.Context;
-import org.apache.catalina.LifecycleException;
 import org.apache.catalina.filters.TestRemoteIpFilter.MockFilterChain;
 import org.apache.catalina.filters.TestRemoteIpFilter.MockHttpServletRequest;
 import org.apache.catalina.startup.Tomcat;
@@ -63,7 +62,7 @@ public class TestRateLimitFilter extends TomcatBaseTest {
 int allowedRequests = (int) 
Math.round(rateLimitFilter.bucketCounter.getRatio() * bucketRequests);
 
 long sleepTime = 
rateLimitFilter.bucketCounter.getMillisUntilNextBucket();
-System.out.printf("Sleeping %d millis for the next time bucket to 
start\n", sleepTime);
+System.out.printf("Sleeping %d millis for the next time bucket to 
start\n", Long.valueOf(sleepTime));
 Thread.sleep(sleepTime);
 
 TestClient tc1 = new TestClient(rateLimitFilter, filterChain, 
"10.20.20.5", 200, 5);
@@ -85,8 +84,7 @@ public class TestRateLimitFilter extends TomcatBaseTest {
 Assert.assertEquals(429, tc4.results[allowedRequests]); // 
subsequent requests dropped
 }
 
-private RateLimitFilter testRateLimitFilter(FilterDef filterDef, Context 
root)
-throws LifecycleException, IOException, ServletException {
+private RateLimitFilter testRateLimitFilter(FilterDef filterDef, Context 
root) throws ServletException {
 
 RateLimitFilter rateLimitFilter = new RateLimitFilter();
 filterDef.setFilterClass(RateLimitFilter.class.getName());
@@ -138,7 +136,8 @@ public class TestRateLimitFilter extends TomcatBaseTest {
 response.setRequest(request);
 filter.doFilter(request, response, filterChain);
 results[i] = response.getStatus();
-System.

[tomcat] 02/03: Clean-up - formatting. No functional change.

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit b4f09a0082acac7da9842d4cb003ff752917915e
Author: Mark Thomas 
AuthorDate: Tue May 9 20:38:49 2023 +0100

Clean-up - formatting. No functional change.
---
 .../apache/catalina/filters/RateLimitFilter.java   | 90 ++
 .../apache/catalina/util/TimeBucketCounter.java| 48 +---
 .../catalina/filters/TestRateLimitFilter.java  | 14 ++--
 3 files changed, 66 insertions(+), 86 deletions(-)

diff --git a/java/org/apache/catalina/filters/RateLimitFilter.java 
b/java/org/apache/catalina/filters/RateLimitFilter.java
index f3ded50cf0..2b35243e84 100644
--- a/java/org/apache/catalina/filters/RateLimitFilter.java
+++ b/java/org/apache/catalina/filters/RateLimitFilter.java
@@ -33,45 +33,41 @@ import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.res.StringManager;
 
 /**
- * Servlet filter that can help mitigate Denial of Service
- * (DoS) and Brute Force attacks by limiting the number of a requests that are
- * allowed from a single IP address within a time window (also referred
- * to as a time bucket), e.g. 300 Requests per 60 seconds.
- *
- * The filter works by incrementing a counter in a time bucket for each IP
- * address, and if the counter exceeds the allowed limit then further requests
- * from that IP are dropped with a "429 Too many requests" response
- * until the bucket time ends and a new bucket starts.
- *
- * The filter is optimized for efficiency and low overhead, so it converts
- * some configured values to more efficient values. For example, a 
configuration
- * of a 60 seconds time bucket is converted to 65.536 seconds. That allows
- * for very fast bucket calculation using bit shift arithmetic. In order to 
remain
- * true to the user intent, the configured number of requests is then 
multiplied
- * by the same ratio, so a configuration of 100 Requests per 60 seconds, has 
the
- * real values of 109 Requests per 65 seconds.
- *
- * It is common to set up different restrictions for different URIs.
- * For example, a login page or authentication script is typically expected
- * to get far less requests than the rest of the application, so you can add
- * a filter definition that would allow only 5 requests per 15 seconds and map
- * those URIs to it.
- *
- * You can set enforce to false
- * to disable the termination of requests that exceed the allowed limit. Then
- * your application code can inspect the Request Attribute
- * org.apache.catalina.filters.RateLimitFilter.Count and decide
- * how to handle the request based on other information that it has, e.g. allow
- * more requests to certain users based on roles, etc.
- *
- * WARNING: if Tomcat is behind a reverse proxy then you 
must
- * make sure that the Rate Limit Filter sees the client IP address, so if for
- * example you are using the Remote IP Filter,
- * then the filter mapping for the Rate Limit Filter must come after
- * the mapping of the Remote IP Filter to ensure that each request has its IP
- * address resolved before the Rate Limit Filter is applied. Failure to do so
- * will count requests from different IPs in the same bucket and will result in
- * a self inflicted DoS attack.
+ * 
+ * Servlet filter that can help mitigate Denial of Service (DoS) and Brute 
Force attacks by limiting the number of a
+ * requests that are allowed from a single IP address within a time window 
(also referred to as a time bucket), e.g. 300
+ * Requests per 60 seconds.
+ * 
+ * 
+ * The filter works by incrementing a counter in a time bucket for each IP 
address, and if the counter exceeds the
+ * allowed limit then further requests from that IP are dropped with a 
"429 Too many requests" response until
+ * the bucket time ends and a new bucket starts.
+ * 
+ * 
+ * The filter is optimized for efficiency and low overhead, so it converts 
some configured values to more efficient
+ * values. For example, a configuration of a 60 seconds time bucket is 
converted to 65.536 seconds. That allows for very
+ * fast bucket calculation using bit shift arithmetic. In order to remain true 
to the user intent, the configured number
+ * of requests is then multiplied by the same ratio, so a configuration of 100 
Requests per 60 seconds, has the real
+ * values of 109 Requests per 65 seconds.
+ * 
+ * 
+ * It is common to set up different restrictions for different URIs. For 
example, a login page or authentication script
+ * is typically expected to get far less requests than the rest of the 
application, so you can add a filter definition
+ * that would allow only 5 requests per 15 seconds and map those URIs to it.
+ * 
+ * 
+ * You can set enforce to false to disable the 
termination of requests that exceed the allowed
+ * limit. Then your application code can inspect the Request Attribute
+ * org.apache.catalina.filters.RateLimitFilter

[tomcat] branch 8.5.x updated (eb85bb201a -> 31a7711d1b)

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from eb85bb201a Make checkstyle actually happy.
 new bb0df62ab3 Fix IDE warnings
 new b4f09a0082 Clean-up - formatting. No functional change.
 new 31a7711d1b MacOS seems to need longer for the test to complete

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/catalina/filters/RateLimitFilter.java   | 90 ++
 .../apache/catalina/util/TimeBucketCounter.java| 49 +---
 .../catalina/filters/TestRateLimitFilter.java  | 32 
 3 files changed, 80 insertions(+), 91 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 03/03: MacOS seems to need longer for the test to complete

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 31a7711d1bd4ae4e00c9267c478e695ad07a820b
Author: Mark Thomas 
AuthorDate: Tue May 9 20:41:53 2023 +0100

MacOS seems to need longer for the test to complete
---
 test/org/apache/catalina/filters/TestRateLimitFilter.java | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/test/org/apache/catalina/filters/TestRateLimitFilter.java 
b/test/org/apache/catalina/filters/TestRateLimitFilter.java
index aa6ffd0c48..7e986e75d0 100644
--- a/test/org/apache/catalina/filters/TestRateLimitFilter.java
+++ b/test/org/apache/catalina/filters/TestRateLimitFilter.java
@@ -71,7 +71,14 @@ public class TestRateLimitFilter extends TomcatBaseTest {
 TestClient tc3 = new TestClient(rateLimitFilter, filterChain, 
"10.20.20.20", 200, 20);
 TestClient tc4 = new TestClient(rateLimitFilter, filterChain, 
"10.20.20.40", 200, 40);
 
-Thread.sleep(5000);
+// Sleep for up to 10s for clients to complete
+int count = 0;
+while (count < 100 && (tc1.results[24] == 0 || tc2.results[49] == 0 || 
tc3.results[allowedRequests - 1] == 0 ||
+tc3.results[allowedRequests] == 0 || 
tc3.results[allowedRequests - 1] == 0 ||
+tc4.results[allowedRequests] == 0)) {
+Thread.sleep(100);
+count++;
+}
 
 Assert.assertEquals(200, tc1.results[24]); // only 25 requests made, 
all allowed
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 9.0.x updated (79746b1805 -> ac9e8f79d8)

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 79746b1805 Make checkstyle happy
 new 195bc35c41 Fix IDE warnings
 new 61f237e4a6 Clean-up - formatting. No functional change.
 new ac9e8f79d8 MacOS seems to need longer for the test to complete

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/catalina/filters/RateLimitFilter.java   | 93 +++---
 .../apache/catalina/util/TimeBucketCounter.java| 61 ++
 .../catalina/filters/TestRateLimitFilter.java  | 42 +-
 3 files changed, 94 insertions(+), 102 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/03: Fix IDE warnings

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 195bc35c41c4b728aa224dacf22cc9c1f39b4b88
Author: Mark Thomas 
AuthorDate: Tue May 9 20:32:29 2023 +0100

Fix IDE warnings
---
 java/org/apache/catalina/filters/RateLimitFilter.java | 12 
 java/org/apache/catalina/util/TimeBucketCounter.java  |  1 +
 .../apache/catalina/filters/TestRateLimitFilter.java  | 19 +--
 3 files changed, 18 insertions(+), 14 deletions(-)

diff --git a/java/org/apache/catalina/filters/RateLimitFilter.java 
b/java/org/apache/catalina/filters/RateLimitFilter.java
index e545381d58..7dd4f7a3a6 100644
--- a/java/org/apache/catalina/filters/RateLimitFilter.java
+++ b/java/org/apache/catalina/filters/RateLimitFilter.java
@@ -75,6 +75,8 @@ import org.apache.tomcat.util.res.StringManager;
  */
 public class RateLimitFilter extends GenericFilter {
 
+private static final long serialVersionUID = 1L;
+
 /**
  * default duration in seconds
  */
@@ -198,8 +200,9 @@ public class RateLimitFilter extends GenericFilter {
 actualRequests = (int) Math.round(bucketCounter.getRatio() * 
bucketRequests);
 
 log.info(sm.getString("rateLimitFilter.initialized",
-super.getFilterName(), bucketRequests, bucketDuration, 
getActualRequests(),
-getActualDurationInSeconds(), (!enforce ? "Not " : "") + 
"enforcing")
+super.getFilterName(), Integer.valueOf(bucketRequests), 
Integer.valueOf(bucketDuration),
+Integer.valueOf(getActualRequests()), 
Integer.valueOf(getActualDurationInSeconds()),
+(!enforce ? "Not " : "") + "enforcing")
 );
 }
 
@@ -210,13 +213,14 @@ public class RateLimitFilter extends GenericFilter {
 String ipAddr = request.getRemoteAddr();
 int reqCount = bucketCounter.increment(ipAddr);
 
-request.setAttribute(RATE_LIMIT_ATTRIBUTE_COUNT, reqCount);
+request.setAttribute(RATE_LIMIT_ATTRIBUTE_COUNT, 
Integer.valueOf(reqCount));
 
 if (enforce && (reqCount > actualRequests)) {
 
 ((HttpServletResponse) response).sendError(statusCode, 
statusMessage);
 log.warn(sm.getString("rateLimitFilter.maxRequestsExceeded",
-super.getFilterName(), reqCount, ipAddr, getActualRequests(), 
getActualDurationInSeconds())
+super.getFilterName(), Integer.valueOf(reqCount), ipAddr, 
Integer.valueOf(getActualRequests()),
+Integer.valueOf(getActualDurationInSeconds()))
 );
 
 return;
diff --git a/java/org/apache/catalina/util/TimeBucketCounter.java 
b/java/org/apache/catalina/util/TimeBucketCounter.java
index bd5e70fcb4..4c1974242e 100644
--- a/java/org/apache/catalina/util/TimeBucketCounter.java
+++ b/java/org/apache/catalina/util/TimeBucketCounter.java
@@ -182,6 +182,7 @@ public class TimeBucketCounter {
 this.sleeptime = sleeptime;
 }
 
+@SuppressWarnings("sync-override")
 @Override
 public void start() {
 isRunning = true;
diff --git a/test/org/apache/catalina/filters/TestRateLimitFilter.java 
b/test/org/apache/catalina/filters/TestRateLimitFilter.java
index f78b099e74..ecef77d0ab 100644
--- a/test/org/apache/catalina/filters/TestRateLimitFilter.java
+++ b/test/org/apache/catalina/filters/TestRateLimitFilter.java
@@ -27,20 +27,19 @@ import javax.servlet.FilterConfig;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 
+import org.junit.Assert;
+import org.junit.Test;
+
 import org.apache.catalina.Context;
-import org.apache.catalina.LifecycleException;
-import org.apache.catalina.startup.Tomcat;
-import org.apache.catalina.startup.TomcatBaseTest;
 import org.apache.catalina.filters.TestRemoteIpFilter.MockFilterChain;
 import org.apache.catalina.filters.TestRemoteIpFilter.MockHttpServletRequest;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.catalina.startup.TomcatBaseTest;
 import org.apache.tomcat.unittest.TesterResponse;
 import org.apache.tomcat.unittest.TesterServletContext;
 import org.apache.tomcat.util.descriptor.web.FilterDef;
 import org.apache.tomcat.util.descriptor.web.FilterMap;
 
-import org.junit.Assert;
-import org.junit.Test;
-
 public class TestRateLimitFilter extends TomcatBaseTest {
 
 @Test
@@ -63,7 +62,7 @@ public class TestRateLimitFilter extends TomcatBaseTest {
 int allowedRequests = (int) 
Math.round(rateLimitFilter.bucketCounter.getRatio() * bucketRequests);
 
 long sleepTime = 
rateLimitFilter.bucketCounter.getMillisUntilNextBucket();
-System.out.printf("Sleeping %d millis for the next time bucket to 
start\n", sleepTime);
+System.out.printf("Sleeping %d millis for the next time bucket to 
start\n", Long.valueOf(sleepTime));
 Thread.sleep(sleepTime);
 
 TestClient tc1 = new TestClient(rateLimitFilter, filt

[tomcat] 02/03: Clean-up - formatting. No functional change.

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 61f237e4a6b771a586802b19d5b460dce52d0c0d
Author: Mark Thomas 
AuthorDate: Tue May 9 20:38:49 2023 +0100

Clean-up - formatting. No functional change.
---
 .../apache/catalina/filters/RateLimitFilter.java   | 91 ++
 .../apache/catalina/util/TimeBucketCounter.java| 60 ++
 .../catalina/filters/TestRateLimitFilter.java  | 14 ++--
 3 files changed, 73 insertions(+), 92 deletions(-)

diff --git a/java/org/apache/catalina/filters/RateLimitFilter.java 
b/java/org/apache/catalina/filters/RateLimitFilter.java
index 7dd4f7a3a6..d164eee94e 100644
--- a/java/org/apache/catalina/filters/RateLimitFilter.java
+++ b/java/org/apache/catalina/filters/RateLimitFilter.java
@@ -33,45 +33,41 @@ import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.res.StringManager;
 
 /**
- * Servlet filter that can help mitigate Denial of Service
- * (DoS) and Brute Force attacks by limiting the number of a requests that are
- * allowed from a single IP address within a time window (also referred
- * to as a time bucket), e.g. 300 Requests per 60 seconds.
- *
- * The filter works by incrementing a counter in a time bucket for each IP
- * address, and if the counter exceeds the allowed limit then further requests
- * from that IP are dropped with a "429 Too many requests" response
- * until the bucket time ends and a new bucket starts.
- *
- * The filter is optimized for efficiency and low overhead, so it converts
- * some configured values to more efficient values. For example, a 
configuration
- * of a 60 seconds time bucket is converted to 65.536 seconds. That allows
- * for very fast bucket calculation using bit shift arithmetic. In order to 
remain
- * true to the user intent, the configured number of requests is then 
multiplied
- * by the same ratio, so a configuration of 100 Requests per 60 seconds, has 
the
- * real values of 109 Requests per 65 seconds.
- *
- * It is common to set up different restrictions for different URIs.
- * For example, a login page or authentication script is typically expected
- * to get far less requests than the rest of the application, so you can add
- * a filter definition that would allow only 5 requests per 15 seconds and map
- * those URIs to it.
- *
- * You can set enforce to false
- * to disable the termination of requests that exceed the allowed limit. Then
- * your application code can inspect the Request Attribute
- * org.apache.catalina.filters.RateLimitFilter.Count and decide
- * how to handle the request based on other information that it has, e.g. allow
- * more requests to certain users based on roles, etc.
- *
- * WARNING: if Tomcat is behind a reverse proxy then you 
must
- * make sure that the Rate Limit Filter sees the client IP address, so if for
- * example you are using the Remote IP Filter,
- * then the filter mapping for the Rate Limit Filter must come after
- * the mapping of the Remote IP Filter to ensure that each request has its IP
- * address resolved before the Rate Limit Filter is applied. Failure to do so
- * will count requests from different IPs in the same bucket and will result in
- * a self inflicted DoS attack.
+ * 
+ * Servlet filter that can help mitigate Denial of Service (DoS) and Brute 
Force attacks by limiting the number of a
+ * requests that are allowed from a single IP address within a time window 
(also referred to as a time bucket), e.g. 300
+ * Requests per 60 seconds.
+ * 
+ * 
+ * The filter works by incrementing a counter in a time bucket for each IP 
address, and if the counter exceeds the
+ * allowed limit then further requests from that IP are dropped with a 
"429 Too many requests" response until
+ * the bucket time ends and a new bucket starts.
+ * 
+ * 
+ * The filter is optimized for efficiency and low overhead, so it converts 
some configured values to more efficient
+ * values. For example, a configuration of a 60 seconds time bucket is 
converted to 65.536 seconds. That allows for very
+ * fast bucket calculation using bit shift arithmetic. In order to remain true 
to the user intent, the configured number
+ * of requests is then multiplied by the same ratio, so a configuration of 100 
Requests per 60 seconds, has the real
+ * values of 109 Requests per 65 seconds.
+ * 
+ * 
+ * It is common to set up different restrictions for different URIs. For 
example, a login page or authentication script
+ * is typically expected to get far less requests than the rest of the 
application, so you can add a filter definition
+ * that would allow only 5 requests per 15 seconds and map those URIs to it.
+ * 
+ * 
+ * You can set enforce to false to disable the 
termination of requests that exceed the allowed
+ * limit. Then your application code can inspect the Request Attribute
+ * org.apache.catalina.filters.RateLimitFilt

[tomcat] 03/03: MacOS seems to need longer for the test to complete

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit ac9e8f79d8bd072033a91eb85f1c7a7b7cf895a8
Author: Mark Thomas 
AuthorDate: Tue May 9 20:41:53 2023 +0100

MacOS seems to need longer for the test to complete
---
 test/org/apache/catalina/filters/TestRateLimitFilter.java | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/test/org/apache/catalina/filters/TestRateLimitFilter.java 
b/test/org/apache/catalina/filters/TestRateLimitFilter.java
index 3d01942101..ce7467eb64 100644
--- a/test/org/apache/catalina/filters/TestRateLimitFilter.java
+++ b/test/org/apache/catalina/filters/TestRateLimitFilter.java
@@ -71,7 +71,14 @@ public class TestRateLimitFilter extends TomcatBaseTest {
 TestClient tc3 = new TestClient(rateLimitFilter, filterChain, 
"10.20.20.20", 200, 20);
 TestClient tc4 = new TestClient(rateLimitFilter, filterChain, 
"10.20.20.40", 200, 40);
 
-Thread.sleep(5000);
+// Sleep for up to 10s for clients to complete
+int count = 0;
+while (count < 100 && (tc1.results[24] == 0 || tc2.results[49] == 0 || 
tc3.results[allowedRequests - 1] == 0 ||
+tc3.results[allowedRequests] == 0 || 
tc3.results[allowedRequests - 1] == 0 ||
+tc4.results[allowedRequests] == 0)) {
+Thread.sleep(100);
+count++;
+}
 
 Assert.assertEquals(200, tc1.results[24]); // only 25 requests made, 
all allowed
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.9

2023-05-09 Thread Mark Thomas 

On 09/05/2023 17:12, Christopher Schultz wrote:


The proposed 10.1.9 release is:
[ ] Broken - do not release
[X] Stable - go ahead and release as 10.1.9


The new rate limit tests failed in MacOs and on Windows but that is an 
issue with the tests and I am in the process of fixing it.


Otherwise, tests passed on Linux, Windows and MacOS.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/03: Clean-up - formatting. No functional change.

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 05a542911b26f211f1f8b6a3db3f3a557b23b00f
Author: Mark Thomas 
AuthorDate: Tue May 9 20:38:49 2023 +0100

Clean-up - formatting. No functional change.
---
 .../apache/catalina/filters/RateLimitFilter.java   | 91 ++
 .../apache/catalina/util/TimeBucketCounter.java| 60 ++
 .../catalina/filters/TestRateLimitFilter.java  | 14 ++--
 3 files changed, 73 insertions(+), 92 deletions(-)

diff --git a/java/org/apache/catalina/filters/RateLimitFilter.java 
b/java/org/apache/catalina/filters/RateLimitFilter.java
index 94e615452a..097485aef3 100644
--- a/java/org/apache/catalina/filters/RateLimitFilter.java
+++ b/java/org/apache/catalina/filters/RateLimitFilter.java
@@ -33,45 +33,41 @@ import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.res.StringManager;
 
 /**
- * Servlet filter that can help mitigate Denial of Service
- * (DoS) and Brute Force attacks by limiting the number of a requests that are
- * allowed from a single IP address within a time window (also referred
- * to as a time bucket), e.g. 300 Requests per 60 seconds.
- *
- * The filter works by incrementing a counter in a time bucket for each IP
- * address, and if the counter exceeds the allowed limit then further requests
- * from that IP are dropped with a "429 Too many requests" response
- * until the bucket time ends and a new bucket starts.
- *
- * The filter is optimized for efficiency and low overhead, so it converts
- * some configured values to more efficient values. For example, a 
configuration
- * of a 60 seconds time bucket is converted to 65.536 seconds. That allows
- * for very fast bucket calculation using bit shift arithmetic. In order to 
remain
- * true to the user intent, the configured number of requests is then 
multiplied
- * by the same ratio, so a configuration of 100 Requests per 60 seconds, has 
the
- * real values of 109 Requests per 65 seconds.
- *
- * It is common to set up different restrictions for different URIs.
- * For example, a login page or authentication script is typically expected
- * to get far less requests than the rest of the application, so you can add
- * a filter definition that would allow only 5 requests per 15 seconds and map
- * those URIs to it.
- *
- * You can set enforce to false
- * to disable the termination of requests that exceed the allowed limit. Then
- * your application code can inspect the Request Attribute
- * org.apache.catalina.filters.RateLimitFilter.Count and decide
- * how to handle the request based on other information that it has, e.g. allow
- * more requests to certain users based on roles, etc.
- *
- * WARNING: if Tomcat is behind a reverse proxy then you 
must
- * make sure that the Rate Limit Filter sees the client IP address, so if for
- * example you are using the Remote IP Filter,
- * then the filter mapping for the Rate Limit Filter must come after
- * the mapping of the Remote IP Filter to ensure that each request has its IP
- * address resolved before the Rate Limit Filter is applied. Failure to do so
- * will count requests from different IPs in the same bucket and will result in
- * a self inflicted DoS attack.
+ * 
+ * Servlet filter that can help mitigate Denial of Service (DoS) and Brute 
Force attacks by limiting the number of a
+ * requests that are allowed from a single IP address within a time window 
(also referred to as a time bucket), e.g. 300
+ * Requests per 60 seconds.
+ * 
+ * 
+ * The filter works by incrementing a counter in a time bucket for each IP 
address, and if the counter exceeds the
+ * allowed limit then further requests from that IP are dropped with a 
"429 Too many requests" response until
+ * the bucket time ends and a new bucket starts.
+ * 
+ * 
+ * The filter is optimized for efficiency and low overhead, so it converts 
some configured values to more efficient
+ * values. For example, a configuration of a 60 seconds time bucket is 
converted to 65.536 seconds. That allows for very
+ * fast bucket calculation using bit shift arithmetic. In order to remain true 
to the user intent, the configured number
+ * of requests is then multiplied by the same ratio, so a configuration of 100 
Requests per 60 seconds, has the real
+ * values of 109 Requests per 65 seconds.
+ * 
+ * 
+ * It is common to set up different restrictions for different URIs. For 
example, a login page or authentication script
+ * is typically expected to get far less requests than the rest of the 
application, so you can add a filter definition
+ * that would allow only 5 requests per 15 seconds and map those URIs to it.
+ * 
+ * 
+ * You can set enforce to false to disable the 
termination of requests that exceed the allowed
+ * limit. Then your application code can inspect the Request Attribute
+ * org.apache.catalina.filters.RateLimitFil

[tomcat] 03/03: MacOS seems to need longer for the test to complete

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 183cb90875782a1e34491224658ae02902fd815d
Author: Mark Thomas 
AuthorDate: Tue May 9 20:41:53 2023 +0100

MacOS seems to need longer for the test to complete
---
 test/org/apache/catalina/filters/TestRateLimitFilter.java | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/test/org/apache/catalina/filters/TestRateLimitFilter.java 
b/test/org/apache/catalina/filters/TestRateLimitFilter.java
index bf6c397972..b47e67ed60 100644
--- a/test/org/apache/catalina/filters/TestRateLimitFilter.java
+++ b/test/org/apache/catalina/filters/TestRateLimitFilter.java
@@ -71,7 +71,14 @@ public class TestRateLimitFilter extends TomcatBaseTest {
 TestClient tc3 = new TestClient(rateLimitFilter, filterChain, 
"10.20.20.20", 200, 20);
 TestClient tc4 = new TestClient(rateLimitFilter, filterChain, 
"10.20.20.40", 200, 40);
 
-Thread.sleep(5000);
+// Sleep for up to 10s for clients to complete
+int count = 0;
+while (count < 100 && (tc1.results[24] == 0 || tc2.results[49] == 0 || 
tc3.results[allowedRequests - 1] == 0 ||
+tc3.results[allowedRequests] == 0 || 
tc3.results[allowedRequests - 1] == 0 ||
+tc4.results[allowedRequests] == 0)) {
+Thread.sleep(100);
+count++;
+}
 
 Assert.assertEquals(200, tc1.results[24]); // only 25 requests made, 
all allowed
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/03: Fix IDE warnings

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 1c5a7a88865faffebc47a779aef4fc6b78da2e76
Author: Mark Thomas 
AuthorDate: Tue May 9 20:32:29 2023 +0100

Fix IDE warnings
---
 java/org/apache/catalina/filters/RateLimitFilter.java | 12 
 java/org/apache/catalina/util/TimeBucketCounter.java  |  1 +
 test/org/apache/catalina/filters/TestRateLimitFilter.java |  9 -
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/java/org/apache/catalina/filters/RateLimitFilter.java 
b/java/org/apache/catalina/filters/RateLimitFilter.java
index b4da01393d..94e615452a 100644
--- a/java/org/apache/catalina/filters/RateLimitFilter.java
+++ b/java/org/apache/catalina/filters/RateLimitFilter.java
@@ -75,6 +75,8 @@ import org.apache.tomcat.util.res.StringManager;
  */
 public class RateLimitFilter extends GenericFilter {
 
+private static final long serialVersionUID = 1L;
+
 /**
  * default duration in seconds
  */
@@ -198,8 +200,9 @@ public class RateLimitFilter extends GenericFilter {
 actualRequests = (int) Math.round(bucketCounter.getRatio() * 
bucketRequests);
 
 log.info(sm.getString("rateLimitFilter.initialized",
-super.getFilterName(), bucketRequests, bucketDuration, 
getActualRequests(),
-getActualDurationInSeconds(), (!enforce ? "Not " : "") + 
"enforcing")
+super.getFilterName(), Integer.valueOf(bucketRequests), 
Integer.valueOf(bucketDuration),
+Integer.valueOf(getActualRequests()), 
Integer.valueOf(getActualDurationInSeconds()),
+(!enforce ? "Not " : "") + "enforcing")
 );
 }
 
@@ -210,13 +213,14 @@ public class RateLimitFilter extends GenericFilter {
 String ipAddr = request.getRemoteAddr();
 int reqCount = bucketCounter.increment(ipAddr);
 
-request.setAttribute(RATE_LIMIT_ATTRIBUTE_COUNT, reqCount);
+request.setAttribute(RATE_LIMIT_ATTRIBUTE_COUNT, 
Integer.valueOf(reqCount));
 
 if (enforce && (reqCount > actualRequests)) {
 
 ((HttpServletResponse) response).sendError(statusCode, 
statusMessage);
 log.warn(sm.getString("rateLimitFilter.maxRequestsExceeded",
-super.getFilterName(), reqCount, ipAddr, getActualRequests(), 
getActualDurationInSeconds())
+super.getFilterName(), Integer.valueOf(reqCount), ipAddr, 
Integer.valueOf(getActualRequests()),
+Integer.valueOf(getActualDurationInSeconds()))
 );
 
 return;
diff --git a/java/org/apache/catalina/util/TimeBucketCounter.java 
b/java/org/apache/catalina/util/TimeBucketCounter.java
index bd5e70fcb4..4c1974242e 100644
--- a/java/org/apache/catalina/util/TimeBucketCounter.java
+++ b/java/org/apache/catalina/util/TimeBucketCounter.java
@@ -182,6 +182,7 @@ public class TimeBucketCounter {
 this.sleeptime = sleeptime;
 }
 
+@SuppressWarnings("sync-override")
 @Override
 public void start() {
 isRunning = true;
diff --git a/test/org/apache/catalina/filters/TestRateLimitFilter.java 
b/test/org/apache/catalina/filters/TestRateLimitFilter.java
index ca428d6fb2..a1b0b6a0bc 100644
--- a/test/org/apache/catalina/filters/TestRateLimitFilter.java
+++ b/test/org/apache/catalina/filters/TestRateLimitFilter.java
@@ -31,7 +31,6 @@ import org.junit.Assert;
 import org.junit.Test;
 
 import org.apache.catalina.Context;
-import org.apache.catalina.LifecycleException;
 import org.apache.catalina.filters.TestRemoteIpFilter.MockFilterChain;
 import org.apache.catalina.filters.TestRemoteIpFilter.MockHttpServletRequest;
 import org.apache.catalina.startup.Tomcat;
@@ -63,7 +62,7 @@ public class TestRateLimitFilter extends TomcatBaseTest {
 int allowedRequests = (int) 
Math.round(rateLimitFilter.bucketCounter.getRatio() * bucketRequests);
 
 long sleepTime = 
rateLimitFilter.bucketCounter.getMillisUntilNextBucket();
-System.out.printf("Sleeping %d millis for the next time bucket to 
start\n", sleepTime);
+System.out.printf("Sleeping %d millis for the next time bucket to 
start\n", Long.valueOf(sleepTime));
 Thread.sleep(sleepTime);
 
 TestClient tc1 = new TestClient(rateLimitFilter, filterChain, 
"10.20.20.5", 200, 5);
@@ -85,8 +84,7 @@ public class TestRateLimitFilter extends TomcatBaseTest {
 Assert.assertEquals(429, tc4.results[allowedRequests]); // 
subsequent requests dropped
 }
 
-private RateLimitFilter testRateLimitFilter(FilterDef filterDef, Context 
root)
-throws LifecycleException, IOException, ServletException {
+private RateLimitFilter testRateLimitFilter(FilterDef filterDef, Context 
root) throws ServletException {
 
 RateLimitFilter rateLimitFilter = new RateLimitFilter();
 filterDef.setFilterClass(RateLimitFilter.class.g

[tomcat] branch 10.1.x updated (c6cfb34751 -> 183cb90875)

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from c6cfb34751 Make checkstyle happy
 new 1c5a7a8886 Fix IDE warnings
 new 05a542911b Clean-up - formatting. No functional change.
 new 183cb90875 MacOS seems to need longer for the test to complete

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/catalina/filters/RateLimitFilter.java   | 93 +++---
 .../apache/catalina/util/TimeBucketCounter.java| 61 ++
 .../catalina/filters/TestRateLimitFilter.java  | 32 
 3 files changed, 89 insertions(+), 97 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/03: Fix IDE warnings

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 8429bcf7a6a0978940b13d80e80297a53f6a28ff
Author: Mark Thomas 
AuthorDate: Tue May 9 20:32:29 2023 +0100

Fix IDE warnings
---
 java/org/apache/catalina/filters/RateLimitFilter.java | 12 
 java/org/apache/catalina/util/TimeBucketCounter.java  |  1 +
 test/org/apache/catalina/filters/TestRateLimitFilter.java |  9 -
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/java/org/apache/catalina/filters/RateLimitFilter.java 
b/java/org/apache/catalina/filters/RateLimitFilter.java
index b4da01393d..94e615452a 100644
--- a/java/org/apache/catalina/filters/RateLimitFilter.java
+++ b/java/org/apache/catalina/filters/RateLimitFilter.java
@@ -75,6 +75,8 @@ import org.apache.tomcat.util.res.StringManager;
  */
 public class RateLimitFilter extends GenericFilter {
 
+private static final long serialVersionUID = 1L;
+
 /**
  * default duration in seconds
  */
@@ -198,8 +200,9 @@ public class RateLimitFilter extends GenericFilter {
 actualRequests = (int) Math.round(bucketCounter.getRatio() * 
bucketRequests);
 
 log.info(sm.getString("rateLimitFilter.initialized",
-super.getFilterName(), bucketRequests, bucketDuration, 
getActualRequests(),
-getActualDurationInSeconds(), (!enforce ? "Not " : "") + 
"enforcing")
+super.getFilterName(), Integer.valueOf(bucketRequests), 
Integer.valueOf(bucketDuration),
+Integer.valueOf(getActualRequests()), 
Integer.valueOf(getActualDurationInSeconds()),
+(!enforce ? "Not " : "") + "enforcing")
 );
 }
 
@@ -210,13 +213,14 @@ public class RateLimitFilter extends GenericFilter {
 String ipAddr = request.getRemoteAddr();
 int reqCount = bucketCounter.increment(ipAddr);
 
-request.setAttribute(RATE_LIMIT_ATTRIBUTE_COUNT, reqCount);
+request.setAttribute(RATE_LIMIT_ATTRIBUTE_COUNT, 
Integer.valueOf(reqCount));
 
 if (enforce && (reqCount > actualRequests)) {
 
 ((HttpServletResponse) response).sendError(statusCode, 
statusMessage);
 log.warn(sm.getString("rateLimitFilter.maxRequestsExceeded",
-super.getFilterName(), reqCount, ipAddr, getActualRequests(), 
getActualDurationInSeconds())
+super.getFilterName(), Integer.valueOf(reqCount), ipAddr, 
Integer.valueOf(getActualRequests()),
+Integer.valueOf(getActualDurationInSeconds()))
 );
 
 return;
diff --git a/java/org/apache/catalina/util/TimeBucketCounter.java 
b/java/org/apache/catalina/util/TimeBucketCounter.java
index bd5e70fcb4..4c1974242e 100644
--- a/java/org/apache/catalina/util/TimeBucketCounter.java
+++ b/java/org/apache/catalina/util/TimeBucketCounter.java
@@ -182,6 +182,7 @@ public class TimeBucketCounter {
 this.sleeptime = sleeptime;
 }
 
+@SuppressWarnings("sync-override")
 @Override
 public void start() {
 isRunning = true;
diff --git a/test/org/apache/catalina/filters/TestRateLimitFilter.java 
b/test/org/apache/catalina/filters/TestRateLimitFilter.java
index ca428d6fb2..a1b0b6a0bc 100644
--- a/test/org/apache/catalina/filters/TestRateLimitFilter.java
+++ b/test/org/apache/catalina/filters/TestRateLimitFilter.java
@@ -31,7 +31,6 @@ import org.junit.Assert;
 import org.junit.Test;
 
 import org.apache.catalina.Context;
-import org.apache.catalina.LifecycleException;
 import org.apache.catalina.filters.TestRemoteIpFilter.MockFilterChain;
 import org.apache.catalina.filters.TestRemoteIpFilter.MockHttpServletRequest;
 import org.apache.catalina.startup.Tomcat;
@@ -63,7 +62,7 @@ public class TestRateLimitFilter extends TomcatBaseTest {
 int allowedRequests = (int) 
Math.round(rateLimitFilter.bucketCounter.getRatio() * bucketRequests);
 
 long sleepTime = 
rateLimitFilter.bucketCounter.getMillisUntilNextBucket();
-System.out.printf("Sleeping %d millis for the next time bucket to 
start\n", sleepTime);
+System.out.printf("Sleeping %d millis for the next time bucket to 
start\n", Long.valueOf(sleepTime));
 Thread.sleep(sleepTime);
 
 TestClient tc1 = new TestClient(rateLimitFilter, filterChain, 
"10.20.20.5", 200, 5);
@@ -85,8 +84,7 @@ public class TestRateLimitFilter extends TomcatBaseTest {
 Assert.assertEquals(429, tc4.results[allowedRequests]); // 
subsequent requests dropped
 }
 
-private RateLimitFilter testRateLimitFilter(FilterDef filterDef, Context 
root)
-throws LifecycleException, IOException, ServletException {
+private RateLimitFilter testRateLimitFilter(FilterDef filterDef, Context 
root) throws ServletException {
 
 RateLimitFilter rateLimitFilter = new RateLimitFilter();
 filterDef.setFilterClass(RateLimitFilter.class.get

[tomcat] 03/03: MacOS seems to need longer for the test to complete

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 4839d6997992f2615eb36b371c88745a43ac2ad7
Author: Mark Thomas 
AuthorDate: Tue May 9 20:41:53 2023 +0100

MacOS seems to need longer for the test to complete
---
 test/org/apache/catalina/filters/TestRateLimitFilter.java | 9 -
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/test/org/apache/catalina/filters/TestRateLimitFilter.java 
b/test/org/apache/catalina/filters/TestRateLimitFilter.java
index bf6c397972..b47e67ed60 100644
--- a/test/org/apache/catalina/filters/TestRateLimitFilter.java
+++ b/test/org/apache/catalina/filters/TestRateLimitFilter.java
@@ -71,7 +71,14 @@ public class TestRateLimitFilter extends TomcatBaseTest {
 TestClient tc3 = new TestClient(rateLimitFilter, filterChain, 
"10.20.20.20", 200, 20);
 TestClient tc4 = new TestClient(rateLimitFilter, filterChain, 
"10.20.20.40", 200, 40);
 
-Thread.sleep(5000);
+// Sleep for up to 10s for clients to complete
+int count = 0;
+while (count < 100 && (tc1.results[24] == 0 || tc2.results[49] == 0 || 
tc3.results[allowedRequests - 1] == 0 ||
+tc3.results[allowedRequests] == 0 || 
tc3.results[allowedRequests - 1] == 0 ||
+tc4.results[allowedRequests] == 0)) {
+Thread.sleep(100);
+count++;
+}
 
 Assert.assertEquals(200, tc1.results[24]); // only 25 requests made, 
all allowed
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 02/03: Clean-up - formatting. No functional change.

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 7ba678c566dc82e4f169e5bc25313b310140df8f
Author: Mark Thomas 
AuthorDate: Tue May 9 20:38:49 2023 +0100

Clean-up - formatting. No functional change.
---
 .../apache/catalina/filters/RateLimitFilter.java   | 91 ++
 .../apache/catalina/util/TimeBucketCounter.java| 60 ++
 .../catalina/filters/TestRateLimitFilter.java  | 14 ++--
 3 files changed, 73 insertions(+), 92 deletions(-)

diff --git a/java/org/apache/catalina/filters/RateLimitFilter.java 
b/java/org/apache/catalina/filters/RateLimitFilter.java
index 94e615452a..097485aef3 100644
--- a/java/org/apache/catalina/filters/RateLimitFilter.java
+++ b/java/org/apache/catalina/filters/RateLimitFilter.java
@@ -33,45 +33,41 @@ import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.res.StringManager;
 
 /**
- * Servlet filter that can help mitigate Denial of Service
- * (DoS) and Brute Force attacks by limiting the number of a requests that are
- * allowed from a single IP address within a time window (also referred
- * to as a time bucket), e.g. 300 Requests per 60 seconds.
- *
- * The filter works by incrementing a counter in a time bucket for each IP
- * address, and if the counter exceeds the allowed limit then further requests
- * from that IP are dropped with a "429 Too many requests" response
- * until the bucket time ends and a new bucket starts.
- *
- * The filter is optimized for efficiency and low overhead, so it converts
- * some configured values to more efficient values. For example, a 
configuration
- * of a 60 seconds time bucket is converted to 65.536 seconds. That allows
- * for very fast bucket calculation using bit shift arithmetic. In order to 
remain
- * true to the user intent, the configured number of requests is then 
multiplied
- * by the same ratio, so a configuration of 100 Requests per 60 seconds, has 
the
- * real values of 109 Requests per 65 seconds.
- *
- * It is common to set up different restrictions for different URIs.
- * For example, a login page or authentication script is typically expected
- * to get far less requests than the rest of the application, so you can add
- * a filter definition that would allow only 5 requests per 15 seconds and map
- * those URIs to it.
- *
- * You can set enforce to false
- * to disable the termination of requests that exceed the allowed limit. Then
- * your application code can inspect the Request Attribute
- * org.apache.catalina.filters.RateLimitFilter.Count and decide
- * how to handle the request based on other information that it has, e.g. allow
- * more requests to certain users based on roles, etc.
- *
- * WARNING: if Tomcat is behind a reverse proxy then you 
must
- * make sure that the Rate Limit Filter sees the client IP address, so if for
- * example you are using the Remote IP Filter,
- * then the filter mapping for the Rate Limit Filter must come after
- * the mapping of the Remote IP Filter to ensure that each request has its IP
- * address resolved before the Rate Limit Filter is applied. Failure to do so
- * will count requests from different IPs in the same bucket and will result in
- * a self inflicted DoS attack.
+ * 
+ * Servlet filter that can help mitigate Denial of Service (DoS) and Brute 
Force attacks by limiting the number of a
+ * requests that are allowed from a single IP address within a time window 
(also referred to as a time bucket), e.g. 300
+ * Requests per 60 seconds.
+ * 
+ * 
+ * The filter works by incrementing a counter in a time bucket for each IP 
address, and if the counter exceeds the
+ * allowed limit then further requests from that IP are dropped with a 
"429 Too many requests" response until
+ * the bucket time ends and a new bucket starts.
+ * 
+ * 
+ * The filter is optimized for efficiency and low overhead, so it converts 
some configured values to more efficient
+ * values. For example, a configuration of a 60 seconds time bucket is 
converted to 65.536 seconds. That allows for very
+ * fast bucket calculation using bit shift arithmetic. In order to remain true 
to the user intent, the configured number
+ * of requests is then multiplied by the same ratio, so a configuration of 100 
Requests per 60 seconds, has the real
+ * values of 109 Requests per 65 seconds.
+ * 
+ * 
+ * It is common to set up different restrictions for different URIs. For 
example, a login page or authentication script
+ * is typically expected to get far less requests than the rest of the 
application, so you can add a filter definition
+ * that would allow only 5 requests per 15 seconds and map those URIs to it.
+ * 
+ * 
+ * You can set enforce to false to disable the 
termination of requests that exceed the allowed
+ * limit. Then your application code can inspect the Request Attribute
+ * org.apache.catalina.filters.RateLimitFilte

[tomcat] branch main updated (99fa64eb1c -> 4839d69979)

2023-05-09 Thread markt 
This is an automated email from the ASF dual-hosted git repository.

markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


from 99fa64eb1c Make checkstyle happy
 new 8429bcf7a6 Fix IDE warnings
 new 7ba678c566 Clean-up - formatting. No functional change.
 new 4839d69979 MacOS seems to need longer for the test to complete

The 3 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../apache/catalina/filters/RateLimitFilter.java   | 93 +++---
 .../apache/catalina/util/TimeBucketCounter.java| 61 ++
 .../catalina/filters/TestRateLimitFilter.java  | 32 
 3 files changed, 89 insertions(+), 97 deletions(-)


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r61771 - /dev/tomcat/tomcat-11/v11.0.0-M6/ /release/tomcat/tomcat-11/v11.0.0-M6/

2023-05-09 Thread markt 
Author: markt
Date: Tue May  9 19:10:00 2023
New Revision: 61771

Log:
Release Tomcat 11.0.0-M6

Added:
release/tomcat/tomcat-11/v11.0.0-M6/
  - copied from r61770, dev/tomcat/tomcat-11/v11.0.0-M6/
Removed:
dev/tomcat/tomcat-11/v11.0.0-M6/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE][RESULT] Release Apache Tomcat 11.0.0-M6

2023-05-09 Thread Mark Thomas 

The following votes were cast:

Binding:
+1: lihan, remm, markt, isapir

Non-binding:
+1: Dimitris Soumis

No other votes were cast. The vote therefore passes.

Thanks to everyone who contributed to this release.

Mark


On 03/05/2023 19:38, Mark Thomas wrote:

The proposed Apache Tomcat 11.0.0-M6 release is now available for
voting.

Apache Tomcat 11.0.0-M6 is a milestone release of the 11.0.x branch and 
has been made to provide users with early access to the new features in 
Apache Tomcat 11.0.x so that they may provide feedback. The notable 
changes compared to the previous milestone include:


- Various improvements to access logging.

- Remove support for the HTTP Connector settings rejectIllegalHeader and
   allowHostHeaderMismatch. These are now hard-coded to the previous
   defaults.

- Update the packaged version of the Tomcat Migration Tool for Jakarta
   EE to 1.0.7.


For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 11 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat 
will automatically convert them to Jakarta EE and copy them to the 
webapps directory. Applications using deprecated APIs may require 
further changes.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M6/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1432

The tag is:
https://github.com/apache/tomcat/tree/11.0.0-M6
9ce010463a93138d596c54c67b11cdb35fc8244a


The proposed 11.0.0-M6 release is:
[ ] Broken - do not release
[ ] Alpha  - go ahead and release as 11.0.0-M6

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 8.5.89

2023-05-09 Thread Christopher Schultz 

The proposed Apache Tomcat 8.5.89 release is now available for voting.

The notable changes compared to 8.5.88 are:

- Many improvements to the JSON access log valve.

- Deprecate support for the HTTP Connector settings rejectIllegalHeader
   and allowHostHeaderMismatch and reject HTTP headers without names.

- Add a RateLimitFilter which can be used to mitigate DoS and Brute
   Force attacks.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.89/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1436

The tag is:
https://github.com/apache/tomcat/tree/8.5.89/
da91bd19ef2cb34a96e4ad04749dfc97c941db87

The proposed 8.5.89 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 8.5.88 (stable)

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r61769 [1/2] - in /dev/tomcat/tomcat-8/v8.5.89: ./ bin/ bin/embed/ bin/extras/ src/

2023-05-09 Thread schultz 
Author: schultz
Date: Tue May  9 17:06:13 2023
New Revision: 61769

Log:
Upload 8.5.89 for voting.

Added:
dev/tomcat/tomcat-8/v8.5.89/
dev/tomcat/tomcat-8/v8.5.89/KEYS
dev/tomcat/tomcat-8/v8.5.89/README.html
dev/tomcat/tomcat-8/v8.5.89/RELEASE-NOTES
dev/tomcat/tomcat-8/v8.5.89/bin/
dev/tomcat/tomcat-8/v8.5.89/bin/README.html
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-deployer.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-deployer.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-deployer.zip   (with 
props)
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-deployer.zip.asc
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-deployer.zip.sha512
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-fulldocs.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-windows-x64.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-windows-x64.zip.asc
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-windows-x64.zip.sha512
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-windows-x86.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-windows-x86.zip.asc
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89-windows-x86.zip.sha512
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89.exe   (with props)
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89.exe.asc
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89.exe.sha512
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89.tar.gz   (with props)
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89.zip   (with props)
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89.zip.asc
dev/tomcat/tomcat-8/v8.5.89/bin/apache-tomcat-8.5.89.zip.sha512
dev/tomcat/tomcat-8/v8.5.89/bin/embed/
dev/tomcat/tomcat-8/v8.5.89/bin/embed/apache-tomcat-8.5.89-embed.tar.gz   
(with props)
dev/tomcat/tomcat-8/v8.5.89/bin/embed/apache-tomcat-8.5.89-embed.tar.gz.asc

dev/tomcat/tomcat-8/v8.5.89/bin/embed/apache-tomcat-8.5.89-embed.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.89/bin/embed/apache-tomcat-8.5.89-embed.zip   
(with props)
dev/tomcat/tomcat-8/v8.5.89/bin/embed/apache-tomcat-8.5.89-embed.zip.asc
dev/tomcat/tomcat-8/v8.5.89/bin/embed/apache-tomcat-8.5.89-embed.zip.sha512
dev/tomcat/tomcat-8/v8.5.89/bin/extras/
dev/tomcat/tomcat-8/v8.5.89/bin/extras/catalina-ws.jar   (with props)
dev/tomcat/tomcat-8/v8.5.89/bin/extras/catalina-ws.jar.asc
dev/tomcat/tomcat-8/v8.5.89/bin/extras/catalina-ws.jar.sha512
dev/tomcat/tomcat-8/v8.5.89/src/
dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.tar.gz   (with 
props)
dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.tar.gz.asc
dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.tar.gz.sha512
dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.zip   (with props)
dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.zip.asc
dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.zip.sha512

Added: dev/tomcat/tomcat-8/v8.5.89/KEYS
==
--- dev/tomcat/tomcat-8/v8.5.89/KEYS (added)
+++ dev/tomcat/tomcat-8/v8.5.89/KEYS Tue May  9 17:06:13 2023
@@ -0,0 +1,785 @@
+This file contains the PGP&GPG keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+Type Bits/KeyIDDate   User ID
+pub  2048/F22C4FED 2001/07/02 Andy Armstrong 
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Version: PGPfreeware 7.0.3 for non-commercial use 
+
+mQGiBDtAWuURBADZ0KUEyUkSUiTA09e7tvEbX25STsjxrR+DNTainCls+XlkVOij
+gBv216lqge9tIsS0L6hCP4OQbFf/64qVtJssX4QXdyiZGb5wpmcj0Mz602Ew8r+N
+I0S5NvmogoYWW7BlP4r61jNxO5zrr03KaijM5r4ipJdLUxyOmM6P2jRPUwCg/5gm
+bpqiYl7pXX5FgDeB36tmD+UD/06iLqOnoiKO0vMbOk7URclhCObMNrHqxTxozMTS
+B9soYURbIeArei+plYo2n+1qB12ayybjhVu3uksXRdT9bEkyxMfslvLbIpDAG8Cz
+gNftTbKx/MVS7cQU0II8BKo2Akr+1FZah+sD4ovK8SfkMXUQUbTeefTntsAQKyyU
+9M9tA/9on9tBiHFl0qVJht6N4GiJ2G689v7rS2giLgKjetjiCduxBXEgvUSuyQID
+nF9ATrpXjITwsRlGKFmpZiFm5oCeCXihIVH0u6q066xNW2AXkLVoJ1l1Rs2Z0lsb
+0cq3xEAcwAmYLKQvCtgDV8CYgWKVmPi+49rSuQn7Lo9l02OUbLQgQW

svn commit: r61769 [2/2] - in /dev/tomcat/tomcat-8/v8.5.89: ./ bin/ bin/embed/ bin/extras/ src/

2023-05-09 Thread schultz 
Added: dev/tomcat/tomcat-8/v8.5.89/bin/extras/catalina-ws.jar.asc
==
--- dev/tomcat/tomcat-8/v8.5.89/bin/extras/catalina-ws.jar.asc (added)
+++ dev/tomcat/tomcat-8/v8.5.89/bin/extras/catalina-ws.jar.asc Tue May  9 
17:06:13 2023
@@ -0,0 +1,16 @@
+-BEGIN PGP SIGNATURE-
+
+iQIzBAABCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmRadnMACgkQHPApP6U8
+pFhO4xAAnt7k2PwsBTHF+mtRR1d20F4tDK4OPJ4a4NKQL+jqWxbOBwEqhD/8Broc
+OKOWUUhn0cDeZOsMf0mjegx1zMLeqILiqlruCuBG+nsPTwkej1snJnG1pleBH7n+
+6BBm2wjaLulgi0LVZ/LT+AbpBudmdUBC2k8gtC9MaaefyEHGzSTlnAQiDkXeOMjT
+d3Epdj3pblSxz5X5ySscQvyBOBEH4NLkNlmicSg5GyOyQtJapW4VSt8GgM+DFI1N
+zQIFqxvol/sB9whRm5DjcH8wvBDOIyuihbq3qKPl2RSU/MUYBC9NH/K4f4q9zh8h
+XlhDSuYpsGoXSeOFlT3QyJMWvqDCp+zQID0WkqMrRP9Rz+SSyZLmfVPbf4GR427x
+iZ88Q8Jn617q19x3gtVyCyDMn2uUWX7eucY9U2ZyLAg7Cqptq8jcV59MQ7OqokWb
+efCKnoiXJOT5DjQ/q+HSyyPz7CfGVi9oSk3hMm4EgwqnUbVxgDTr8rT2KGov1Oko
+vQ80aJ/SywVdc1HUGkVGO2XrjkdfwHiLCb29N3/i/UM6cmb/Tf8X+hfOPiQFgAqq
+JGyNamTRZW/ZuXbRObfH2JJiT7BbojNG6OYaneo1R/ZnzgKwiWs2jL+DBeeQ+87y
+w1p9Try21b0T8tGvGXkF4/j/nMty6FVmXGo5ymapFlGKLeHeN64=
+=wKJV
+-END PGP SIGNATURE-

Added: dev/tomcat/tomcat-8/v8.5.89/bin/extras/catalina-ws.jar.sha512
==
--- dev/tomcat/tomcat-8/v8.5.89/bin/extras/catalina-ws.jar.sha512 (added)
+++ dev/tomcat/tomcat-8/v8.5.89/bin/extras/catalina-ws.jar.sha512 Tue May  9 
17:06:13 2023
@@ -0,0 +1 @@
+868ad6874a88cc38ef38c0c2d30d7c06715467031c5433cb7dac3d50a79445fa94596937ddc9a05585a5118b4dc84b1d34ada8655d03995bf20289224f3af7ee
 *catalina-ws.jar
\ No newline at end of file

Added: dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.tar.gz
==
Binary file - no diff available.

Propchange: dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.tar.gz
--
svn:mime-type = application/octet-stream

Added: dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.tar.gz.asc
==
--- dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.tar.gz.asc (added)
+++ dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.tar.gz.asc Tue May 
 9 17:06:13 2023
@@ -0,0 +1,16 @@
+-BEGIN PGP SIGNATURE-
+
+iQIzBAABCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmRaeWAACgkQHPApP6U8
+pFhsPBAAlTc+4P7VS/8zjce2czA2uTWerieUlhFS4Oxw/44XFsBtzcI4FoobI5li
+Fg8YUoKjXUh/p3ZENUDwuwPe2NVzI1+A6/QrU1cl4gNJ5iuu8Gs7otZSMAhn+zRT
+lbJc4CdO6z7/j67NRam2RhBQkTuBWVZnmqmTg1k98DuIKjRwKZSLnsuIN9PfiZGQ
+5ZYtkuYlQQZVhQdVIUiTtWwlmUEFOj5VIsEI+d6BSsHzQln1+4hSFjX3Pj4GlyT5
+O4e7bIBVnWh0jAYcUwk/wA2n3zyWjK77hpN6iXm3u/RnvZKgT/U3Pw8W2rU7MT9U
+/ljFDV36jSIYCkz4hPju6K7m0FHWGJzS4CQUMGx/ZrZ81MlVk8YbM7NpZibuA3Hp
+X+LcCfYAFmd2WBUcygfDAs3G2T3IVICXt8YCsL8r47DVeEJAQUlA0oln3Fvmxubw
+DocNj5Tga/5PMWGzM7gkpsusy+B/5Lk7mm1Y4iqTQBxx11A9M6SEueLMNzJQeO6/
+CkTkp0gwTFY4+n3rUPv+iIe0+D7ET6ZcoPi8dMdlms650DB14om1UoKBfebnRWtR
+3hS7BbGtUJAxrQKvsEm7Ja95a4fsD36KD0uwZTlOS2T8nfd3rmDiw5Ot51AtwPlI
+AZNyM1WriWzFzs9dyeGCnrV3x1tkD90RBTZEcC1QYcI3T4qP8hU=
+=xH91
+-END PGP SIGNATURE-

Added: dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.tar.gz.sha512
==
--- dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.tar.gz.sha512 
(added)
+++ dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.tar.gz.sha512 Tue 
May  9 17:06:13 2023
@@ -0,0 +1 @@
+610855dfcca593d20e813dbd1a2410c9b6767f2efe79b24b2ba69304047b835b212f86758c020867e46bd3971ce98e88a56b99a4ab651e228ae5b4eac08c4ff1
 *apache-tomcat-8.5.89-src.tar.gz
\ No newline at end of file

Added: dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.zip
==
Binary file - no diff available.

Propchange: dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.zip
--
svn:mime-type = application/octet-stream

Added: dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.zip.asc
==
--- dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.zip.asc (added)
+++ dev/tomcat/tomcat-8/v8.5.89/src/apache-tomcat-8.5.89-src.zip.asc Tue May  9 
17:06:13 2023
@@ -0,0 +1,16 @@
+-BEGIN PGP SIGNATURE-
+
+iQIzBAABCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAmRaeRgACgkQHPApP6U8
+pFiWaRAAlGUnV9gyAQl1vPmXoDB7liJpl4j45GncRsxoz2leJCuOquYgacdWT1g3
+ozvPq5DeE1S5bcv4XUmMd2TLIgfnlHfwoUWSIpTU/MC7SNj+sqk6EgyIQjbiq2c9
+2sjaJWi9D6yDzB7rtKuoAszAhozvyV0C+82oU/vDymTnYVOe9iB6v5q6NYlZ5F4i
+aiQ2iQ2mz/Fc47KWtrdX+op2roerFRkjquWHhzJJtcjIDQBxAffgikJCXcFbKcW4
+P4tX5mIDaTpZRC0/MADhXWBvFNS13/QRyqYNWpuCe8GY8vShXhCetPkrp28/U/X8
+5Q9T5dphD/9gY1+WAbTfEB4faNZdjFoUQQMkdaY/

Re: [VOTE] Release Apache Tomcat 10.1.9

2023-05-09 Thread Christopher Schultz 

All,

On 5/9/23 12:56, Christopher Schultz wrote:
Please standby. I will be re-issuing this VOTE with an amended Maven 
repo link.


False alarm. I was able to remove the unintended artifacts from the 
Maven repository. The existing VOTE email and all references therein is 
fine.


Thanks,
-chris


On 5/9/23 12:12, Christopher Schultz wrote:

The proposed Apache Tomcat 10.1.9 release is now available for
voting.

The notable changes compared to 10.1.8 are:

- Many improvements to the JSON access log valve.

- Deprecate support for the HTTP Connector settings rejectIllegalHeader
   and allowHostHeaderMismatch and reject HTTP headers without names.

- Add a RateLimitFilter which can be used to mitigate DoS and Brute
   Force attacks.

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 
10 without changes. Java EE applications designed for Tomcat 9 and 
earlier may be placed in the $CATALINA_BASE/webapps-javaee directory 
and Tomcat will automatically convert them to Jakarta EE and copy them 
to the webapps directory.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1435

The tag is:
https://github.com/apache/tomcat/tree/10.1.9
5d45c1a9359c2298d7140c1ca90cb8c43809a168

The proposed 10.1.9 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.9


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.1.9

2023-05-09 Thread Christopher Schultz 

All,

Please standby. I will be re-issuing this VOTE with an amended Maven 
repo link.


Thanks,
-chris

On 5/9/23 12:12, Christopher Schultz wrote:

The proposed Apache Tomcat 10.1.9 release is now available for
voting.

The notable changes compared to 10.1.8 are:

- Many improvements to the JSON access log valve.

- Deprecate support for the HTTP Connector settings rejectIllegalHeader
   and allowHostHeaderMismatch and reject HTTP headers without names.

- Add a RateLimitFilter which can be used to mitigate DoS and Brute
   Force attacks.

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat 
will automatically convert them to Jakarta EE and copy them to the 
webapps directory.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1435

The tag is:
https://github.com/apache/tomcat/tree/10.1.9
5d45c1a9359c2298d7140c1ca90cb8c43809a168

The proposed 10.1.9 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.9


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[VOTE] Release Apache Tomcat 10.1.9

2023-05-09 Thread Christopher Schultz 

The proposed Apache Tomcat 10.1.9 release is now available for
voting.

The notable changes compared to 10.1.8 are:

- Many improvements to the JSON access log valve.

- Deprecate support for the HTTP Connector settings rejectIllegalHeader
  and allowHostHeaderMismatch and reject HTTP headers without names.

- Add a RateLimitFilter which can be used to mitigate DoS and Brute
  Force attacks.

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 
without changes. Java EE applications designed for Tomcat 9 and earlier 
may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat 
will automatically convert them to Jakarta EE and copy them to the 
webapps directory.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.9/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1435

The tag is:
https://github.com/apache/tomcat/tree/10.1.9
5d45c1a9359c2298d7140c1ca90cb8c43809a168

The proposed 10.1.9 release is:
[ ] Broken - do not release
[ ] Stable - go ahead and release as 10.1.9

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 8.5.89 created (now da91bd19ef)

2023-05-09 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to tag 8.5.89
in repository https://gitbox.apache.org/repos/asf/tomcat.git


  at da91bd19ef (commit)
This tag includes the following new commits:

 new da91bd19ef Tag 8.5.89

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/01: Tag 8.5.89

2023-05-09 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to tag 8.5.89
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit da91bd19ef2cb34a96e4ad04749dfc97c941db87
Author: schultz 
AuthorDate: Tue May 9 09:50:33 2023 -0700

Tag 8.5.89
---
 build.properties.release |  52 +++
 res/install-win/Uninstall.exe.sig| Bin 0 -> 10247 bytes
 res/install-win/tomcat-installer.exe.sig | Bin 0 -> 10247 bytes
 res/maven/mvn.properties.release |  27 
 webapps/docs/changelog.xml   |   2 +-
 5 files changed, 80 insertions(+), 1 deletion(-)

diff --git a/build.properties.release b/build.properties.release
new file mode 100644
index 00..047ba3f47c
--- /dev/null
+++ b/build.properties.release
@@ -0,0 +1,52 @@
+# -
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -
+
+# This file was auto-generated by the pre-release Ant target.
+
+# Any unwanted settings may be over-ridden in a build.properties file located
+# in the same directory as this file.
+
+# Set the version-dev to "" (empty string) as this is not a development 
release.
+version.dev=
+
+# Ensure consistent timestamps for reproducible builds.
+ant.tstamp.now.iso=2023-05-09T16:21:47Z
+
+# Enable insertion of detached signatures into the Windows installer.
+do.codesigning=true
+
+# Re-use the same GPG executable.
+gpg.exec=C:/Program Files (x86)/gnupg/bin/gpg.exe
+
+# Reproducible builds require the use of the build tools defined below. The
+# vendors (where appropriate) and versions must match exactly for a 
reproducible
+# build since this data is embedded in various files, particularly JAR file
+# manifests, as part of the build process.
+#
+# Apache Ant:  Apache Ant(TM) version 1.10.12 compiled on October 13 2021
+#
+# Java Name:   OpenJDK 64-Bit Server VM
+# Java Vendor: Eclipse Adoptium
+# Java Version:11.0.19+7
+
+# The following is provided for information only. Builds will be repeatable
+# whether or not the build environment in consistent with this information.
+#
+# OS:  amd64 Windows 10 10.0
+# File encoding:   Cp1252
+#
+# Release Manager: schultz
diff --git a/res/install-win/Uninstall.exe.sig 
b/res/install-win/Uninstall.exe.sig
new file mode 100644
index 00..0718dfb301
Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ
diff --git a/res/install-win/tomcat-installer.exe.sig 
b/res/install-win/tomcat-installer.exe.sig
new file mode 100644
index 00..89699cbd43
Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ
diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release
new file mode 100644
index 00..53a635b587
--- /dev/null
+++ b/res/maven/mvn.properties.release
@@ -0,0 +1,27 @@
+# -
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -
+
+# This file was auto-generated by the pre-release Ant target.
+
+# Remove "-dev" from the version since this is not a development release.
+maven.asf.release.deploy.version=8.5.89
+
+# Re-use the same GPG executable.
+gpg.exec=C:/Program Files (x86)/gnupg/bin/gpg.exe
+
+# Set the user name to use

Re: Tagging 10.1.x and 8.5.x

2023-05-09 Thread Christopher Schultz 

Mark,

On 5/9/23 08:45, Mark Thomas wrote:
Have you had any thoughts on timing for the May tags? I could do them 
this month if that helps.


Working on them today. I've been pretty busy and I botched the build... 
twice already.


-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [OT] Re: CommunityOverCode Asia 2023 is calling for Presentations!

2023-05-09 Thread Willem Jiang 
Hi, Mark,

Thanks for pointing this out.
I'm sorry we didn't pay enough attention to the bagevent website. We
will fix these problems ASAP.
The official website of the conference is here https://apachecon.com/acasia2023/
https://www.bagevent.com/event/cocasia-2023-EN was used to collect the
CFP related conference information.

Please check out my comments for how to fix these problems in the email below.


On Tue, May 9, 2023 at 9:52 PM Mark Thomas  wrote:
>
> Huxing,
>
> I'm not sure how much you are in contact with the conference organizers
> but I noted the following when looking at the conference site. If you
> are able to pass on these comments, I'd be grateful.
>
> - I was surprised to the see feather logo on the site.

We will replace the Apache feather logo with the ASF name.

>
> - The VIP tickets appear to be offering attendees the opportunity to buy
>access to the speaker dinner. The ASF is very much not a pay for
>access kind of organization so that seems odd to me.
>

It's a common practice in the conference in China,  I will talk to the
conference contact point to fix it tomorrow.

> - The footer suggests that Nanjing DIQi Information Technology Co. Ltd
>owns the site content. That is not what I expect from an ASF
>conference.
>

As we are using the conference service provided by the bagevent,  the
footer was added by bagevent by default.
We can talk to the bagevent service support to see if we can change it.

> - The contact details include a phone number (the ASF doesn't do phones)
>and an email to a non @apache.org address.

We will update the contact information with apache.org address.

>
> - I could not find any mention of the ASF code of conduct.
>

We can add it to the bagevent website.
BTW, we have the code of conduct page in the official website.

> - I don't see any trademark attribute.

I checked the official website which has the trademark attributes.
We will add attributes to the website in bagevent.

>
> The overall impression is not great. If a link to this site turned up in
> my inbox my initial impression would be that the site was fraudulent.

I'm sorry we didn't pay enough attention to the bagevent website. We
will fix these problems ASAP.

>
> Mark
>
>
> On 09/05/2023 03:40, Huxing Zhang wrote:
> > Hi All,
> >
> > Community over Code Asia 2023 (formerly ApacheCon Asia) will be held
> > in person this year in Beijing [1].
> >
> > The CFP will end on Tuesday, Jun 6th, 2023 8:00 AM (Beijing time - UTC +8).
> >
> > For details could be found on the website [1].
> >
> > Note that for those that can't be present, a pre-recorded video is
> > also acceptable.
> >
> > Please do not hesitate to submit, including the Web Server/Tomcat
> > track as well as the others!
> >
> > [1] https://www.bagevent.com/event/cocasia-2023-EN
> >

Willem

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Make checkstyle actually happy.

2023-05-09 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new eb85bb201a Make checkstyle actually happy.
eb85bb201a is described below

commit eb85bb201a47ddbfac77a13d41f70eba2936e5de
Author: Christopher Schultz 
AuthorDate: Tue May 9 12:29:53 2023 -0400

Make checkstyle actually happy.
---
 java/org/apache/catalina/util/TimeBucketCounter.java  |  2 +-
 test/org/apache/catalina/filters/TestRateLimitFilter.java | 11 +--
 webapps/docs/changelog.xml|  2 +-
 3 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/java/org/apache/catalina/util/TimeBucketCounter.java 
b/java/org/apache/catalina/util/TimeBucketCounter.java
index 33820d58fb..5c602c96af 100644
--- a/java/org/apache/catalina/util/TimeBucketCounter.java
+++ b/java/org/apache/catalina/util/TimeBucketCounter.java
@@ -17,9 +17,9 @@
 
 package org.apache.catalina.util;
 
+import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.atomic.AtomicInteger;
-import java.util.Set;
 
 /**
  * this class maintains a thread safe hash map that has timestamp-based buckets
diff --git a/test/org/apache/catalina/filters/TestRateLimitFilter.java 
b/test/org/apache/catalina/filters/TestRateLimitFilter.java
index 8a30a0cff0..9f82306367 100644
--- a/test/org/apache/catalina/filters/TestRateLimitFilter.java
+++ b/test/org/apache/catalina/filters/TestRateLimitFilter.java
@@ -18,7 +18,6 @@
 package org.apache.catalina.filters;
 
 import java.io.IOException;
-
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.Map;
@@ -28,20 +27,20 @@ import javax.servlet.FilterConfig;
 import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 
+import org.junit.Assert;
+import org.junit.Test;
+
 import org.apache.catalina.Context;
 import org.apache.catalina.LifecycleException;
-import org.apache.catalina.startup.Tomcat;
-import org.apache.catalina.startup.TomcatBaseTest;
 import org.apache.catalina.filters.TestRemoteIpFilter.MockFilterChain;
 import org.apache.catalina.filters.TestRemoteIpFilter.MockHttpServletRequest;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.catalina.startup.TomcatBaseTest;
 import org.apache.tomcat.unittest.TesterResponse;
 import org.apache.tomcat.unittest.TesterServletContext;
 import org.apache.tomcat.util.descriptor.web.FilterDef;
 import org.apache.tomcat.util.descriptor.web.FilterMap;
 
-import org.junit.Assert;
-import org.junit.Test;
-
 public class TestRateLimitFilter extends TomcatBaseTest {
 
 @Test
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 61a78eafb0..acec04ac77 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -135,7 +135,7 @@
 by Jack Shirazi. (remm)
   
   
-Add RateLimitFilter which can be used to mitigate DoS and Brute Force 
+Add RateLimitFilter which can be used to mitigate DoS and Brute Force
 attacks. (isapir)
   
 


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r61767 - in /dev/tomcat/tomcat-10/v10.1.9: ./ bin/ bin/embed/ src/

2023-05-09 Thread schultz 
Author: schultz
Date: Tue May  9 15:54:30 2023
New Revision: 61767

Log:
Upload 10.1.9 release for voting.

Added:
dev/tomcat/tomcat-10/v10.1.9/
dev/tomcat/tomcat-10/v10.1.9/KEYS
dev/tomcat/tomcat-10/v10.1.9/README.html
dev/tomcat/tomcat-10/v10.1.9/RELEASE-NOTES
dev/tomcat/tomcat-10/v10.1.9/bin/
dev/tomcat/tomcat-10/v10.1.9/bin/README.html
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-deployer.tar.gz.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-deployer.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-deployer.zip   (with 
props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-deployer.zip.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-deployer.zip.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-fulldocs.tar.gz.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-windows-x64.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-windows-x64.zip.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-windows-x64.zip.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-windows-x86.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-windows-x86.zip.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-windows-x86.zip.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.exe   (with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.exe.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.exe.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.tar.gz   (with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.tar.gz.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.zip   (with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.zip.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.zip.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/embed/
dev/tomcat/tomcat-10/v10.1.9/bin/embed/apache-tomcat-10.1.9-embed.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.1.9/bin/embed/apache-tomcat-10.1.9-embed.tar.gz.asc

dev/tomcat/tomcat-10/v10.1.9/bin/embed/apache-tomcat-10.1.9-embed.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/embed/apache-tomcat-10.1.9-embed.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.9/bin/embed/apache-tomcat-10.1.9-embed.zip.asc
dev/tomcat/tomcat-10/v10.1.9/bin/embed/apache-tomcat-10.1.9-embed.zip.sha512
dev/tomcat/tomcat-10/v10.1.9/src/
dev/tomcat/tomcat-10/v10.1.9/src/apache-tomcat-10.1.9-src.tar.gz   (with 
props)
dev/tomcat/tomcat-10/v10.1.9/src/apache-tomcat-10.1.9-src.tar.gz.asc
dev/tomcat/tomcat-10/v10.1.9/src/apache-tomcat-10.1.9-src.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.9/src/apache-tomcat-10.1.9-src.zip   (with props)
dev/tomcat/tomcat-10/v10.1.9/src/apache-tomcat-10.1.9-src.zip.asc
dev/tomcat/tomcat-10/v10.1.9/src/apache-tomcat-10.1.9-src.zip.sha512

Added: dev/tomcat/tomcat-10/v10.1.9/KEYS
==
--- dev/tomcat/tomcat-10/v10.1.9/KEYS (added)
+++ dev/tomcat/tomcat-10/v10.1.9/KEYS Tue May  9 15:54:30 2023
@@ -0,0 +1,562 @@
+This file contains the PGP&GPG keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+pub   4096R/2F6059E7 2009-09-18
+  Key fingerprint = A9C5 DF4D 22E9 9998 D987  5A51 10C0 1C5A 2F60 59E7
+uid  Mark E D Thomas 
+sub   4096R/5E763BEC 2009-09-18
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Comment: GPGTools - http://gpgtools.org
+
+mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX
+pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t
+6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K
+GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz
+4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M
+UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF
+kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn
+lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi
+GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4xCJLJucJ5MiQp07HAkMVW5w+k8
+Xvuk4i5quh3N+2kzKHOOiQCDmN0sz0XjOE+7XBvM1lvz3+UarLfgSVmW8aheLd7e
+aIl5ItBk8844ZJ60LrQ+JiIqvqJemxyIM6epoZvY5a3ZshZpcL

[tomcat] 01/01: Tag 10.1.9

2023-05-09 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to tag 10.1.9
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit 5d45c1a9359c2298d7140c1ca90cb8c43809a168
Author: schultz 
AuthorDate: Tue May 9 08:52:24 2023 -0700

Tag 10.1.9
---
 build.properties.release |  52 +++
 res/install-win/Uninstall.exe.sig| Bin 0 -> 10247 bytes
 res/install-win/tomcat-installer.exe.sig | Bin 0 -> 10247 bytes
 res/maven/mvn.properties.release |  27 
 webapps/docs/changelog.xml   |   2 +-
 5 files changed, 80 insertions(+), 1 deletion(-)

diff --git a/build.properties.release b/build.properties.release
new file mode 100644
index 00..194421601c
--- /dev/null
+++ b/build.properties.release
@@ -0,0 +1,52 @@
+# -
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -
+
+# This file was auto-generated by the pre-release Ant target.
+
+# Any unwanted settings may be over-ridden in a build.properties file located
+# in the same directory as this file.
+
+# Set the version-dev to "" (empty string) as this is not a development 
release.
+version.dev=
+
+# Ensure consistent timestamps for reproducible builds.
+ant.tstamp.now.iso=2023-05-09T14:30:05Z
+
+# Enable insertion of detached signatures into the Windows installer.
+do.codesigning=true
+
+# Re-use the same GPG executable.
+gpg.exec=C:/Program Files (x86)/gnupg/bin/gpg.exe
+
+# Reproducible builds require the use of the build tools defined below. The
+# vendors (where appropriate) and versions must match exactly for a 
reproducible
+# build since this data is embedded in various files, particularly JAR file
+# manifests, as part of the build process.
+#
+# Apache Ant:  Apache Ant(TM) version 1.10.12 compiled on October 13 2021
+#
+# Java Name:   OpenJDK 64-Bit Server VM
+# Java Vendor: Eclipse Adoptium
+# Java Version:11.0.19+7
+
+# The following is provided for information only. Builds will be repeatable
+# whether or not the build environment in consistent with this information.
+#
+# OS:  amd64 Windows 10 10.0
+# File encoding:   Cp1252
+#
+# Release Manager: schultz
diff --git a/res/install-win/Uninstall.exe.sig 
b/res/install-win/Uninstall.exe.sig
new file mode 100644
index 00..3876fe22b8
Binary files /dev/null and b/res/install-win/Uninstall.exe.sig differ
diff --git a/res/install-win/tomcat-installer.exe.sig 
b/res/install-win/tomcat-installer.exe.sig
new file mode 100644
index 00..69c7f3b01d
Binary files /dev/null and b/res/install-win/tomcat-installer.exe.sig differ
diff --git a/res/maven/mvn.properties.release b/res/maven/mvn.properties.release
new file mode 100644
index 00..950582f01a
--- /dev/null
+++ b/res/maven/mvn.properties.release
@@ -0,0 +1,27 @@
+# -
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# -
+
+# This file was auto-generated by the pre-release Ant target.
+
+# Remove "-dev" from the version since this is not a development release.
+maven.asf.release.deploy.version=10.1.9
+
+# Re-use the same GPG executable.
+gpg.exec=C:/Program Files (x86)/gnupg/bin/gpg.exe
+
+# Set the user name to use

[tomcat] tag 10.1.9 created (now 5d45c1a935)

2023-05-09 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to tag 10.1.9
in repository https://gitbox.apache.org/repos/asf/tomcat.git


  at 5d45c1a935 (commit)
This tag includes the following new commits:

 new 5d45c1a935 Tag 10.1.9

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] tag 10.1.9 deleted (was bad7eb7c34)

2023-05-09 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to tag 10.1.9
in repository https://gitbox.apache.org/repos/asf/tomcat.git


*** WARNING: tag 10.1.9 was deleted! ***

 was bad7eb7c34 Tag 10.1.9

This change permanently discards the following revisions:

 discard bad7eb7c34 Tag 10.1.9


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r61766 - /dev/tomcat/tomcat-10/v10.1.9/

2023-05-09 Thread schultz 
Author: schultz
Date: Tue May  9 14:28:44 2023
New Revision: 61766

Log:
Remove broken proposed release.

Removed:
dev/tomcat/tomcat-10/v10.1.9/


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r61765 - in /dev/tomcat/tomcat-10/v10.1.9: ./ bin/ bin/embed/ src/

2023-05-09 Thread schultz 
Author: schultz
Date: Tue May  9 14:07:59 2023
New Revision: 61765

Log:
Upload 10.1.9 for voting.

Added:
dev/tomcat/tomcat-10/v10.1.9/
dev/tomcat/tomcat-10/v10.1.9/KEYS
dev/tomcat/tomcat-10/v10.1.9/README.html
dev/tomcat/tomcat-10/v10.1.9/RELEASE-NOTES
dev/tomcat/tomcat-10/v10.1.9/bin/
dev/tomcat/tomcat-10/v10.1.9/bin/README.html
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-deployer.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-deployer.tar.gz.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-deployer.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-deployer.zip   (with 
props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-deployer.zip.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-deployer.zip.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-fulldocs.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-fulldocs.tar.gz.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-fulldocs.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-windows-x64.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-windows-x64.zip.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-windows-x64.zip.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-windows-x86.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-windows-x86.zip.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9-windows-x86.zip.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.exe   (with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.exe.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.exe.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.tar.gz   (with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.tar.gz.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.zip   (with props)
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.zip.asc
dev/tomcat/tomcat-10/v10.1.9/bin/apache-tomcat-10.1.9.zip.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/embed/
dev/tomcat/tomcat-10/v10.1.9/bin/embed/apache-tomcat-10.1.9-embed.tar.gz   
(with props)
dev/tomcat/tomcat-10/v10.1.9/bin/embed/apache-tomcat-10.1.9-embed.tar.gz.asc

dev/tomcat/tomcat-10/v10.1.9/bin/embed/apache-tomcat-10.1.9-embed.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.9/bin/embed/apache-tomcat-10.1.9-embed.zip   
(with props)
dev/tomcat/tomcat-10/v10.1.9/bin/embed/apache-tomcat-10.1.9-embed.zip.asc
dev/tomcat/tomcat-10/v10.1.9/bin/embed/apache-tomcat-10.1.9-embed.zip.sha512
dev/tomcat/tomcat-10/v10.1.9/src/
dev/tomcat/tomcat-10/v10.1.9/src/apache-tomcat-10.1.9-src.tar.gz   (with 
props)
dev/tomcat/tomcat-10/v10.1.9/src/apache-tomcat-10.1.9-src.tar.gz.asc
dev/tomcat/tomcat-10/v10.1.9/src/apache-tomcat-10.1.9-src.tar.gz.sha512
dev/tomcat/tomcat-10/v10.1.9/src/apache-tomcat-10.1.9-src.zip   (with props)
dev/tomcat/tomcat-10/v10.1.9/src/apache-tomcat-10.1.9-src.zip.asc
dev/tomcat/tomcat-10/v10.1.9/src/apache-tomcat-10.1.9-src.zip.sha512

Added: dev/tomcat/tomcat-10/v10.1.9/KEYS
==
--- dev/tomcat/tomcat-10/v10.1.9/KEYS (added)
+++ dev/tomcat/tomcat-10/v10.1.9/KEYS Tue May  9 14:07:59 2023
@@ -0,0 +1,562 @@
+This file contains the PGP&GPG keys of various Apache developers.
+Please don't use them for email unless you have to. Their main
+purpose is code signing.
+
+Apache users: pgp < KEYS
+Apache developers:
+(pgpk -ll  && pgpk -xa ) >> this file.
+  or
+(gpg --fingerprint --list-sigs 
+ && gpg --armor --export ) >> this file.
+
+Apache developers: please ensure that your key is also available via the
+PGP keyservers (such as pgpkeys.mit.edu).
+
+
+pub   4096R/2F6059E7 2009-09-18
+  Key fingerprint = A9C5 DF4D 22E9 9998 D987  5A51 10C0 1C5A 2F60 59E7
+uid  Mark E D Thomas 
+sub   4096R/5E763BEC 2009-09-18
+
+-BEGIN PGP PUBLIC KEY BLOCK-
+Comment: GPGTools - http://gpgtools.org
+
+mQINBEq0DukBEAD4jovHOPJDxoD+JnO1Go2kiwpgRULasGlrVKuSUdP6wzcaqWmX
+pqtOJKKwW2MQFQLmg7nQ9RjJwy3QCbKNDJQA/bwbQT1F7WzTCz2S6vxC4zxKck4t
+6RZBq2dJsYKF0CEh6ZfY4dmKvhq+3istSoFRdHYoOPGWZpuRDqfZPdGm/m335/6K
+GH59oysn1NE7a2a+kZzjBSEgv23+l4Z1Rg7+fpz1JcdHSdC2Z+ZRxML25eVatRVz
+4yvDOZItqDURP24zWOodxgboldV6Y88C3v/7KRR+1vklzkuA2FqF8Q4r/2f0su7M
+UVviQcy29y/RlLSDTTYoVlCZ1ni14qFU7Hpw43KJtgXmcUwq31T1+SlXdYjNJ1aF
+kUi8BjCHDcSgE/IReKUanjHzm4XSymKDTeqqzidi4k6PDD4jyHb8k8vxi6qT6Udn
+lcfo5NBkkUT1TauhEy8ktHhbl9k60BvvMBP9l6cURiJg1WS77egI4P/82oPbzzFi
+GFqXyJKULVgxtdQ3JikCpodp3f1fh6PlYZwkW4xCJLJucJ5MiQp07HAkMVW5w+k8
+Xvuk4i5quh3N+2kzKHOOiQCDmN0sz0XjOE+7XBvM1lvz3+UarLfgSVmW8aheLd7e
+aIl5ItBk8844ZJ60LrQ+JiIqvqJemxyIM6epoZvY5a3ZshZpcLilC5hW8Q

[tomcat] tag 10.1.9 created (now bad7eb7c34)

2023-05-09 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a change to tag 10.1.9
in repository https://gitbox.apache.org/repos/asf/tomcat.git


  at bad7eb7c34 (commit)
This tag includes the following new commits:

 new bad7eb7c34 Tag 10.1.9

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] 01/01: Tag 10.1.9

2023-05-09 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to tag 10.1.9
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit bad7eb7c342ed18846d408e42dc7d828f4e23c06
Author: schultz 
AuthorDate: Tue May 9 07:05:20 2023 -0700

Tag 10.1.9
---
 webapps/docs/changelog.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e0b010898a..b57aa2b21a 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -104,7 +104,7 @@
   They eventually become mixed with the numbered issues (i.e., numbered
   issues do not "pop up" wrt. others).
 -->
-
+
   
 
   


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[OT] Re: CommunityOverCode Asia 2023 is calling for Presentations!

2023-05-09 Thread Mark Thomas 

Huxing,

I'm not sure how much you are in contact with the conference organizers 
but I noted the following when looking at the conference site. If you 
are able to pass on these comments, I'd be grateful.


- I was surprised to the see feather logo on the site.

- The VIP tickets appear to be offering attendees the opportunity to buy
  access to the speaker dinner. The ASF is very much not a pay for
  access kind of organization so that seems odd to me.

- The footer suggests that Nanjing DIQi Information Technology Co. Ltd
  owns the site content. That is not what I expect from an ASF
  conference.

- The contact details include a phone number (the ASF doesn't do phones)
  and an email to a non @apache.org address.

- I could not find any mention of the ASF code of conduct.

- I don't see any trademark attribute.

The overall impression is not great. If a link to this site turned up in 
my inbox my initial impression would be that the site was fraudulent.


Mark


On 09/05/2023 03:40, Huxing Zhang wrote:

Hi All,

Community over Code Asia 2023 (formerly ApacheCon Asia) will be held
in person this year in Beijing [1].

The CFP will end on Tuesday, Jun 6th, 2023 8:00 AM (Beijing time - UTC +8).

For details could be found on the website [1].

Note that for those that can't be present, a pre-recorded video is
also acceptable.

Please do not hesitate to submit, including the Web Server/Tomcat
track as well as the others!

[1] https://www.bagevent.com/event/cocasia-2023-EN



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

[tomcat] branch 8.5.x updated: Make checkstyle happy

2023-05-09 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/8.5.x by this push:
 new 7313922461 Make checkstyle happy
7313922461 is described below

commit 73139224618ca668c23dad7716f312d4af3c4943
Author: Christopher Schultz 
AuthorDate: Tue May 9 09:36:57 2023 -0400

Make checkstyle happy
---
 .../apache/catalina/filters/RateLimitFilter.java   | 40 +-
 .../apache/catalina/util/TimeBucketCounter.java| 18 --
 .../catalina/filters/TestRateLimitFilter.java  |  4 +++
 .../catalina/util/TestTimeBucketCounter.java   |  2 +-
 webapps/docs/changelog.xml |  1 -
 webapps/docs/config/filter.xml | 20 +--
 6 files changed, 44 insertions(+), 41 deletions(-)

diff --git a/java/org/apache/catalina/filters/RateLimitFilter.java 
b/java/org/apache/catalina/filters/RateLimitFilter.java
index 9a4ec0c397..32262b8b2a 100644
--- a/java/org/apache/catalina/filters/RateLimitFilter.java
+++ b/java/org/apache/catalina/filters/RateLimitFilter.java
@@ -18,6 +18,7 @@
 package org.apache.catalina.filters;
 
 import java.io.IOException;
+
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -25,23 +26,23 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletResponse;
+
 import org.apache.catalina.util.TimeBucketCounter;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.res.StringManager;
 
-
 /**
  * Servlet filter that can help mitigate Denial of Service
- * (DoS) and Brute Force attacks by limiting the number of a requests that are 
+ * (DoS) and Brute Force attacks by limiting the number of a requests that are
  * allowed from a single IP address within a time window (also referred
  * to as a time bucket), e.g. 300 Requests per 60 seconds.
- * 
+ *
  * The filter works by incrementing a counter in a time bucket for each IP
  * address, and if the counter exceeds the allowed limit then further requests
- * from that IP are dropped with a "429 Too many requests" response 
+ * from that IP are dropped with a "429 Too many requests" response
  * until the bucket time ends and a new bucket starts.
- * 
+ *
  * The filter is optimized for efficiency and low overhead, so it converts
  * some configured values to more efficient values. For example, a 
configuration
  * of a 60 seconds time bucket is converted to 65.536 seconds. That allows
@@ -49,23 +50,23 @@ import org.apache.tomcat.util.res.StringManager;
  * true to the user intent, the configured number of requests is then 
multiplied
  * by the same ratio, so a configuration of 100 Requests per 60 seconds, has 
the
  * real values of 109 Requests per 65 seconds.
- * 
+ *
  * It is common to set up different restrictions for different URIs.
- * For example, a login page or authentication script is typically expected 
- * to get far less requests than the rest of the application, so you can add 
+ * For example, a login page or authentication script is typically expected
+ * to get far less requests than the rest of the application, so you can add
  * a filter definition that would allow only 5 requests per 15 seconds and map
  * those URIs to it.
- * 
+ *
  * You can set enforce to false
  * to disable the termination of requests that exceed the allowed limit. Then
- * your application code can inspect the Request Attribute 
+ * your application code can inspect the Request Attribute
  * org.apache.catalina.filters.RateLimitFilter.Count and decide
  * how to handle the request based on other information that it has, e.g. allow
  * more requests to certain users based on roles, etc.
- * 
+ *
  * WARNING: if Tomcat is behind a reverse proxy then you 
must
  * make sure that the Rate Limit Filter sees the client IP address, so if for
- * example you are using the Remote IP Filter, 
+ * example you are using the Remote IP Filter,
  * then the filter mapping for the Rate Limit Filter must come after
  * the mapping of the Remote IP Filter to ensure that each request has its IP
  * address resolved before the Rate Limit Filter is applied. Failure to do so
@@ -170,24 +171,29 @@ public class RateLimitFilter implements Filter {
 
 String param;
 param = config.getInitParameter(PARAM_BUCKET_DURATION);
-if (param != null)
+if (param != null) {
 bucketDuration = Integer.parseInt(param);
+}
 
 param = config.getInitParameter(PARAM_BUCKET_REQUESTS);
-if (param != null)
+if (param != null) {
 bucketRequests = Integer.parseInt(param);
+}
 
 param = config.getInitParameter(PARAM_ENFORCE);
-if (param != null)
+if (param

[tomcat] branch 9.0.x updated: Make checkstyle happy

2023-05-09 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/9.0.x by this push:
 new 79746b1805 Make checkstyle happy
79746b1805 is described below

commit 79746b18058c5c305c376c11ce2984a70af82431
Author: Christopher Schultz 
AuthorDate: Tue May 9 09:36:57 2023 -0400

Make checkstyle happy
---
 .../apache/catalina/filters/RateLimitFilter.java   | 42 --
 .../apache/catalina/util/TimeBucketCounter.java| 18 --
 .../catalina/filters/TestRateLimitFilter.java  | 12 ---
 .../catalina/util/TestTimeBucketCounter.java   |  2 +-
 webapps/docs/changelog.xml |  3 +-
 webapps/docs/config/filter.xml | 20 +--
 6 files changed, 49 insertions(+), 48 deletions(-)

diff --git a/java/org/apache/catalina/filters/RateLimitFilter.java 
b/java/org/apache/catalina/filters/RateLimitFilter.java
index 00d4fad683..e545381d58 100644
--- a/java/org/apache/catalina/filters/RateLimitFilter.java
+++ b/java/org/apache/catalina/filters/RateLimitFilter.java
@@ -17,6 +17,8 @@
 
 package org.apache.catalina.filters;
 
+import java.io.IOException;
+
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
 import javax.servlet.GenericFilter;
@@ -24,24 +26,23 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletResponse;
+
 import org.apache.catalina.util.TimeBucketCounter;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.res.StringManager;
 
-import java.io.IOException;
-
 /**
  * Servlet filter that can help mitigate Denial of Service
- * (DoS) and Brute Force attacks by limiting the number of a requests that are 
+ * (DoS) and Brute Force attacks by limiting the number of a requests that are
  * allowed from a single IP address within a time window (also referred
  * to as a time bucket), e.g. 300 Requests per 60 seconds.
- * 
+ *
  * The filter works by incrementing a counter in a time bucket for each IP
  * address, and if the counter exceeds the allowed limit then further requests
- * from that IP are dropped with a "429 Too many requests" response 
+ * from that IP are dropped with a "429 Too many requests" response
  * until the bucket time ends and a new bucket starts.
- * 
+ *
  * The filter is optimized for efficiency and low overhead, so it converts
  * some configured values to more efficient values. For example, a 
configuration
  * of a 60 seconds time bucket is converted to 65.536 seconds. That allows
@@ -49,23 +50,23 @@ import java.io.IOException;
  * true to the user intent, the configured number of requests is then 
multiplied
  * by the same ratio, so a configuration of 100 Requests per 60 seconds, has 
the
  * real values of 109 Requests per 65 seconds.
- * 
+ *
  * It is common to set up different restrictions for different URIs.
- * For example, a login page or authentication script is typically expected 
- * to get far less requests than the rest of the application, so you can add 
+ * For example, a login page or authentication script is typically expected
+ * to get far less requests than the rest of the application, so you can add
  * a filter definition that would allow only 5 requests per 15 seconds and map
  * those URIs to it.
- * 
+ *
  * You can set enforce to false
  * to disable the termination of requests that exceed the allowed limit. Then
- * your application code can inspect the Request Attribute 
+ * your application code can inspect the Request Attribute
  * org.apache.catalina.filters.RateLimitFilter.Count and decide
  * how to handle the request based on other information that it has, e.g. allow
  * more requests to certain users based on roles, etc.
- * 
+ *
  * WARNING: if Tomcat is behind a reverse proxy then you 
must
  * make sure that the Rate Limit Filter sees the client IP address, so if for
- * example you are using the Remote IP Filter, 
+ * example you are using the Remote IP Filter,
  * then the filter mapping for the Rate Limit Filter must come after
  * the mapping of the Remote IP Filter to ensure that each request has its IP
  * address resolved before the Rate Limit Filter is applied. Failure to do so
@@ -168,24 +169,29 @@ public class RateLimitFilter extends GenericFilter {
 
 String param;
 param = config.getInitParameter(PARAM_BUCKET_DURATION);
-if (param != null)
+if (param != null) {
 bucketDuration = Integer.parseInt(param);
+}
 
 param = config.getInitParameter(PARAM_BUCKET_REQUESTS);
-if (param != null)
+if (param != null) {
 bucketRequests = Integer.parseInt(param);
+}
 
 param = config.getInitParameter(PARAM_ENFORCE);
-if (param !=

[tomcat] branch 10.1.x updated: Make checkstyle happy

2023-05-09 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.1.x by this push:
 new c6cfb34751 Make checkstyle happy
c6cfb34751 is described below

commit c6cfb34751c3e82093408ed96a508b5afe1fd987
Author: Christopher Schultz 
AuthorDate: Tue May 9 09:36:57 2023 -0400

Make checkstyle happy
---
 .../apache/catalina/filters/RateLimitFilter.java   | 42 --
 .../apache/catalina/util/TimeBucketCounter.java| 18 --
 .../catalina/filters/TestRateLimitFilter.java  | 20 ++-
 .../catalina/util/TestTimeBucketCounter.java   |  2 +-
 webapps/docs/changelog.xml |  3 +-
 webapps/docs/config/filter.xml | 20 +--
 6 files changed, 53 insertions(+), 52 deletions(-)

diff --git a/java/org/apache/catalina/filters/RateLimitFilter.java 
b/java/org/apache/catalina/filters/RateLimitFilter.java
index 2c2433f157..b4da01393d 100644
--- a/java/org/apache/catalina/filters/RateLimitFilter.java
+++ b/java/org/apache/catalina/filters/RateLimitFilter.java
@@ -17,6 +17,8 @@
 
 package org.apache.catalina.filters;
 
+import java.io.IOException;
+
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.FilterConfig;
 import jakarta.servlet.GenericFilter;
@@ -24,24 +26,23 @@ import jakarta.servlet.ServletException;
 import jakarta.servlet.ServletRequest;
 import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletResponse;
+
 import org.apache.catalina.util.TimeBucketCounter;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.res.StringManager;
 
-import java.io.IOException;
-
 /**
  * Servlet filter that can help mitigate Denial of Service
- * (DoS) and Brute Force attacks by limiting the number of a requests that are 
+ * (DoS) and Brute Force attacks by limiting the number of a requests that are
  * allowed from a single IP address within a time window (also referred
  * to as a time bucket), e.g. 300 Requests per 60 seconds.
- * 
+ *
  * The filter works by incrementing a counter in a time bucket for each IP
  * address, and if the counter exceeds the allowed limit then further requests
- * from that IP are dropped with a "429 Too many requests" response 
+ * from that IP are dropped with a "429 Too many requests" response
  * until the bucket time ends and a new bucket starts.
- * 
+ *
  * The filter is optimized for efficiency and low overhead, so it converts
  * some configured values to more efficient values. For example, a 
configuration
  * of a 60 seconds time bucket is converted to 65.536 seconds. That allows
@@ -49,23 +50,23 @@ import java.io.IOException;
  * true to the user intent, the configured number of requests is then 
multiplied
  * by the same ratio, so a configuration of 100 Requests per 60 seconds, has 
the
  * real values of 109 Requests per 65 seconds.
- * 
+ *
  * It is common to set up different restrictions for different URIs.
- * For example, a login page or authentication script is typically expected 
- * to get far less requests than the rest of the application, so you can add 
+ * For example, a login page or authentication script is typically expected
+ * to get far less requests than the rest of the application, so you can add
  * a filter definition that would allow only 5 requests per 15 seconds and map
  * those URIs to it.
- * 
+ *
  * You can set enforce to false
  * to disable the termination of requests that exceed the allowed limit. Then
- * your application code can inspect the Request Attribute 
+ * your application code can inspect the Request Attribute
  * org.apache.catalina.filters.RateLimitFilter.Count and decide
  * how to handle the request based on other information that it has, e.g. allow
  * more requests to certain users based on roles, etc.
- * 
+ *
  * WARNING: if Tomcat is behind a reverse proxy then you 
must
  * make sure that the Rate Limit Filter sees the client IP address, so if for
- * example you are using the Remote IP Filter, 
+ * example you are using the Remote IP Filter,
  * then the filter mapping for the Rate Limit Filter must come after
  * the mapping of the Remote IP Filter to ensure that each request has its IP
  * address resolved before the Rate Limit Filter is applied. Failure to do so
@@ -168,24 +169,29 @@ public class RateLimitFilter extends GenericFilter {
 
 String param;
 param = config.getInitParameter(PARAM_BUCKET_DURATION);
-if (param != null)
+if (param != null) {
 bucketDuration = Integer.parseInt(param);
+}
 
 param = config.getInitParameter(PARAM_BUCKET_REQUESTS);
-if (param != null)
+if (param != null) {
 bucketRequests = Integer.parseInt(param);
+}
 
 param = config.getInitParameter(PARAM_ENFORCE);
-

[tomcat] branch main updated: Make checkstyle happy

2023-05-09 Thread schultz 
This is an automated email from the ASF dual-hosted git repository.

schultz pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/main by this push:
 new 99fa64eb1c Make checkstyle happy
99fa64eb1c is described below

commit 99fa64eb1c757caaec24b80c9c628a136aa312bc
Author: Christopher Schultz 
AuthorDate: Tue May 9 09:36:57 2023 -0400

Make checkstyle happy
---
 .../apache/catalina/filters/RateLimitFilter.java   | 42 --
 .../apache/catalina/util/TimeBucketCounter.java| 18 --
 .../catalina/filters/TestRateLimitFilter.java  | 20 ++-
 .../catalina/util/TestTimeBucketCounter.java   |  2 +-
 webapps/docs/changelog.xml |  3 +-
 webapps/docs/config/filter.xml | 20 +--
 6 files changed, 53 insertions(+), 52 deletions(-)

diff --git a/java/org/apache/catalina/filters/RateLimitFilter.java 
b/java/org/apache/catalina/filters/RateLimitFilter.java
index 2c2433f157..b4da01393d 100644
--- a/java/org/apache/catalina/filters/RateLimitFilter.java
+++ b/java/org/apache/catalina/filters/RateLimitFilter.java
@@ -17,6 +17,8 @@
 
 package org.apache.catalina.filters;
 
+import java.io.IOException;
+
 import jakarta.servlet.FilterChain;
 import jakarta.servlet.FilterConfig;
 import jakarta.servlet.GenericFilter;
@@ -24,24 +26,23 @@ import jakarta.servlet.ServletException;
 import jakarta.servlet.ServletRequest;
 import jakarta.servlet.ServletResponse;
 import jakarta.servlet.http.HttpServletResponse;
+
 import org.apache.catalina.util.TimeBucketCounter;
 import org.apache.juli.logging.Log;
 import org.apache.juli.logging.LogFactory;
 import org.apache.tomcat.util.res.StringManager;
 
-import java.io.IOException;
-
 /**
  * Servlet filter that can help mitigate Denial of Service
- * (DoS) and Brute Force attacks by limiting the number of a requests that are 
+ * (DoS) and Brute Force attacks by limiting the number of a requests that are
  * allowed from a single IP address within a time window (also referred
  * to as a time bucket), e.g. 300 Requests per 60 seconds.
- * 
+ *
  * The filter works by incrementing a counter in a time bucket for each IP
  * address, and if the counter exceeds the allowed limit then further requests
- * from that IP are dropped with a "429 Too many requests" response 
+ * from that IP are dropped with a "429 Too many requests" response
  * until the bucket time ends and a new bucket starts.
- * 
+ *
  * The filter is optimized for efficiency and low overhead, so it converts
  * some configured values to more efficient values. For example, a 
configuration
  * of a 60 seconds time bucket is converted to 65.536 seconds. That allows
@@ -49,23 +50,23 @@ import java.io.IOException;
  * true to the user intent, the configured number of requests is then 
multiplied
  * by the same ratio, so a configuration of 100 Requests per 60 seconds, has 
the
  * real values of 109 Requests per 65 seconds.
- * 
+ *
  * It is common to set up different restrictions for different URIs.
- * For example, a login page or authentication script is typically expected 
- * to get far less requests than the rest of the application, so you can add 
+ * For example, a login page or authentication script is typically expected
+ * to get far less requests than the rest of the application, so you can add
  * a filter definition that would allow only 5 requests per 15 seconds and map
  * those URIs to it.
- * 
+ *
  * You can set enforce to false
  * to disable the termination of requests that exceed the allowed limit. Then
- * your application code can inspect the Request Attribute 
+ * your application code can inspect the Request Attribute
  * org.apache.catalina.filters.RateLimitFilter.Count and decide
  * how to handle the request based on other information that it has, e.g. allow
  * more requests to certain users based on roles, etc.
- * 
+ *
  * WARNING: if Tomcat is behind a reverse proxy then you 
must
  * make sure that the Rate Limit Filter sees the client IP address, so if for
- * example you are using the Remote IP Filter, 
+ * example you are using the Remote IP Filter,
  * then the filter mapping for the Rate Limit Filter must come after
  * the mapping of the Remote IP Filter to ensure that each request has its IP
  * address resolved before the Rate Limit Filter is applied. Failure to do so
@@ -168,24 +169,29 @@ public class RateLimitFilter extends GenericFilter {
 
 String param;
 param = config.getInitParameter(PARAM_BUCKET_DURATION);
-if (param != null)
+if (param != null) {
 bucketDuration = Integer.parseInt(param);
+}
 
 param = config.getInitParameter(PARAM_BUCKET_REQUESTS);
-if (param != null)
+if (param != null) {
 bucketRequests = Integer.parseInt(param);
+}
 
 param = config.getInitParameter(PARAM_ENFORCE);
-

Re: Java 21 and virtual threads

2023-05-09 Thread Mark Thomas 

On 04/05/2023 13:37, Mark Thomas wrote:

Hi all,

The latest Java 21 EA build has moved virtual threads (from project 
Loom) out of preview. How do we want to handle this in Tomcat 11? Recall 
that Jakarta EE 11 has set Java 21 as the minimum version.


I think we have the following options:

1. Stick with Java 17 as the minimum version and don't provide virtual 
thread functionality.


2. Stick with Java 17 as the minimum version and provide virtual thread 
functionality via the JreCompat module.


3. Increase minimum Java version to Java 21 for Tomcat 11 and provide 
virtual thread functionality.


I was thinking about this over the weekend. It would be nice to provide 
virtual thread support to Tomcat 10.1 and earlier as well. That would 
require the JreCompat module.


I don't think this changes the Tomcat 11 plans.

Mark




I am currently leaning towards 3 but could live with 2.

Thoughts? Other options?

Mark

PS Option 3 will require updates to the CI systems - I am happy to take 
care of those.


PPS I don't think all of the current Loom module will make it into 
Tomcat 11. I am currently thinking to pull in the Executor and then 
provide a boolean option for the existing endpoints to switch the 
internal executor to Loom.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Tagging 10.1.x and 8.5.x

2023-05-09 Thread Mark Thomas 

Chris,

Have you had any thoughts on timing for the May tags? I could do them 
this month if that helps.


Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Java 21, virtual threads and ThreadLocals

2023-05-09 Thread Mark Thomas 

On 05/05/2023 21:49, Rémy Maucherat wrote:


The second question is what do we want to do about usages such as this.
With virtual threads the end result will be, effectively, a new object
for every request. Do we:

a) Leave the code as-is. It will work as currently with a thread pool
and virtual threads will effectively create new objects for each request.

b) Drop the ThreadLocal and always create new objects.

c) Switch to some other form of caching. My starting point would be
SynchronizedStack. That may see some contention as it will be global
rather than per thread. Then again, ThreadLocal some overhead too.

Given these optimization decisions were made 20 years ago and JVMs,
especially GC, have moved on since then, I'm leaning towards option b)
with c) as the fall-back if performance issues are discovered.


Usually, it's now a lot better to do b) if you want to drop a), and I
would say c) is the worst.


Thanks for confirming the reasoning for the ThreadLocal use. Impressive 
memory!


I wrote a simple test case to examine this for MappingData and 
MessageBytes. I tried to include the costs of object creation, object 
recycling and GC as appropriate.


The results so far with Java 21 indicate that creating a new object is 
always the better option. My working assumption is that time saved not 
having to construct a new object with a ThreadLocal cache is out-weighed 
by the overhead of looking up the ThreadLocal.


The next best option is the ThreadLocal cache which is always better 
than SynchronizedStack with a thread pool. Even single threaded.


If using virtual threads, under high concurrency SynchronizedStack 
starts to do better than ThreadLocal. My working assumption here is that 
the overhead of having to create the ThreadLocal every time exceeds the 
overhead of waiting for the sync.


My current thinking is that I'd like to:
- confirm my working assumptions with a profiler
- generalise the test case for any object type
- start reviewing the use of ThreadLocal cache and SynchronizedStack
  throughout the code base, replacing it with simple construction where
  performance figures indicate it makes sense

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.75

2023-05-09 Thread Tim Funk 
On Thu, May 4, 2023 at 10:20 AM Rémy Maucherat  wrote:

> The proposed Apache Tomcat 9.0.75 release is now available for voting.
>
> The proposed 9.0.75 release is:
> [ ] -1, Broken - do not release
> [X] +1, Stable - go ahead and release as 9.0.75
>
>

Re: [VOTE] Release Apache Tomcat 9.0.75

2023-05-09 Thread Rémy Maucherat 
On Thu, May 4, 2023 at 4:20 PM Rémy Maucherat  wrote:
>
> The proposed Apache Tomcat 9.0.75 release is now available for voting.
>
> The notable changes compared to 9.0.74 are:
>
> - Many improvements to the json access log valve.
>
> - Deprecate support for the HTTP Connector settings rejectIllegalHeader and
>allowHostHeaderMismatch.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.75/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1433
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.75
> 2f528c02a9b54cc210897f75492a2bb6eac326b5
>
> The proposed 9.0.75 release is:
> [ ] -1, Broken - do not release
> [X] +1, Stable - go ahead and release as 9.0.75

I will tally the votes tomorrow since this was an extended weekend in Europe.

Rémy

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Workaround for misbehaving ClassLoader

2023-05-09 Thread Mark Thomas 

On 05/05/2023 21:42, Christopher Schultz wrote:

Mark,

On 5/4/23 04:09, Mark Thomas wrote:

On 03/05/2023 20:02, Christopher Schultz wrote:



But my question is whether or not this is something that Tomcat 
should be working-around. IMO the parent ClassLoader is buggy and 
should be fixed, but it may be difficult or impossible to fix the 
parent, so it may be worth it.


We could even log it including the class name of the offending 
ClassLoader.


WDYT?


The general approach we have taken is that we don't work-around bugs 
in third-party products unless:

- the third-party vendor is (known to be) slow to respond to bugs
- there is no other viable workaround (including switching vendors)
- the bug impacts a reasonable proportion of Tomcat users

The complexity of the workaround in Tomcat vs the severity of the 
issue is also a consideration.


We also want to encourage adherence to the relevant specifications.

All of the above is subjective.

For commercial software, the general idea is to encourage users to put 
pressure on vendors to fix the bugs rather than expect us to - just 
because we are more responsive. This is especially true for commercial 
organizations using commercial software where there should be a 
support contract in place.


For open source software, the general idea is to encourage users to 
engage with the project concerned. Open a bug, provide a PR, 
contribute and support that project.


The GitHub project in question hasn't had any activity since 2017 and 
the GitHub organization hasn't had any activity since 2019. There are 
no forks of the project.


It looks like the code has never been released so I am assuming the OP 
has compiled it locally.


The fix in Tomcat is simple, but so is the fix in the problematic 
library.


I think the initial position is that the OP needs to try and get this 
fixed. Whether that means creating a fork (it is ALv2 so that is easy),
seeing if the CodeGerm team can be persuaded to accept a PR, finding 
an alternative library or something else is up to the OP.


Given the options the OP has for addressing this - including a 
(private) fork, I don't think this is something that should be fixed 
in Tomcat.


Fair enough.

I do think there is scope for slight optimization in this area as well.

My proposed patch was something like:

if(null == parentResources) {
   return childResouces;
} else if(parentFirst) {
   return new CombinedEnumeration(parentResources, childResources);
} else {
   return new CombinedEnumeration(childResources, parentResources);
}

A simple change of:

if(null == parentResources || !parentResources.hasMoreElements()) {
   return childResouces;
} ...

means fewer wrapper objects and code executing in the common case (the 
webapp probably provides most of the interesting resources to itself, 
and not from the parent classloader).


In the cases where we construct a new CombinedEnumeration, I would even 
say that we should check to see if either enumeration is empty and try 
not to create a new object unless it's even necessary.


+1 to reducing the wrapping when parent class loader returns an empty 
enumeration - I agree that it is likely to be the common case.


I'm less sure about likelihood of the web app class loader returning an 
empty enumeration. Absent any hard data, treating it the same way seems 
reasonable.


I still don't think we should be handling nulls though.

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org