https://issues.apache.org/bugzilla/show_bug.cgi?id=56561
--- Comment #3 from Mark Thomas ma...@apache.org ---
We don't revoke releases, we just produce a new release.
How quickly the next set of releases happens depends on a number of factors. I
was planning another 8.0.x shortly anyway to try
https://issues.apache.org/bugzilla/show_bug.cgi?id=56568
Bug ID: 56568
Summary: Incompatible change in JSPs only permit GET POST or
HEAD
Product: Tomcat 8
Version: 8.0.1
Hardware: PC
Status: NEW
https://issues.apache.org/bugzilla/show_bug.cgi?id=56568
Grigory gkis...@yandex.ru changed:
What|Removed |Added
Hardware|PC |All
Author: kkolinko
Date: Tue May 27 11:59:14 2014
New Revision: 1597753
URL: http://svn.apache.org/r1597753
Log:
Add license header
Modified:
tomcat/trunk/test/webapp/bug5/bug56334and56561.jspx
Modified: tomcat/trunk/test/webapp/bug5/bug56334and56561.jspx
URL:
Author: kkolinko
Date: Tue May 27 12:01:52 2014
New Revision: 1597754
URL: http://svn.apache.org/r1597754
Log:
Add license header
Modified:
tomcat/trunk/test/webapp/bug5/bug53545.html
Modified: tomcat/trunk/test/webapp/bug5/bug53545.html
URL:
Author: kkolinko
Date: Tue May 27 12:04:30 2014
New Revision: 1597755
URL: http://svn.apache.org/r1597755
Log:
Add license header
Modified:
tomcat/trunk/test/webapp/WEB-INF/bug53545.tld
Modified: tomcat/trunk/test/webapp/WEB-INF/bug53545.tld
URL:
Author: kkolinko
Date: Tue May 27 12:17:29 2014
New Revision: 1597757
URL: http://svn.apache.org/r1597757
Log:
Add license header
It is backport of revisions 1597753-1597755 from tomcat/trunk.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
Author: kkolinko
Date: Tue May 27 12:25:57 2014
New Revision: 1597759
URL: http://svn.apache.org/r1597759
Log:
Discern the first and the second requests in the test case.
Modified:
tomcat/trunk/test/org/apache/coyote/http11/TestAbstractHttp11Processor.java
Modified:
Author: kkolinko
Date: Tue May 27 12:29:00 2014
New Revision: 1597761
URL: http://svn.apache.org/r1597761
Log:
Discern the first and the second requests in the test case.
It is merge of r1597759 from tomcat/trunk.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
Author: markt
Date: Tue May 27 12:39:01 2014
New Revision: 1597764
URL: http://svn.apache.org/r1597764
Log:
CVE-2014-0075
CVE-2014-0095
CVE-2014-0096
CVE-2014-0099
CVE-2014-0119
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
CVE-2014-0075 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39
Description:
It was possible to craft a malformed chunk size as part of a chucked
CVE-2014-0095 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat 8.0.0-RC2 to 8.0.3
Description:
A regression was introduced in revision 1519838 that caused AJP
requests to hang if an explicit content length of zero was set on the
CVE-2014-0097 Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39
Description:
The code used to parse the request content length header did not
CVE-2014-0119 Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.5
- Apache Tomcat 7.0.0 to 7.0.53
- Apache Tomcat 6.0.0 to 6.0.39
Description:
In limited circumstances it was possible for a malicious web
CVE-2014-0096 Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache Tomcat 7.0.0 to 7.0.52
- Apache Tomcat 6.0.0 to 6.0.39
Description:
The default servlet allows web applications to define (at multiple
Author: markt
Revision: 1579262
Modified property: svn:log
Modified: svn:log at Tue May 27 13:01:05 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:01:05 2014
@@ -1 +1,2 @@
Improve processing of chuck size from
Author: markt
Revision: 1585853
Modified property: svn:log
Modified: svn:log at Tue May 27 13:01:43 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:01:43 2014
@@ -1,2 +1,3 @@
Redefine the globalXsltFile
Author: markt
Revision: 1580473
Modified property: svn:log
Modified: svn:log at Tue May 27 13:02:28 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:02:28 2014
@@ -1 +1,2 @@
Fix possible overflow when parsing
Author: markt
Revision: 1593821
Modified property: svn:log
Modified: svn:log at Tue May 27 13:02:59 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:02:59 2014
@@ -1,3 +1,4 @@
Defensive coding around some XML
Author: markt
Revision: 1590028
Modified property: svn:log
Modified: svn:log at Tue May 27 13:03:55 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:03:55 2014
@@ -1 +1,2 @@
Defensive coding around some XML
Author: markt
Revision: 1589997
Modified property: svn:log
Modified: svn:log at Tue May 27 13:04:22 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:04:22 2014
@@ -1 +1,2 @@
More defensive coding around some XML
Author: markt
Revision: 1578341
Modified property: svn:log
Modified: svn:log at Tue May 27 13:05:13 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:05:13 2014
@@ -1 +1,2 @@
Improve processing of chuck size from
Author: markt
Revision: 1578637
Modified property: svn:log
Modified: svn:log at Tue May 27 13:05:56 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:05:56 2014
@@ -1 +1,2 @@
Redefine globalXsltFile as relative to
Author: markt
Revision: 1578655
Modified property: svn:log
Modified: svn:log at Tue May 27 13:06:29 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:06:29 2014
@@ -1 +1,2 @@
Prevent user supplied XSLTs from
Author: markt
Revision: 1578814
Modified property: svn:log
Modified: svn:log at Tue May 27 13:07:06 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:07:06 2014
@@ -1 +1,2 @@
Fix possible overflow when parsing
CORRECTION: This is CVE-2014-0099 *NOT* -0097
Apologies for the typo
On 27/05/2014 13:46, Mark Thomas wrote:
CVE-2014-0099 Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.3
- Apache
Author: markt
Revision: 1589837
Modified property: svn:log
Modified: svn:log at Tue May 27 13:10:17 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:10:17 2014
@@ -1 +1,2 @@
Add some defensive coding around some
Author: markt
Revision: 1589980
Modified property: svn:log
Modified: svn:log at Tue May 27 13:10:46 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:10:46 2014
@@ -1 +1,2 @@
More defensive coding around some XML
Author: markt
Revision: 1589990
Modified property: svn:log
Modified: svn:log at Tue May 27 13:11:10 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:11:10 2014
@@ -1 +1,2 @@
More defensive coding around some XML
Author: markt
Revision: 1578337
Modified property: svn:log
Modified: svn:log at Tue May 27 13:11:56 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:11:56 2014
@@ -1 +1,2 @@
Improve processing of chuck size from
Author: markt
Revision: 1578392
Modified property: svn:log
Modified: svn:log at Tue May 27 13:14:27 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:14:27 2014
@@ -1 +1,2 @@
Correct regression introduced in
Author: markt
Revision: 1578610
Modified property: svn:log
Modified: svn:log at Tue May 27 13:15:01 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:15:01 2014
@@ -1 +1,2 @@
Redefine globalXsltFile as relative to
Author: markt
Revision: 1578611
Modified property: svn:log
Modified: svn:log at Tue May 27 13:15:27 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:15:27 2014
@@ -1 +1,2 @@
Prevent user supplied XSLTs from
Author: markt
Revision: 1578812
Modified property: svn:log
Modified: svn:log at Tue May 27 13:15:51 2014
--
--- svn:log (original)
+++ svn:log Tue May 27 13:15:51 2014
@@ -1 +1,2 @@
Fix possible overflow when parsing
Author: markt
Date: Tue May 27 13:16:39 2014
New Revision: 1597774
URL: http://svn.apache.org/r1597774
Log:
Fix copy/paste error in fix revision info
Modified:
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/xdocs/security-8.xml
Modified: tomcat/site/trunk/docs/security-8.html
The Buildbot has detected a restored build on builder tomcat-7-trunk while
building ASF Buildbot.
Full details are available at:
http://ci.apache.org/builders/tomcat-7-trunk/builds/85
Buildbot URL: http://ci.apache.org/
Buildslave for this Build: bb-vm_ubuntu
Build Reason: scheduler
Build
Author: markt
Date: Tue May 27 13:52:06 2014
New Revision: 1597788
URL: http://svn.apache.org/r1597788
Log:
Vote
Modified:
tomcat/tc6.0.x/trunk/STATUS.txt
Modified: tomcat/tc6.0.x/trunk/STATUS.txt
URL:
The Buildbot has detected a new failure on builder tomcat-7-trunk while
building ASF Buildbot.
Full details are available at:
http://ci.apache.org/builders/tomcat-7-trunk/builds/86
Buildbot URL: http://ci.apache.org/
Buildslave for this Build: bb-vm_ubuntu
Build Reason: scheduler
Build Source
https://issues.apache.org/bugzilla/show_bug.cgi?id=56546
--- Comment #5 from Mark Thomas ma...@apache.org ---
Is there anything more to do here? If not, I'll resolve this as fixed.
--
You are receiving this mail because:
You are the assignee for the bug.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56546
--- Comment #6 from Konstantin Kolinko knst.koli...@gmail.com ---
(In reply to Mark Thomas from comment #5)
I am OK to treat this as enhancement, though Remy raised this as a serious
issue. In any case it is not a stopper for tagging
https://issues.apache.org/bugzilla/show_bug.cgi?id=56546
Remy Maucherat r...@apache.org changed:
What|Removed |Added
Priority|P2 |P1
The Buildbot has detected a new failure on builder tomcat-trunk while building
ASF Buildbot.
Full details are available at:
http://ci.apache.org/builders/tomcat-trunk/builds/114
Buildbot URL: http://ci.apache.org/
Buildslave for this Build: bb-vm_ubuntu
Build Reason: scheduler
Build Source
https://issues.apache.org/bugzilla/show_bug.cgi?id=56561
--- Comment #4 from Violeta Georgieva violet...@apache.org ---
I also plan another 7.0.x release at the beginning of the next month.
--
You are receiving this mail because:
You are the assignee for the bug.
Author: violetagg
Date: Tue May 27 17:51:17 2014
New Revision: 1597837
URL: http://svn.apache.org/r1597837
Log:
Merged revision 1597532 from tomcat/trunk:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=56561
Fixed NoSuchElementException when an attribute has empty string as value.
https://issues.apache.org/bugzilla/show_bug.cgi?id=56561
Violeta Georgieva violet...@apache.org changed:
What|Removed |Added
Status|NEW |RESOLVED
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
On 5/27/14, 8:46 AM, Mark Thomas wrote:
CVE-2014-0095 Denial of Service
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: - Apache Tomcat 8.0.0-RC2 to 8.0.3
Description: A regression was introduced in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
On 5/27/14, 8:46 AM, Mark Thomas wrote:
CVE-2014-0097 Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: - Apache Tomcat 8.0.0-RC1 to 8.0.3 - Apache
Tomcat 7.0.0 to 7.0.52 - Apache
Author: violetagg
Date: Tue May 27 19:32:11 2014
New Revision: 1597855
URL: http://svn.apache.org/r1597855
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55282
o.a.t.util.descriptor.web.ApplicationListener overrides equals and hashCode
methods.
Modified:
Author: violetagg
Date: Tue May 27 19:45:55 2014
New Revision: 1597858
URL: http://svn.apache.org/r1597858
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=55282
Merged revision 1597855 from tomcat/trunk:
o.a.t.util.descriptor.web.ApplicationListener overrides equals and hashCode
https://issues.apache.org/bugzilla/show_bug.cgi?id=55282
Violeta Georgieva violet...@apache.org changed:
What|Removed |Added
Status|REOPENED|RESOLVED
Switching to dev list…
I’m using the interactive mode of https://github.com/timw/groktls
to dump these.
Cool. I was just using the SSLInfo class and grep, obviously :)
I've been thinking that the way Tomcat does JSSE cipher suites is a
bit ... verbose. It would be nice to roll
2014-05-28 1:35 GMT+04:00 Tim Whittington t...@apache.org:
Switching to dev list…
I’m using the interactive mode of https://github.com/timw/groktls
to dump these.
Cool. I was just using the SSLInfo class and grep, obviously :)
I've been thinking that the way Tomcat does JSSE cipher suites
On 28/05/2014, at 9:48 am, Konstantin Kolinko knst.koli...@gmail.com wrote:
2014-05-28 1:35 GMT+04:00 Tim Whittington t...@apache.org:
Switching to dev list…
I’m using the interactive mode of https://github.com/timw/groktls
to dump these.
Cool. I was just using the SSLInfo class and
https://issues.apache.org/bugzilla/show_bug.cgi?id=56568
--- Comment #2 from Mark Thomas ma...@apache.org ---
My original proposal [1] included a page directive to make this configurable.
That part was rejected.
Options at this point:
1. Go ahead and add the page directive anyway
2. Add an init
https://issues.apache.org/bugzilla/show_bug.cgi?id=56568
--- Comment #3 from Konstantin Kolinko knst.koli...@gmail.com ---
The specification requirement is not to reject, but to provide undefined
behaviour. The rejection behaviour is a security hardening.
(In reply to Mark Thomas from comment
2014-05-27 16:46 GMT+04:00 Mark Thomas ma...@apache.org:
CVE-2014-0119 Information Disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Apache Tomcat 8.0.0-RC1 to 8.0.5
- Apache Tomcat 7.0.0 to 7.0.53
- Apache Tomcat 6.0.0 to 6.0.39
Description:
Author: kkolinko
Date: Wed May 28 00:51:50 2014
New Revision: 1597913
URL: http://svn.apache.org/r1597913
Log:
Amend revision lists for CVE-2014-0119
Modified:
tomcat/site/trunk/docs/security-6.html
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-8.html
57 matches
Mail list logo
