[GitHub] [tomcat] markt-asf closed pull request #647: Replaced synchronized with StampedLock
markt-asf closed pull request #647: Replaced synchronized with StampedLock URL: https://github.com/apache/tomcat/pull/647 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] markt-asf commented on pull request #647: Replaced synchronized with StampedLock
markt-asf commented on PR #647: URL: https://github.com/apache/tomcat/pull/647#issuecomment-1689066140 Synchronized blocks only need to be replaced if they contain blocking operations. This one clearly doesn't. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] sergmain commented on pull request #647: Replaced synchronized with StampedLock
sergmain commented on PR #647: URL: https://github.com/apache/tomcat/pull/647#issuecomment-1689065406 From my point of view there are 2 approaches - analyze every synchronized or remove every synchronized without analyzing. My pull-request is with second approach. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot success in on tomcat-11.0.x
Build status: Build succeeded! Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/546 Blamelist: Mark Thomas Build Text: build successful Status Detected: restored build Build Source Stamp: [branch main] 93e59bda914e03ddf3ccaf1f57dab47dbda650b9 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 1 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 8.5.x updated: Avoid protocol relative redirects
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new 4998ad745b Avoid protocol relative redirects
4998ad745b is described below
commit 4998ad745b67edeadefe541c94ed029b53933d3b
Author: Mark Thomas
AuthorDate: Tue Aug 22 11:31:23 2023 -0700
Avoid protocol relative redirects
---
java/org/apache/catalina/authenticator/FormAuthenticator.java | 6 ++
webapps/docs/changelog.xml| 3 +++
2 files changed, 9 insertions(+)
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index a57db51776..d54cc62182 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -747,6 +747,12 @@ public class FormAuthenticator extends AuthenticatorBase {
sb.append('?');
sb.append(saved.getQueryString());
}
+
+// Avoid protocol relative redirects
+while (sb.length() > 1 && sb.charAt(1) == '/') {
+sb.deleteCharAt(0);
+}
+
return sb.toString();
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index bacf432793..9eadbe2b8c 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -117,6 +117,9 @@
Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes
and KiB for 1024 bytes rather than MB and kB. (martk)
+
+Avoid protocol relative redirects in FORM authentication. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 9.0.x updated: Avoid protocol relative redirects
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 9.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push:
new 77c0ce2d16 Avoid protocol relative redirects
77c0ce2d16 is described below
commit 77c0ce2d169efa248b64b992e547aad549ec906b
Author: Mark Thomas
AuthorDate: Tue Aug 22 11:31:23 2023 -0700
Avoid protocol relative redirects
---
java/org/apache/catalina/authenticator/FormAuthenticator.java | 6 ++
webapps/docs/changelog.xml| 3 +++
2 files changed, 9 insertions(+)
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index a57db51776..d54cc62182 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -747,6 +747,12 @@ public class FormAuthenticator extends AuthenticatorBase {
sb.append('?');
sb.append(saved.getQueryString());
}
+
+// Avoid protocol relative redirects
+while (sb.length() > 1 && sb.charAt(1) == '/') {
+sb.deleteCharAt(0);
+}
+
return sb.toString();
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 94948bae1b..80d0b214a8 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -117,6 +117,9 @@
Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes
and KiB for 1024 bytes rather than MB and kB. (martk)
+
+Avoid protocol relative redirects in FORM authentication. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch 10.1.x updated: Avoid protocol relative redirects
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 10.1.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/10.1.x by this push:
new bb4624a9f3 Avoid protocol relative redirects
bb4624a9f3 is described below
commit bb4624a9f3e69d495182ebfa68d7983076407a27
Author: Mark Thomas
AuthorDate: Tue Aug 22 11:31:23 2023 -0700
Avoid protocol relative redirects
---
java/org/apache/catalina/authenticator/FormAuthenticator.java | 6 ++
webapps/docs/changelog.xml| 3 +++
2 files changed, 9 insertions(+)
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index 2876a2d04c..c66ae56454 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -747,6 +747,12 @@ public class FormAuthenticator extends AuthenticatorBase {
sb.append('?');
sb.append(saved.getQueryString());
}
+
+// Avoid protocol relative redirects
+while (sb.length() > 1 && sb.charAt(1) == '/') {
+sb.deleteCharAt(0);
+}
+
return sb.toString();
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 0b37d87df5..b52bde0b9f 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -117,6 +117,9 @@
Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes
and KiB for 1024 bytes rather than MB and kB. (martk)
+
+Avoid protocol relative redirects in FORM authentication. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch cve-2023-41080 deleted (was 93e59bda91)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch cve-2023-41080 in repository https://gitbox.apache.org/repos/asf/tomcat.git was 93e59bda91 Additional classes for rename The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch main updated (32b48cadc3 -> 93e59bda91)
This is an automated email from the ASF dual-hosted git repository.
markt pushed a change to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
from 32b48cadc3 Review getParameterXXX() - invalid parameters + debug
should not fail
add e3703c9abb Avoid protocol relative redirects
add d8ebecffb5 Rename base test so it is not treated as a class with
actual tests
add 93e59bda91 Additional classes for rename
No new revisions were added by this update.
Summary of changes:
java/org/apache/catalina/authenticator/FormAuthenticator.java | 6 ++
...estParametersBase.java => ServletRequestParametersBaseTest.java} | 2 +-
test/jakarta/servlet/TestServletRequestParameters.java | 2 +-
.../jakarta/servlet/TestServletRequestParametersFormUrlEncoded.java | 2 +-
.../servlet/TestServletRequestParametersMultipartEncoded.java | 2 +-
test/jakarta/servlet/TestServletRequestParametersQueryString.java | 2 +-
webapps/docs/changelog.xml | 3 +++
7 files changed, 14 insertions(+), 5 deletions(-)
rename test/jakarta/servlet/{TestServletRequestParametersBase.java =>
ServletRequestParametersBaseTest.java} (98%)
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] branch cve-2023-41080 updated: Additional classes for rename
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch cve-2023-41080
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/cve-2023-41080 by this push:
new 93e59bda91 Additional classes for rename
93e59bda91 is described below
commit 93e59bda914e03ddf3ccaf1f57dab47dbda650b9
Author: Mark Thomas
AuthorDate: Tue Aug 22 12:22:16 2023 -0700
Additional classes for rename
---
test/jakarta/servlet/ServletRequestParametersBaseTest.java | 2 +-
test/jakarta/servlet/TestServletRequestParameters.java | 2 +-
test/jakarta/servlet/TestServletRequestParametersFormUrlEncoded.java | 2 +-
test/jakarta/servlet/TestServletRequestParametersMultipartEncoded.java | 2 +-
test/jakarta/servlet/TestServletRequestParametersQueryString.java | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/test/jakarta/servlet/ServletRequestParametersBaseTest.java
b/test/jakarta/servlet/ServletRequestParametersBaseTest.java
index fce787175e..6a045c0217 100644
--- a/test/jakarta/servlet/ServletRequestParametersBaseTest.java
+++ b/test/jakarta/servlet/ServletRequestParametersBaseTest.java
@@ -32,7 +32,7 @@ import jakarta.servlet.http.HttpServletResponse;
import org.apache.catalina.startup.SimpleHttpClient;
import org.apache.catalina.startup.TomcatBaseTest;
-public class TestServletRequestParametersBase extends TomcatBaseTest {
+public class ServletRequestParametersBaseTest extends TomcatBaseTest {
protected Map>
parseReportedParameters(SimpleHttpClient client) {
Map> parameters = new LinkedHashMap<>();
diff --git a/test/jakarta/servlet/TestServletRequestParameters.java
b/test/jakarta/servlet/TestServletRequestParameters.java
index 1f50f4e5dd..3354eb07fd 100644
--- a/test/jakarta/servlet/TestServletRequestParameters.java
+++ b/test/jakarta/servlet/TestServletRequestParameters.java
@@ -25,7 +25,7 @@ import static
org.apache.catalina.startup.SimpleHttpClient.CRLF;
import org.apache.catalina.core.StandardContext;
import org.apache.catalina.startup.Tomcat;
-public class TestServletRequestParameters extends
TestServletRequestParametersBase {
+public class TestServletRequestParameters extends
ServletRequestParametersBaseTest {
@Test
public void testClientDisconnect() throws Exception {
diff --git
a/test/jakarta/servlet/TestServletRequestParametersFormUrlEncoded.java
b/test/jakarta/servlet/TestServletRequestParametersFormUrlEncoded.java
index 4266eef7c6..253836df5f 100644
--- a/test/jakarta/servlet/TestServletRequestParametersFormUrlEncoded.java
+++ b/test/jakarta/servlet/TestServletRequestParametersFormUrlEncoded.java
@@ -34,7 +34,7 @@ import org.apache.catalina.core.StandardContext;
import org.apache.catalina.startup.Tomcat;
@RunWith(Parameterized.class)
-public class TestServletRequestParametersFormUrlEncoded extends
TestServletRequestParametersBase {
+public class TestServletRequestParametersFormUrlEncoded extends
ServletRequestParametersBaseTest {
@Parameterized.Parameters(name = "{index}: chunked[{0}]")
public static Collection parameters() {
diff --git
a/test/jakarta/servlet/TestServletRequestParametersMultipartEncoded.java
b/test/jakarta/servlet/TestServletRequestParametersMultipartEncoded.java
index ac0941f853..c6afb1ff70 100644
--- a/test/jakarta/servlet/TestServletRequestParametersMultipartEncoded.java
+++ b/test/jakarta/servlet/TestServletRequestParametersMultipartEncoded.java
@@ -34,7 +34,7 @@ import org.apache.catalina.core.StandardContext;
import org.apache.catalina.startup.Tomcat;
@RunWith(Parameterized.class)
-public class TestServletRequestParametersMultipartEncoded extends
TestServletRequestParametersBase {
+public class TestServletRequestParametersMultipartEncoded extends
ServletRequestParametersBaseTest {
@Parameterized.Parameters(name = "{index}: chunked[{0}]")
public static Collection parameters() {
diff --git a/test/jakarta/servlet/TestServletRequestParametersQueryString.java
b/test/jakarta/servlet/TestServletRequestParametersQueryString.java
index 037bdd55cc..2d19041c56 100644
--- a/test/jakarta/servlet/TestServletRequestParametersQueryString.java
+++ b/test/jakarta/servlet/TestServletRequestParametersQueryString.java
@@ -35,7 +35,7 @@ import org.apache.catalina.core.StandardContext;
import org.apache.catalina.startup.Tomcat;
@RunWith(Parameterized.class)
-public class TestServletRequestParametersQueryString extends
TestServletRequestParametersBase {
+public class TestServletRequestParametersQueryString extends
ServletRequestParametersBaseTest {
private static final Integer SC_OK =
Integer.valueOf(HttpServletResponse.SC_OK);
private static final Integer SC_BAD_REQUEST =
Integer.valueOf(HttpServletResponse.SC_BAD_REQUEST);
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For
[tomcat] branch cve-2023-41080 created (now d8ebecffb5)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch cve-2023-41080 in repository https://gitbox.apache.org/repos/asf/tomcat.git at d8ebecffb5 Rename base test so it is not treated as a class with actual tests This branch includes the following new commits: new e3703c9abb Avoid protocol relative redirects new d8ebecffb5 Rename base test so it is not treated as a class with actual tests The 2 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/02: Rename base test so it is not treated as a class with actual tests
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch cve-2023-41080 in repository https://gitbox.apache.org/repos/asf/tomcat.git commit d8ebecffb5c0a39977a7c47d1a4b8a8bee84476e Author: Mark Thomas AuthorDate: Tue Aug 22 12:21:59 2023 -0700 Rename base test so it is not treated as a class with actual tests --- ...etRequestParametersBase.java => ServletRequestParametersBaseTest.java} | 0 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/test/jakarta/servlet/TestServletRequestParametersBase.java b/test/jakarta/servlet/ServletRequestParametersBaseTest.java similarity index 100% rename from test/jakarta/servlet/TestServletRequestParametersBase.java rename to test/jakarta/servlet/ServletRequestParametersBaseTest.java - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/02: Avoid protocol relative redirects
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch cve-2023-41080
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit e3703c9abb8fe0d5602f6ba8a8f11d4b6940815a
Author: Mark Thomas
AuthorDate: Tue Aug 22 11:31:23 2023 -0700
Avoid protocol relative redirects
---
java/org/apache/catalina/authenticator/FormAuthenticator.java | 6 ++
webapps/docs/changelog.xml| 3 +++
2 files changed, 9 insertions(+)
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index 5487ec87a8..9dd5635ca8 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -742,6 +742,12 @@ public class FormAuthenticator extends AuthenticatorBase {
sb.append('?');
sb.append(saved.getQueryString());
}
+
+// Avoid protocol relative redirects
+while (sb.length() > 1 && sb.charAt(1) == '/') {
+sb.deleteCharAt(0);
+}
+
return sb.toString();
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index e4d3072d31..a45195dfc1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -125,6 +125,9 @@
exceptions. As a consequence, the FailedRequestFilter has
been removed. (markt)
+
+Avoid protocol relative redirects in FORM authentication. (markt)
+
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
Buildbot failure in on tomcat-11.0.x
Build status: BUILD FAILED: failed compile (failure) Worker used: bb_worker2_ubuntu URL: https://ci2.apache.org/#builders/112/builds/545 Blamelist: Mark Thomas Build Text: failed compile (failure) Status Detected: new failure Build Source Stamp: [branch main] 32b48cadc3a51b1770d76902901b3541a987ae41 Steps: worker_preparation: 0 git: 0 shell: 0 shell_1: 0 shell_2: 0 shell_3: 0 shell_4: 0 shell_5: 0 compile: 1 shell_6: 0 shell_7: 0 shell_8: 0 shell_9: 0 Rsync docs to nightlies.apache.org: 0 shell_10: 0 Rsync RAT to nightlies.apache.org: 0 compile_1: 2 shell_11: 0 Rsync Logs to nightlies.apache.org: 0 -- ASF Buildbot - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 07/08: Handle exception triggered by invalid parameters during access logging
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit d6f56761693b06632f4bdd27d7c3010e3665bfbc
Author: Mark Thomas
AuthorDate: Sun Aug 20 13:05:07 2023 +0100
Handle exception triggered by invalid parameters during access logging
---
java/org/apache/catalina/valves/ExtendedAccessLogValve.java | 8 +++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
index c9cba36f83..ad07cf6339 100644
--- a/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
+++ b/java/org/apache/catalina/valves/ExtendedAccessLogValve.java
@@ -361,7 +361,13 @@ public class ExtendedAccessLogValve extends AccessLogValve
{
@Override
public void addElement(CharArrayWriter buf, Date date, Request
request, Response response, long time) {
-buf.append(wrap(urlEncode(request.getParameter(parameter;
+String parameterValue;
+try {
+parameterValue = request.getParameter(parameter);
+} catch (IllegalStateException ise) {
+parameterValue = null;
+}
+buf.append(wrap(urlEncode(parameterValue)));
}
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 04/08: Remove Parameters.FailReason and associated plumbing
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit d701009958e1c2f16f10226f15a13268ae314a32 Author: Mark Thomas AuthorDate: Wed Aug 16 08:50:56 2023 +0100 Remove Parameters.FailReason and associated plumbing This includes removing the FailedRequestFilter --- conf/web.xml | 21 java/org/apache/catalina/Globals.java | 16 --- java/org/apache/catalina/connector/Request.java| 26 - .../catalina/filters/FailedRequestFilter.java | 109 - java/org/apache/tomcat/util/http/Parameters.java | 37 --- .../org/apache/catalina/connector/TestRequest.java | 39 +--- webapps/docs/config/ajp.xml| 15 ++- webapps/docs/config/filter.xml | 43 webapps/docs/config/http.xml | 15 ++- webapps/docs/security-howto.xml| 10 +- 10 files changed, 15 insertions(+), 316 deletions(-) diff --git a/conf/web.xml b/conf/web.xml index 9ec69cc66e..89942a9e39 100644 --- a/conf/web.xml +++ b/conf/web.xml @@ -517,19 +517,6 @@ --> - - - - - @@ -608,14 +595,6 @@ --> - - -
[tomcat] 05/08: Add a changelog entry
This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git commit 0befa0eb1b7feb9752d344902fe787489ef369c1 Author: Mark Thomas AuthorDate: Fri Aug 18 14:32:55 2023 +0100 Add a changelog entry --- webapps/docs/changelog.xml | 8 1 file changed, 8 insertions(+) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index bda9dc94dd..e4d3072d31 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -117,6 +117,14 @@ Update code comments and Tomcat output to use MiB for 1024 * 1024 bytes and KiB for 1024 bytes rather than MB and kB. (martk) + +Update the HTTP parameter handling to align with the changes in the +Jakarta Servlet 6.1 API Javadoc for the ServletRequest +methods used to obtain request parameters. Invalid parameters and/or +exceeding parameter size and/or quantity limits now trigger +exceptions. As a consequence, the FailedRequestFilter has +been removed. (markt) + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 01/08: With the changes to parameter error handling all parsing is explicit
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 3f8a229be8cbdd99e718b1b72b5f9c0ea1421c23
Author: Mark Thomas
AuthorDate: Tue Aug 15 19:54:02 2023 +0100
With the changes to parameter error handling all parsing is explicit
---
java/org/apache/catalina/connector/Request.java | 15 +--
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index a12fdb4226..9a6de071d5 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -2638,7 +2638,7 @@ public class Request implements HttpServletRequest {
@Override
public Collection getParts() throws IOException,
IllegalStateException, ServletException {
-parseParts(true);
+parseParts();
if (partsParseException != null) {
if (partsParseException instanceof IOException) {
@@ -2653,7 +2653,7 @@ public class Request implements HttpServletRequest {
return parts;
}
-private void parseParts(boolean explicit) {
+private void parseParts() {
// Return immediately if the parts have already been parsed
if (parts != null || partsParseException != null) {
@@ -2668,13 +2668,8 @@ public class Request implements HttpServletRequest {
mce = new MultipartConfigElement(null,
connector.getMaxPostSize(), connector.getMaxPostSize(),
connector.getMaxPostSize());
} else {
-if (explicit) {
-partsParseException = new
IllegalStateException(sm.getString("coyoteRequest.noMultipartConfig"));
-return;
-} else {
-parts = Collections.emptyList();
-return;
-}
+partsParseException = new
IllegalStateException(sm.getString("coyoteRequest.noMultipartConfig"));
+return;
}
}
@@ -3061,7 +3056,7 @@ public class Request implements HttpServletRequest {
}
if ("multipart/form-data".equals(contentType)) {
-parseParts(false);
+parseParts();
success = true;
return;
}
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 03/08: Remove unused strings
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 7c4e89fc00cd4d377133430f68c16bea11bc16bd
Author: Mark Thomas
AuthorDate: Wed Aug 16 08:42:36 2023 +0100
Remove unused strings
---
.../org/apache/tomcat/util/http/LocalStrings.properties | 5 -
.../apache/tomcat/util/http/LocalStrings_cs.properties | 4
.../apache/tomcat/util/http/LocalStrings_de.properties | 4
.../apache/tomcat/util/http/LocalStrings_es.properties | 4
.../apache/tomcat/util/http/LocalStrings_fr.properties | 5 -
.../apache/tomcat/util/http/LocalStrings_ja.properties | 5 -
.../apache/tomcat/util/http/LocalStrings_ko.properties | 5 -
.../tomcat/util/http/LocalStrings_pt_BR.properties | 17 -
.../tomcat/util/http/LocalStrings_zh_CN.properties | 5 -
9 files changed, 54 deletions(-)
diff --git a/java/org/apache/tomcat/util/http/LocalStrings.properties
b/java/org/apache/tomcat/util/http/LocalStrings.properties
index 43307a8893..292706984a 100644
--- a/java/org/apache/tomcat/util/http/LocalStrings.properties
+++ b/java/org/apache/tomcat/util/http/LocalStrings.properties
@@ -27,13 +27,8 @@ parameters.copyFail=Failed to create copy of original
parameter values for debug
parameters.decodeFail.debug=Character decoding failed. Parameter [{0}] with
value [{1}] has been ignored.
parameters.decodeFail.info=Character decoding failed. Parameter [{0}] with
value [{1}] has been ignored. Note that the name and value quoted here may be
corrupted due to the failed decoding. Use debug level logging to see the
original, non-corrupted values.
parameters.emptyChunk=Empty parameter chunk ignored
-parameters.fallToDebug=\n\
-\ Note: further occurrences of Parameter errors will be logged at DEBUG level.
parameters.invalidChunk=Invalid chunk starting at byte [{0}] and ending at
byte [{1}] with a value of [{2}] ignored
parameters.maxCountFail=More than the maximum number of request parameters
(GET plus POST) for a single request ([{0}]) were detected. Any parameters
beyond this limit have been ignored. To change this limit, set the
maxParameterCount attribute on the Connector.
-parameters.maxCountFail.fallToDebug=\n\
-\ Note: further occurrences of this error will be logged at DEBUG level.
-parameters.multipleDecodingFail=Character decoding failed. A total of [{0}]
failures were detected but only the first was logged. Enable debug level
logging for this logger to log all failures.
parameters.noequal=Parameter starting at position [{0}] and ending at position
[{1}] with a value of [{2}] was not followed by an ''='' character
rfc6265CookieProcessor.invalidAttributeName=An invalid attribute name [{0}]
was specified for this cookie
diff --git a/java/org/apache/tomcat/util/http/LocalStrings_cs.properties
b/java/org/apache/tomcat/util/http/LocalStrings_cs.properties
index a2cfdc6f94..551eb9155d 100644
--- a/java/org/apache/tomcat/util/http/LocalStrings_cs.properties
+++ b/java/org/apache/tomcat/util/http/LocalStrings_cs.properties
@@ -19,9 +19,5 @@ cookies.invalidCookieToken=Cookies: neplatné cookie. Hodnota
není znak nebo ci
parameters.copyFail=Vytvoření kopie původních hodnot parametrů pro účely DEBUG
logování selhalo
parameters.decodeFail.debug=Dekódování znaku selhalo. Parametr [{0}] s
hodnotou [{1}] byl ignorován.
-parameters.fallToDebug=\n\
-\ Poznámka: další výskyty chyb parametrů budou zalogovány v DEBUG úrovni.
-parameters.maxCountFail.fallToDebug=\n\
-\ Poznámka: další výskyty této chyby budou zalogovány v úrovni DEBUG.
rfc6265CookieProcessor.invalidPath=Byla specifikována neplatná cesta [{0}] pro
toto cookie
diff --git a/java/org/apache/tomcat/util/http/LocalStrings_de.properties
b/java/org/apache/tomcat/util/http/LocalStrings_de.properties
index 22e8b604fb..b3e8a0da51 100644
--- a/java/org/apache/tomcat/util/http/LocalStrings_de.properties
+++ b/java/org/apache/tomcat/util/http/LocalStrings_de.properties
@@ -19,9 +19,5 @@ cookies.invalidSameSiteCookies=Unbekannte Einstellung [{0}],
Sollte einer der We
parameters.bytes=Starte Verarbeitung mit Eingabe [{0}]
parameters.copyFail=Konnte keine Kopie der Originalwerte der Parameter für
Debug-Ausgaben erzeugen
parameters.decodeFail.debug=Zeichen-Dekodierung fehlgeschlagen. Parameter
[{0}] mit Wert [{1}] wurde ignoriert
-parameters.fallToDebug=\n\
-\ Beachte: weitere Vorkommen von Parameter Fehlern werden im DEBUG Level
geloggt.
-parameters.maxCountFail.fallToDebug=\n\
-\ Hinweis: weitere Vorkommen dieses Fehlers werden im DEBUG-Level
protokolliert.
rfc6265CookieProcessor.invalidPath=Ein ungültiger Pfad [{0}] ist für das
Cookie spezifiziert
diff --git a/java/org/apache/tomcat/util/http/LocalStrings_es.properties
b/java/org/apache/tomcat/util/http/LocalStrings_es.properties
index cb51d9fae0..2749ea9254 100644
---
[tomcat] 06/08: Add tests for changes in parameter handling
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit b19862c87b3a3c163cda60ff839f59297d438983
Author: Mark Thomas
AuthorDate: Fri Aug 18 15:58:44 2023 +0100
Add tests for changes in parameter handling
---
.../servlet/TestServletRequestParameters.java | 63 ++
.../servlet/TestServletRequestParametersBase.java | 90 ++
...TestServletRequestParametersFormUrlEncoded.java | 104
...stServletRequestParametersMultipartEncoded.java | 131 +
.../TestServletRequestParametersQueryString.java | 112 ++
5 files changed, 500 insertions(+)
diff --git a/test/jakarta/servlet/TestServletRequestParameters.java
b/test/jakarta/servlet/TestServletRequestParameters.java
new file mode 100644
index 00..1f50f4e5dd
--- /dev/null
+++ b/test/jakarta/servlet/TestServletRequestParameters.java
@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package jakarta.servlet;
+
+import java.nio.charset.StandardCharsets;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import static org.apache.catalina.startup.SimpleHttpClient.CRLF;
+import org.apache.catalina.core.StandardContext;
+import org.apache.catalina.startup.Tomcat;
+
+public class TestServletRequestParameters extends
TestServletRequestParametersBase {
+
+@Test
+public void testClientDisconnect() throws Exception {
+
+Tomcat tomcat = getTomcatInstance();
+
+tomcat.getConnector().setMaxPostSize(20);
+
Assert.assertTrue(tomcat.getConnector().setProperty("connectionTimeout",
"1000"));
+
+// No file system docBase required
+StandardContext ctx = (StandardContext) tomcat.addContext("", null);
+
+// Map the test Servlet
+ParameterParsingServlet parameterParsingServlet = new
ParameterParsingServlet();
+Tomcat.addServlet(ctx, "parameterParsingServlet",
parameterParsingServlet);
+ctx.addServletMappingDecoded("/", "parameterParsingServlet");
+
+tomcat.start();
+
+TestParameterClient client = new TestParameterClient();
+client.setPort(getPort());
+client.setRequest(new String[] { "POST / HTTP/1.1" + CRLF + "Host:
localhost:" + getPort() + CRLF +
+"Connection: close" + CRLF + "Transfer-Encoding: chunked" +
CRLF +
+"Content-Type: application/x-www-form-urlencoded" + CRLF +
CRLF + "0a" + CRLF + "var1=val1&" + CRLF });
+
+client.setResponseBodyEncoding(StandardCharsets.UTF_8);
+client.connect();
+// Incomplete request will look timeout reading body and behave like a
client disconnect
+client.processRequest();
+
+// Connection should be closed by the server.
+//readLine() will receive an EOF reading the status line resuting in a
null
+Assert.assertNull(client.getResponseLine());
+}
+}
diff --git a/test/jakarta/servlet/TestServletRequestParametersBase.java
b/test/jakarta/servlet/TestServletRequestParametersBase.java
new file mode 100644
index 00..fce787175e
--- /dev/null
+++ b/test/jakarta/servlet/TestServletRequestParametersBase.java
@@ -0,0 +1,90 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package jakarta.servlet;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.nio.charset.StandardCharsets;
+import
[tomcat] 08/08: Review getParameterXXX() - invalid parameters + debug should not fail
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 32b48cadc3a51b1770d76902901b3541a987ae41
Author: Mark Thomas
AuthorDate: Sun Aug 20 16:37:20 2023 -0700
Review getParameterXXX() - invalid parameters + debug should not fail
---
.../catalina/filters/RequestDumperFilter.java | 26 +-
java/org/apache/catalina/servlets/CGIServlet.java | 15 -
2 files changed, 25 insertions(+), 16 deletions(-)
diff --git a/java/org/apache/catalina/filters/RequestDumperFilter.java
b/java/org/apache/catalina/filters/RequestDumperFilter.java
index fc76581a4d..28d6395c57 100644
--- a/java/org/apache/catalina/filters/RequestDumperFilter.java
+++ b/java/org/apache/catalina/filters/RequestDumperFilter.java
@@ -134,19 +134,23 @@ public class RequestDumperFilter extends GenericFilter {
doLog("method", hRequest.getMethod());
}
-Enumeration pnames = request.getParameterNames();
-while (pnames.hasMoreElements()) {
-String pname = pnames.nextElement();
-String pvalues[] = request.getParameterValues(pname);
-StringBuilder result = new StringBuilder(pname);
-result.append('=');
-for (int i = 0; i < pvalues.length; i++) {
-if (i > 0) {
-result.append(", ");
+try {
+Enumeration pnames = request.getParameterNames();
+while (pnames.hasMoreElements()) {
+String pname = pnames.nextElement();
+String pvalues[] = request.getParameterValues(pname);
+StringBuilder result = new StringBuilder(pname);
+result.append('=');
+for (int i = 0; i < pvalues.length; i++) {
+if (i > 0) {
+result.append(", ");
+}
+result.append(pvalues[i]);
}
-result.append(pvalues[i]);
+doLog(" parameter", result.toString());
}
-doLog(" parameter", result.toString());
+} catch (IllegalStateException ise) {
+doLog("parameters", "Invalid request parameters");
}
if (hRequest == null) {
diff --git a/java/org/apache/catalina/servlets/CGIServlet.java
b/java/org/apache/catalina/servlets/CGIServlet.java
index e1cda7bb97..c4c967fd36 100644
--- a/java/org/apache/catalina/servlets/CGIServlet.java
+++ b/java/org/apache/catalina/servlets/CGIServlet.java
@@ -470,12 +470,17 @@ public final class CGIServlet extends HttpServlet {
Locale locale = locales.nextElement();
log.trace("Locale: [" +locale + "]");
}
-Enumeration params = req.getParameterNames();
-while (params.hasMoreElements()) {
-String param = params.nextElement();
-for (String value : req.getParameterValues(param)) {
-log.trace("Request Parameter: " + param + ": [" + value +
"]");
+Enumeration params;
+try {
+params = req.getParameterNames();
+while (params.hasMoreElements()) {
+String param = params.nextElement();
+for (String value : req.getParameterValues(param)) {
+log.trace("Request Parameter: " + param + ": [" + value +
"]");
+}
}
+} catch (IllegalStateException ise) {
+log.trace("Request Parameters: [Invalid]");
}
log.trace("Protocol: [" + req.getProtocol() + "]");
log.trace("Remote Address: [" + req.getRemoteAddr() + "]");
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
[tomcat] 02/08: Implement parameter error handling changes
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
commit 6f181e1062a472bc5f0234980f66cbde42c1041b
Author: Mark Thomas
AuthorDate: Tue Aug 15 20:32:15 2023 +0100
Implement parameter error handling changes
---
java/org/apache/catalina/connector/Request.java| 459 ++---
.../apache/catalina/core/StandardWrapperValve.java | 14 +-
.../util/http/InvalidParameterException.java | 98 +
java/org/apache/tomcat/util/http/Parameters.java | 132 ++
.../apache/tomcat/util/http/TestParameters.java| 18 +-
5 files changed, 367 insertions(+), 354 deletions(-)
diff --git a/java/org/apache/catalina/connector/Request.java
b/java/org/apache/catalina/connector/Request.java
index 9a6de071d5..869cae087d 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -103,8 +103,8 @@ import org.apache.tomcat.util.buf.StringUtils;
import org.apache.tomcat.util.buf.UDecoder;
import org.apache.tomcat.util.http.CookieProcessor;
import org.apache.tomcat.util.http.FastHttpDateFormat;
+import org.apache.tomcat.util.http.InvalidParameterException;
import org.apache.tomcat.util.http.Parameters;
-import org.apache.tomcat.util.http.Parameters.FailReason;
import org.apache.tomcat.util.http.Rfc6265CookieProcessor;
import org.apache.tomcat.util.http.ServerCookie;
import org.apache.tomcat.util.http.ServerCookies;
@@ -303,6 +303,12 @@ public class Request implements HttpServletRequest {
protected ParameterMap parameterMap = new
ParameterMap<>();
+/**
+ * The exception thrown, if any when parsing the parameters including
parts.
+ */
+protected IllegalStateException parametersParseException = null;
+
+
/**
* The parts, if any, uploaded with this request.
*/
@@ -445,6 +451,7 @@ public class Request implements HttpServletRequest {
}
parts = null;
}
+parametersParseException = null;
partsParseException = null;
locales.clear();
localesParsed = false;
@@ -1061,30 +1068,13 @@ public class Request implements HttpServletRequest {
}
-/**
- * @return the value of the specified request parameter, if any;
otherwise, return null. If there is
- * more than one value defined, return only the first one.
- *
- * @param name Name of the desired request parameter
- */
@Override
public String getParameter(String name) {
-
-if (!parametersParsed) {
-parseParameters();
-}
-
+parseParameters();
return coyoteRequest.getParameters().getParameter(name);
-
}
-/**
- * Returns a Map of the parameters of this request. Request
parameters are extra information sent with
- * the request. For HTTP servlets, parameters are contained in the query
string or posted form data.
- *
- * @return A Map containing parameter names as keys and
parameter values as map values.
- */
@Override
public Map getParameterMap() {
@@ -1102,39 +1092,20 @@ public class Request implements HttpServletRequest {
parameterMap.setLocked(true);
return parameterMap;
-
}
-/**
- * @return the names of all defined request parameters for this request.
- */
@Override
public Enumeration getParameterNames() {
-
-if (!parametersParsed) {
-parseParameters();
-}
-
+parseParameters();
return coyoteRequest.getParameters().getParameterNames();
-
}
-/**
- * @return the defined values for the specified request parameter, if any;
otherwise, return null.
- *
- * @param name Name of the desired request parameter
- */
@Override
public String[] getParameterValues(String name) {
-
-if (!parametersParsed) {
-parseParameters();
-}
-
+parseParameters();
return coyoteRequest.getParameters().getParameterValues(name);
-
}
@@ -2635,6 +2606,7 @@ public class Request implements HttpServletRequest {
getContext().getAuthenticator().logout(this);
}
+
@Override
public Collection getParts() throws IOException,
IllegalStateException, ServletException {
@@ -2653,6 +2625,7 @@ public class Request implements HttpServletRequest {
return parts;
}
+
private void parseParts() {
// Return immediately if the parts have already been parsed
@@ -2677,119 +2650,103 @@ public class Request implements HttpServletRequest {
Parameters parameters = coyoteRequest.getParameters();
parameters.setLimit(maxParameterCount);
-boolean success = false;
-try {
-File location;
-String locationStr = mce.getLocation();
-if (locationStr == null || locationStr.length() == 0) {
-
[tomcat] branch main updated (b55774b615 -> 32b48cadc3)
This is an automated email from the ASF dual-hosted git repository. markt pushed a change to branch main in repository https://gitbox.apache.org/repos/asf/tomcat.git from b55774b615 Fix formatting. There should be a space between number and unit. new 3f8a229be8 With the changes to parameter error handling all parsing is explicit new 6f181e1062 Implement parameter error handling changes new 7c4e89fc00 Remove unused strings new d701009958 Remove Parameters.FailReason and associated plumbing new 0befa0eb1b Add a changelog entry new b19862c87b Add tests for changes in parameter handling new d6f5676169 Handle exception triggered by invalid parameters during access logging new 32b48cadc3 Review getParameterXXX() - invalid parameters + debug should not fail The 8 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: conf/web.xml | 21 - java/org/apache/catalina/Globals.java | 16 - java/org/apache/catalina/connector/Request.java| 498 + .../apache/catalina/core/StandardWrapperValve.java | 14 +- .../catalina/filters/FailedRequestFilter.java | 109 - .../catalina/filters/RequestDumperFilter.java | 26 +- java/org/apache/catalina/servlets/CGIServlet.java | 15 +- .../catalina/valves/ExtendedAccessLogValve.java| 8 +- .../util/http/InvalidParameterException.java | 98 .../tomcat/util/http/LocalStrings.properties | 5 - .../tomcat/util/http/LocalStrings_cs.properties| 4 - .../tomcat/util/http/LocalStrings_de.properties| 4 - .../tomcat/util/http/LocalStrings_es.properties| 4 - .../tomcat/util/http/LocalStrings_fr.properties| 5 - .../tomcat/util/http/LocalStrings_ja.properties| 5 - .../tomcat/util/http/LocalStrings_ko.properties| 5 - .../tomcat/util/http/LocalStrings_pt_BR.properties | 17 - .../tomcat/util/http/LocalStrings_zh_CN.properties | 5 - java/org/apache/tomcat/util/http/Parameters.java | 169 ++- .../servlet/TestServletRequestParameters.java | 63 +++ .../servlet/TestServletRequestParametersBase.java | 90 ...TestServletRequestParametersFormUrlEncoded.java | 104 + ...stServletRequestParametersMultipartEncoded.java | 131 ++ .../TestServletRequestParametersQueryString.java | 112 + .../org/apache/catalina/connector/TestRequest.java | 39 +- .../apache/tomcat/util/http/TestParameters.java| 18 +- webapps/docs/changelog.xml | 8 + webapps/docs/config/ajp.xml| 15 +- webapps/docs/config/filter.xml | 43 -- webapps/docs/config/http.xml | 15 +- webapps/docs/security-howto.xml| 10 +- 31 files changed, 926 insertions(+), 750 deletions(-) delete mode 100644 java/org/apache/catalina/filters/FailedRequestFilter.java create mode 100644 java/org/apache/tomcat/util/http/InvalidParameterException.java delete mode 100644 java/org/apache/tomcat/util/http/LocalStrings_pt_BR.properties create mode 100644 test/jakarta/servlet/TestServletRequestParameters.java create mode 100644 test/jakarta/servlet/TestServletRequestParametersBase.java create mode 100644 test/jakarta/servlet/TestServletRequestParametersFormUrlEncoded.java create mode 100644 test/jakarta/servlet/TestServletRequestParametersMultipartEncoded.java create mode 100644 test/jakarta/servlet/TestServletRequestParametersQueryString.java - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] markt-asf merged pull request #646: Parameter error handling
markt-asf merged PR #646: URL: https://github.com/apache/tomcat/pull/646 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[GitHub] [tomcat] markt-asf commented on pull request #647: Replaced synchronized with StampedLock
markt-asf commented on PR #647: URL: https://github.com/apache/tomcat/pull/647#issuecomment-1688571304 What is the justification for this change? Synchronization is not automatically an issue for virtual threads. I'm not seeing anything in this code that would be unfriendly to virtual threads. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
JDK 21 Release Candidates & JVM Language Summit
Greetings! JDK 21 is now in the Release Candidate Phase so everything is on track for the Java 21 GA release on September 19th! If you haven't done so, please start testing your project(s) using JDK 22 Early-Access builds and let us know the results. In other news, the JVM Language Summit took place a few days ago in Santa Clara (California). During this unique gathering of Java architects and OpenJDK developers, key updates were shared and discussed, ex. where Valhalla stands today, the new Class-File API, an update on Leyden and Valhalla, Project Panama, the challenges of Virtual Threads, continuation internals, etc. We have started to publish the JVMLS 2023 videos so make sure to keep an eye on this evolving JVMLS playlist [1] to understand where the Java platform is heading to. ## JDK 21 Early-Access Builds Per the JDK 21 schedule [2], we are now in the Release-Candidate Phase. The overall feature set [3] is frozen, no further JEPs will be targeted to this release. ### JEPs integrated to JDK 21: - 430: String Templates (Preview) - 431: Sequenced Collections - 439: Generational ZGC - 440: Record Patterns - 441: Pattern Matching for switch - 442: Foreign Function & Memory API (3rd Preview) - 443: Unnamed Patterns and Variables (Preview) - 444: Virtual Threads - 445: Unnamed Classes and Instance Main Methods (Preview) - 446: Scoped Values (Preview) - 448: Vector API (6th Incubator) - 449: Deprecate the Windows 32-bit x86 Port for Removal - 451: Prepare to Disallow the Dynamic Loading of Agents - 452: Key Encapsulation Mechanism API - 453: Structured Concurrency (Preview) The first JDK 21 Release Candidate builds (builds 35) are available [4]. Those builds are provided under the GNU General Public License v2, with the Classpath Exception. The Release Notes [5] and the Javadocs [6] are also available. [1] https://www.youtube.com/playlist?list=PLX8CzqL3ArzW90jKUCf4H6xCKpStxsOzp [2] https://openjdk.org/projects/jdk/21/#Schedule [3] https://openjdk.org/projects/jdk/21/#Features [4] https://jdk.java.net/21/ [5] https://jdk.java.net/21/release-notes [6] https://download.java.net/java/early_access/jdk21/docs/api/ ## JDK 22 Early-Access Builds The latest Early-Access builds 11 are available [7], and are provided under the GNU General Public License v2, with the Classpath Exception. The Release Notes are available here [8]. ### Changes in recent JDK 22 builds (b8-b11) that may be of interest: Note that this is only a curated list of changes, make sure to check [9] for additional changes. - JDK-8314209: Wrong @since tag for RandomGenerator::equiDoubles [Reported by JaCoCo] - JDK-8312489: Increase Default Value of the System Property jdk.jar.maxSignatureFileSize - JDK-8312433: HttpClient request fails due to connection being considered … - JDK-8313307: java/util/Formatter/Padding.java fails on some Locales - JDK-8312821: Javac accepts char literal as template - JDK-8313251: Add NativeLibraryLoad event - JDK-8313809: String template fails with java.lang.StringIndexOutOfBoundsE… - JDK-8312984: javac may crash on a record pattern with too few components - JDK-8310033: Clarify return value of Java Time compareTo methods - JDK-8302017: Allocate BadPaddingException only if it will be thrown - JDK-8310913: Move ReferencedKeyMap to jdk.internal so it may be shared - JDK-8313251: Add NativeLibraryLoad event to provide more detail about shared lib/dll loads - JDK-8311653: Modify -XshowSettings launcher behavior - JDK-8306441: Two phase segmented heap dump - JDK-8311981: JVM May Hang When Using Generational ZGC if a VM Handshake Stalls on Memory - JDK-8308850: Change JVM options with small ranges that get -Wconversion warnings to 32 bits [7] https://jdk.java.net/22/ [8] https://jdk.java.net/22/release-notes [9] https://github.com/openjdk/jdk/compare/jdk-22%2B8...jdk-22%2B11 ## JavaFX 21 & 22 Early-Access Builds These are early-access builds of the JavaFX Runtime, built from openjdk/jfx [10]. They allow JavaFX application developers to build and test their applications with JavaFX 21 or 22 on the latest JDK. The latest builds 29 (2023/8/7) of JavaFX 21 are now available [11]. The early-access builds 5 (2023/8/18) of the JavaFX 22 Runtime which is designed to work with JDK 22 are also available [12]. These early-access builds are provided under the GNU General Public License, version 2, with the Classpath Exception. Please send the feedback on the openjfx-dev mailing list [13]. [10] https://github.com/openjdk/jfx [11] https://jdk.java.net/javafx21/ [12] https://jdk.java.net/javafx22/ [13] http://mail.openjdk.org/mailman/listinfo/openjfx-dev ## Topics of Interest: JDK 21: G1/Parallel/Serial GC improvements https://tschatzl.github.io/2023/08/04/jdk21-g1-parallel-gc-changes.html To Java 21 and Beyond! https://inside.java/2023/08/08/to-java21-and-beyond/ Strengthen your Java App's Defenses with Key Encapsulation Mechanism API https://inside.java/2023/08/03/newscast-54/ JVMLS
[GitHub] [tomcat] michael-o commented on a diff in pull request #646: Parameter error handling
michael-o commented on code in PR #646:
URL: https://github.com/apache/tomcat/pull/646#discussion_r1301062237
##
java/org/apache/tomcat/util/http/InvalidParameterException.java:
##
@@ -0,0 +1,98 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.tomcat.util.http;
+
+import jakarta.servlet.http.HttpServletResponse;
+
+/**
+ * Extend {@link IllegalStateException} to identify the cause as an invalid
parameter.
+ *
+ * Implementation note: This class extends {@link IllegalStateException}
since that is the class that the Servlet 6.1
+ * onwards Javadocs define is thrown by the various {@code
ServletRequest.getParameterXXX()} methods.
+ */
+public class InvalidParameterException extends IllegalStateException {
+
+private static final long serialVersionUID = 1L;
+
+private final int errorCode;
+
+
+/**
+ * Construct a new exception with the given message.
+ *
+ * @param message The message to use for the exception
+ */
+public InvalidParameterException(String message) {
+this(message, HttpServletResponse.SC_BAD_REQUEST);
+}
+
+
+/**
+ * Construct a new exception with the given message and error code.
+ *
+ * @param message The message to use for the exception
+ * @param errorCode The HTTP status code to use when reporting this error.
Expected to be >= 400.
+ */
+public InvalidParameterException(String message, int errorCode) {
+this(message, null, errorCode);
+}
+
+
+/**
+ * Construct a new exception with the given message and cause.
+ *
+ * @param message The message to use for the exception
+ * @param cause The exception to use as the cause of this exception
+ */
+public InvalidParameterException(String message, Throwable cause) {
+this(message, cause, HttpServletResponse.SC_BAD_REQUEST);
+}
+
+
+/**
+ * Construct a new exception with the given cause. The message for this
exception will be generated by calling
+ * {@code cause.toString()}.
+ *
+ * @param cause The exception to use as the cause of this exception
+ */
+public InvalidParameterException(Throwable cause) {
+this(cause.toString(), cause, HttpServletResponse.SC_BAD_REQUEST);
Review Comment:
Accepted.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
