-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark,
On 5/24/16 10:06 AM, Mark Thomas wrote:
> TL;DR If you use remote JMX, you need to update your JVM to address
> CVE-2016-3427
>
> For the longer version, see the blog post I just published on
> this:
On Wed, May 25, 2016 at 11:12 AM, Christopher Schultz
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Mark,
>
> On 5/24/16 10:06 AM, Mark Thomas wrote:
>> TL;DR If you use remote JMX, you need to update your JVM to address
>> CVE-2016-3427
>>
>> For the
Woonsan,
On 5/25/16 11:29 AM, Woonsan Ko wrote:
> On Wed, May 25, 2016 at 11:12 AM, Christopher Schultz
> wrote:
> Mark,
>
> On 5/24/16 10:06 AM, Mark Thomas wrote:
TL;DR If you use remote JMX, you need to update your JVM to address
CVE-2016-3427
A bit late to this but I've done quick sanity checks from a Spring
Framework perspective (framework tests, websocket, Servlet 3 async, Servlet
3.1 non-blocking) with no issues encountered.
On Mon, May 16, 2016 at 6:34 AM, Mark Thomas wrote:
> The following votes were cast:
>
>
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "AJP with stunnel" page has been changed by ChristopherSchultz:
https://wiki.apache.org/tomcat/AJP%20with%20stunnel
New page:
= AJP over stunnel =
stunnel is a little more
This needs to be ported back to 8.5.
http://svn.apache.org/viewvc?view=revision=1726515
- Matt
> No. I just forgot to send out the announcement. I'll get that done shortly.
Cool, thanks!
-
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=59179
--- Comment #2 from Abdessamed MANSOURI ---
Created attachment 33891
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33891=edit
Patch for what Mark recommended.
This patch is based on OP's patch, i did what Mark
On 25/05/2016 16:12, Christopher Schultz wrote:
> Mark,
>
> On 5/24/16 10:06 AM, Mark Thomas wrote:
>> TL;DR If you use remote JMX, you need to update your JVM to address
>> CVE-2016-3427
>
>> For the longer version, see the blog post I just published on
>> this:
Apologies for the delay in sending this out.
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.0.35.
Apache Tomcat 8.0 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language and Java
WebSocket technologies.
/workspace/apache-commons/beanutils/dist/commons-beanutils-20160525.jar:/srv/gump/packages/commons-collections3/commons-collections-3.2.1.jar:/srv/gump/public/workspace/apache-commons/cli/target/commons-cli-1.4-SNAPSHOT.jar:/srv/gump/public/workspace/commons-lang-trunk/target/commons-lang3-3.5-SNAPSHOT.ja
On 25/05/2016 15:03, Mark Thomas wrote:
> On 25/05/2016 12:26, Rémy Maucherat wrote:
>> 2016-05-25 12:43 GMT+02:00 Mark Thomas :
>>> 1. Simplified JULI that uses JUL directly but with our existing
>>> LogManager and configuration extensions.
>>> Thoughts?
>>>
>>
>> I'd vote
Author: markt
Date: Wed May 25 20:44:36 2016
New Revision: 1745535
URL: http://svn.apache.org/viewvc?rev=1745535=rev
Log:
Remove unnecessary whitespace
Modified:
tomcat/trunk/java/org/apache/catalina/core/StandardWrapper.java
Author: markt
Date: Wed May 25 20:47:26 2016
New Revision: 1745538
URL: http://svn.apache.org/viewvc?rev=1745538=rev
Log:
Remove unnecessary Log definitions. Parent class defines a Log.
Modified:
tomcat/trunk/test/org/apache/catalina/nonblocking/TestNonBlockingAPI.java
2016-05-25 19:11 GMT+02:00 Matt Cosentino :
> This needs to be ported back to 8.5.
>
> http://svn.apache.org/viewvc?view=revision=1726515
>
> No.
Rémy
On 25/05/2016 17:00, Coty Sutherland wrote:
> Did this issue hold up the release announcement for 8.0.35? There was
> a user in #tomcat asking why it wasn't announced and was concerned
> that the release had issues.
No. I just forgot to send out the announcement. I'll get that done shortly.
Mark
https://bz.apache.org/bugzilla/show_bug.cgi?id=58626
--- Comment #18 from Mark Thomas ---
(In reply to Michael Osipov from comment #17)
> Quite a nice solution. Line 274 has too many spaces in it.
Ack. If this works, I'll fix that before committing it.
> I will test that
https://bz.apache.org/bugzilla/show_bug.cgi?id=59564
Violeta Georgieva changed:
What|Removed |Added
Status|NEEDINFO|NEW
---
https://bz.apache.org/bugzilla/show_bug.cgi?id=59604
Mark Thomas changed:
What|Removed |Added
Status|NEW |NEEDINFO
--- Comment
https://bz.apache.org/bugzilla/show_bug.cgi?id=59604
Dave changed:
What|Removed |Added
Status|NEEDINFO|NEW
--- Comment #15 from
https://bz.apache.org/bugzilla/show_bug.cgi?id=57098
Yang changed:
What|Removed |Added
CC||muyuqiu...@163.com
--
You
https://bz.apache.org/bugzilla/show_bug.cgi?id=59604
--- Comment #13 from Dave ---
Created attachment 33892
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33892=edit
conf/web.xml (did not make any changes)
--
You are receiving this mail because:
You are the
https://bz.apache.org/bugzilla/show_bug.cgi?id=59604
--- Comment #14 from Dave ---
Created attachment 33893
--> https://bz.apache.org/bugzilla/attachment.cgi?id=33893=edit
log file with nothing in webapps/
--
You are receiving this mail because:
You are the assignee for
Author: markt
Date: Wed May 25 10:55:50 2016
New Revision: 1745471
URL: http://svn.apache.org/viewvc?rev=1745471=rev
Log:
Remove unused property
Modified:
tomcat/tc7.0.x/trunk/build.xml
Modified: tomcat/tc7.0.x/trunk/build.xml
URL:
I've been looking at Bug 58588 [1]. It looks clear that the JULI extras
JARs no longer add value and I'm happy to remove them. That bug also
raises the question "How would users switch Tomcat's internal logging to
LOGBack, log4j2 or something else?".
A quick look at the respective manuals suggest
Author: markt
Date: Wed May 25 10:53:26 2016
New Revision: 1745468
URL: http://svn.apache.org/viewvc?rev=1745468=rev
Log:
Remove unused property
Modified:
tomcat/tc8.5.x/trunk/build.xml
Modified: tomcat/tc8.5.x/trunk/build.xml
URL:
Author: markt
Date: Wed May 25 10:52:57 2016
New Revision: 1745467
URL: http://svn.apache.org/viewvc?rev=1745467=rev
Log:
Remove unused property
Modified:
tomcat/trunk/build.xml
Modified: tomcat/trunk/build.xml
URL:
Author: markt
Date: Wed May 25 10:55:19 2016
New Revision: 1745469
URL: http://svn.apache.org/viewvc?rev=1745469=rev
Log:
Remove unused property
Modified:
tomcat/tc8.0.x/trunk/build.xml
Modified: tomcat/tc8.0.x/trunk/build.xml
URL:
https://bz.apache.org/bugzilla/show_bug.cgi?id=58588
Mark Thomas changed:
What|Removed |Added
Status|NEW |RESOLVED
Author: markt
Date: Wed May 25 11:11:10 2016
New Revision: 1745473
URL: http://svn.apache.org/viewvc?rev=1745473=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=58588
Remove the JULI extras package
Modified:
tomcat/trunk/build.xml
tomcat/trunk/webapps/docs/changelog.xml
On 25/05/2016 12:26, Rémy Maucherat wrote:
> 2016-05-25 12:43 GMT+02:00 Mark Thomas :
>
>> I've been looking at Bug 58588 [1]. It looks clear that the JULI extras
>> JARs no longer add value and I'm happy to remove them. That bug also
>> raises the question "How would users
2016-05-25 12:43 GMT+02:00 Mark Thomas :
> I've been looking at Bug 58588 [1]. It looks clear that the JULI extras
> JARs no longer add value and I'm happy to remove them. That bug also
> raises the question "How would users switch Tomcat's internal logging to
> LOGBack, log4j2
https://bz.apache.org/bugzilla/show_bug.cgi?id=59081
Ognjen Blagojevic changed:
What|Removed |Added
Status|RESOLVED
On 25/05/2016 12:26, Rémy Maucherat wrote:
> 2016-05-25 12:43 GMT+02:00 Mark Thomas :
>
>> I've been looking at Bug 58588 [1]. It looks clear that the JULI extras
>> JARs no longer add value and I'm happy to remove them. That bug also
>> raises the question "How would users
Author: markt
Date: Wed May 25 12:55:50 2016
New Revision: 1745479
URL: http://svn.apache.org/viewvc?rev=1745479=rev
Log:
whitespace
Modified:
tomcat/trunk/webapps/docs/logging.xml
Modified: tomcat/trunk/webapps/docs/logging.xml
URL:
Did this issue hold up the release announcement for 8.0.35? There was
a user in #tomcat asking why it wasn't announced and was concerned
that the release had issues.
-Coty
-
To unsubscribe, e-mail:
Author: markt
Date: Wed May 25 14:35:58 2016
New Revision: 1745496
URL: http://svn.apache.org/viewvc?rev=1745496=rev
Log:
Remove unnecessary field
Modified:
tomcat/trunk/java/org/apache/catalina/core/NamingContextListener.java
Modified:
https://bz.apache.org/bugzilla/show_bug.cgi?id=59635
Bug ID: 59635
Summary: PerMessageDeflate.sendMassagePart()
IllegalArgumentException using atmosphere
Product: Tomcat 8
Version: 8.0.33
Hardware: Macintosh
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Tomcat Wiki" for change
notification.
The "FAQ/Connectors" page has been changed by ChristopherSchultz:
https://wiki.apache.org/tomcat/FAQ/Connectors?action=diff=16=17
directives to say http:// (or https://) instead of
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Subject: Re: [SECURITY] Java Deserialization, JMX and CVE-2016-3427
> "Java SE: 6u113, 7u99, 8u77; Java SE Embedded: 8u77; JRockit: R28.3.9"
> I have Java 1.8.0_91. Am I affected?
No.
> What about if I had Java 1.8.0_60?
40 matches
Mail list logo