Re: ServiceBindingPropertySource

2024-05-22 Thread Felix Schumacher 


Am 21.05.24 um 19:50 schrieb Christopher Schultz:

All,

I've been playing with this PropertySource and I'm wondering if it 
could be improved a little.


First of all, it uses an environment variable SERVICE_BINDING_ROOT 
which is in line with the service binding standard which is documented 
https://servicebinding.io/. Environment variables are a little icky in 
Java, so I'd like to do one or more of the following:


1. Allow ServiceBindingPropertySource to use the SERVICE_BINDING_ROOT 
environment variable *or* a system property with an appropriate name 
such as service.binding.root, with the system property overriding the 
environment variable.


This will allow software to use e.g. catalina.properties to define 
service.binding.root instead of using an environment variable which 
may be awkward in certain environments.


2. Have ServiceBindingPropertySource fall-back to system property 
resolution if no matching file is found. Maybe we should do this with 
all PropertySource classes provided by Tomcat?


3. If the SERVICE_BINDING_ROOT environment variable is being used, 
copy its value into a system property. This will allow application 
software or Tomcat itself to use the file reference as necessary. For 
example:



  certificateKeyFile="${service.binding.root}/myapp/cert.key"

certificateFile="${service.binding.root}/myapp/cert.crt"
    ...
  


Without this capability, the application must:


  

Why would you have to do this? Could not you use 
"${path-to-cert-dir}/cert.key"? Where path-to-cert-dir is some sensible 
name and the value contains (surprise) the path to the directory in 
which cert and key are living happily together.


Apart from that, as Remy pointed out, kubernetes people have no problem 
with env variables.


Felix




The values passed-into the certificateKeyFile must point to files on 
the disk which themselves point to ANOTHER file. So you need two files 
where one will do, plus the file-on-the-disk needs to know its own 
path so it can point to the OTHER file which actually contains the 
key/cert bytes.


Does anyone have any comments on the above?

-chris

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 8.5.99

2024-02-16 Thread Felix Schumacher 


Am 15.02.24 um 00:10 schrieb Christopher Schultz:

The proposed Apache Tomcat 8.5.99 release is now available for voting.

The notable changes compared to 8.5.99 are:

- Add improvements to the CSRF prevention filter including the ability
  to skip adding nonces for resource name and subtree URL patterns.

- Add support for user provided SSLContext instances configured on
  SSLHostConfigCertificate instances. Based on pull request #673
  provided by Hakan Altındağ.

- Review usage of debug logging and downgrade trace or data dumping
  operations from debug level to trace.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.99/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1483

The tag is:
https://github.com/apache/tomcat/tree/8.5.99/
fe841cca81f15355ed4096c5c155f0ceb49a05da

The proposed 8.5.99 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 8.5.99 (stable)


+1 for Stable

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 9.0.86

2024-02-16 Thread Felix Schumacher 


Am 14.02.24 um 09:53 schrieb Rémy Maucherat:

The proposed Apache Tomcat 9.0.86 release is now available for voting.

The notable changes compared to 9.0.85 are:

- Add improvements to the CSRF prevention filter including the ability
to skip adding nonces for resource name and subtree URL patterns.

- Add support for user provided SSLContext instances configured on
SSLHostConfigCertificate instances. Based on pull request #673
provided by Hakan Altındağ.

- Review usage of debug logging and downgrade trace or data dumping
operations from debug level to trace.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.86/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1481
The tag is:
https://github.com/apache/tomcat/tree/9.0.86
542c35ae834fb29616b184a0e4276a5b7f8542de

The proposed 9.0.86 release is:
[ ] -1, Broken - do not release
[x] +1, Stable - go ahead and release as 9.0.86


+1 for Stable

Felix



Rémy

-
To unsubscribe, e-mail:dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail:dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 10.1.19

2024-02-16 Thread Felix Schumacher 


Am 14.02.24 um 23:43 schrieb Christopher Schultz:

The proposed Apache Tomcat 10.1.19 release is now available for
voting.

The notable changes compared to 10.1.18 are:

- Add improvements to the CSRF prevention filter including the ability
  to skip adding nonces for resource name and subtree URL patterns.

- Add support for user provided SSLContext instances configured on
  SSLHostConfigCertificate instances. Based on pull request #673
  provided by Hakan Altındağ.

- Review usage of debug logging and downgrade trace or data dumping
  operations from debug level to trace.

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 
10 without changes. Java EE applications designed for Tomcat 9 and 
earlier may be placed in the $CATALINA_BASE/webapps-javaee directory 
and Tomcat will automatically convert them to Jakarta EE and copy them 
to the webapps directory.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.19/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1482

The tag is:
https://github.com/apache/tomcat/tree/10.1.19
9287d3342f12d20cbdb66c11228b0f80a40a43a0

The proposed 10.1.19 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 10.1.19


+1 for Stable

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 11.0.0-M17

2024-02-16 Thread Felix Schumacher 


Am 13.02.24 um 23:50 schrieb Mark Thomas:

The proposed Apache Tomcat 11.0.0-M17 release is now available for
voting.

Apache Tomcat 11.0.0-M17 is a milestone release of the 11.0.x branch 
and has been made to provide users with early access to the new 
features in Apache Tomcat 11.0.x so that they may provide feedback. 
The notable changes compared to the previous milestone include:


- Add improvements to the CSRF prevention filter including the ability
  to skip adding nonces for resource name and subtree URL patterns.

- Add support for user provided SSLContext instances configured on
  SSLHostConfigCertificate instances. Based on pull request #673
  provided by Hakan Altındağ.

- Review usage of debug logging and downgrade trace or data dumping
  operations from debug level to trace.

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 
11 without changes. Java EE applications designed for Tomcat 9 and 
earlier may be placed in the $CATALINA_BASE/webapps-javaee directory 
and Tomcat will automatically convert them to Jakarta EE and copy them 
to the webapps directory. Applications using deprecated APIs may 
require further changes.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M17/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1480

The tag is:
https://github.com/apache/tomcat/tree/11.0.0-M17
110bc36637569f7e9d191d21ac8600a8667cfc94


The proposed 11.0.0-M17 release is:
[ ] -1 Broken - do not release
[x] +1 Alpha  - go ahead and release as 11.0.0-M17


+1 for Alpha

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: Multiple PRs for 'super tomcat'

2024-02-15 Thread Felix Schumacher 



Am 15. Februar 2024 04:46:23 MEZ schrieb Mark Thomas :
>All,
>
>The spate of PRs (nearly) all at the same time, all with (nearly) the same 
>title and all with (nearly) the same apology appear to be linked.
>
>I don't know what is going on but I have a very hard time believing that they 
>were all accidental. It looks very much like deliberate, coordinated activity 
>to me.
>
>The question is what do we do about it. Do we
>- ignore it
>- add a comment to the PR that we view it as abusive and that
>  - any further on the PR will be reported to GitHub as abuse
>  - any further behaviour of this nature from this user will reported to
>GitHub as abuse
>  - anyone reported to GitHub for abuse *will* be permanently banned
>from contributing to all ASF repositories
>- report them (and ban them) for abuse now
>
>I suspect some training course is using Tomcat to send dummy PRs. As such I'm 
>leaning to the second option as it should send a clear message that such use 
>is not acceptable.

That is probably true, so a comment on the PR(s?) might help to reduce such 
garbage being produced in the future.

I wonder, why we got the apology comments at all. Did anyone send private mails 
to them?

Felix

>
>Thoughts?
>
>Mark
>
>-
>To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 68474] New: Expertize

2024-01-13 Thread Felix Schumacher 

Disabled the idiot and deleted the entry

Felix

Am 13.01.24 um 07:18 schrieb bugzi...@apache.org:

https://bz.apache.org/bugzilla/show_bug.cgi?id=68474

 Bug ID: 68474
Summary: Expertize
Product: Tomcat 8
Version: 8.0.0-RC1
   Hardware: PC
 Status: NEW
   Severity: normal
   Priority: P2
  Component: Documentation
   Assignee:dev@tomcat.apache.org
   Reporter: expertize.sverige@gma...
   Target Milestone: 

Created attachment 39516
   -->https://bz.apache.org/bugzilla/attachment.cgi?id=39516=edit
Expertize



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: [Bug 68000] New: rtttt

2023-10-28 Thread Felix Schumacher 

This idiot has been banned from bugzilla and those entries will be deleted.

Felix

Am 28.10.23 um 21:05 schrieb bugzi...@apache.org:

https://bz.apache.org/bugzilla/show_bug.cgi?id=68000

 Bug ID: 68000
Summary: r
Product: Tomcat Modules
Version: unspecified
   Hardware: PC
 Status: NEW
   Severity: normal
   Priority: P2
  Component: jdbc-pool



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature.asc
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 9.0.82

2023-10-11 Thread Felix Schumacher 



Am 11.10.23 um 15:38 schrieb Rémy Maucherat:

The proposed Apache Tomcat 9.0.82 release is now available for voting.

The notable changes compared to 9.0.81 are:

- Correct a regression in 9.0.81 that broke the Tomcat JBDC
connection pool

- Correct a regression in 9.0.81 that broke HTTP compression

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.82/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1461
The tag is:
https://github.com/apache/tomcat/tree/9.0.82
e3b341d78d8db0f74d8989412eb28cdc39b2c251

The proposed 9.0.82 release is:
[ ] -1, Broken - do not release
[x] +1, Stable - go ahead and release as 9.0.82


Tests pass

Regards

 Felix



Rémy

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 11.0.0-M13

2023-10-11 Thread Felix Schumacher 



Am 11.10.23 um 15:24 schrieb Mark Thomas:

The proposed Apache Tomcat 11.0.0-M13 release is now available for
voting.

Apache Tomcat 11.0.0-M13 is a milestone release of the 11.0.x branch 
and has been made to provide users with early access to the new 
features in Apache Tomcat 11.0.x so that they may provide feedback. 
The notable changes compared to the previous milestone include:


- Correct a regression in 11.0.0-M12 that broke the Tomcat JBDC
  connection pool

- Correct a regression in 11.0.0-M12 that broke HTTP compression

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 
11 without changes. Java EE applications designed for Tomcat 9 and 
earlier may be placed in the $CATALINA_BASE/webapps-javaee directory 
and Tomcat will automatically convert them to Jakarta EE and copy them 
to the webapps directory. Applications using deprecated APIs may 
require further changes.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M13/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1460

The tag is:
https://github.com/apache/tomcat/tree/11.0.0-M13
de45b3f200602b98cde70debe7f656bef0bb5fa2


The proposed 11.0.0-M13 release is:
[ ] -1 Broken - do not release
[x] +1 Alpha  - go ahead and release as 11.0.0-M13


Tests pass

Regards

 Felix




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: JNDIRealm not retrying connections on NamingException

2023-07-20 Thread Felix Schumacher 


Am 20.07.23 um 11:40 schrieb Rémy Maucherat:

On Thu, Jul 20, 2023 at 11:11 AM Felix Schumacher
  wrote:

Hi all,

at work, we have seen the following stacktrace without a retrying log message.

javax.naming.NamingException: LDAP connection has been closed
 at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:133) 
~[?:1.8.0_342]
 at com.sun.jndi.ldap.Connection.readReply(Connection.java:469) 
~[?:1.8.0_342]
 at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:638) 
~[?:1.8.0_342]
 at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:561) ~[?:1.8.0_342]
 at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2013) ~[?:1.8.0_342]
 at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1872) ~[?:1.8.0_342]
 at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1797) ~[?:1.8.0_342]
 at 
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392)
 ~[?:1.8.0_342]
 at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358)
 ~[?:1.8.0_342]
 at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341)
 ~[?:1.8.0_342]
 at 
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) 
~[?:1.8.0_342]
 at 
org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1610) 
~[catalina.jar:9.0.50.redhat-7]
 at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1447) 
~[catalina.jar:9.0.50.redhat-7]
 at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1376) 
~[catalina.jar:9.0.50.redhat-7]
 at org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2348) 
~[catalina.jar:9.0.50.redhat-7]
 at org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2288) 
[catalina.jar:9.0.50.redhat-7]
 at org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2253) 
[catalina.jar:9.0.50.redhat-7]

That happens, because we are catching CommunicationException and 
ServiceUnavailableException in getPrincipal instead of the more general 
NamingException.

We had a similar issue in Bug 61313. To fix that bug we changed the catch 
clause from CommunicationException to NamingException.

I think we should change the code in getPrincipal to catch the more general 
exception, too. Does anyone know, why we catched those specialized 
NamingExceptions instead of the general one?

I think the rationale was very simple: IO errors are always
recoverable by closing and retrying the connection. Other errors are
"". Now reading your exception it is "NamingException: LDAP
connection has been closed", where it should have been
"CommunicationException: LDAP connection has been closed". This is
unfortunate.
Your proposed change would mean everything is assumed to be
recoverable which is not good, but unavoidable if everything is
reported as a NamingException.


I read your answer as, "ok, not nice, but let's do it".

And thanks for the explanation.

But to add to the fun, I looked at the source code of a current OpenJDK 
(https://github.com/openjdk/jdk/blob/94eb44b192ba421692549a178c386ea34164ea50/src/java.naming/share/classes/com/sun/jndi/ldap/LdapRequest.java#L115C26-L115C26).


It looks like we now can expect to even get an IOException in case the 
LDAP connection has been closed.


Regards

 Felix



Rémy


Regards

  Felix

PS. I will do a PR, if we agree on changing the catch clause.

PPS. The code to catch the exception is the same in current tomcat JNDIRealm 
classes, even if the line numbers changed a bit.

-
To unsubscribe, e-mail:dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail:dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

JNDIRealm not retrying connections on NamingException

2023-07-20 Thread Felix Schumacher 

Hi all,

at work, we have seen the following stacktrace without a retrying log 
message.


javax.naming.NamingException: LDAP connection has been closed
    at com.sun.jndi.ldap.LdapRequest.getReplyBer(LdapRequest.java:133) 
~[?:1.8.0_342]
    at com.sun.jndi.ldap.Connection.readReply(Connection.java:469) 
~[?:1.8.0_342]
    at com.sun.jndi.ldap.LdapClient.getSearchReply(LdapClient.java:638) 
~[?:1.8.0_342]
    at com.sun.jndi.ldap.LdapClient.search(LdapClient.java:561) 
~[?:1.8.0_342]
    at com.sun.jndi.ldap.LdapCtx.doSearch(LdapCtx.java:2013) 
~[?:1.8.0_342]
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1872) 
~[?:1.8.0_342]
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1797) 
~[?:1.8.0_342]
    at 
com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:392) 
~[?:1.8.0_342]
    at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:358) 
~[?:1.8.0_342]
    at 
com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:341) 
~[?:1.8.0_342]
    at 
javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) 
~[?:1.8.0_342]
    at 
org.apache.catalina.realm.JNDIRealm.getUserBySearch(JNDIRealm.java:1610) 
~[catalina.jar:9.0.50.redhat-7]
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1447) 
~[catalina.jar:9.0.50.redhat-7]
    at org.apache.catalina.realm.JNDIRealm.getUser(JNDIRealm.java:1376) 
~[catalina.jar:9.0.50.redhat-7]
    at 
org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2348) 
~[catalina.jar:9.0.50.redhat-7]
    at 
org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2288) 
[catalina.jar:9.0.50.redhat-7]
    at 
org.apache.catalina.realm.JNDIRealm.getPrincipal(JNDIRealm.java:2253) 
[catalina.jar:9.0.50.redhat-7]


That happens, because we are catching CommunicationException and 
ServiceUnavailableException in getPrincipal instead of the more general 
NamingException.


We had a similar issue in Bug 61313. To fix that bug we changed the 
catch clause from CommunicationException to NamingException.


I think we should change the code in getPrincipal to catch the more 
general exception, too. Does anyone know, why we catched those 
specialized NamingExceptions instead of the general one?


Regards

 Felix

PS. I will do a PR, if we agree on changing the catch clause.

PPS. The code to catch the exception is the same in current tomcat 
JNDIRealm classes, even if the line numbers changed a bit.




OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: Java 21 and virtual threads

2023-05-06 Thread Felix Schumacher 


Am 04.05.23 um 14:37 schrieb Mark Thomas:

Hi all,

The latest Java 21 EA build has moved virtual threads (from project 
Loom) out of preview. How do we want to handle this in Tomcat 11? 
Recall that Jakarta EE 11 has set Java 21 as the minimum version.


I think we have the following options:

1. Stick with Java 17 as the minimum version and don't provide virtual 
thread functionality.


2. Stick with Java 17 as the minimum version and provide virtual 
thread functionality via the JreCompat module.


3. Increase minimum Java version to Java 21 for Tomcat 11 and provide 
virtual thread functionality.


I am currently leaning towards 3 but could live with 2.



+1 for option 3, as I think the possibility to try virtual threads 
outweighs the chances, that users willing to use Java 17 are note 
willing to use Java 21.


Felix



Thoughts? Other options?

Mark

PS Option 3 will require updates to the CI systems - I am happy to 
take care of those.


PPS I don't think all of the current Loom module will make it into 
Tomcat 11. I am currently thinking to pull in the Executor and then 
provide a boolean option for the existing endpoints to switch the 
internal executor to Loom.


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Apache Tomcat migration tool for Jakarta EE 1.0.7

2023-04-27 Thread Felix Schumacher 


Am 26.04.23 um 18:19 schrieb Mark Thomas:

The proposed Apache Tomcat migration tool for Jakarta EE 1.0.7 is now
available for voting.

The significant changes since 1.0.6 are:

- Provide a workaround for a known JDK bug (JDK-8303866) that prevents
  some migrated JARs from being read

- Add new matchExcludesAgainstPathName configuration option

- Include file names in the renaming process

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/jakartaee-migration/v1.0.7/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1431/

The tag is:
https://github.com/apache/tomcat-jakartaee-migration/tree/1.0.7
0f74b6a7541c1f7ff26b9588a9ede92f316a7c46

The proposed 1.0.7 release is:

[ ] -1: Broken. Do not release because...
[x] +1: Acceptable. Go ahead and release.


Fellix



Thanks,

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 10.1.8

2023-04-18 Thread Felix Schumacher 


Am 14.04.23 um 22:08 schrieb Christopher Schultz:

The proposed Apache Tomcat 10.1.8 release is now available for
voting.

The notable changes compared to 10.1.7 are:

- Reduce the default value of maxParameterCount from 10,000 to 1,000.

- Correct a regression in the fix for bug 66442 that meant that streams
  without a response body did not decrement the active stream count
  when completing leading to ERR_HTTP2_SERVER_REFUSED_STREAM for some
  connections.

- Expand the validation of the value of the Sec-Websocket-Key header in
  the HTTP upgrade request that initiates a WebSocket connection. The
  value is not decoded but it is checked for the correct length and that
  only valid characters from the base64 alphabet are used.

- Implement RFC 9239; note the MIME types for Javascript has changed
  to text/javascript.

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 
10 without changes. Java EE applications designed for Tomcat 9 and 
earlier may be placed in the $CATALINA_BASE/webapps-javaee directory 
and Tomcat will automatically convert them to Jakarta EE and copy them 
to the webapps directory.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.8/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1429

The tag is:
https://github.com/apache/tomcat/tree/10.1.8
477b206c9f05d2e70438a440bd40ab523662

The proposed 10.1.8 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 10.1.8


Unit test passes under Linux

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 8.5.88

2023-04-17 Thread Felix Schumacher 


Am 14.04.23 um 22:38 schrieb Christopher Schultz:

The proposed Apache Tomcat 8.5.88 release is now available for voting.

The notable changes compared to 8.5.87 are:

- Reduce the default value of maxParameterCount from 10,000 to 1,000.

- Correct a regression in the fix for bug 66442 that meant that streams
  without a response body did not decrement the active stream count
  when completing, leading to
  ERR_HTTP2_SERVER_REFUSED_STREAM for some connections.

- Refactor synchronization blocks locking on SocketWrapper to use
  ReentrantLock to support users wishing to experiment with project
  Loom.

- Implement RFC 9239; note the MIME types for Javascript has changed
  to text/javascript.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.88/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1430

The tag is:
https://github.com/apache/tomcat/tree/8.5.88/


The proposed 8.5.88 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 8.5.88 (stable)


Unit test run fine under Linux.

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 11.0.0-M3

2023-02-20 Thread Felix Schumacher 


Am 17.02.23 um 19:18 schrieb Mark Thomas:

The proposed Apache Tomcat 11.0.0-M3 release is now available for
voting.

Apache Tomcat 11.0.0-M3 is a milestone release of the 11.0.x branch 
and has been made to provide users with early access to the new 
features in Apache Tomcat 11.0.x so that they may provide feedback. 
The notable changes compared to the previous milestone include:


For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-11.0.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 
11 without changes. Java EE applications designed for Tomcat 9 and 
earlier may be placed in the $CATALINA_BASE/webapps-javaee directory 
and Tomcat will automatically convert them to Jakarta EE and copy them 
to the webapps directory. Applications using deprecated APIs may 
require further changes.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-11/v11.0.0-M3/
8afe2647d7801172cc304f4a47d8aad9646d2985

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1417

The tag is:
https://github.com/apache/tomcat/tree/11.0.0-M3


The proposed 11.0.0-M3 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 11.0.0-M3


* Builds and tests run under Linux

* gpg and sha512 checks are valid

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 10.1.6

2023-02-20 Thread Felix Schumacher 


Am 20.02.23 um 12:41 schrieb Mark Thomas:

On 20/02/2023 11:30, Felix Schumacher wrote:

The source tar seem to be missing two files, that might be important:
  res/META-INF/catalina.jar/services/java.net.spi.URLStreamHandlerProvider 

  res/META-INF/tomcat-embed-core.jar/services/java.net.spi.URLStreamHandlerProvider 



I see those files in both the src.zip and src.tar.gz files.


Yes, sorry, I just looked at the rsync diff and assumed they were 
missing. They are NOT, but the line endings seem to be different, which 
should be no real problem.


Thanks for checking and sorry for the confusion.

Felix



Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 9.0.72

2023-02-20 Thread Felix Schumacher 


Am 18.02.23 um 10:44 schrieb Rémy Maucherat:

The proposed Apache Tomcat 9.0.72 release is now available for voting.

The notable changes compared to 9.0.71 are:

-  Add an error report valve that allows redirecting to or proxying from an
external web server.

- Log basic information for each configured TLS certificate when
Tomcat starts.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.72/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1418
The tag is:
https://github.com/apache/tomcat/tree/9.0.72
7754d319b2a8866b5bcdf1ea0f35e68470320295

The proposed 9.0.72 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 9.0.72


* Builds and tests are OK under linux

* gpg and sha512 checks are valid

Might be nice to mention the IP filter in the webapps, though :)

Felix



Rémy

-
To unsubscribe, e-mail:dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail:dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 8.5.86

2023-02-20 Thread Felix Schumacher 


Am 18.02.23 um 14:56 schrieb Christopher Schultz:

The proposed Apache Tomcat 8.5.86 release is now available for voting.

The notable changes compared to 8.5.85 are:

- Add an error report valve that allows redirecting to or proxying from
  an external web server.

- Add the shared address space specified by RFC 6598 (100.64.0.0/10)
  to the list of trusted proxies for RemoteIPValve/Filter.

- Log basic information for each configured TLS certificate when
  Tomcat starts.

- Limit access to examples web application to localhost by default

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.86/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1419

The tag is:
https://github.com/apache/tomcat/tree/8.5.86/
0bf2722f4652674e321a0e22e72dca75d2ea8275

The proposed 8.5.86 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 8.5.86 (stable)


* Builds and tests run under linux

* gpg and sha512 checks are valid

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 10.1.6

2023-02-20 Thread Felix Schumacher 


Am 19.02.23 um 15:11 schrieb Christopher Schultz:

The proposed Apache Tomcat 10.1.6 release is now available for
voting.

The notable changes compared to 10.1.5 are:

- Switch to using the ServiceLoader mechanism to load the custom URL
  protocol handlers that Tomcat uses.

- Update the packaged version of the Apache Tomcat Native Library to
  2.0.3 to pick up the Windows binaries built with with OpenSSL 3.0.8.

- Add the shared address space specified by RFC 6598 (100.64.0.0/10)
  to the list of trusted proxies for RemoteIPValve/Filter.

- Limit access to examples web application to localhost by default


For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 
10 without changes. Java EE applications designed for Tomcat 9 and 
earlier may be placed in the $CATALINA_BASE/webapps-javaee directory 
and Tomcat will automatically convert them to Jakarta EE and copy them 
to the webapps directory.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.6/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1421

The tag is:
https://github.com/apache/tomcat/tree/10.1.6
9829c929059f96605a3fb870700b5887970d7203

The proposed 10.1.6 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 10.1.6


* Builds and tests run under Linux

* gpg and sha512 sums are valid

The source tar seem to be missing two files, that might be important:
 res/META-INF/catalina.jar/services/java.net.spi.URLStreamHandlerProvider
 
res/META-INF/tomcat-embed-core.jar/services/java.net.spi.URLStreamHandlerProvider

(I accidentally tested the new IP filter for examples, that works :))

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Apache Tomcat migration tool for Jakarta EE 1.0.6

2022-12-04 Thread Felix Schumacher 


Am 02.12.22 um 11:24 schrieb Mark Thomas:

The proposed Apache Tomcat migration tool for Jakarta EE 1.0.6 is now
available for voting.

The significant changes since 1.0.5 are:

- Correct regression in handling of javax.annotation package introduced
  in 1.0.5. PR provided by Danny Thomas.

- Allow parallel use of ClassConverter. PR provided by Danny Thomas.

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/jakartaee-migration/v1.0.6/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1411/

The tag is:
https://github.com/apache/tomcat-jakartaee-migration/tree/1.0.6
3339fc418974bd5ce3432ea9503abda52d96a435

The proposed 1.0.6 release is:

[ ] -1: Broken. Do not release because...
[x] +1: Acceptable. Go ahead and release.


Unit tests run successfully with Java 11

(On Java 8 `mvn verify` fails, which is probably expected, but should 
not we state this in the pom.xml by setting the source/target to Java 11 
instead of 8?)


Felix



Thanks,

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 9.0.70

2022-12-01 Thread Felix Schumacher 


Am 01.12.22 um 15:27 schrieb Rémy Maucherat:

The proposed Apache Tomcat 9.0.70 release is now available for voting.

The notable changes compared to 9.0.69 are:

- When an HTTP/2 stream was reset, the current active stream count was
not reduced. If enough resets occurred on a connection, the current
active stream count limit was reached and no new streams could be
created on that connection.

- Update to Commons Daemon 1.3.3

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.70/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1410
The tag is:
https://github.com/apache/tomcat/tree/9.0.70
55a52d8475b8b3ec8ebda739f8c6b4fdeac173d9

The proposed 9.0.70 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 9.0.70


Unit tests pass on Linux

Regards

 Felix



Rémy

-
To unsubscribe, e-mail:dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail:dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 10.1.3

2022-12-01 Thread Felix Schumacher 


Am 01.12.22 um 14:46 schrieb Mark Thomas:

The proposed Apache Tomcat 10.1.3 release is now available for
voting.

The notable changes compared to 10.1.2 are:

- Refactor WebappLoader so it only has a runtime dependency on the
  migration tool for Jakarta EE if configured to use the converter as
  classes are loaded.

- When an HTTP/2 stream was reset, the current active stream count was
  not reduced. If enough resets occurred on a connection, the current
  active stream count limit was reached and no new streams could be
  created on that connection.

- Update to Commons Daemon 1.3.3

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

Applications that run on Tomcat 9 and earlier will not run on Tomcat 
10 without changes. Java EE applications designed for Tomcat 9 and 
earlier may be placed in the $CATALINA_BASE/webapps-javaee directory 
and Tomcat will automatically convert them to Jakarta EE and copy them 
to the webapps directory.


It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.3/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1409

The tag is:
https://github.com/apache/tomcat/tree/10.1.3
492a27099f43f1ae20b8b8a8ef4625d15e826113


The proposed 10.1.3 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 10.1.3


Unit tests pass on Linux

Regards

 Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 10.0.27

2022-10-09 Thread Felix Schumacher 


Am 03.10.22 um 18:13 schrieb Mark Thomas:

The proposed Apache Tomcat 10.0.27 release is now available for
voting.

Apache Tomcat 10.0.27 is likely to be the last release of the 10.0.x 
series. Users of 10.0.x should plan to move to 10.1.x at the next update.


Apache Tomcat 10.0.x implements Jakarta EE 9 and, as such, the primary
package for all the specification APIs has changed from javax.* to 
jakarta.*


Applications that run on Tomcat 9 will not run on Tomcat 10 without 
changes. Java EE applications designed for Tomcat 9 and earlier may be 
placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will 
automatically convert them to Jakarta EE and copy them to the webapps 
directory


The notable changes compared to 10.0.27 are:

- Fix bug 66277, a refactoring regression that broke JSP includes
  amongst other functionality

- Fix unexpected timeouts that may appear as client disconnections when
  using HTTP/2 and NIO2

- Enforce the requirement of RFC 7230 onwards that a request with a
  malformed content-length header should always be rejected with a 400
  response.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-10.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.27/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1400

The tag is:
https://github.com/apache/tomcat/tree/10.0.27
ca8720d41f3be917dc3fcdd03fcca8d3152a13fb

The proposed 10.0.27 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 10.0.27 (stable)


Unit tests pass

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [Bug 66298] New: https://www.realskinbeauty.com/2022/09/turgor-of-the-skin.html

2022-10-09 Thread Felix Schumacher 


Am 09.10.22 um 16:15 schrieb bugzi...@apache.org:

https://bz.apache.org/bugzilla/show_bug.cgi?id=66298


Entry deleted and reporter banned.

Regards

 Felix



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 10.0.26

2022-09-27 Thread Felix Schumacher 


Am 23.09.22 um 13:58 schrieb Mark Thomas:

The proposed Apache Tomcat 10.0.26 release is now available for
voting.

Apache Tomcat 10.0.x implements Jakarta EE 9 and, as such, the primary
package for all the specification APIs has changed from javax.* to 
jakarta.*


Applications that run on Tomcat 9 will not run on Tomcat 10 without 
changes. Java EE applications designed for Tomcat 9 and earlier may be 
placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will 
automatically convert them to Jakarta EE and copy them to the webapps 
directory


The notable changes compared to 10.0.23 are:

- Add support for authenticating WebSocket clients with an HTTP forward
  proxy when establishing a connection to a WebSocket endpoint via a
  forward proxy that requires authentication. Based on a patch provided
  by Joe Mokos.

- Various fixes for edge case bugs in EL processing

- Improve host header handling for HTTP/2 requests

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-10.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.26/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1398

The tag is:
https://github.com/apache/tomcat/tree/10.0.26
b54b582e7cb867eccfee24d87d818a3ef6ef07dc

The proposed 10.0.26 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 10.0.26 (stable)


JUnit Tests ran without problems

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Apache Tomcat migration tool for Jakarta EE 1.0.4

2022-09-20 Thread Felix Schumacher 


Am 15.09.22 um 11:06 schrieb Mark Thomas:

The proposed Apache Tomcat migration tool for Jakarta EE 1.0.4 is now
available for voting.

The significant changes since 1.0.3 are:

- Issue #26 - Re-fix
- PR #28 - Add Jakarta EE -. Java EE profile (with warnings)
- Add checkstyle

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/jakartaee-migration/v1.0.4/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1392/

The tag is:
https://github.com/apache/tomcat-jakartaee-migration/tree/1.0.4
a74aad315b8af81de0fa1837acc2adb278f5cb5a

The proposed 1.0.4 release is:

[ ] -1: Broken. Do not release because...
[x] +1: Acceptable. Go ahead and release.


Thanks for RM

Felix



Thanks,

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Apache Tomcat migration tool for Jakarta EE 1.0.4

2022-09-20 Thread Felix Schumacher 
Well, my second mail included a +1, but I will re-send a new +1 to make 
it more clear.


Felix

Am 19.09.22 um 15:07 schrieb Mark Thomas:

Ping.

We need one more PMC vote for this release.

While Felix did indicate support for the release, there wasn't an 
explicit +1 and I'm opting to err on the side of caution.


Mark


On 15/09/2022 10:06, Mark Thomas wrote:

The proposed Apache Tomcat migration tool for Jakarta EE 1.0.4 is now
available for voting.

The significant changes since 1.0.3 are:

- Issue #26 - Re-fix
- PR #28 - Add Jakarta EE -. Java EE profile (with warnings)
- Add checkstyle

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/jakartaee-migration/v1.0.4/ 



The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1392/

The tag is:
https://github.com/apache/tomcat-jakartaee-migration/tree/1.0.4
a74aad315b8af81de0fa1837acc2adb278f5cb5a

The proposed 1.0.4 release is:

[ ] -1: Broken. Do not release because...
[ ] +1: Acceptable. Go ahead and release.

Thanks,

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Apache Tomcat migration tool for Jakarta EE 1.0.4

2022-09-15 Thread Felix Schumacher 


Am 15.09.22 um 16:32 schrieb Mark Thomas:

On 15/09/2022 14:36, Felix Schumacher wrote:


Am 15.09.22 um 11:06 schrieb Mark Thomas:

The proposed Apache Tomcat migration tool for Jakarta EE 1.0.4 is now
available for voting.

The significant changes since 1.0.3 are:

- Issue #26 - Re-fix
- PR #28 - Add Jakarta EE -. Java EE profile (with warnings)
- Add checkstyle

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/jakartaee-migration/v1.0.4/ 



The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1392/ 



The tag is:
https://github.com/apache/tomcat-jakartaee-migration/tree/1.0.4
a74aad315b8af81de0fa1837acc2adb278f5cb5a

The proposed 1.0.4 release is:

[ ] -1: Broken. Do not release because...
[x] +1: Acceptable. Go ahead and release.


When I try to build the sources from the tar.gz maven complains about 
missing checkstyle files:


[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-checkstyle-plugin:3.2.0:check 
(validate) on project jakartaee-migration: Failed during checkstyle 
execution: Unable to find configuration file at location: 
res/checkstyle/checkstyle.xml: Could not find resource 
'res/checkstyle/checkstyle.xml'. -> [Help 1]


When I copy the files from git into the source folder mvn verify 
works as expected.


I'll get that fixed.

Do we want 1.0.5 for this?


I would be OK without a fix, but wasn't sure about it generally.

Felix



Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Apache Tomcat migration tool for Jakarta EE 1.0.4

2022-09-15 Thread Felix Schumacher 


Am 15.09.22 um 11:06 schrieb Mark Thomas:

The proposed Apache Tomcat migration tool for Jakarta EE 1.0.4 is now
available for voting.

The significant changes since 1.0.3 are:

- Issue #26 - Re-fix
- PR #28 - Add Jakarta EE -. Java EE profile (with warnings)
- Add checkstyle

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/jakartaee-migration/v1.0.4/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1392/

The tag is:
https://github.com/apache/tomcat-jakartaee-migration/tree/1.0.4
a74aad315b8af81de0fa1837acc2adb278f5cb5a

The proposed 1.0.4 release is:

[ ] -1: Broken. Do not release because...
[ ] +1: Acceptable. Go ahead and release.


When I try to build the sources from the tar.gz maven complains about 
missing checkstyle files:


[ERROR] Failed to execute goal 
org.apache.maven.plugins:maven-checkstyle-plugin:3.2.0:check (validate) 
on project jakartaee-migration: Failed during checkstyle execution: 
Unable to find configuration file at location: 
res/checkstyle/checkstyle.xml: Could not find resource 
'res/checkstyle/checkstyle.xml'. -> [Help 1]


When I copy the files from git into the source folder mvn verify works 
as expected.


Felix



Thanks,

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [Bug 66259] New: is this okay

2022-09-12 Thread Felix Schumacher 


Am 12.09.22 um 09:00 schrieb bugzi...@apache.org:

https://bz.apache.org/bugzilla/show_bug.cgi?id=66259

 Bug ID: 66259
Summary: is this okay
Product: Taglibs
Version: unspecified
   Hardware: PC
 Status: NEW
   Severity: normal
   Priority: P2
  Component: Standard Taglib
   Assignee:dev@tomcat.apache.org
  ---


account disabled and entry removed.

Felix



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Apache Tomcat migration tool for Jakarta EE 1.0.3

2022-09-11 Thread Felix Schumacher 


Am 06.09.22 um 16:30 schrieb Mark Thomas:

The proposed Apache Tomcat migration tool for Jakarta EE 1.0.3 is now
available for voting.

The significant changes since 1.0.1 are:

- Issue #26 - bad CRC checksums
- Issue #32 - Manifests in exploded JARs

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/jakartaee-migration/v1.0.3/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1387/

The tag is:
https://github.com/apache/tomcat-jakartaee-migration/tree/1.0.3
a5e9028e610b7b2ac1ef6fbef8a96dc3d97d7a45

The proposed 1.0.3 release is:

[ ] -1: Broken. Do not release because...
[x] +1: Acceptable. Go ahead and release.


Unit tests pass.

Felix



Thanks,

Mark

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [ANN] New committer: Han Li

2022-09-06 Thread Felix Schumacher 



Am 6. September 2022 09:38:09 MESZ schrieb Mark Thomas :
>On behalf of the Tomcat committers I am delighted to announce that
>Han Li (lihan) has been voted in as a new Tomcat committer.
>
>Please join me in congratulating Han.

Congrats and welcome! 

Felix

>
>Kind regards,
>
>Mark
>
>-
>To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Use of locks in JNDIRealm

2022-08-09 Thread Felix Schumacher 

Hi all,

I now have a bit more information on this.

The problem arises, when you have configured a single LDAP connection 
(no pooling) and the a naming exception is thrown (for example) in 
JNDIRealm#getPrincipal (for example line 2242 in current main). In that 
location we hold a lock while been thrown into the catch block. There we 
are throwing away the connection (without releasing the lock) and 
increase the lock counter (for our thread) by calling get(). After the 
catch block, we release the connection and decrease the lock counter by 
one (which does not release the lock).


We try to fix this with a few different paths:

a) in get() check for the lock, if we hold it ourselves, don't increase it

b) in release() unlock the lock, till we don't hold it anymore

(both ways seem a bit dirty)

c) release the lock and re-get it (that might incur trouble as some 
other thread might get "our" connection, but it should not be that bad, 
as we would get a "new" one anyways)


d) remove the code to handle single connections  and use the pool 
(stack) with a size of one and a special handling, when no connection 
can be taken from the stack.


Any other ideas or preferences?

Felix

PS. apart from fixing this, I still believe, that we should wait for the 
lock with a timeout (in case we keep the lock)


Am 30.07.22 um 12:16 schrieb Felix Schumacher:


Hi all,

yesterday, we had a Tomcat, that would be unresponsive for about 
twenty minutes on every full hour. The cause was a long running 
scheduled job that used the /last/ available connection of the 200 
default connections. All other connections were waiting to lock the 
single LDAP connection (probably waited already for a long time). I 
could not find a thread in the stack trace, that actually held the 
lock, so that must have been gone (and should probably be investigated 
further).


Would you mind, if we changed the locking into a timed locking and 
throwing a NamingException on timeout? That way the connections would 
be re-available in a timely manner if such a situation arises again.


Felix



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Use of locks in JNDIRealm

2022-07-30 Thread Felix Schumacher 

Hi all,

yesterday, we had a Tomcat, that would be unresponsive for about twenty 
minutes on every full hour. The cause was a long running scheduled job 
that used the /last/ available connection of the 200 default 
connections. All other connections were waiting to lock the single LDAP 
connection (probably waited already for a long time). I could not find a 
thread in the stack trace, that actually held the lock, so that must 
have been gone (and should probably be investigated further).


Would you mind, if we changed the locking into a timed locking and 
throwing a NamingException on timeout? That way the connections would be 
re-available in a timely manner if such a situation arises again.


Felix



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 10.1.0-M14

2022-04-01 Thread Felix Schumacher 


Am 31.03.22 um 15:57 schrieb Mark Thomas:

The proposed Apache Tomcat 10.1.0-M14 release is now available for
voting.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 
10 without changes. Java EE applications designed for Tomcat 9 and 
earlier may be placed in the $CATALINA_BASE/webapps-javaee directory 
and Tomcat will automatically convert them to Jakarta EE and copy them 
to the webapps directory.


The notable changes compared to 10.1.0-M12 are:

- Update the packaged version of the Tomcat Native Library to 1.2.32 to
  pick up Windows binaries built with OpenSSL 1.1.1n.

- Improve logging of unknown HTTP/2 settings frames. Pull request by
  Thomas Hoffmann.

- Update the JASPIC 2.0 API to Jakarta Authentication 3.0 (JASPIC was
  renamed for Jakarta EE 10)

- Harden the class loader to provide a mitigation for CVE-2022-22965
  a Spring Framework vulnerability

For full details, see the change log:
https://nightlies.apache.org/tomcat/tomcat-10.1.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.1.0-M14/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1367

The tag is:
https://github.com/apache/tomcat/tree/10.1.0-M14
02e84c839def0228475fad85d0b19abc2f70b03f


The proposed 10.1.0-M14 release is:
[ ] Broken - do not release
[x] Alpha - go ahead and release as 10.1.0-M14 (alpha)


unit test run on Java 11 and Linux

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 8.5.78

2022-03-31 Thread Felix Schumacher 


Am 31.03.22 um 18:54 schrieb Mark Thomas:

The proposed Apache Tomcat 8.5.78 release is now available for voting.

The notable changes compared to 8.5.77 are:

- Update the packaged version of the Tomcat Native Library to 1.2.32 to
   pick up Windows binaries built with OpenSSL 1.1.1n.

- Improve logging of unknown HTTP/2 settings frames. Pull request by
   Thomas Hoffmann.

- Add additional warnings if incompatible TLS configurations are used
   such as HTTP/2 with CLIENT-CERT authentication

- Harden the class loader to provide a mitigation for CVE-2022-22965
   a Spring Framework vulnerability

Along with lots of other bug fixes and improvements.

This is the third release of Tomcat 8.5 that has been built with Java 
11 (in Java 7 mode) instead of Java 7. Please report any strangeness 
you may observe especially if you are running Tomcat 8.5 in an 
environment using Java < 11. We don't expect any issues, but 
understand that we cannot test all possible environmental configurations.


For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-8.5.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.78/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1370
The tag is:
https://github.com/apache/tomcat/tree/8.5.78
f732d3aa5ca55eb07cb73d9ec2b585330f80f00b

The proposed 8.5.78 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 8.5.78 (stable)


Unit tests run with Java 11 and Java 8 on Linux

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 10.0.20

2022-03-31 Thread Felix Schumacher 


Am 31.03.22 um 17:20 schrieb Mark Thomas:

The proposed Apache Tomcat 10.0.20 release is now available for
voting.

Apache Tomcat 10.0.x implements Jakarta EE 9 and, as such, the primary
package for all the specification APIs has changed from javax.* to 
jakarta.*


Applications that run on Tomcat 9 will not run on Tomcat 10 without 
changes. Java EE applications designed for Tomcat 9 and earlier may be 
placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will 
automatically convert them to Jakarta EE and copy them to the webapps 
directory


The notable changes compared to 10.0.18 are:

- Update the packaged version of the Tomcat Native Library to 1.2.32 to
  pick up Windows binaries built with OpenSSL 1.1.1n.

- Improve logging of unknown HTTP/2 settings frames. Pull request by
  Thomas Hoffmann.

- Add additional warnings if incompatible TLS configurations are used
  such as HTTP/2 with CLIENT-CERT authentication

- Harden the class loader to provide a mitigation for CVE-2022-22965
  a Spring Framework vulnerability

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-10.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.20/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1369

The tag is:
https://github.com/apache/tomcat/tree/10.0.20
2a46c651529a9d237b4d6beb1ef846922d949342

The proposed 10.0.20 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 10.0.20 (stable)


Unit test run under Linux with Java 11

Felix




-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 9.0.62

2022-03-31 Thread Felix Schumacher 


Am 31.03.22 um 16:56 schrieb Rémy Maucherat:

The proposed Apache Tomcat 9.0.62 release is now available for voting.

The notable changes compared to 9.0.60 are:

- Update the packaged version of the Tomcat Native Library to 1.2.32 to
pick up Windows binaries built with OpenSSL 1.1.1n.

- Improve logging of unknown HTTP/2 settings frames. Pull request by
Thomas Hoffmann.

- Add additional warnings if incompatible TLS configurations are used
such as HTTP/2 with CLIENT-CERT authentication

- Harden the class loader to provide a mitigation for CVE-2022-22965
a Spring Framework vulnerability

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.62/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1368
The tag is:
https://github.com/apache/tomcat/tree/9.0.62
85113741042dcce9e9792bdbc3d498172bc31291

The proposed 9.0.62 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 9.0.62 (stable)


Unit tests run with Java 11 and Java 8 on Linux

Felix



Rémy

-
To unsubscribe, e-mail:dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail:dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 9.0.60

2022-03-14 Thread Felix Schumacher 


Am 09.03.22 um 16:39 schrieb Rémy Maucherat:

The proposed Apache Tomcat 9.0.60 release is now available for voting.

The notable changes compared to 9.0.59 are:

- Fix a potential thread-safety issue that could cause HTTP/1.1 request
processing to pause, and potentially timeout, waiting for additional
data when the full request has been received.

- Fix a regression introduced with 65757 bugfix which better identified
non request threads but which introduced a similar problem when user
code was doing sequential operations in a single thread.

- When resolving methods in EL expressions that use beans and/or static
fields, ensure that any custom type conversion is considered when
identifying the method to call.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-9.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.60/
The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1362
The tag is:
https://github.com/apache/tomcat/tree/9.0.60
235730aed454e8d3619109f2c563587ff722e69d

The proposed 9.0.60 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 9.0.60 (stable)


Unit tests pass on Linux with Java 11 and 8.

Felix



Rémy

-
To unsubscribe, e-mail:dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail:dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 10.0.18

2022-03-13 Thread Felix Schumacher 


Am 09.03.22 um 15:52 schrieb Mark Thomas:

The proposed Apache Tomcat 10.0.18 release is now available for
voting.

Apache Tomcat 10.0.x implements Jakarta EE 9 and, as such, the primary
package for all the specification APIs has changed from javax.* to 
jakarta.*


Applications that run on Tomcat 9 will not run on Tomcat 10 without 
changes. Java EE applications designed for Tomcat 9 and earlier may be 
placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will 
automatically convert them to Jakarta EE and copy them to the webapps 
directory


The notable changes compared to 10.0.17 are:

- Fix a potential thread-safety issue that could cause HTTP/1.1 request
  processing to pause, and potentially timeout, waiting for additional
  data when the full request has been received.

- Fix a regression introduced with 65757 bugfix which better identified
  non request threads but which introduced a similar problem when user
  code was doing sequential operations in a single thread.

- When resolving methods in EL expressions that use beans and/or static
  fields, ensure that any custom type conversion is considered when
  identifying the method to call.

Along with lots of other bug fixes and improvements.

For full details, see the changelog:
https://nightlies.apache.org/tomcat/tomcat-10.0.x/docs/changelog.html

It can be obtained from:
https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.18/

The Maven staging repo is:
https://repository.apache.org/content/repositories/orgapachetomcat-1361

The tag is:
https://github.com/apache/tomcat/tree/10.0.18
70f59e8328621e58b9493c119f05a2e57f597a1c

The proposed 10.0.18 release is:
[ ] Broken - do not release
[x] Stable - go ahead and release as 10.0.18 (stable)

Felix


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org



OpenPGP_0xEA6C3728EA91C4AF.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature

Re: [Bug 65371] New: Quite possibly the most famous types of Sports Betting is betting on games, which takes advantage of the energy of avid supporters.

2021-06-11 Thread Felix Schumacher 

Am 11.06.21 um 12:08 schrieb bugzi...@apache.org:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=65371

Spam removed and user blocked.

Felix




OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 7.0.109

2021-04-24 Thread Felix Schumacher 

Am 22.04.21 um 21:12 schrieb Violeta Georgieva:
> The proposed Apache Tomcat 7.0.109 release is now available for voting.
> Please note that this is the last Tomcat 7 release.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.109/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1307/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.109
> 2cdef2c0241cdf70b5edd88d3733a52e6b675047
>
> The proposed 7.0.109 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.109 Stable
Felix
>
> Regards,
> Violeta
>



OpenPGP_signature
Description: OpenPGP digital signature

Re: [VOTE] Release Apache Tomcat 9.0.45

2021-04-02 Thread Felix Schumacher 


Am 30.03.21 um 12:52 schrieb Mark Thomas:
> The proposed Apache Tomcat 9.0.45 release is now available for voting.
>
> The notable changes compared to the 9.0.44 release are:
>
> - Fix a regression in 9.0.44 that meant that an error during an
>   asynchronous read broke all future asynchronous reads associated with
>   the same request instance.
>
> - Prevent concurrent calls to ServletInputStream.isReady() corrupting
>   the input buffer.
>
> - Update the packaged version of Tomcat Native to 1.2.27 to pick up
>   binaries built with OpenSSL 1.1.1k
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.45/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1305/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.45
> 4dcf07fd1b53d3934d408060c6ef1ea13894c16f
>
> The proposed 9.0.45 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.45

Felix


>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.65

2021-04-02 Thread Felix Schumacher 


Am 30.03.21 um 15:13 schrieb Mark Thomas:
> The proposed Apache Tomcat 8.5.65 release is now available for voting.
>
> The notable changes compared to the 8.5.64 release are:
>
> - Fix a regression in 8.5.64 that meant that an error during an
>   asynchronous read broke all future asynchronous reads associated with
>   the same request instance.
>
> - Prevent concurrent calls to ServletInputStream.isReady() corrupting
>   the input buffer.
>
> - Update the packaged version of Tomcat Native to 1.2.27 to pick up
>   binaries built with OpenSSL 1.1.1k
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.65/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1306/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.65
> 752c1b9221f7d51a9f0f13d5ce83540589e228e4
>
> The proposed 8.5.65 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.65

Felix
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 10.0.5

2021-04-02 Thread Felix Schumacher 


Am 30.03.21 um 10:46 schrieb Mark Thomas:
> The proposed Apache Tomcat 10.0.5 release is now available for
> voting.
>
> Apache Tomcat 10.x implements Jakarta EE 9 and, as such, the primary
> package for all the specification APIs has changed from javax.* to
> jakarta.*
>
> Applications that run on Tomcat 9 will not run on Tomcat 10 without
> changes. Java EE applications designed for Tomcat 9 and earlier may be
> placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will
> automatically convert them to Jakarta EE and copy them to the webapps
> directory
>
> The notable changes compared to 10.0.4 are:
>
> - Fix a regression in 10.0.4 that meant that an error during an
>   asynchronous read broke all future asynchronous reads associated with
>   the same request instance.
>
> - Prevent concurrent calls to ServletInputStream.isReady() corrupting
>   the input buffer.
>
> - Update the packaged version of Tomcat Native to 1.2.27 to pick up
>   binaries built with OpenSSL 1.1.1k
>
> Along with lots of other bug fixes and improvements.
>
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat10/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-10/v10.0.5/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1304
> The tag is:
> https://github.com/apache/tomcat/tree/10.0.5
> 328d87e3d1ef41c46b5173114e30d37394bd68b9
>
> The proposed 10.0.5 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 10.0.5 (stable)

The order of "stable" and "broken" is different to the one in tc natives
voting mail, which confused me. Is this intentional?

Felix
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat Native 1.2.28

2021-04-02 Thread Felix Schumacher 


Am 01.04.21 um 15:56 schrieb Mark Thomas:
> Version 1.2.28 includes the following changes compared to 1.2.27
>
> - Correct regression in previous fix for BZ 65181
>
> The proposed release artefacts can be found at [1],
> and the build was done using tag [2].
>
> The Apache Tomcat Native 1.2.28 release is
>  [x] Stable, go ahead and release
>  [ ] Broken because of ...

Tests pass on Tomcat 8.5.65, 9.0.45 and 10.0.5 under Linux

Felix

>
> Thanks,
>
> Mark
>
>
> [1]
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/1.2.28
>
> [2]
> https://gitbox.apache.org/repos/asf?p=tomcat-native.git;a=commit;h=5566385ab63361d8d707613508d803964a15a1f8
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 65207] New: Eyeglasses Missouri City | Eyeglass Repair Missouri City | Eyeglass in 1 Hour

2021-03-29 Thread Felix Schumacher 


Am 28.03.21 um 21:52 schrieb bugzi...@apache.org:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=65207

Deleted the issue and blocked the reporter as spammer.

Felix


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 65138] New: Call Girls in Hyderabad

2021-02-11 Thread Felix Schumacher 


Am 12.02.21 um 06:48 schrieb bugzi...@apache.org:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=65138
>
User has been blocked and spam deleted.

Felix


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 7.0.108

2021-02-04 Thread Felix Schumacher 


Am 28.01.21 um 10:48 schrieb Violeta Georgieva:
> The proposed Apache Tomcat 7.0.108 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.108/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1295/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.108
> b57a2ea4466a2d4ea03a0f90e3f0d6c485b3cfea
>
> The proposed 7.0.108 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.108 Stable

Regards

 Felix

>
> Regards,
> Violeta
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

2020-10-15 Thread Felix Schumacher 
Account locked, spam reverted

Felix

Am 15.10.20 um 09:37 schrieb bugzi...@apache.org:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=60030
>
> --- Comment #5 from ayumega  ---

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 7.0.106

2020-09-18 Thread Felix Schumacher 


Am 16.09.20 um 13:26 schrieb Violeta Georgieva:
> The proposed Apache Tomcat 7.0.106 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.106/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1279/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.106
> c5d9010a75e99a69f59ba11cc1116d039a113979
>
> The proposed 7.0.106 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.106 Stable
Felix
>
> Regards,
> Violeta
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Deprecated JDBCRealm

2020-09-14 Thread Felix Schumacher 



Am 14. September 2020 20:53:15 MESZ schrieb Mark Thomas :
>All,
>
>I'd like to proposed the following:
>- Deprecated the JDBCRealm in 7.0.x, 8.5.x and 9.0.x
>- Remove the JDBCRealm in 10.0.x
>
>The reasons for this are:
>- The JDBCRealm is single threaded
>- The DataSourceRealm is a better solution
>
>Thoughts?

Good idea

Felix 
>
>Mark
>
>-
>To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: dev-h...@tomcat.apache.org

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat Native 1.2.25

2020-09-02 Thread Felix Schumacher 


Am 21.08.20 um 20:22 schrieb Mark Thomas:
> Version 1.2.25 includes the following changes compared to 1.2.24
>
> - Improvements to LibreSSL support
>
> - Improvements to HP_UX support
>
> Various other fixes and improvements. See the changelog for details.
>
> The proposed release artefacts can be found at [1],
> and the build was done using tag [2].
>
> The Apache Tomcat Native 1.2.25 release is
>  [x] Stable, go ahead and release
>  [ ] Broken because of ...

Unit tests ran OK with openssl 1.1.1g ( a few failures with libressl 3.1.4)

Felix

> Thanks,
>
> Mark
>
>
> [1]
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-connectors/native/1.2.25
> [2]
> https://gitbox.apache.org/repos/asf?p=tomcat-native.git;a=commit;h=a94590ec2a5e40b168a9494144125a52f41ed0b2
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

2020-09-01 Thread Felix Schumacher 


Am 01.09.20 um 10:59 schrieb bugzi...@apache.org:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=60030

Spam reverted and the account has been disabled.

 Felix


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 64686] New: Gurilaz

2020-08-24 Thread Felix Schumacher 
Am 24.08.20 um 18:42 schrieb bugzi...@apache.org:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=64686

Spam reverted and the account has been disabled.

 Felix


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 64672] New: I have done this only to get backlink. please dont remove it

2020-08-18 Thread Felix Schumacher 
Am 18.08.20 um 02:41 schrieb bugzi...@apache.org:

> https://bz.apache.org/bugzilla/show_bug.cgi?id=64672

Spam reverted and the account has been disabled.

 Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

2020-08-14 Thread Felix Schumacher 
Am 14.08.20 um 18:48 schrieb bugzi...@apache.org:

> https://bz.apache.org/bugzilla/show_bug.cgi?id=60030
>
> MoNs  changed:

Spam reverted and the account has been disabled.

 Felix


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 56492] Avoid eclipse debugger pausing on uncaught exceptions when tomcat renews its threads

2020-08-12 Thread Felix Schumacher 
Am 12.08.20 um 22:13 schrieb bugzi...@apache.org:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=56492
>
> --- Comment #7 from ganjilgenap  ---
>
Spam reverted and the account has been disabled.

 Felix


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

2020-08-10 Thread Felix Schumacher 
Am 10.08.20 um 06:05 schrieb bugzi...@apache.org:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=60030
>
> --- Comment #5 from aflaputrirohani  ---

Spam reverted and the account has been disabled.

 Felix


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 60030] Run away CPU with JSSE / OpenSSL with IE8

2020-08-10 Thread Felix Schumacher 
Am 10.08.20 um 09:55 schrieb bugzi...@apache.org:
> https://bz.apache.org/bugzilla/show_bug.cgi?id=60030
>
> --- Comment #7 from martina eye  ---

Spam reverted and the account has been disabled.

 Felix


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: First impressions from OpenSSL 3.0.0 and TC 10.0.0-M7 plus tcnative 1.2.24

2020-08-03 Thread Felix Schumacher 
Chris,

Am 03.08.20 um 18:26 schrieb Christopher Schultz:
> Rainer,
>
> On 8/3/20 07:03, Rainer Jung wrote:
> > Hi Chris, hi all,
>
> > I ran build and tests for TC 10.0.0-M7 plus tcnative 1.2.24 and
> > compared them between OpenSSL 3.0.0alpha5 and 1.1.1g plus patches.
> > APR was always 1.7.0.
>
> Thanks for trying this out. What is "OpenSSL 1.1.1 + patches?" Which
> patches are you applying?
>
> > - build warnings for tcnative using OpenSSL 3.0.0alpha5:
>
> > src/ssl.c:422:5: warning: 'ENGINE_by_id' is deprecated
> > [-Wdeprecated-declarations] src/ssl.c:424:9: warning:
> > 'ENGINE_ctrl_cmd_string' is deprecated [-Wdeprecated-declarations]
> > src/ssl.c:425:13: warning: 'ENGINE_ctrl_cmd_string' is deprecated
> > [-Wdeprecated-declarations] src/ssl.c:426:13: warning:
> > 'ENGINE_free' is deprecated [-Wdeprecated-declarations]
> > src/ssl.c:806:13: warning: 'ENGINE_register_all_complete' is
> > deprecated [-Wdeprecated-declarations] src/ssl.c:809:13: warning:
> > 'ENGINE_by_id' is deprecated [-Wdeprecated-declarations]
> > src/ssl.c:815:21: warning: 'ENGINE_ctrl' is deprecated
> > [-Wdeprecated-declarations] src/ssl.c:817:17: warning:
> > 'ENGINE_set_default' is deprecated [-Wdeprecated-declarations]
> > src/ssl.c:822:17: warning: 'ENGINE_free' is deprecated
> > [-Wdeprecated-declarations] src/ssl.c:422: warning: 'ENGINE_by_id'
> > is deprecated (declared at /path/to/include/openssl/engine.h:327)
> > src/ssl.c:424: warning: 'ENGINE_ctrl_cmd_string' is deprecated
> > (declared at /path/to/include/openssl/engine.h:462) src/ssl.c:425:
> > warning: 'ENGINE_ctrl_cmd_string' is deprecated (declared at
> > /path/to/include/openssl/engine.h:462) src/ssl.c:426: warning:
> > 'ENGINE_free' is deprecated (declared at
> > /path/to/include/openssl/engine.h:474) src/ssl.c:806: warning:
> > 'ENGINE_register_all_complete' is deprecated (declared at
> > /path/to/include/openssl/engine.h:407) src/ssl.c:809: warning:
> > 'ENGINE_by_id' is deprecated (declared at
> > /path/to/include/openssl/engine.h:327) src/ssl.c:815: warning:
> > 'ENGINE_ctrl' is deprecated (declared at
> > /path/to/include/openssl/engine.h:419) src/ssl.c:817: warning:
> > 'ENGINE_set_default' is deprecated (declared at
> > /path/to/include/openssl/engine.h:652) src/ssl.c:822: warning:
> > 'ENGINE_free' is deprecated (declared at
> > /path/to/include/openssl/engine.h:474)
>
> I spot-checked ENGINE_ctrl_cmd_string and I can't seem to find any
> indication of what replacement exists for this function. It seems that
> a huge number of functions have been deprecated in 3.0.x with very
> little explanation for how to update client code to be 3.0-compliant.
Have you seen the design document for 3.0

https://www.openssl.org/docs/OpenSSL300Design.html#the-engine-api

Looks like they want to explain later how to upgrade old code

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 7.0.105

2020-07-06 Thread Felix Schumacher 


Am 02.07.20 um 15:08 schrieb Violeta Georgieva:
> The proposed Apache Tomcat 7.0.105 release is now available for voting.
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.105/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1275/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.105
> f95f4e146e7eb463abdd8d7e2c47095d50075d97
>
> The proposed 7.0.105 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 7.0.105 Stable

Felix
>
> Regards,
> Violeta

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [ANN] New committer: Raymond Augé

2020-07-03 Thread Felix Schumacher 
Congrats and welcome!

Am 02.07.20 um 16:40 schrieb Mark Thomas:
> On behalf of the Tomcat committers I am pleased to announce that
> Raymond Augé (rotty3000) has been voted in as a new Tomcat committer.
>
> Please join me in welcoming him.
>
> Kind regards,
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] branch pr309-recursion deleted (was 7f1b56e)

2020-06-26 Thread Felix Schumacher 
Sorry for the noise.

I wanted to work on the github branch pr/309 and accidently added a new
branch.

Felix

Am 26.06.20 um 17:02 schrieb fschumac...@apache.org:
> This is an automated email from the ASF dual-hosted git repository.
>
> fschumacher pushed a change to branch pr309-recursion
> in repository https://gitbox.apache.org/repos/asf/tomcat.git.
>
>
>  was 7f1b56e  Use method local counter for recurstion
>
> This change permanently discards the following revisions:
>
>  discard 7f1b56e  Use method local counter for recurstion
>  discard 57e83d7  Add a iterationCount limited to 20 to prevent 
> StackOverflowError.
>  discard 4f1ae64  Allow recursive substitution of properties.
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.56

2020-06-04 Thread Felix Schumacher 


Am 03.06.20 um 22:51 schrieb Mark Thomas:
> The proposed Apache Tomcat 8.5.56 release is now available for voting.
>
> The notable changes compared to the 8.5.55 release are:
>
> - Add support for ALPN on recent OpenJDK 8 releases.
>
> - Add support for the CATALINA_OUT_CMD environment variable that defines
>   a command to which captured stdout and stderr will be redirected. For
>   use with, for example, rotatelogs. Patch provided by Harald Dunkel.
>
> - Be more flexible with respect to the ordering of groups, roles and
>   users in the tomcat-users.xml file
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.56/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1271/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.56
> 4560d2f5a49965f73ed07cb879f17d9c096c9d13
>
> The proposed 8.5.56 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.56

Regards

 Felix

>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.36

2020-06-04 Thread Felix Schumacher 


Am 03.06.20 um 20:06 schrieb Mark Thomas:
> The proposed Apache Tomcat 9.0.36 release is now available for voting.
>
> The notable changes compared to the 9.0.35 release are:
>
> - Add support for ALPN on recent OpenJDK 8 releases.
>
> - Add support for the CATALINA_OUT_CMD environment variable that defines
>   a command to which captured stdout and stderr will be redirected. For
>   use with, for example, rotatelogs. Patch provided by Harald Dunkel.
>
> - Be more flexible with respect to the ordering of groups, roles and
>   users in the tomcat-users.xml file
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.36/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1270/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.36
> 247c8e5ad08cdcd829a0bfc6374ecb3da0e5838e
>
> The proposed 9.0.36 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.36

Regards

Felix

>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1874468 - in /tomcat/site/trunk: docs/security-8.html xdocs/security-8.xml

2020-02-25 Thread Felix Schumacher 



Am 25. Februar 2020 19:22:39 MEZ schrieb Konstantin Kolinko 
:
>вт, 25 февр. 2020 г. в 18:26, Felix Schumacher
>:
>>
>>
>> Am 25.02.20 um 10:22 schrieb Felix Schumacher:
>>
>> Index: xdocs/stylesheets/tomcat-site.xsl
>> ===
>> --- xdocs/stylesheets/tomcat-site.xsl(Revision 1874497)
>> +++ xdocs/stylesheets/tomcat-site.xsl(Arbeitskopie)
>> @@ -359,7 +359,7 @@
>>
>>
>>> select="$hashlink"/>
>> -  
>> +  
>>
>>
>>
>>
>> would take care of using the substring for the text.
>
>The XPath documentation for substring function [1] says that character
>positions in that function start with 1 (but any value less than 1 is
>treated as 1, so 0 works as well).

Good to know. Hadn't checked the docs on this, as it did what I wanted. 

Will correct it, if course. 

Regards 
 Felix 
>
>[1] https://www.w3.org/TR/1999/REC-xpath-19991116/#function-substring
>
>Best regards,
>Konstantin Kolinko
>
>-
>To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: dev-h...@tomcat.apache.org

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: Enabling http to https redirects for tomcat.apache.org

2020-02-25 Thread Felix Schumacher 


Am 25.02.20 um 16:57 schrieb Christopher Schultz:
> Felix,
>
> On 2/25/20 10:53, Felix Schumacher wrote:
> > as more and more browsers are marking http as unsecure, we should
> > redirect all http requests to tomcat.apache.org to https.
>
> > We can enable that by adding a rewrite rule to the .htaccess file
> > in the xdocs folder of our site repo.
>
> > For JMeter we used the following fragment:
>
> > RewriteEngine On
>
> > # Redirect http to https # From Cordova PMC Member raphinesse #
> > https://s.apache.org/An8s
>
> > # If we receive a forwarded http request from a proxy...
> > RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]
>
> > # ...or just a plain old http request directly from the client
> > RewriteCond %{HTTP:X-Forwarded-Proto} ="" RewriteCond %{HTTPS}
> > !=on
>
> > # Redirect to https version RewriteRule ^
> > https://%{HTTP_HOST}%{REQUEST_URI} [L]
>
> Query string? Or is that part of REQUEST_URI?

If I read the documentation for REQUEST_URI right, that QUERY_STRING is
not part of it.

Hm, another way to do this would probably be

RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [L]

Taken partly from
https://cwiki.apache.org/confluence/display/HTTPD/RewriteHTTPToHTTPS

Do you think that would be better?

Felix

>
> > Anything against adding this to our .htaccess file?
>
> +1
>
> -chris
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Enabling http to https redirects for tomcat.apache.org

2020-02-25 Thread Felix Schumacher 
Hi all,

as more and more browsers are marking http as unsecure, we should
redirect all http requests to tomcat.apache.org to https.

We can enable that by adding a rewrite rule to the .htaccess file in the
xdocs folder of our site repo.

For JMeter we used the following fragment:

RewriteEngine On

# Redirect http to https
# From Cordova PMC Member raphinesse
# https://s.apache.org/An8s

# If we receive a forwarded http request from a proxy...
RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]

# ...or just a plain old http request directly from the client
RewriteCond %{HTTP:X-Forwarded-Proto} =""
RewriteCond %{HTTPS} !=on

# Redirect to https version
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L]

Anything against adding this to our .htaccess file?

Felix


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1874468 - in /tomcat/site/trunk: docs/security-8.html xdocs/security-8.xml

2020-02-25 Thread Felix Schumacher 


Am 25.02.20 um 16:27 schrieb Felix Schumacher:
> Am 25.02.20 um 16:24 schrieb Christopher Schultz:
>> Felix,
>>
>> On 2/25/20 04:22, Felix Schumacher wrote:
>>> Am 24.02.2020 22:13, schrieb Christopher Schultz: Mark,
>>> On 2/24/20 15:46, Mark Thomas wrote:
>>>>>> On 24/02/2020 20:31, Christopher Schultz wrote:
>>>>>>> Mark,
>>>>>>> Why not use the full commit id instead of a prefix?
>>>>>>> Couldn't some future commit conflict with some arbitrary
>>>>>>> prefix? Or do I not know what the hell I'm talking about?
>>>>>> No, you are spot on. The reason I used the prefix is that I
>>>>>> was transcribing the commit IDs by hand so the prefixes were
>>>>>> easier. We probably should use the full ID or at least a
>>>>>> longer prefix.
>>> I wonder if we could script this: grab a prefix, find the (one and
>>> only one) commit in the repo and expand it. If there is a conflict
>>> (or more than one match), emit an error and continue without
>>> changing the commit id.
>>> When I do this kind of thing for $work, I like to write scripts
>>> that emit sed scripts. So you process e.g. security-8.html as
>>> input, but emit something like this as output:
>>> s/(\b)69c5608(\b)/\169c56080fb3355507e1b55d014ec0ee6767a6150\2/g
>>> ...
>>> You get a script that can be inspected, re-used and, even better,
>>> it doesn't directly modify the input files. So you can even do
>>> something like this:
>>> $ expand-git-commit-ids.pl security-*.xml > expand.sed
>>> $ sed -i .bak -f expand.sed security-*.xml
>>> And then if you find other files where the same kind of thing needs
>>> to be done, you can re-use the expand.sed script, or even (pun
>>> intended) expand the sed script if necessary.
>>>> I would use the full hash in the xml and use a substring-function
>>>> in the xsl to shorten the hash for readability.
>>>> No need for sed here :)
>> This was to initially fetch the full hashes. In the XML, now, they are
>> already shortened.
> See my other mail :)

Changed with r1874502.

Felix

>> -chris
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1874468 - in /tomcat/site/trunk: docs/security-8.html xdocs/security-8.xml

2020-02-25 Thread Felix Schumacher 


Am 25.02.20 um 16:24 schrieb Christopher Schultz:
> Felix,
>
> On 2/25/20 04:22, Felix Schumacher wrote:
> > Am 24.02.2020 22:13, schrieb Christopher Schultz: Mark,
>
> > On 2/24/20 15:46, Mark Thomas wrote:
> >>>> On 24/02/2020 20:31, Christopher Schultz wrote:
> >>>>> Mark,
> >>>>
> >>>>> Why not use the full commit id instead of a prefix?
> >>>>> Couldn't some future commit conflict with some arbitrary
> >>>>> prefix? Or do I not know what the hell I'm talking about?
> >>>>
> >>>> No, you are spot on. The reason I used the prefix is that I
> >>>> was transcribing the commit IDs by hand so the prefixes were
> >>>> easier. We probably should use the full ID or at least a
> >>>> longer prefix.
>
> > I wonder if we could script this: grab a prefix, find the (one and
> > only one) commit in the repo and expand it. If there is a conflict
> > (or more than one match), emit an error and continue without
> > changing the commit id.
>
> > When I do this kind of thing for $work, I like to write scripts
> > that emit sed scripts. So you process e.g. security-8.html as
> > input, but emit something like this as output:
>
> > s/(\b)69c5608(\b)/\169c56080fb3355507e1b55d014ec0ee6767a6150\2/g
> > ...
>
> > You get a script that can be inspected, re-used and, even better,
> > it doesn't directly modify the input files. So you can even do
> > something like this:
>
> > $ expand-git-commit-ids.pl security-*.xml > expand.sed
>
> > $ sed -i .bak -f expand.sed security-*.xml
>
> > And then if you find other files where the same kind of thing needs
> > to be done, you can re-use the expand.sed script, or even (pun
> > intended) expand the sed script if necessary.
>
> >> I would use the full hash in the xml and use a substring-function
> >> in the xsl to shorten the hash for readability.
>
> >> No need for sed here :)
>
> This was to initially fetch the full hashes. In the XML, now, they are
> already shortened.
See my other mail :)
>
> -chris
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1874468 - in /tomcat/site/trunk: docs/security-8.html xdocs/security-8.xml

2020-02-25 Thread Felix Schumacher 


Am 25.02.20 um 10:22 schrieb Felix Schumacher:
> Am 24.02.2020 22:13, schrieb Christopher Schultz:
> Mark,
>
> On 2/24/20 15:46, Mark Thomas wrote:
> >>> On 24/02/2020 20:31, Christopher Schultz wrote:
> >>>> Mark,
> >>>
> >>>> Why not use the full commit id instead of a prefix? Couldn't
> >>>> some future commit conflict with some arbitrary prefix? Or do I
> >>>> not know what the hell I'm talking about?
> >>>
> >>> No, you are spot on. The reason I used the prefix is that I was
> >>> transcribing the commit IDs by hand so the prefixes were easier.
> >>> We probably should use the full ID or at least a longer prefix.
>
> I wonder if we could script this: grab a prefix, find the (one and
> only one) commit in the repo and expand it. If there is a conflict (or
> more than one match), emit an error and continue without changing the
> commit id.
>
> When I do this kind of thing for $work, I like to write scripts that
> emit sed scripts. So you process e.g. security-8.html as input, but
> emit something like this as output:
>
> s/(\b)69c5608(\b)/\169c56080fb3355507e1b55d014ec0ee6767a6150\2/g
> ...
>
> You get a script that can be inspected, re-used and, even better, it
> doesn't directly modify the input files. So you can even do something
> like this:
>
> $ expand-git-commit-ids.pl security-*.xml > expand.sed
>
> $ sed -i .bak -f expand.sed security-*.xml
>
> And then if you find other files where the same kind of thing needs to
> be done, you can re-use the expand.sed script, or even (pun intended)
> expand the sed script if necessary.
>
> > I would use the full hash in the xml and use a substring-function in
> the xsl to shorten the hash for readability.
>
> > No need for sed here :)

Now - that I re-read Chris answer - I see what he had in mind.

I think we can combine the two things. First use a script to convert the
hashes to the full version and second, adapt the xslt to emit a shorter
version for the text of the link.

perl -M5.020 -ne 'say $1 if /hashlink hash="(\w+)"/'
../tomcat-site-trunk/xdocs/security-9.xml | while read i; do git log 
--pretty="s/\\b$i\\b/%H/g" -l 1 $i^1..$i | cat; done

That would generate the sed script for security-9.xml

And

Index: xdocs/stylesheets/tomcat-site.xsl
===
--- xdocs/stylesheets/tomcat-site.xsl    (Revision 1874497)
+++ xdocs/stylesheets/tomcat-site.xsl    (Arbeitskopie)
@@ -359,7 +359,7 @@
   
   
   
-  
+  
   
 
   

would take care of using the substring for the text.

We would loose the ability to use arbitrary text in the link, but it
wasn't used anyway.

Felix

>
> > Felix
>
>
> -chris
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: svn commit: r1874468 - in /tomcat/site/trunk: docs/security-8.html xdocs/security-8.xml

2020-02-25 Thread Felix Schumacher 

Am 24.02.2020 22:13, schrieb Christopher Schultz:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mark,

On 2/24/20 15:46, Mark Thomas wrote:

On 24/02/2020 20:31, Christopher Schultz wrote:

Mark,



Why not use the full commit id instead of a prefix? Couldn't
some future commit conflict with some arbitrary prefix? Or do I
not know what the hell I'm talking about?


No, you are spot on. The reason I used the prefix is that I was
transcribing the commit IDs by hand so the prefixes were easier.
We probably should use the full ID or at least a longer prefix.


I wonder if we could script this: grab a prefix, find the (one and
only one) commit in the repo and expand it. If there is a conflict (or
more than one match), emit an error and continue without changing the
commit id.

When I do this kind of thing for $work, I like to write scripts that
emit sed scripts. So you process e.g. security-8.html as input, but
emit something like this as output:

s/(\b)69c5608(\b)/\169c56080fb3355507e1b55d014ec0ee6767a6150\2/g
...

You get a script that can be inspected, re-used and, even better, it
doesn't directly modify the input files. So you can even do something
like this:

$ expand-git-commit-ids.pl security-*.xml > expand.sed

$ sed -i .bak -f expand.sed security-*.xml

And then if you find other files where the same kind of thing needs to
be done, you can re-use the expand.sed script, or even (pun intended)
expand the sed script if necessary.


I would use the full hash in the xml and use a substring-function in the 
xsl to shorten the hash for readability.


No need for sed here :)

Felix



- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl5UPJMACgkQHPApP6U8
pFieGBAAmLLPqCvkLguhEr0aXmDfNmjYsiO6FssEHV2zjmqjM1zzDfgjI+WDwogs
ctGkcCvITq1BYCVlGxMrkMyYkTI9a8i6lILMpAOIUwNvTVKDF3AGKaMB+EMNqyY9
8qiCrWaDbVLqpsSuGn5OhRqPui7yv8diik1cWnUKABqC/unkJqbRSEmkY9gVW8DJ
P+rdC6PUK9osqNRttnJ7AKSuQJFBV4RGnQKDfVWFB7pnFAf9Dxy3W9xoy21NJAc5
GHB+AA/9PiNi1TUYClGI4LQnp/kMlGSeRGdtn0xRhVky/DqJehfHkZmUr8ec2Y1t
eOBTLa7aP+Y19aaYiXZco3mXrbvsGGAJaeM+gX5CKpZHjFNAJV122FbP9smv+l/T
Jdk10J2LJe3WtSR/ScKCPE4/ZXFG8pnEcNf3clT0nd8y2nuIdX6uOGPwyHMX5Cwr
/IDFnuJDzy2/O5pfojFUGAfaVN+gzKRv7N2TaYXJt42FBKWfto1BFGvCxqmIIJCu
xJDw+mLcGMfG6lximvc0mrmtOmd2CRjWfo6w12vp0/4pKyj39ZShgIT3lEg05hrC
bLcYn+sHkoFgN8uiGjbDgpPZCsYn74HR/eoqZBgSfF0rBpOkNYfkfW4Yy8aUo8m3
ilpJrf/Oqn54ilkD4/v18rCIju+jd4XEiQdhjKao+Bj4zP6dGbg=
=GeOn
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Tomcat 7.0.x EOL as 31 March 2021

2020-02-21 Thread Felix Schumacher 


Am 21.02.20 um 10:52 schrieb Mark Thomas:
> All,
>
> This has been mentioned in various threads and I don't recall any
> objections. I think it is time for a vote so we can formally announce this.
>
> Announce the EOL date for 7.0.x as 31 March 2021
>
> [x] Yes


Felix


> [ ] No, because...
>
> Thanks,
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat-jakartaee-migration] branch master updated: Drop cryptographic signatures from converted JAR files

2020-02-09 Thread Felix Schumacher 


Am 09.02.20 um 12:49 schrieb Mark Thomas:
> On 09/02/2020 11:00, fschumac...@apache.org wrote:
>
> 
>
>> All dropped signatures and signature files will be logged at leve FINE.
>> Maybe we should log a warning at the end of the conversion, if signatures
>> where dropped, to raise more awareness for these kind of modification.
> +1 for a warning.

Implemented the warnings as log entries.

I think it would be nicer to show them at the end of the run, but that
would mean a lot of changes, as I  don't want to use global variables to
convey those warnings and the current return values are booleans
(indicating success/error, only).

Felix

>
> Mark
>
> P.S. It is great to see this tool evolving as other start to use it.
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: RewriteMap parsing

2019-11-01 Thread Felix Schumacher 

Am 01.11.19 um 14:24 schrieb Romain Manni-Bucau:
>
>
> Le ven. 1 nov. 2019 à 11:26, Felix Schumacher
>  <mailto:felix.schumac...@internetallee.de>> a écrit :
>
>
> Am 01.11.19 um 11:11 schrieb Romain Manni-Bucau:
>> Through the spi IMHO and if it can be ambiguous use an ordinal or
>> priority to let it be overriden maybe?
>
> Do we want users to be able to overwrite our functions? Is the
> "int:" namespace free for everyone?
>
> I think so, like enabling to enrich it (often implemented as a delegation)
>
>
>
> Should we break the context startup in case of duplicate functions
> in the registry?
>
>
> If they have the same priority I think so.


I have submitted a PR that tries to implement the discussed features:
https://github.com/apache/tomcat/pull/221

Felix

>
>
> Felix
>
>>
>> Le ven. 1 nov. 2019 à 10:46, Felix Schumacher
>> > <mailto:felix.schumac...@internetallee.de>> a écrit :
>>
>>
>> Am 28.10.19 um 23:06 schrieb Romain Manni-Bucau:
>>> +1 for quotes
>>>
>>> Can the "function" support be pluggable either with an
>>> explicit registry or a SPI? Would be awesome to enrich it in
>>> "super tomcat" instances (thinking to meecrowave, tomee and
>>> maybe spring boot).
>>
>> The function support is already pluggable (by the
>> configuration file :), but I thought about adding SPI.
>>
>> It is unclear to me, how to determine the namespace ("int:"
>> in the httpd example), should it be given by the Service
>> Provider? Would "int" be reserved for our own functions? How
>> could we achieve such a reservation mechnism?
>>
>> Felix
>>
>>>
>>> Le lun. 28 oct. 2019 à 21:43, Mark Thomas >> <mailto:ma...@apache.org>> a écrit :
>>>
>>>
>>>
>>> On 27/10/2019 11:27, Felix Schumacher wrote:
>>> > Hi all,
>>> >
>>> > while looking at the RewriteMap configuration, I
>>> noticed, that parsing
>>> > of the RewriteMap directive is a bit minimal.
>>> Parameters are split at
>>> > whitespace (no quotes will be recognized) and only the
>>> first of the
>>> > optional parameters will be used.
>>> >
>>> > Should this be changed? If so, should we introduce
>>> quoting capabilities
>>> > to gather the "one" optional parameter, or allow
>>> multiple parameters?
>>> >
>>> > Version "quote":
>>> >
>>> > RewriteMap m1 example.MyMap "some params"
>>> >
>>> > Version "multiple"
>>> >
>>> > RewriteMap m2 example.OtherMap one two three
>>> >
>>> > Or should it be a combination?
>>>
>>> That is probably the most flexible option. I'd lean
>>> towards this option
>>> but would be happy to support the majority view if
>>> different.
>>>
>>> > "quote" would be sort of compatible with the current
>>> interface, as we
>>> > still have only one parameter. "multiple" would be a
>>> nicer interface for
>>> > the implementer of the map.
>>> >
>>> > Another thing I noticed, is that the httpd rewrite map
>>> feature has a few
>>> > builtin maps, that could be useful to supply with our
>>> implementation.
>>> > Any thoughts on supplying those? (I thought about the maps
>>> > int:[toupper,tolower,escape,unescape], txt:, rnd: and
>>> possibly a new one
>>> > called jdbc:{jndi-connection}:{sql statement with
>>> placeholder}. For
>>> > these elements a quote detection would be a must)
>>>
>>> I don't recall any requests for these on the users list
>>> but maybe that
>>> is because the feature isn't that well known.
>>>
>>> Mark
>>>
>>>
>>> 
>>> -
>>> To unsubscribe, e-mail:
>>> dev-unsubscr...@tomcat.apache.org
>>> <mailto:dev-unsubscr...@tomcat.apache.org>
>>> For additional commands, e-mail:
>>> dev-h...@tomcat.apache.org
>>> <mailto:dev-h...@tomcat.apache.org>
>>>

Re: RewriteMap parsing

2019-11-01 Thread Felix Schumacher 

Am 01.11.19 um 11:11 schrieb Romain Manni-Bucau:
> Through the spi IMHO and if it can be ambiguous use an ordinal or
> priority to let it be overriden maybe?

Do we want users to be able to overwrite our functions? Is the "int:"
namespace free for everyone?

Should we break the context startup in case of duplicate functions in
the registry?

Felix

>
> Le ven. 1 nov. 2019 à 10:46, Felix Schumacher
>  <mailto:felix.schumac...@internetallee.de>> a écrit :
>
>
> Am 28.10.19 um 23:06 schrieb Romain Manni-Bucau:
>> +1 for quotes
>>
>> Can the "function" support be pluggable either with an explicit
>> registry or a SPI? Would be awesome to enrich it in "super
>> tomcat" instances (thinking to meecrowave, tomee and maybe spring
>> boot).
>
> The function support is already pluggable (by the configuration
> file :), but I thought about adding SPI.
>
> It is unclear to me, how to determine the namespace ("int:" in the
> httpd example), should it be given by the Service Provider? Would
> "int" be reserved for our own functions? How could we achieve such
> a reservation mechnism?
>
> Felix
>
>>
>> Le lun. 28 oct. 2019 à 21:43, Mark Thomas > <mailto:ma...@apache.org>> a écrit :
>>
>>
>>
>> On 27/10/2019 11:27, Felix Schumacher wrote:
>> > Hi all,
>> >
>> > while looking at the RewriteMap configuration, I noticed,
>> that parsing
>> > of the RewriteMap directive is a bit minimal. Parameters
>> are split at
>> > whitespace (no quotes will be recognized) and only the
>> first of the
>> > optional parameters will be used.
>> >
>> > Should this be changed? If so, should we introduce quoting
>> capabilities
>> > to gather the "one" optional parameter, or allow multiple
>> parameters?
>> >
>> > Version "quote":
>> >
>> > RewriteMap m1 example.MyMap "some params"
>> >
>> > Version "multiple"
>> >
>> > RewriteMap m2 example.OtherMap one two three
>> >
>> > Or should it be a combination?
>>
>> That is probably the most flexible option. I'd lean towards
>> this option
>> but would be happy to support the majority view if different.
>>
>> > "quote" would be sort of compatible with the current
>> interface, as we
>> > still have only one parameter. "multiple" would be a nicer
>> interface for
>> > the implementer of the map.
>> >
>> > Another thing I noticed, is that the httpd rewrite map
>> feature has a few
>> > builtin maps, that could be useful to supply with our
>> implementation.
>> > Any thoughts on supplying those? (I thought about the maps
>> > int:[toupper,tolower,escape,unescape], txt:, rnd: and
>> possibly a new one
>> > called jdbc:{jndi-connection}:{sql statement with
>> placeholder}. For
>> > these elements a quote detection would be a must)
>>
>> I don't recall any requests for these on the users list but
>> maybe that
>> is because the feature isn't that well known.
>>
>> Mark
>>
>>
>> -
>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>> <mailto:dev-unsubscr...@tomcat.apache.org>
>> For additional commands, e-mail: dev-h...@tomcat.apache.org
>> <mailto:dev-h...@tomcat.apache.org>
>>

Re: RewriteMap parsing

2019-11-01 Thread Felix Schumacher 

Am 28.10.19 um 23:06 schrieb Romain Manni-Bucau:
> +1 for quotes
>
> Can the "function" support be pluggable either with an explicit
> registry or a SPI? Would be awesome to enrich it in "super tomcat"
> instances (thinking to meecrowave, tomee and maybe spring boot).

The function support is already pluggable (by the configuration file :),
but I thought about adding SPI.

It is unclear to me, how to determine the namespace ("int:" in the httpd
example), should it be given by the Service Provider? Would "int" be
reserved for our own functions? How could we achieve such a reservation
mechnism?

Felix

>
> Le lun. 28 oct. 2019 à 21:43, Mark Thomas  <mailto:ma...@apache.org>> a écrit :
>
>
>
> On 27/10/2019 11:27, Felix Schumacher wrote:
> > Hi all,
> >
> > while looking at the RewriteMap configuration, I noticed, that
> parsing
> > of the RewriteMap directive is a bit minimal. Parameters are
> split at
> > whitespace (no quotes will be recognized) and only the first of the
> > optional parameters will be used.
> >
> > Should this be changed? If so, should we introduce quoting
> capabilities
> > to gather the "one" optional parameter, or allow multiple
> parameters?
> >
> > Version "quote":
> >
> > RewriteMap m1 example.MyMap "some params"
> >
> > Version "multiple"
> >
> > RewriteMap m2 example.OtherMap one two three
> >
> > Or should it be a combination?
>
> That is probably the most flexible option. I'd lean towards this
> option
> but would be happy to support the majority view if different.
>
> > "quote" would be sort of compatible with the current interface,
> as we
> > still have only one parameter. "multiple" would be a nicer
> interface for
> > the implementer of the map.
> >
> > Another thing I noticed, is that the httpd rewrite map feature
> has a few
> > builtin maps, that could be useful to supply with our
> implementation.
> > Any thoughts on supplying those? (I thought about the maps
> > int:[toupper,tolower,escape,unescape], txt:, rnd: and possibly a
> new one
> > called jdbc:{jndi-connection}:{sql statement with placeholder}. For
> > these elements a quote detection would be a must)
>
> I don't recall any requests for these on the users list but maybe that
> is because the feature isn't that well known.
>
> Mark
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> <mailto:dev-unsubscr...@tomcat.apache.org>
> For additional commands, e-mail: dev-h...@tomcat.apache.org
> <mailto:dev-h...@tomcat.apache.org>
>

RewriteMap parsing

2019-10-27 Thread Felix Schumacher 
Hi all,

while looking at the RewriteMap configuration, I noticed, that parsing
of the RewriteMap directive is a bit minimal. Parameters are split at
whitespace (no quotes will be recognized) and only the first of the
optional parameters will be used.

Should this be changed? If so, should we introduce quoting capabilities
to gather the "one" optional parameter, or allow multiple parameters?

Version "quote":

RewriteMap m1 example.MyMap "some params"

Version "multiple"

RewriteMap m2 example.OtherMap one two three

Or should it be a combination?

"quote" would be sort of compatible with the current interface, as we
still have only one parameter. "multiple" would be a nicer interface for
the implementer of the map.


Another thing I noticed, is that the httpd rewrite map feature has a few
builtin maps, that could be useful to supply with our implementation.
Any thoughts on supplying those? (I thought about the maps
int:[toupper,tolower,escape,unescape], txt:, rnd: and possibly a new one
called jdbc:{jndi-connection}:{sql statement with placeholder}. For
these elements a quote detection would be a must)

Felix


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Private branches in the official Tomcat git repository

2019-10-12 Thread Felix Schumacher 

Am 11.10.19 um 16:43 schrieb Rémy Maucherat:
> On Fri, Oct 11, 2019 at 4:30 PM Michael Osipov  > wrote:
>
> Am 2019-10-11 um 16:20 schrieb Rémy Maucherat:
> > Hi,
> >
> > This vote is to regulate the use of branches in the official Tomcat
> > repository beyond branches that are approved by the community
> such as 8.5.x
> > and 7.0.x. It is possible to do development in private branches
> directly in
> > the official Tomcat repository, as an alternative to using forks
> and pull
> > requests.
> >
> > Should private branches be allowed in the official Tomcat git
> repository ?
> > [ ] Yes
> > [ ] No
>
> I don't like the term 'private' because everytihing I add to the
> canonical repo is intended to merged into upstream sooner or later.
> Purely private stuff must be in a fork anyway.
>
> Please redefine.
>
>
> Well, it's already in the text of the vote ("This vote is to regulate
> the use of branches in the official Tomcat repository beyond branches
> that are approved by the community such as 8.5.x and 7.0.x"): Private
> branches are defined here as any branches whose creation is not
> approved and voted on by the community.
>
> = I feel like creating branch "remm", is it allowed ?
> So I say no, because this is the Tomcat repo, not remm's repo, even
> though commits could possibly be interesting this is a bit too much.

In that sense, I would say "no", too. There is no need for a private
only branch with git.

For feature branches - which I understand are out of scope for this - I
would be tending towards a "yes".

Felix

>
> Rémy
>  
>
>
> In that case as depicted by me:
> Yes!
>

Re: [Bug 61441] daemon.sh's auto-detection fails on linux system's where java is installed via an RPM

2019-09-25 Thread Felix Schumacher 


Am 19.09.19 um 10:02 schrieb Mark Thomas:
> On 19/09/2019 08:07, Felix Schumacher wrote:
>> That is obviously spam.
> When discussing spam please don't quote the material - particularly any
> links - as getting the links published as many times as possible is the
> aim of the spam.
Will try to remember it.
>
>> My question here is, what is the official way to
>> get rid of such entries?
> Officially, the process is email bugzilla-admin@a.o and ask them to:
> - disable the account
> - delete the spam comment
>
> Since that email lands in my inbox I tend to skip the sending the email
> bit ;)
>
> If you want to help out - help is always appreciated - I can give you
> the BZ karma necessary to disable accounts. You usually need to do a
> little poking around to see if they have created any other comments as
> they tend to spread them over several projects.
>
> Deleting the comments requires executing SQL directly on the database.

That sounds almost like fun. I can try to help.

Felix

>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [Bug 61441] daemon.sh's auto-detection fails on linux system's where java is installed via an RPM

2019-09-19 Thread Felix Schumacher 
That is obviously spam. My question here is, what is the official way to get 
rid of such entries?

Felix 

Am 19. September 2019 07:27:43 MESZ schrieb bugzi...@apache.org:
>https://bz.apache.org/bugzilla/show_bug.cgi?id=61441
>
>--- Comment #6 from Hugo Carnegie <0p1lp...@besttempmail.com> ---
>Bug is the error that is produced due to some functional disorder in
>the system
>and the file due to hazards and other situations. The status of the bug
>that is
>mentioned has
>https://www.techentice.com/top-10-practical-blogging-trends-you-need-to-follow-in-2019/
>for practicing the following steps like the products, version, and
>components,
>etc.
>
>-- 
>You are receiving this mail because:
>You are the assignee for the bug.
>-
>To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 9.0.26

2019-09-18 Thread Felix Schumacher 


Am 16.09.19 um 18:15 schrieb Mark Thomas:
> The proposed Apache Tomcat 9.0.26 release is now available for voting.
>
> The major changes compared to the 9.0.24 release are:
>
> - Update to Commons Daemon 1.2.1 to pick up fixes for regressions in
>   Commons Daemon 1.2.0, most notably a failure to start when using
>   a 32-bit JVM on Windows.
>
> - Avoid an NPE when accessing an https port using http.
>
> - Correct the invalid automatic module names for the embedded JARs.
>
> - Fix a potential hang when using HTTP/2 with the asynchronous Servlet
>   API.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat9/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.26/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1230/
> The tag is:
> https://github.com/apache/tomcat/tree/9.0.26
>
>
> The proposed 9.0.26 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 9.0.26

Felix



-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 8.5.46

2019-09-18 Thread Felix Schumacher 


Am 16.09.19 um 20:46 schrieb Mark Thomas:
> The proposed Apache Tomcat 8.5.46 release is now available for voting.
>
> The major changes compared to the 8.5.45 release are:
>
> - Update to Commons Daemon 1.2.1 to pick up fixes for regressions in
>   Commons Daemon 1.2.0, most notably a failure to start when using
>   a 32-bit JVM on Windows.
>
> - Avoid an NPE when accessing an https port using http.
>
> - Fix a potential hang when using HTTP/2 with the asynchronous Servlet
>   API.
>
> Along with lots of other bug fixes and improvements.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat85/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.46/
>
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1231/
>
> The tag is:
> https://github.com/apache/tomcat/tree/8.5.46
> 914f68b45127207170dff894e03ec31732cac898
>
> The proposed 8.5.46 release is:
> [ ] Broken - do not release
> [x] Stable - go ahead and release as 8.5.46

Felix


-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] 02/02: Additional changes required to enable EnvironmentPropertySource

2019-09-15 Thread Felix Schumacher 


Am 15.09.19 um 11:03 schrieb Mark Thomas:
> On 14/09/2019 20:01, Felix Schumacher wrote:
>> Am 12.09.19 um 22:40 schrieb ma...@apache.org:
>>> This is an automated email from the ASF dual-hosted git repository.
>>>
>>> markt pushed a commit to branch master
>>> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>>>
>>> commit cae17a52598393680952aa21cee0e27b13a73455
>>> Author: Mark Thomas 
>>> AuthorDate: Thu Sep 12 15:31:26 2019 +0100
>>>
>>> Additional changes required to enable EnvironmentPropertySource
>>> ---
>>>  .../org/apache/tomcat/util/IntrospectionUtils.java | 49 
>>> --
>>>  java/org/apache/tomcat/util/digester/Digester.java | 33 ++-
>>>  webapps/docs/changelog.xml |  4 +-
>>>  3 files changed, 69 insertions(+), 17 deletions(-)
>>>
>>> diff --git a/java/org/apache/tomcat/util/IntrospectionUtils.java 
>>> b/java/org/apache/tomcat/util/IntrospectionUtils.java
>>> index 3ffa702..f6ac737 100644
>>> --- a/java/org/apache/tomcat/util/IntrospectionUtils.java
>>> +++ b/java/org/apache/tomcat/util/IntrospectionUtils.java
>>> @@ -476,9 +499,27 @@ public final class IntrospectionUtils {
>>>  // This provides a layer of abstraction
>>>  
>>>  public static interface PropertySource {
>>> -
>>>  public String getProperty(String key);
>>> -
>>>  }
>>>  
>>> +
>>> +public static interface PropertySourceSecure extends PropertySource {
>> I think a better name would be SecurePropertySource or
>> ClassloaderAwarePropertySource. The thing that it represents should be
>> at the end of the name IMHO.
> Fair enough. I prefer "SecurePropertySource" so I'll go with that before
> I tag.
>
>> At work I prototyped a similar approach and introduced a
>> NamespaceAwarePropertySource. It is basically an interface that has a
>> getNamespace() method that returns a prefix for the keys. I think that
>> it would be nice if these two approaches.
> Sorry, I'm not quite understanding how this works or the use case it is
> trying to address. Could you provide a simple example?

A namespaced PropertySource would look like this

interface NamespacedPropertySource extends PropertySource {
   String getNamespace(); // or getPrefix()
}

Those PropertySources would be registered by the service loader approach
into a map with their namespace as a key.

If a property is looked up with a key, for example "env.hostname", that
key would be split into the namespace (or prefix) and the actual key for
the source. The SecureProperty from the above map (found by the
namespace) would then be asked to resolve the property.

In this setup, the multiplexer that is looking up the source could check
with the security manager whether access to the key is allowed and thus
freeing the implementer of the NamespacedProperty of doing this work.

class MultiPropertySource implements SecurePropertySource { // not a
good name

  Map sources = findThemByServiceLoader();

  String getProperty(String key, ClassLoader classLoader) {
    String[] nameComponents = key.split(":", 2); // uses a colon for
separation as split uses a regex and a dot is a special char in that context
    String namespace = nameComponents[0];
    String realKey = nameComponents[1];
    if (!checkSecurity(namespace, realKey, classLoader)) { // this would
do the security check
  return null;
    }
   
    SecurePropertySource source = sources.get(namespace);
    return source.getProperty(realKey);
  }
}

Does this make sense to you?

Felix

>
>> My prototype didn't try to
>> call a security manager, but with this commit it would be easy to add.
>>
>> On the other hand it uses a ServiceLoader approach to automatically find
>> all NamespaceAwarePropertySources. Do you think this would be a good
>> addition for Tomcat?
> There is an entry in TOMCAT-NEXT around reducing the use of system
> properties. A ServiceLoader approach may be a good solution for some of
> those.
>
> Mark
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat] 02/02: Additional changes required to enable EnvironmentPropertySource

2019-09-14 Thread Felix Schumacher 


Am 12.09.19 um 22:40 schrieb ma...@apache.org:
> This is an automated email from the ASF dual-hosted git repository.
>
> markt pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>
> commit cae17a52598393680952aa21cee0e27b13a73455
> Author: Mark Thomas 
> AuthorDate: Thu Sep 12 15:31:26 2019 +0100
>
> Additional changes required to enable EnvironmentPropertySource
> ---
>  .../org/apache/tomcat/util/IntrospectionUtils.java | 49 
> --
>  java/org/apache/tomcat/util/digester/Digester.java | 33 ++-
>  webapps/docs/changelog.xml |  4 +-
>  3 files changed, 69 insertions(+), 17 deletions(-)
>
> diff --git a/java/org/apache/tomcat/util/IntrospectionUtils.java 
> b/java/org/apache/tomcat/util/IntrospectionUtils.java
> index 3ffa702..f6ac737 100644
> --- a/java/org/apache/tomcat/util/IntrospectionUtils.java
> +++ b/java/org/apache/tomcat/util/IntrospectionUtils.java
> @@ -476,9 +499,27 @@ public final class IntrospectionUtils {
>  // This provides a layer of abstraction
>  
>  public static interface PropertySource {
> -
>  public String getProperty(String key);
> -
>  }
>  
> +
> +public static interface PropertySourceSecure extends PropertySource {

I think a better name would be SecurePropertySource or
ClassloaderAwarePropertySource. The thing that it represents should be
at the end of the name IMHO.

At work I prototyped a similar approach and introduced a
NamespaceAwarePropertySource. It is basically an interface that has a
getNamespace() method that returns a prefix for the keys. I think that
it would be nice if these two approaches. My prototype didn't try to
call a security manager, but with this commit it would be easy to add.

On the other hand it uses a ServiceLoader approach to automatically find
all NamespaceAwarePropertySources. Do you think this would be a good
addition for Tomcat?

Regards

 Felix

> +
> +/**
> + * Obtain a property value, checking that code associated with the
> + * provided class loader has permission to access the property. If 
> the
> + * {@code classLoader} is {@code null} or if {@code classLoader} does
> + * not implement {@link PermissionCheck} then the property value 
> will be
> + * looked up without a call to
> + * {@link PermissionCheck#check(java.security.Permission)}
> + *
> + * @param key   The key of the requested property
> + * @param classLoader   The class loader associated with the code 
> that
> + *  trigger the property lookup
> + * @return The property value or {@code null} if it could not be 
> found
> + * or if {@link 
> PermissionCheck#check(java.security.Permission)}
> + * fails
> + */
> +public String getProperty(String key, ClassLoader classLoader);
> +}

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 7.0.96

2019-07-29 Thread Felix Schumacher 



Am 24. Juli 2019 15:56:53 MESZ schrieb Violeta Georgieva :
>The proposed Apache Tomcat 7.0.96 release is now available for voting.
>
>For full details, see the changelog:
>https://ci.apache.org/projects/tomcat/tomcat7/docs/changelog.html
>
>It can be obtained from:
>https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.96/
>The Maven staging repo is:
>https://repository.apache.org/content/repositories/orgapachetomcat-1224/
>The git tag is:
>https://github.com/apache/tomcat/tree/7.0.96
>5277b175db2e575022672856797240976ad23bcf
>
>The proposed 7.0.96 release is:
>[ ] Broken - do not release
>[x] Stable - go ahead and release as 7.0.96 Stable

Regards
 Felix 

>
>Regards,
>Violeta

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 7.0.96

2019-07-25 Thread Felix Schumacher 



Am 25. Juli 2019 17:00:06 MESZ schrieb Rainer Jung :
>Hi Felix,
>
>could it be you have overwritten objenesis.loc in some
>build.properties?

Could be. I will have a look at my docker file.

Stupid me has looked at the git sources and hasn't thought about my old me 
copying stuff into the extracted dir :) 

Felix 

>
>Commit 9e32afaf34e on 2019-07-05 for TC 7 contains:
>
>-objenesis.loc=https://bintray.com/easymock/distributions/download_file?file_path=objenesis-${objenesis.version}-bin.zip
>+objenesis.loc=${base-maven.loc}/org/objenesis/objenesis/${objenesis.version}/objenesis-${objenesis.version}.jar
>
>in build.properties.default (plus the checksum change), but your ant 
>task still downloads objenesis-1.2-bin.zip instead of
>objenesis-1.2.jar.
>
>It works here.
>
>Regards,
>
>Rainer
>
>Am 25.07.2019 um 15:48 schrieb Felix Schumacher:
>> While building with 'ant test' I currently get:
>> 
>> ,,,
>> 
>> downloadfile:
>>    [get] Getting:
>>
>https://bintray.com/easymock/distributions/download_file?file_path=objenesis-1.2-bin.zip
>>    [get] To: /root/tomcat-build-libs/download-526630409.tmp
>>    [get]
>>
>https://bintray.com/easymock/distributions/download_file?file_path=objenesis-1.2-bin.zip
>> moved to
>https://dl.bintray.com/easymock/distributions/objenesis-1.2-bin.zip
>>    [get]
>> https://dl.bintray.com/easymock/distributions/objenesis-1.2-bin.zip
>> moved to
>>
>https://d29vzk4ow07wi7.cloudfront.net/2359e04aca6f4f171f92ff77489d1669043dd536?response-content-disposition=attachment%3Bfilename%3D%22objenesis-1.2-bin.zip%22=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvMjM1OWUwNGFjYTZmNGYxNzFmOTJmZjc3NDg5ZDE2NjkwNDNkZDUzNj9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMm9iamVuZXNpcy0xLjItYmluLnppcCUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTU2NDA2Mjg5NX0sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_=IGW4RrDny71UmfjwU2rT~hyMNrU8SBqOQV0wavwC00upzv9ATLZlRGec7c1~-1E~Uh5mE56h1BTmXhdcw8Fi7YTVvTIoP11esCqirEX1NO9qyp7tmur7Y5ihjXkEficCCWKzpXbklCx4ZRiCJ8CpAkVyg9rfExZyCLeAJNSRd8LhWq3j2ecwMzhR9Fb-2U3-ffi5DAJFN7YenKf5-bbVF1yE8pyF3bBo47SlLZl7ocslXm57nF41-oV2c1yrF8XchSG6WlH3DTVHqmRVqAGg4lfMJpPiuOROollmQ6cUiSvKxQ0O~l6FnByHf1D804xMeYha4UahL9clmAbP~54vWA__=APKAIFKFWOMXM2UMTSFA
>> 
>> BUILD FAILED
>> /usr/local/src/tomcat-native/build.xml:2857: The following error
>> occurred while executing this line:
>> /usr/local/src/tomcat-native/build.xml:3138: The following error
>> occurred while executing this line:
>> /usr/local/src/tomcat-native/build.xml:3023: Checksum check failure
>for
>> objenesis-1.2.jar (/root/tomcat-build-libs/download-526630409.tmp).
>>    Algorithm: MD5|SHA-1
>>    Expected value:
>>
>bee117291d50b41b8e8cf0ac5435df1d|bfcb0539a071a4c5a30690388903ac48c0667f2a
>>    Actual values:
>>    SHA-512:
>>
>ede5873de8576f2b330407b17d73bb1fdceb19d8b3b674f9e0c5c7c0461f4f3e13be099bf3503328e6d4643874b7187bb8e0db03f55bdafc99449acbc9896a2b
>>    SHA-256:
>c732f0bc16a5c6e700652d36533f286a84e5fce9932e1da65e16ab0897d6480f
>>    SHA-1: 2359e04aca6f4f171f92ff77489d1669043dd536
>>    MD5: c94eeba0f868c80c50eb0202499479ab
>> 
>> Regards
>> 
>>   Felix
>> 
>> Am 24.07.19 um 15:56 schrieb Violeta Georgieva:
>>> The proposed Apache Tomcat 7.0.96 release is now available for
>voting.
>>>
>>> For full details, see the changelog:
>>> https://ci.apache.org/projects/tomcat/tomcat7/docs/changelog.html
>>>
>>> It can be obtained from:
>>> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.96/
>>> The Maven staging repo is:
>>>
>https://repository.apache.org/content/repositories/orgapachetomcat-1224/
>>> The git tag is:
>>> https://github.com/apache/tomcat/tree/7.0.96
>>> 5277b175db2e575022672856797240976ad23bcf
>>>
>>> The proposed 7.0.96 release is:
>>> [ ] Broken - do not release
>>> [ ] Stable - go ahead and release as 7.0.96 Stable
>>>
>>> Regards,
>>> Violeta
>
>-
>To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
>For additional commands, e-mail: dev-h...@tomcat.apache.org

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [VOTE] Release Apache Tomcat 7.0.96

2019-07-25 Thread Felix Schumacher 
While building with 'ant test' I currently get:

,,,

downloadfile:
  [get] Getting:
https://bintray.com/easymock/distributions/download_file?file_path=objenesis-1.2-bin.zip
  [get] To: /root/tomcat-build-libs/download-526630409.tmp
  [get]
https://bintray.com/easymock/distributions/download_file?file_path=objenesis-1.2-bin.zip
moved to https://dl.bintray.com/easymock/distributions/objenesis-1.2-bin.zip
  [get]
https://dl.bintray.com/easymock/distributions/objenesis-1.2-bin.zip
moved to
https://d29vzk4ow07wi7.cloudfront.net/2359e04aca6f4f171f92ff77489d1669043dd536?response-content-disposition=attachment%3Bfilename%3D%22objenesis-1.2-bin.zip%22=eyJTdGF0ZW1lbnQiOiBbeyJSZXNvdXJjZSI6Imh0dHAqOi8vZDI5dnprNG93MDd3aTcuY2xvdWRmcm9udC5uZXQvMjM1OWUwNGFjYTZmNGYxNzFmOTJmZjc3NDg5ZDE2NjkwNDNkZDUzNj9yZXNwb25zZS1jb250ZW50LWRpc3Bvc2l0aW9uPWF0dGFjaG1lbnQlM0JmaWxlbmFtZSUzRCUyMm9iamVuZXNpcy0xLjItYmluLnppcCUyMiIsIkNvbmRpdGlvbiI6eyJEYXRlTGVzc1RoYW4iOnsiQVdTOkVwb2NoVGltZSI6MTU2NDA2Mjg5NX0sIklwQWRkcmVzcyI6eyJBV1M6U291cmNlSXAiOiIwLjAuMC4wLzAifX19XX0_=IGW4RrDny71UmfjwU2rT~hyMNrU8SBqOQV0wavwC00upzv9ATLZlRGec7c1~-1E~Uh5mE56h1BTmXhdcw8Fi7YTVvTIoP11esCqirEX1NO9qyp7tmur7Y5ihjXkEficCCWKzpXbklCx4ZRiCJ8CpAkVyg9rfExZyCLeAJNSRd8LhWq3j2ecwMzhR9Fb-2U3-ffi5DAJFN7YenKf5-bbVF1yE8pyF3bBo47SlLZl7ocslXm57nF41-oV2c1yrF8XchSG6WlH3DTVHqmRVqAGg4lfMJpPiuOROollmQ6cUiSvKxQ0O~l6FnByHf1D804xMeYha4UahL9clmAbP~54vWA__=APKAIFKFWOMXM2UMTSFA

BUILD FAILED
/usr/local/src/tomcat-native/build.xml:2857: The following error
occurred while executing this line:
/usr/local/src/tomcat-native/build.xml:3138: The following error
occurred while executing this line:
/usr/local/src/tomcat-native/build.xml:3023: Checksum check failure for
objenesis-1.2.jar (/root/tomcat-build-libs/download-526630409.tmp).
  Algorithm: MD5|SHA-1
  Expected value:
bee117291d50b41b8e8cf0ac5435df1d|bfcb0539a071a4c5a30690388903ac48c0667f2a
  Actual values:
  SHA-512:
ede5873de8576f2b330407b17d73bb1fdceb19d8b3b674f9e0c5c7c0461f4f3e13be099bf3503328e6d4643874b7187bb8e0db03f55bdafc99449acbc9896a2b
  SHA-256: c732f0bc16a5c6e700652d36533f286a84e5fce9932e1da65e16ab0897d6480f
  SHA-1: 2359e04aca6f4f171f92ff77489d1669043dd536
  MD5: c94eeba0f868c80c50eb0202499479ab

Regards

 Felix

Am 24.07.19 um 15:56 schrieb Violeta Georgieva:
> The proposed Apache Tomcat 7.0.96 release is now available for voting.
>
> For full details, see the changelog:
> https://ci.apache.org/projects/tomcat/tomcat7/docs/changelog.html
>
> It can be obtained from:
> https://dist.apache.org/repos/dist/dev/tomcat/tomcat-7/v7.0.96/
> The Maven staging repo is:
> https://repository.apache.org/content/repositories/orgapachetomcat-1224/
> The git tag is:
> https://github.com/apache/tomcat/tree/7.0.96
> 5277b175db2e575022672856797240976ad23bcf
>
> The proposed 7.0.96 release is:
> [ ] Broken - do not release
> [ ] Stable - go ahead and release as 7.0.96 Stable
>
> Regards,
> Violeta

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [tomcat-native] branch master updated: Support old shells.

2019-06-28 Thread Felix Schumacher 


Am 27.06.19 um 01:03 schrieb rj...@apache.org:
> This is an automated email from the ASF dual-hosted git repository.
>
> rjung pushed a commit to branch master
> in repository https://gitbox.apache.org/repos/asf/tomcat-native.git
>
>
> The following commit(s) were added to refs/heads/master by this push:
>  new edae9b1  Support old shells.
> edae9b1 is described below
>
> commit edae9b16888c1d5e73863877ff27bf129adc2fcd
> Author: Rainer Jung 
> AuthorDate: Thu Jun 27 01:02:02 2019 +0200
>
> Support old shells.


Hi Rainer,

do you still see shells, that don't support the $(...) syntax?

Felix


> ---
>  jnirelease.sh | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/jnirelease.sh b/jnirelease.sh
> index 0349079..8fe7fe7 100755
> --- a/jnirelease.sh
> +++ b/jnirelease.sh
> @@ -156,7 +156,7 @@ if [ ! -d .git/refs/remotes/9.0.x ]; then
>  git remote add -f 9.0.x ${TCJAVA_GITBASE}
>  fi
>  git remote update 9.0.x
> -diffcount=$(git diff HEAD remotes/9.0.x/master java/org/apache/tomcat/jni | 
> wc -l)
> +diffcount=`git diff HEAD remotes/9.0.x/master java/org/apache/tomcat/jni | 
> wc -l`
>  
>  if [ $diffcount -ne 0 ]; then
>  echo "WARNING: git subtree is not up to date with"
>
>
> -
> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: dev-h...@tomcat.apache.org
>

-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Re: [CONF] Apache Tomcat > Developing

2019-06-10 Thread Felix Schumacher 


Am 10.06.19 um 20:17 schrieb Christopher Schultz:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Felix,
>
> How much is the information on cwiki expected to replace and/or mirror
> information available on the Tomcat web site?

Good question. My main motivation was to correct the information that is
available in that wiki, not to think about what should be placed where.

Felix

>
> A lot of this looks like information available elsewhere.
>
> Thanks,
> - -chris
>
> On 6/9/19 06:30, Felix Schumacher (Confluence) wrote:
>> There's *1 new edit* on this page
>>
>> page icon 
>> <https://cwiki.apache.org/confluence/display/TOMCAT/Developing?src=mai
> l=confluence-server=1560076209171
> c.mail.notification=com.atlassian.confluence.plugins.confluence-notifica
> tions-batch-plugin%3Abatching-notification=8aa9809569
> d423cd016a0413306f00db=view>
>>
>>
>> Developing 
>> <https://cwiki.apache.org/confluence/display/TOMCAT/Developing?src=mai
> l=confluence-server=1560076209171
> c.mail.notification=com.atlassian.confluence.plugins.confluence-notifica
> tions-batch-plugin%3Abatching-notification=8aa9809569
> d423cd016a0413306f00db=view>
>>
>>
>>  Felix Schumacher edited this page
>>
>>
>>
>> Here's the version comment
>>
>>  Felix Schumacher edited at 10:28 AM 
>> <https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=1030
> 98864>
>>
>>
>>  Use git instead of svn
>>
>>
>>
>> Here's what changed:
>>
>> ...
>>
>>
>> How do I start hacking Tomcat in Eclipse?
>>
>> Briefly:
>>
>> No Format
>>
>> $ svngit checkoutclone
>> httphttps://svngithub.com/apache.org/repos/asf/tomcat/trunktomcat.git
>>
>>
> (or whatever branch you want: clearly, this would be better
>> to do directly from within Eclipse but it's easier to describe as a
>> command)
>>
>> $ cd trunktomcat
>>
>> $ echo "base.path=/path/to/where/tomcat/can/put/its/3rd-party/libs"
>>> build.properties
>> $ ant ide-eclipse
>>
>> ...
>>
>>
>> How do I remotely debug Tomcat using NetBeans 
>>  ion=true=103098864>?
>>  This answer assumes that you know how to work with a NetBeans
>> Project, and also how to use the NetBeans debugger. If not, please
>> go to http://www.netbeans.org/kb/using-netbeans/40/debug.html and
>> read up on how to use NetBeans and its debugger.
>>
>> ...
>>
>> Go to page history 
>> <https://cwiki.apache.org/confluence/pages/viewpreviousversions.action
> ?pageId=103098864=mail=confluence-server
> imestamp=1560076209171=com.atlassian.confluence.pl
> ugins.confluence-notifications-batch-plugin%3Abatching-notification
> mail.recipient=8aa9809569d423cd016a0413306f00db>
>>
>>
>> View page 
>> <https://cwiki.apache.org/confluence/display/TOMCAT/Developing?src=mai
> l=confluence-server=1560076209171
> c.mail.notification=com.atlassian.confluence.plugins.confluence-notifica
> tions-batch-plugin%3Abatching-notification=8aa9809569
> d423cd016a0413306f00db=view>
>>
>>
>>
>>
>> Stop watching space 
>> <https://cwiki.apache.org/confluence/users/removespacenotification.act
> ion?spaceKey=TOMCAT=mail=confluence-server
> .timestamp=1560076209171=com.atlassian.confluence.
> plugins.confluence-notifications-batch-plugin%3Abatching-notification
> c.mail.recipient=8aa9809569d423cd016a0413306f00db=stop-w
> atching=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ4c3JmOjhhYTk
> 4MDk1NjlkNDIzY2QwMTZhMDQxMzMwNmYwMGRiIiwicXNoIjoiNTI4MGYyMzZlNDRkMGEzOGE
> zMTVmMTA2MGQwMjU0OWFhYWNkZjcyNGNiNmFiZjllZDUwZTg4ZmVmYTI1MTAzNCIsImlzcyI
> 6ImNvbmZsdWVuY2Vfbm90aWZpY2F0aW9uc0FSRUgtWFVEMS1QT1FHLUNTQU8iLCJleHAiOjE
> 1NjA2ODEwMDksImlhdCI6MTU2MDA3NjIwOX0.2bMiXSO3nQBuZzTYWgFZAOLmyODOfMwwBtM
> adlWflUw>
>>
> •
>> Manage notifications 
>> <https://cwiki.apache.org/confluence/users/editmyemailsettings.action?
> src=mail=confluence-server=156007620
> 9171=com.atlassian.confluence.plugins.confluence-n
> otifications-batch-plugin%3Abatching-notification=8aa
> 9809569d423cd016a0413306f00db=manage>
>>
>>
>>  Confluence logo big
>>
>> This message was sent by Atlassian Confluence 6.15.2
>>
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/
>
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlz+nqgACgkQHPApP6U8
> pFj7ow/+JwpE1CubHh/G/QVhuAcM+uCQq665aON32LVgotnBXwaXpLY

[CONF] Apache Tomcat > OutOfMemory

2019-06-09 Thread Felix Schumacher (Confluence) 
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
OutOfMemory 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Felix Schumacher edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Felix Schumacher edited at 10:50 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Note about MetaSpae instead of PermGen  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... 
 
A servlet trying to load a several GBytes file into memory will surely kill the server. These kind of errors must be considered a simple bug in our program. 
To compensate for the data your servlet tries to load, you increase the heap size so that there is no room to create the stack size for the threads that need to be created. The memory required by each thread will vary by OS but can be as high as 2M by default and in some OS's (like Debian Sarge) is not reducible with the -Xss parameter. Rule of Thumb, use no more than 1G for heap space in a 32-bit web application. 
Deep recursive algorithms can also lead to Out Of Memory problems. In this case, the only fixes are increasing the thread stack size (-Xss), or refactoring the algorithms to reduce the depth, or the local data size per call. 
  A webapp that uses lots of libraries with many dependencies, or a server maintaining lots of webapps could exhauste the JVM PermGen space. This space is where the VM stores the classes and methods data. In those cases, the fix is to increase this size. The Sun VM has the flag -XX:MaxPermSize that allows to set its size (the default value is 64M)  
 
 
 
 Info 
 
 
 
 
  PermGen has been integrated into a new concept called MetaSpace from Java 8 on. The old setting will generate a warning and will be ignored by newer JVMs.   
 
 
 
Hard references to classes can prevent the garbage collector from reclaiming the memory allocated for them when a ClassLoader is discarded. This will occur on JSP recompilations, and webapps reloads. If these operations are common in a webapp having these kinds of problems, it will be a matter of time, until the PermGen space gets full and an Out Of Memory is thrown. 
 ... Any threads a web application starts, a web application should stop. ServletContextListener is your friend. Note Tomcat 7 will warn you if you do this and will also provide a (highly dangerous - use at your own risk) option to terminate the threads.  DriverManager  If you load a java.sql.Driver in your own classloader (or servlets), the driver should be removed before undeploying. Each driver is registered in DriverManager which is loaded in system classloader and references the local driver. Note Tomcat will do this for you if you forget. 
 
 
 
 No Format 
 
 
 
 
 
Enumeration drivers = DriverManager.getDrivers();
		ArrayList driversToUnload=new ArrayList();
		while (drivers.hasMoreElements()) {
			Driver driver = drivers.nextElement();
			if (driver.getClass().getClassLoader().equals(getClass().getClassLoader())) {
driversToUnload.add(driver);
			}
		}
		for (Driver driver : driversToUnload) {
	DriverManager.deregisterDriver(driver);
}
  
 
 
  ThreadLocal  The lifecycle of a ThreadLocal should match that of a request. There is no guarantee that a thread will ever be used to process a request again so if a ThreadLocal is left on the thread at the end of the request there may be no opportunity for the web application to clean it up. Note Tomcat 7 will do this for you.  ContextClassLoader  There are various parts of the Java API that retain a permanent reference to the context class loader. If this happens to be a web application class loader then a memory leak will occur. Tomcat provides workarounds for these where known but there are undoubtedly others. ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.2

[CONF] Apache Tomcat > OutOfMemory

2019-06-09 Thread Felix Schumacher (Confluence) 
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
OutOfMemory 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Felix Schumacher edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Felix Schumacher edited at 10:41 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Enable code macro to pretty print xml  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... 
 
A servlet trying to load a several GBytes file into memory will surely kill the server. These kind of errors must be considered a simple bug in our program. 
To compensate for the data your servlet tries to load, you increase the heap size so that there is no room to create the stack size for the threads that need to be created. The memory required by each thread will vary by OS but can be as high as 2M by default and in some OS's (like Debian Sarge) is not reducible with the -Xss parameter. Rule of Thumb, use no more than 1G for heap space in a 32-bit web application. 
Deep recursive algorithms can also lead to Out Of Memory problems. In this case, the only fixes are increasing the thread stack size (-Xss), or refactoring the algorithms to reduce the depth, or the local data size per call. 
A webapp that uses lots of libraries with many dependencies, or a server maintaining lots of webapps could exhauste the JVM PermGen space. This space is where the VM stores the classes and methods data. In those cases, the fix is to increase this size. The Sun VM has the flag -XX:MaxPermSize that allows to set its size (the default value is 64M) 
Hard references to classes can prevent the garbage collector from reclaiming the memory allocated for them when a ClassLoader is discarded. This will occur on JSP recompilations, and webapps reloads. If these operations are common in a webapp having these kinds of problems, it will be a matter of time, until the PermGen space gets full and an Out Of Memory is thrown. 
 ... Any threads a web application starts, a web application should stop. ServletContextListener is your friend. Note Tomcat 7 will warn you if you do this and will also provide a (highly dangerous - use at your own risk) option to terminate the threads.  DriverManager  If you load a java.sql.Driver in your own classloader (or servlets), the driver should be removed before undeploying. Each driver is registered in DriverManager which is loaded in system classloader and references the local driver. Note Tomcat will do this for you if you forget. 
 
 
 
 No Format 
 
 
 
 
 
Enumeration drivers = DriverManager.getDrivers();
		ArrayList driversToUnload=new ArrayList();
		while (drivers.hasMoreElements()) {
			Driver driver = drivers.nextElement();
			if (driver.getClass().getClassLoader().equals(getClass().getClassLoader())) {
driversToUnload.add(driver);
			}
		}
		for (Driver driver : driversToUnload) {
	DriverManager.deregisterDriver(driver);
}
  
 
 
  ThreadLocal  The lifecycle of a ThreadLocal should match that of a request. There is no guarantee that a thread will ever be used to process a request again so if a ThreadLocal is left on the thread at the end of the request there may be no opportunity for the web application to clean it up. Note Tomcat 7 will do this for you.  ContextClassLoader  There are various parts of the Java API that retain a permanent reference to the context class loader. If this happens to be a web application class loader then a memory leak will occur. Tomcat provides workarounds for these where known but there are undoubtedly others. ... Please remember that a JSP page, even one that simply prints out “OK”, will create a session. This is by design and if you do not want it to create a session you need to explicitly indicate that in your JSP. For example:   
 
 
 
 No Format 
 
 
 
 
 Code Block 
 
 
 
 
 
 
 
 
language 
php 
 
 
  
 
 
 
 
 <%@ page session="false" %>

  
 
 
 This is important in scenarios where you are doing load testing and using custom HTTP clients, because these clients may not be handling sessions correctly and thus end up creating a new session every time they access the page. ... It is also possible to limit the number of active sessions by setting maxActiveSessions attribute on a Manager element, e.g.   
 
 
 
 No Format 
 
 
 
 
 Code Block 
 
 
 
 
 
 
 
 
language 
xml 
 
 
  
 
 
 
 
 
  


  
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.2

Re: [CONF] Apache Tomcat > Troubleshooting and Diagnostics

2019-06-09 Thread Felix Schumacher 

Am 05.06.19 um 22:13 schrieb Eugène Adell:
> Hello,
>
> if I may suggest something, over the years I have found very useful
> jstat and GCViewer for detecting GC suspicious behaviors. Both are of
> course free, the first one giving information on a live JVM, and the
> second being more interesting for an offline analysis (though it can
> be updated automatically). With that you can see an OOM coming, and
> you also can have some clues for the heap settings if you want to tune
> them. You also have a visual proof when you perform a major upgrade
> and want to see if it had an impact on memory, by comparing 2 or 3
> pictures before with 2 or 3 pictures after. They were not very often
> mentionned in the users list, maybe they are underrated ?

I like gc logs a lot, as they give me a quick picture of the used
memory. I have configured all my tomcat instances to log there gc's. And
my first go to when an instance feels slow is to use jstack and look at
the fgc count.

So feel free to add a paragraph about using gc logs and corresponding
tools to the wiki.

Felix

>
> best regards
> E.A.
>
> Le mar. 4 juin 2019 à 21:00, Felix Schumacher (Confluence)
> mailto:no-re...@apache.org>> a écrit :
>
> There's *1 new edit* on this page
>  
> page icon
> 
> <https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics?src=mail=confluence-server=1559674809846=com.atlassian.confluence.plugins.confluence-notifications-batch-plugin%3Abatching-notification=8aa9809569d423cd016a0413306f00db=view>
>
>
>   Troubleshooting and Diagnostics
> 
> <https://cwiki.apache.org/confluence/display/TOMCAT/Troubleshooting+and+Diagnostics?src=mail=confluence-server=1559674809846=com.atlassian.confluence.plugins.confluence-notifications-batch-plugin%3Abatching-notification=8aa9809569d423cd016a0413306f00db=view>
>
>
>   
> Felix Schumacher edited this page
>
>
>   
>
> Here's what changed:
>
> ...
>
>   * How To: Capture a thread dump
> 
> <https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=103099265>
>
>   * How To: Capture a heap dump
> 
> <https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=103099265>
>
>   * How To: Examine a Stacktrace
> 
> <https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=103099265>
>
>   * How To: Configure Tomcat for debugging
> 
> <https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=103099265>
>
>   * FAQ: Developing
> 
> <https://cwiki.apache.org/null/pages/createpage.action?spaceKey=TOMCAT=FAQ%2FDeveloping=true=103099080>
>
>   * FAQ: Memory
> 
> <https://cwiki.apache.org/null/pages/createpage.action?spaceKey=TOMCAT=FAQ%2FMemory=true=103099080>
>
>   * Tomcat Memory Leak Protection
> 
> <https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=103099526>
>
>   * Sun Technical Article: Monitoring and Managing Java SE 6
> Platform Applications
> <http://java.sun.com/developer/technicalArticles/J2SE/monitoring/>
>
>   * Notes on using JMX clients
> 
> <https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=103099080>
>
>
> ...
>
>   * jinfo - Prints JVM process info
> 
> <http://download.oracle.com/javase/6/docs/technotes/tools/share/jinfo.html>
>
>   * jstack - Prints thread stack traces
> 
> <http://download.oracle.com/javase/6/docs/technotes/tools/share/jstack.html>
>
>   * jmap - Dumps heap and shows heap status
> 
> <http://download.oracle.com/javase/6/docs/technotes/tools/share/jmap.html>
>
>   * jhat - Heap Analyzer Tool
> 
> <http://download.oracle.com/javase/6/docs/technotes/tools/share/jhat.html>
>
>   * jcmd - Multitool intended to replace the above JDK tools
> 
> <https://docs.oracle.com/javase/8/docs/technotes/tools/windows/jcmd.html>
>
>
>
>   Profilers & Heap Analyzers
>
>   * Eclipse Memory Analyzer (MAT) <http://www.eclipse.org/mat/>
>   * YourKit Profiler <http://www.yourkit.com/>
>  *
>
> VisualVM Docs
> 
> <http://download.oracle.com/javase/6/docs/technotes/tools/share/jvisualvm.html>
>  
>
>
> Anchor
>
>   usingjmxclients
>
>   usingjmxclients
>
> ...
>
>  1. Look into Tomcat access log
> 
> <https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=103099265>
> (the log file generated by AccessLogVa

[CONF] Apache Tomcat > Troubleshooting and Diagnostics

2019-06-09 Thread Felix Schumacher (Confluence) 
Title: Message Title



 
 
 
There's 2 new edits on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Troubleshooting and Diagnostics 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Felix Schumacher edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comments 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Felix Schumacher edited at 10:25 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Correct Typo  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Felix Schumacher edited at 10:24 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Updated Links to FAQs for Memory and Developing  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... 
 
 How To: Capture a thread dump  
 How To: Capture a heap dump  
 How To: Examine a Stacktrace  
 How To: Configure Tomcat for debugging  
 FAQ: Developing  
 FAQ: Memory  
 Tomcat Memory Leak Protection  
 Sun Technical Article: Monitoring and Managing Java SE 6 Platform Applications  
 Notes on using JMX clients  
 ... 
 
Look into Tomcat access log (the log file generated by AccessLogValve).  
 
If your request is not listed there, then it has not been processed by Tomcat. You need to look elsewhere (e.g. at your firewall). 
You will see what IP address your client is using, and whether it is using an IPv4 (127.0.0.1) or IPv6 address (0:0:0:0:0:0:0:1). Modern operating systems can use IPv6 addresses for localhost / local network access, while external network is still using IPv4. 2. Take a thread dump. This way you will find out what Tomcat is actually doing. 
If you are troubleshooting some process that takes noticeable time, take several (three) thread dumps with some interval between them. This way you will see if there are any changes, any progress. 3. Try debugging. 
A good place for a breakpoint is org.apache.catalina.connector.CoyoteAdapter.service() method. That is the entry point from Tomcat connectors and into the Servlet engine. At that place your request has already been received and its processing starts. 
  
 ... You can also search the archives of the Tomcat users' mailing lists for previous discussions mentioning the RECYCLE_FACADES flag. 2. Read about Java ImageIO issue. Accessing response objects after their lifetime can lead to security issues in your application, such as sending responses to wrong clients, mixing up responses. If you can reproduce the issue and the above diagnostic does not show your own bug, but a bug in Apache Tomcat, ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.2

[CONF] Apache Tomcat > Developing

2019-06-09 Thread Felix Schumacher (Confluence) 
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Developing 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Felix Schumacher edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Here's the version comment 
 
 
 
 
 
 
 
 
 
 
 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Felix Schumacher edited at 10:28 AM 
 
 
  
 
 

 
 
 
 
 
 
 
 
 Use git instead of svn  
 
 
  
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... How do I start hacking Tomcat in Eclipse? Briefly: 
 
 
 
 No Format 
 
 
 
 
 
$ svngit checkoutclone httphttps://svngithub.com/apache.org/repos/asf/tomcat/trunktomcat.git
  (or whatever branch you want: clearly, this would be better
  to do directly from within Eclipse but it's easier to describe
  as a command)

$ cd trunktomcat

$ echo "base.path=/path/to/where/tomcat/can/put/its/3rd-party/libs" > build.properties

$ ant ide-eclipse
  
 
 
 ... How do I remotely debug Tomcat using NetBeans? This answer assumes that you know how to work with a NetBeans Project, and also how to use the NetBeans debugger. If not, please go to http://www.netbeans.org/kb/using-netbeans/40/debug.html and read up on how to use NetBeans and its debugger. ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.2

[CONF] Apache Tomcat > Troubleshooting and Diagnostics

2019-06-04 Thread Felix Schumacher (Confluence) 
Title: Message Title



 
 
 
There's 1 new edit on this page 
 
 
 
 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Troubleshooting and Diagnostics 
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
Felix Schumacher edited this page 
 
 
  
 
 

 
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Here's what changed: 
 
 
 
 
 
 
 
 
 
 
 ... 
 
 How To: Capture a thread dump  
 How To: Capture a heap dump  
 How To: Examine a Stacktrace  
 How To: Configure Tomcat for debugging  
 FAQ: Developing  
 FAQ: Memory  
 Tomcat Memory Leak Protection  
 Sun Technical Article: Monitoring and Managing Java SE 6 Platform Applications  
 Notes on using JMX clients  
 ... 
 
 jinfo - Prints JVM process info  
 jstack - Prints thread stack traces  
 jmap - Dumps heap and shows heap status  
 jhat - Heap Analyzer Tool  
 jcmd - Multitool intended to replace the above JDK tools  
 Profilers & Heap Analyzers 
 
 Eclipse Memory Analyzer (MAT)  
 YourKit Profiler  
  VisualVM Docs    
  
 
 
 
 Anchor 
 
 
 
 
 
 
 
 
 
usingjmxclients 
 
 
 
usingjmxclients 
 
 
  
 
 
  ... 
 
Look into Tomcat access log (the log file generated by AccessLogValve).  
 
If your request is not listed there, then it has not been processed by Tomcat. You need to look elsewhere (e.g. at your firewall). 
You will see what IP address your client is using, and whether it is using an IPv4 (127.0.0.1) or IPv6 address (0:0:0:0:0:0:0:1). Modern operating systems can use IPv6 addresses for localhost / local network access, while external network is still using IPv4. 2. Take a thread dump. This way you will find out what Tomcat is actually doing. 
If you are troubleshooting some process that takes noticeable time, take several (three) thread dumps with some interval between them. This way you will see if there are any changes, any progress. 3. Try debugging. 
A good place for a breakpoint is org.apache.catalina.connector.CoyoteAdapter.service() method. That is the entry point from Tomcat connectors and into the Servlet engine. At that place your request has already been received and its processing starts. 
  
 ... The main suspect is your own web application keeping a reference to Request / Response objects outside of their life cycle.  The lifetime of the Response object is documented in the Servlet specification. Quoting from section "5.8 Lifetime of the Response Object" of Servlet 4.0 specification:   "Each response object is valid only within the scope of a servlet’s service method, or within the scope of a filter’s doFilter method, unless the associated request object has asynchronous processing enabled for the component. If asynchronous processing on the associated request is started, then the response object remains valid until complete method on AsyncContext is called."   In case of asynchronous processing, when an error occurs Tomcat notifies all registered AsyncListener}}s and then calls {{complete() automatically if none of the listeners have called it yet. (Reference: 61768)   Also see sections "2.3.3.4 Thread Safety" and "3.13 Lifetime of the Request Object" of the same specification. To troubleshoot the issue: ... You can also search the archives of the Tomcat users' mailing lists for previous discussions mentioning the RECYCLE_FACADES flag. 2. Read about Java ImageIO issue. Accessing response objects after their lifetime can lead to security issues in your application, such as sending responses to wrong clients, mixing up responses. If you can reproduce the issue and the above diagnostic does not show your own bug, but a bug in Apache Tomcat, ...  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Go to page history 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
View page 
 
 
  
 
 
  
 
 
  
 
 
  
 
 
 
 
 
 
 
 
 
 
Stop watching space
• 
 
 
 
 
 
 
Manage notifications 
 
 
 
 
 
 
 
 
 
 
  
 
 
This message was sent by Atlassian Confluence 6.15.2

Re: [tomcat] branch master updated: Use https instead of http

2019-05-21 Thread Felix Schumacher 


Am 21.05.19 um 14:20 schrieb Mark Thomas:
> On 21/05/2019 13:14, Coty Sutherland wrote:
>> On Tue, May 21, 2019 at 8:10 AM Mark Thomas > > wrote:
>>
>> On 21/05/2019 13:08, Mark Thomas wrote:
>> > On 21/05/2019 13:02, csuth...@apache.org
>>  wrote:
>> >> This is an automated email from the ASF dual-hosted git repository.
>> >>
>> >> csutherl pushed a commit to branch master
>> >> in repository https://gitbox.apache.org/repos/asf/tomcat.git
>> >>
>> >>
>> >> The following commit(s) were added to refs/heads/master by this push:
>> >>      new beb2dca  Use https instead of http
>> >> beb2dca is described below
>> >>
>> >> commit beb2dca83bb4084432fd3b44e06973730ad4dc7d
>> >> Author: Coty Sutherland > >
>> >> AuthorDate: Tue May 21 08:01:53 2019 -0400
>> >>
>> >>     Use https instead of http
>> >
>> > -1. Please revert this. It will break the build if a mirror is
>> selected
>> > that does not support http. It is also unnecessary. Any file
>> downloaded
>>
>> s/does not support http/does not support https/
>>
>>
>> Ack. I checked the URL before pushing and noted that the mirrors I hit
>> redirected to http, but I didn't happen to get one that didn't support
>> it (and it didn't cross my mind). Reverted.
> Thanks.
>
> Some of those links may be safe to switch to https but the mirror link
> definitely isn't.
> From memory there has already been at least one trawl though the Tomcat
> repo changing everything to https that was safe to change. That was a
> while ago. It may be time for another one. Anything that is changed
> needs to be manually checked first to make sure that there is an https
> equivalent.

The eclipse link seems to be safe to switch. My -- rather small --
experiments resulted in no redirects. All downloads were directly served.

Felix

>
> Note that for the website, the recommendation is to use protocol
> relative links so that users retain the choice of using http or https.
>
> Mark
>
>>  
>>
>>
>> Mark
>>
>> > over http is also checked against the known hash.
>> >
>> > Check the history of that file for more details.
>> >
>> > Mark
>> >
>> >
>> >
>> >> ---
>> >>  build.properties.default | 10 +-
>> >>  build.xml                |  2 +-
>> >>  2 files changed, 6 insertions(+), 6 deletions(-)
>> >>
>> >> diff --git a/build.properties.default b/build.properties.default
>> >> index 1bacc19..cc217b6 100644
>> >> --- a/build.properties.default
>> >> +++ b/build.properties.default
>> >> @@ -90,7 +90,7 @@ compile.debug=true
>> >>  # Do not pass -deprecation (-Xlint:deprecation) flag to javac
>> >>  compile.deprecation=false
>> >> 
>> >>
>> 
>> -base-apache.loc.1=http://www.apache.org/dyn/closer.lua?action=download=
>> >>
>> 
>> +base-apache.loc.1=https://www.apache.org/dyn/closer.lua?action=download=
>> >>  base-apache.loc.2=https://archive.apache.org/dist
>> >>  base-commons.loc.1=${base-apache.loc.1}/commons
>> >>  base-commons.loc.2=${base-apache.loc.2}/commons
>> >> @@ -126,8 +126,8 @@
>> 
>> wsdl4j-lib.loc=${base-maven.loc}/wsdl4j/wsdl4j/${wsdl4j-lib.version}/wsdl4j-${ws
>> >>  # See https://wiki.apache.org/tomcat/JDTCoreBatchCompiler before
>> updating
>> >>  #
>> >>  # Checksum is from "SHA512 Checksums for 4.10" link at
>> >> -#
>> http://download.eclipse.org/eclipse/downloads/drops4/R-4.10-201812060815/
>> >> -#
>> 
>> http://download.eclipse.org/eclipse/downloads/drops4/R-4.10-201812060815/checksum/eclipse-4.10-SUMSSHA512
>> >> +#
>> 
>> https://download.eclipse.org/eclipse/downloads/drops4/R-4.10-201812060815/
>> >> +#
>> 
>> https://download.eclipse.org/eclipse/downloads/drops4/R-4.10-201812060815/checksum/eclipse-4.10-SUMSSHA512
>> >>  #
>> >>  jdt.version=4.10
>> >>  jdt.release=R-4.10-201812060815
>> >> @@ -137,8 +137,8 @@
>> 
>> jdt.checksum.value=6528d1933d752f909e61456f1a3cbb3ae3999d263701a459e6f4fc33f97f7
>> >>  jdt.home=${base.path}/ecj-${jdt.version}
>> >>  jdt.jar=${jdt.home}/ecj-${jdt.version}.jar
>> >>  # The download will be moved to the archive area eventually. We
>> are taking care of that in advance.
>> >>
>> 
>> -jdt.loc.1=http://archive.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
>> 
>> 
>> >>
>> 
>> -jdt.loc.2=http://download.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar
>> 
>> 
>> >>
>> 
>> +jdt.loc.1=https://archive.eclipse.org/eclipse/downloads/drops4/${jdt.release}/ecj-${jdt.version}.jar

  1   2   3   4   >