[Bug 61125] New: WarURLConnection always returns 0 from getLastModified() which prevents JSP modifications from triggering recompilation

2017-05-25 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=61125 Bug ID: 61125 Summary: WarURLConnection always returns 0 from getLastModified() which prevents JSP modifications from triggering recompilation Product: Tomcat 8

[Bug 57129] Regression. Load WEB-INF/lib jarfiles in alphabetical order

2017-05-25 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57129 --- Comment #20 from fchris...@gmail.com --- (In reply to Mark Thomas from comment #8) > You can easily detect if the potential for problems exists. Look for classes > duplicated in multiple JARs. Even if we can detect

[Bug 57129] Regression. Load WEB-INF/lib jarfiles in alphabetical order

2017-05-25 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57129 --- Comment #19 from fchris...@gmail.com --- Hi everybody, We also have some problems due to random jar loading order after we moved from Tomcat 7 to Tomcat 8. Application is not starting and displays error 'signer

[Bug 60594] RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites

2017-05-25 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=60594 --- Comment #21 from Coty Sutherland --- Can anyone see any adverse affects to adding angle brackets to the whitelist? I have a customer that is using unencoded angle brackets around their session IDs in the URL which they

[Bug 57129] Regression. Load WEB-INF/lib jarfiles in alphabetical order

2017-05-25 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=57129 fchris...@gmail.com changed: What|Removed |Added Status|RESOLVED|REOPENED

Proposal to remove AjpApr connector

2017-05-25 Thread Christopher Schultz
All, At ApacheCon, a few of us were talking about things that could be removed in upcoming versions of Tomcat. The issue of connectors came up, and I was thinking that there doesn't seem to be a reason to have an AjpApr connector any more. The APR flavor of the AJP connector was only useful when

[Bug 60594] RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites

2017-05-25 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=60594 --- Comment #22 from Mark Thomas --- You mean '<' and '>' ? There is always the risk that unexpected reverse proxy behaviour will trigger a CVE-2016-6816 like issue but that risks exists for any white-listed character that

[Bug 60594] RFC 7230/3986 url requirement that prevents unencoded curly braces should be optional, since it breaks existing sites

2017-05-25 Thread bugzilla
https://bz.apache.org/bugzilla/show_bug.cgi?id=60594 --- Comment #23 from Coty Sutherland --- (In reply to Mark Thomas from comment #22) > You mean '<' and '>' ? Yes. > There is always the risk that unexpected reverse proxy behaviour will > trigger a CVE-2016-6816 like

svn commit: r1796186 - in /tomcat/trunk: java/javax/servlet/http/ java/org/apache/catalina/connector/ java/org/apache/coyote/ java/org/apache/coyote/http11/ java/org/apache/coyote/http11/filters/ java

2017-05-25 Thread markt
Author: markt Date: Thu May 25 20:05:55 2017 New Revision: 1796186 URL: http://svn.apache.org/viewvc?rev=1796186=rev Log: Servlet 4.0 Implement writing trailer headers where the protocol supports it Added: tomcat/trunk/webapps/examples/WEB-INF/classes/trailers/