[Bug 60362] Missing reason phrase in response

2018-05-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=60362 --- Comment #75 from Ralf Hauser --- (In reply to Michael Osipov from comment #73) > No, use a given status code and augment it with application/problem+json or > similar. The Status text cannot be set via Servlet API anyway.

[Bug 60362] Missing reason phrase in response

2018-05-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=60362 --- Comment #74 from Christopher Schultz --- (In reply to Michael Osipov from comment #73) > (In reply to Ralf Hauser from comment #72) > > First, there are many error conditions for which no precise 4xx or 5xx

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 Christopher Schultz changed: What|Removed |Added Attachment #35931|0 |1

[Bug 62371] Improve logging in AbstractProcessor.parseHost()

2018-05-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62371 --- Comment #18 from Christopher Schultz --- (In reply to Alex from comment #16) > > This issue highlights that Tomcat can always use more real-world testing > > and I would encourage folks to download the

[Bug 60362] Missing reason phrase in response

2018-05-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=60362 --- Comment #73 from Michael Osipov <1983-01...@gmx.net> --- (In reply to Ralf Hauser from comment #72) > First, there are many error conditions for which no precise 4xx or 5xx code > is defined. So in this way, the reason might be helpful.

buildbot failure in on tomcat-8-trunk

2018-05-16 Thread buildbot
The Buildbot has detected a new failure on builder tomcat-8-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-8-trunk/builds/1322 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler

Re: svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

2018-05-16 Thread Mark Thomas
On 16/05/18 15:25, Konstantin Kolinko wrote: > 2018-05-16 16:47 GMT+03:00 Mark Thomas : >> On 16/05/18 14:31, Konstantin Kolinko wrote: >>> 2018-05-16 13:03 GMT+03:00 : > @@ -205,6 +206,22 @@ Automatically created by Apache Tomcat J

buildbot failure in on tomcat-trunk

2018-05-16 Thread buildbot
The Buildbot has detected a new failure on builder tomcat-trunk while building . Full details are available at: https://ci.apache.org/builders/tomcat-trunk/builds/3273 Buildbot URL: https://ci.apache.org/ Buildslave for this Build: silvanus_ubuntu Build Reason: The AnyBranchScheduler

[Bug 62343] CORS security: reflecting any origin header value when configured to * is dangerous

2018-05-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 Mark Thomas changed: What|Removed |Added Resolution|--- |FIXED

[SECURITY] CVE-2018-8014 Insecure defaults for CORS filter

2018-05-16 Thread Mark Thomas
CVE-2018-8014 Insecure defaults for CORS filter Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.8 Apache Tomcat 8.5.0 to 8.5.31 Apache Tomcat 8.0.0.RC1 to 8.0.52 Apache Tomcat 7.0.41 to 7.0.88 Description: The defaults settings for the CORS

svn commit: r1831731 - in /tomcat/site/trunk: docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml

2018-05-16 Thread markt
Author: markt Date: Wed May 16 14:57:44 2018 New Revision: 1831731 URL: http://svn.apache.org/viewvc?rev=1831731=rev Log: Add info for CVE-2018-8014 Modified: tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/docs/security-8.html tomcat/site/trunk/docs/security-9.html

svn commit: r1831730 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/catalina/filters/ test/org/apache/catalina/filters/ webapps/docs/

2018-05-16 Thread markt
Author: markt Date: Wed May 16 14:56:34 2018 New Revision: 1831730 URL: http://svn.apache.org/viewvc?rev=1831730=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 Make CORS filter defaults more secure. This is the fix for CVE-2018-8014. Modified: tomcat/tc7.0.x/trunk/

svn commit: r1831729 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/catalina/filters/ test/org/apache/catalina/filters/ webapps/docs/

2018-05-16 Thread markt
Author: markt Date: Wed May 16 14:54:51 2018 New Revision: 1831729 URL: http://svn.apache.org/viewvc?rev=1831729=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 Make CORS filter defaults more secure. This is the fix for CVE-2018-8014. Modified: tomcat/tc8.0.x/trunk/

svn commit: r1831728 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/catalina/filters/ test/org/apache/catalina/filters/ webapps/docs/

2018-05-16 Thread markt
Author: markt Date: Wed May 16 14:54:09 2018 New Revision: 1831728 URL: http://svn.apache.org/viewvc?rev=1831728=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 Make CORS filter defaults more secure. This is the fix for CVE-2018-8014. Modified: tomcat/tc8.5.x/trunk/

svn commit: r1831726 - in /tomcat/trunk: java/org/apache/catalina/filters/ test/org/apache/catalina/filters/ webapps/docs/

2018-05-16 Thread markt
Author: markt Date: Wed May 16 14:53:21 2018 New Revision: 1831726 URL: http://svn.apache.org/viewvc?rev=1831726=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=62343 Make CORS filter defaults more secure. This is the fix for CVE-2018-8014. Modified:

Re: svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

2018-05-16 Thread Konstantin Kolinko
2018-05-16 16:47 GMT+03:00 Mark Thomas : > On 16/05/18 14:31, Konstantin Kolinko wrote: >> 2018-05-16 13:03 GMT+03:00 : >>> @@ -205,6 +206,22 @@ Automatically created by Apache Tomcat J >>> jspc.webxml.footer=\n\ >>> \n\ >>> \n >>> +jspc.webfrg.header=\n\

svn commit: r1831721 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/jasper-howto.xml

2018-05-16 Thread markt
Author: markt Date: Wed May 16 14:11:47 2018 New Revision: 1831721 URL: http://svn.apache.org/viewvc?rev=1831721=rev Log: Follow-up to 1831695 kkolinko review comments Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/jasper/JspC.java

svn commit: r1831720 - /tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties

2018-05-16 Thread markt
Author: markt Date: Wed May 16 14:10:54 2018 New Revision: 1831720 URL: http://svn.apache.org/viewvc?rev=1831720=rev Log: Fix merge Modified: tomcat/tc8.5.x/trunk/java/org/apache/jasper/resources/LocalStrings.properties Modified:

svn commit: r1831719 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/jasper-howto.xml

2018-05-16 Thread markt
Author: markt Date: Wed May 16 14:09:47 2018 New Revision: 1831719 URL: http://svn.apache.org/viewvc?rev=1831719=rev Log: Follow-up to 1831694 kkolinko review comments Modified: tomcat/tc8.5.x/trunk/ (props changed) tomcat/tc8.5.x/trunk/java/org/apache/jasper/JspC.java

svn commit: r1831718 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/jasper-howto.xml

2018-05-16 Thread markt
Author: markt Date: Wed May 16 14:08:02 2018 New Revision: 1831718 URL: http://svn.apache.org/viewvc?rev=1831718=rev Log: Follow-up to 1831691 kkolinko review comments Modified: tomcat/trunk/java/org/apache/jasper/JspC.java

Re: svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

2018-05-16 Thread Mark Thomas
On 16/05/18 14:31, Konstantin Kolinko wrote: > 2018-05-16 13:03 GMT+03:00 : >> Author: markt >> Date: Wed May 16 10:03:30 2018 >> New Revision: 1831691 > 1). There is an example in > http://tomcat.apache.org/tomcat-9.0-doc/jasper-howto.html > -> Web Application Compilation >

Re: svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

2018-05-16 Thread Konstantin Kolinko
2018-05-16 13:03 GMT+03:00 : > Author: markt > Date: Wed May 16 10:03:30 2018 > New Revision: 1831691 > > URL: http://svn.apache.org/viewvc?rev=1831691=rev > Log: > Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234 > Add the capability to generate a web-fragment.xml file

svn commit: r1831702 - /tomcat/trunk/res/findbugs/filter-false-positives.xml

2018-05-16 Thread markt
Author: markt Date: Wed May 16 11:29:31 2018 New Revision: 1831702 URL: http://svn.apache.org/viewvc?rev=1831702=rev Log: A couple more false positives Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml Modified: tomcat/trunk/res/findbugs/filter-false-positives.xml URL:

svn commit: r1831701 - /tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java

2018-05-16 Thread markt
Author: markt Date: Wed May 16 11:11:56 2018 New Revision: 1831701 URL: http://svn.apache.org/viewvc?rev=1831701=rev Log: Clean-up Mostly auto-format from Eclipse A few additional line length fixes made manually Modified: tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java

svn commit: r1831700 - /tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java

2018-05-16 Thread markt
Author: markt Date: Wed May 16 11:07:18 2018 New Revision: 1831700 URL: http://svn.apache.org/viewvc?rev=1831700=rev Log: Fix a SpotBugs warning (inconsistent sync) Make setting of server thread-safe Fix potential NPEs Modified: tomcat/trunk/java/org/apache/tomcat/util/modeler/Registry.java

[Bug 50670] Tribes | RpcChannel | Add option to specify external class loaders to support custom message classes

2018-05-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=50670 Mark Thomas changed: What|Removed |Added Resolution|--- |WONTFIX

[Bug 50234] JspC use servlet 3.0 features

2018-05-16 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=50234 Mark Thomas changed: What|Removed |Added Status|NEW |RESOLVED

svn commit: r1831695 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

2018-05-16 Thread markt
Author: markt Date: Wed May 16 10:06:54 2018 New Revision: 1831695 URL: http://svn.apache.org/viewvc?rev=1831695=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234 Add the capability to generate a web-fragment.xml file to JspC. Modified: tomcat/tc7.0.x/trunk/ (props changed)

svn commit: r1831694 - in /tomcat/tc8.5.x/trunk: ./ java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

2018-05-16 Thread markt
Author: markt Date: Wed May 16 10:06:22 2018 New Revision: 1831694 URL: http://svn.apache.org/viewvc?rev=1831694=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234 Add the capability to generate a web-fragment.xml file to JspC. Modified: tomcat/tc8.5.x/trunk/ (props changed)

svn commit: r1831691 - in /tomcat/trunk: java/org/apache/jasper/JspC.java java/org/apache/jasper/resources/LocalStrings.properties webapps/docs/changelog.xml

2018-05-16 Thread markt
Author: markt Date: Wed May 16 10:03:30 2018 New Revision: 1831691 URL: http://svn.apache.org/viewvc?rev=1831691=rev Log: Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=50234 Add the capability to generate a web-fragment.xml file to JspC. Modified: