https://bz.apache.org/bugzilla/show_bug.cgi?id=60362
--- Comment #75 from Ralf Hauser ---
(In reply to Michael Osipov from comment #73)
> No, use a given status code and augment it with application/problem+json or
> similar. The Status text cannot be set via Servlet API anyway.
https://bz.apache.org/bugzilla/show_bug.cgi?id=60362
--- Comment #74 from Christopher Schultz ---
(In reply to Michael Osipov from comment #73)
> (In reply to Ralf Hauser from comment #72)
> > First, there are many error conditions for which no precise 4xx or 5xx
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
Christopher Schultz changed:
What|Removed |Added
Attachment #35931|0 |1
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371
--- Comment #18 from Christopher Schultz ---
(In reply to Alex from comment #16)
> > This issue highlights that Tomcat can always use more real-world testing
> > and I would encourage folks to download the
https://bz.apache.org/bugzilla/show_bug.cgi?id=60362
--- Comment #73 from Michael Osipov <1983-01...@gmx.net> ---
(In reply to Ralf Hauser from comment #72)
> First, there are many error conditions for which no precise 4xx or 5xx code
> is defined. So in this way, the reason might be helpful.
The Buildbot has detected a new failure on builder tomcat-8-trunk while
building . Full details are available at:
https://ci.apache.org/builders/tomcat-8-trunk/builds/1322
Buildbot URL: https://ci.apache.org/
Buildslave for this Build: silvanus_ubuntu
Build Reason: The AnyBranchScheduler
On 16/05/18 15:25, Konstantin Kolinko wrote:
> 2018-05-16 16:47 GMT+03:00 Mark Thomas :
>> On 16/05/18 14:31, Konstantin Kolinko wrote:
>>> 2018-05-16 13:03 GMT+03:00 :
>
@@ -205,6 +206,22 @@ Automatically created by Apache Tomcat J
The Buildbot has detected a new failure on builder tomcat-trunk while building
. Full details are available at:
https://ci.apache.org/builders/tomcat-trunk/builds/3273
Buildbot URL: https://ci.apache.org/
Buildslave for this Build: silvanus_ubuntu
Build Reason: The AnyBranchScheduler
https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
Mark Thomas changed:
What|Removed |Added
Resolution|--- |FIXED
CVE-2018-8014 Insecure defaults for CORS filter
Severity: Low
Vendor: The Apache Software Foundation
Versions Affected:
Apache Tomcat 9.0.0.M1 to 9.0.8
Apache Tomcat 8.5.0 to 8.5.31
Apache Tomcat 8.0.0.RC1 to 8.0.52
Apache Tomcat 7.0.41 to 7.0.88
Description:
The defaults settings for the CORS
Author: markt
Date: Wed May 16 14:57:44 2018
New Revision: 1831731
URL: http://svn.apache.org/viewvc?rev=1831731=rev
Log:
Add info for CVE-2018-8014
Modified:
tomcat/site/trunk/docs/security-7.html
tomcat/site/trunk/docs/security-8.html
tomcat/site/trunk/docs/security-9.html
Author: markt
Date: Wed May 16 14:56:34 2018
New Revision: 1831730
URL: http://svn.apache.org/viewvc?rev=1831730=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
Make CORS filter defaults more secure.
This is the fix for CVE-2018-8014.
Modified:
tomcat/tc7.0.x/trunk/
Author: markt
Date: Wed May 16 14:54:51 2018
New Revision: 1831729
URL: http://svn.apache.org/viewvc?rev=1831729=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
Make CORS filter defaults more secure.
This is the fix for CVE-2018-8014.
Modified:
tomcat/tc8.0.x/trunk/
Author: markt
Date: Wed May 16 14:54:09 2018
New Revision: 1831728
URL: http://svn.apache.org/viewvc?rev=1831728=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
Make CORS filter defaults more secure.
This is the fix for CVE-2018-8014.
Modified:
tomcat/tc8.5.x/trunk/
Author: markt
Date: Wed May 16 14:53:21 2018
New Revision: 1831726
URL: http://svn.apache.org/viewvc?rev=1831726=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
Make CORS filter defaults more secure.
This is the fix for CVE-2018-8014.
Modified:
2018-05-16 16:47 GMT+03:00 Mark Thomas :
> On 16/05/18 14:31, Konstantin Kolinko wrote:
>> 2018-05-16 13:03 GMT+03:00 :
>>> @@ -205,6 +206,22 @@ Automatically created by Apache Tomcat J
>>> jspc.webxml.footer=\n\
>>> \n\
>>> \n
>>> +jspc.webfrg.header=\n\
Author: markt
Date: Wed May 16 14:11:47 2018
New Revision: 1831721
URL: http://svn.apache.org/viewvc?rev=1831721=rev
Log:
Follow-up to 1831695
kkolinko review comments
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
tomcat/tc7.0.x/trunk/java/org/apache/jasper/JspC.java
Author: markt
Date: Wed May 16 14:10:54 2018
New Revision: 1831720
URL: http://svn.apache.org/viewvc?rev=1831720=rev
Log:
Fix merge
Modified:
tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties
Modified:
Author: markt
Date: Wed May 16 14:09:47 2018
New Revision: 1831719
URL: http://svn.apache.org/viewvc?rev=1831719=rev
Log:
Follow-up to 1831694
kkolinko review comments
Modified:
tomcat/tc8.5.x/trunk/ (props changed)
tomcat/tc8.5.x/trunk/java/org/apache/jasper/JspC.java
Author: markt
Date: Wed May 16 14:08:02 2018
New Revision: 1831718
URL: http://svn.apache.org/viewvc?rev=1831718=rev
Log:
Follow-up to 1831691
kkolinko review comments
Modified:
tomcat/trunk/java/org/apache/jasper/JspC.java
On 16/05/18 14:31, Konstantin Kolinko wrote:
> 2018-05-16 13:03 GMT+03:00 :
>> Author: markt
>> Date: Wed May 16 10:03:30 2018
>> New Revision: 1831691
> 1). There is an example in
> http://tomcat.apache.org/tomcat-9.0-doc/jasper-howto.html
> -> Web Application Compilation
>
2018-05-16 13:03 GMT+03:00 :
> Author: markt
> Date: Wed May 16 10:03:30 2018
> New Revision: 1831691
>
> URL: http://svn.apache.org/viewvc?rev=1831691=rev
> Log:
> Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234
> Add the capability to generate a web-fragment.xml file
Author: markt
Date: Wed May 16 11:29:31 2018
New Revision: 1831702
URL: http://svn.apache.org/viewvc?rev=1831702=rev
Log:
A couple more false positives
Modified:
tomcat/trunk/res/findbugs/filter-false-positives.xml
Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml
URL:
Author: markt
Date: Wed May 16 11:11:56 2018
New Revision: 1831701
URL: http://svn.apache.org/viewvc?rev=1831701=rev
Log:
Clean-up
Mostly auto-format from Eclipse
A few additional line length fixes made manually
Modified:
tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java
Author: markt
Date: Wed May 16 11:07:18 2018
New Revision: 1831700
URL: http://svn.apache.org/viewvc?rev=1831700=rev
Log:
Fix a SpotBugs warning (inconsistent sync)
Make setting of server thread-safe
Fix potential NPEs
Modified:
tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java
https://bz.apache.org/bugzilla/show_bug.cgi?id=50670
Mark Thomas changed:
What|Removed |Added
Resolution|--- |WONTFIX
https://bz.apache.org/bugzilla/show_bug.cgi?id=50234
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Author: markt
Date: Wed May 16 10:06:54 2018
New Revision: 1831695
URL: http://svn.apache.org/viewvc?rev=1831695=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234
Add the capability to generate a web-fragment.xml file to JspC.
Modified:
tomcat/tc7.0.x/trunk/ (props changed)
Author: markt
Date: Wed May 16 10:06:22 2018
New Revision: 1831694
URL: http://svn.apache.org/viewvc?rev=1831694=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234
Add the capability to generate a web-fragment.xml file to JspC.
Modified:
tomcat/tc8.5.x/trunk/ (props changed)
Author: markt
Date: Wed May 16 10:03:30 2018
New Revision: 1831691
URL: http://svn.apache.org/viewvc?rev=1831691=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234
Add the capability to generate a web-fragment.xml file to JspC.
Modified:
30 matches
Mail list logo